v0.2.0 - 2026-03-31

snachodog released this 31 Mar 23:09

· 42 commits to main since this release

064c14f

New Features

User authentication & role-based access: Login system with admin, editor, and viewer roles. Admins manage all accounts; editors can create and print checks/deposits; viewers are read-only.
Per-account access control: Users can be granted editor or viewer access on a per-account basis.
Password reset via email: "Forgot password?" flow sends a time-limited reset link via SMTP. Admin-configurable SMTP settings inside the Manage Users modal.
Multiple checking accounts: Add and manage more than one account. Each account has independent checks, deposits, and layout fields.
QuickBooks Online CSV import: Import check and deposit records directly from QBO-exported CSV files.
Deposit slip generation: PDF deposit slips alongside the existing check PDF flow.

Bug Fixes

Checks printed blank (MICR only) for wizard-created accounts: Default layout fields are now seeded at startup for any account with no layout configuration, and when a new account is created via the setup wizard. Existing installs are fixed automatically on next container restart.
Edit button in Manage Users did nothing: Inline onclick handlers were blocked by the CSP default-src 'self' header. Switched to event delegation.
Company address lines 3 & 4 not rendering: company3/company4 were missing from the PDF field resolver.

Security

Fixed three critical authorization vulnerabilities: IDOR on check/deposit endpoints, cross-account check marking, and missing server-side printed-check guard.
Fixed medium issues: unbounded PDF/QBO import arrays (DoS), PDF error detail leak.
Fixed low issues: session invalidation on role change, SESSION_SECRET enforcement.

Dependencies

nodemailer 6.10.1 → 8.0.4
path-to-regexp 0.1.12 → 0.1.13
brace-expansion 5.0.4 → 5.0.5
picomatch 2.3.1 → 2.3.2

What's Changed

Bump multer from 1.4.5-lts.2 to 2.1.1 by @dependabot[bot] in #1
Bump nodemailer from 6.10.1 to 8.0.4 by @dependabot[bot] in #5
Bump path-to-regexp from 0.1.12 to 0.1.13 by @dependabot[bot] in #3
Bump brace-expansion from 5.0.4 to 5.0.5 by @dependabot[bot] in #2
Bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in #4

New Contributors

@dependabot[bot] made their first contribution in #1

Full Changelog: https://github.com/snachodog/check-printing/commits/v0.2.0

Contributors

dependabot

Assets 2