v0.10.0

Security

This is a recommended update for all users as it fixes a security vulnerability in self-hosted website UI (not the desktop app):

• prevent cross-site request forgery in the UI website by @jkowalski in #1653

Breaking Change

• server: support for server control APIs and tooling by @jkowalski in #1644

This removes some APIs that were unintentionally exposed to the UI moves them to new /api/v1/control endpoing. Also adds support for server-control user and set of administrative APIs for controlling a running kopia server externally.

What's Changed

• logging: log maximum concurrency level when talking to backend storage by @jkowalski in #1629
• kopiaui: added menu option prompting users to manually upgrade when auto-update fails by @jkowalski in #1655
• ui: embed version info in index.html by @jkowalski in #1656

Dependencies

• build(deps-dev): bump electron-builder from 22.14.6 to 22.14.11 in /app by @dependabot in #1640
• build(deps-dev): bump concurrently from 6.5.0 to 6.5.1 in /app by @dependabot in #1638
• build(deps): bump electron-log from 4.4.3 to 4.4.4 in /app by @dependabot in #1639
• build(deps): bump github.com/minio/minio-go/v7 from 7.0.18 to 7.0.20 by @dependabot in #1642
• build(deps): bump github.com/aws/aws-sdk-go from 1.42.23 to 1.42.25 by @dependabot in #1641

Nits

• small error on domain name example at the end. by @icepic in #1627
• nit: fixed benign test data race by @jkowalski in #1635
• server: moved serving of static files to internal/server package by @jkowalski in #1637
• testing: fixed test flake in TestSnapshotCounters by @jkowalski in #1645
• chore(infra): enforce structural commit messages and PR titles by @jkowalski in #1646

Full Changelog: v0.9.8...v0.10.0