Skip to content

v2.0.3 - 2026-03-07

Choose a tag to compare

View all tags
@saifyxpro saifyxpro released this 06 Mar 22:55
· 73 commits to main since this release
v2.0.3
68d680d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🔒 Security

  • Dashboard Auth Hardening: Removed the public dashboard-internal fallback key and localhost trust path from the backend auth layer.
  • Protected Admin Routes: Added API key protection to dashboard, profile, proxy, and job management endpoints that were previously exposed without auth.
  • Secret Storage Improvements:
    • API keys are now stored as hashes instead of plaintext.
    • Stored proxy and profile passwords are now encrypted at rest.
    • Dashboard and API responses now redact credential values instead of returning raw secrets.
  • Server-Side Dashboard Proxy: The dashboard now forwards /api/* requests through a Next.js server route so browser clients no longer send reusable internal keys.

🛠️ Reliability & Behavior

  • Cloudflare Handling: Website scraping now fails fast with explicit Cloudflare challenge metadata instead of returning challenge pages as successful output.
  • REST/SSE Output Parity: Aligned html-js behavior between the REST API and streaming endpoint to reduce timing drift on dynamic pages like Shopee.
  • DOM Stability Waiting: Added a DOM stability wait before HTML extraction and screenshot capture so selector matches do not return partially rendered documents.
  • Streaming Job Cancellation: Job cancellation now interrupts active scraping work instead of only updating job status in the UI.
  • PDF Capability Cleanup: Removed unsupported PDF scraping/export paths from the API contract and dashboard UI.

🖥️ Developer Experience

  • Fresh Install Fixes: Fixed a frontend startup failure caused by an invalid .npmrc encoding and resolved web/API port conflicts during local development.
  • Docker Fix: Corrected the web Dockerfile path mismatch so Compose builds now target the expected file.
  • Security Environment Variables: Added and documented required DASHBOARD_INTERNAL_API_KEY and CREDENTIAL_ENCRYPTION_KEY values for secure local and Docker deployments.
  • Browser Profile Stability: Fixed Firefox preference merging so timezone overrides no longer wipe other stealth-related preferences.

📚 Documentation & UI

  • Documentation Navigation: Updated dashboard and docs links to point to the introduction page and removed obsolete sidebar references.
  • Landing Page Messaging: Removed outdated PDF export claims so the marketing copy matches the current product surface.
  • Changelog Coverage: This release now links the supporting GitHub issues and commit history directly for easier auditability.

🐛 GitHub Issues

  • #34 Can't run Headless:
    • Fixed fresh-install startup failures in the frontend dev workflow.
    • Resolved .npmrc encoding problems and port collisions between web and API processes.
  • #32 Frontend response is different from backend:
    • Fixed REST and streaming output drift for JS-rendered pages.
    • Added DOM stabilization so API responses now match dashboard-rendered results more closely.

🔗 Related GitHub Commits

  • a9e2367 chore: remove obsolete files and update documentation links in Sidebar component
  • e1b91d9 feat: update docs link to point to introduction
  • 7eb4a45 feat(api,web): improve scrape reliability and remove unsupported PDF flow
  • 27bd3e3 fix(web): resolve dev startup failures on fresh installs
  • 0abfb20 fix(api): align REST and SSE HTML rendering for dynamic pages
  • 3c70c7d fix(security): harden dashboard auth and secret handling
Assets 2
Loading