Skip to content

Releases: wrobeltomasz/OpenSparrow

2.9 - GDPR Anonymization, Automation Emails, and a PHP 8.4 Refactor

Choose a tag to compare

@wrobeltomasz wrobeltomasz released this 06 Jul 18:02

New

  • Data Anonymization module (GDPR/EDPB) — configurable per-column rules, scheduled runs, dry-run preview, and structured compliance reports (System → Anonymization)
  • Automations: email action with templated recipients/subject/body, plus new comparison (>, <, >=, <=) and change-detection (changed, changed_from, changed_to) operators
  • Dashboard: global period filter with prev-period deltas and CSV export
  • Calendar: per-source filter bar

Changed

  • Modernized backend for PHP 8.4 (enums, readonly classes, #[\Override], json_validate()); minimum PHP raised to 8.4
  • Consolidated page bootstrap logic (os_page_bootstrap() / os_boot_app()) — removes duplicated session/CSRF/CSP boilerplate across pages
  • Normalized i18n JSON files (consistent formatting, no translation changes)

Fixed

Anonymization rules losing date_column/days on save

Download OpenSparrow

2.8 - Kanban Board, MySQL Gateway, Security Hardening

Choose a tag to compare

@wrobeltomasz wrobeltomasz released this 23 Jun 16:07

New Features

  • Board (Kanban) view — draggable cards in status lanes with instant updates and audit trail
  • MySQL Gateway — auto-discover columns, handle non-standard PKs, External Tables tab, re-sync API
  • Linked record count badges on grid expand buttons
  • Calendar API optimized (query visible month only)

Security

  • Ownership guards on mass operations and calendar drag-and-drop
  • Random setup password (no more hardcoded admin/admin)
  • Session file protection (.htaccess on storage/sessions/)
  • File uploads stored outside web docroot
  • Config import validation (size limits, empty archive rejection)
  • Error messages hardened (no database leak)

Infrastructure

  • Web-root restructure: public/ is docroot, backend outside
  • Cypress suite overhauled (18 specs, seed endpoint, admin tests active)
  • CI: source integrity checks, version tag validation, PHP 8.1–8.3
  • Docs updated (6 languages, MySQL Gateway section)

Download OpenSparrow

2.7 - RAG Enhancements, Admin Redesign, Automations (Beta)

Choose a tag to compare

@wrobeltomasz wrobeltomasz released this 09 Jun 22:01
98fe6fa

What's new:

  • RAG: Improved parsing, Ollama SSL support
  • Admin UI: Card editors, inline panels, refactored styles
  • Automations (beta): If-then rules, OR logic, run logs, user picker
  • Security: CSP nonces, XSS fixes, session hardening
  • Tests: Cypress suite expanded to ~300 tests
  • Deploy: One-click configs for Render & Railway
  • Other: Server search, row caps, better CSV import

Download OpenSparrow

2.6.0 - RAG, Multilingual Support & Mass Edit

Choose a tag to compare

@wrobeltomasz wrobeltomasz released this 24 May 18:47

What's new:

RAG Enhancements
RAG Statistics tab in admin: 4 summary cards tracking query tokens, response times, and document matches; recent queries table (50 rows, formatted units)
Multilingual RAG: User queries auto-respond in their UI language via language hints (no schema changes required)
Localized "Ask AI" sliding panel fully translated to 20 languages
Language dropdown in test tab; optional language tagging in upload form

Grid & Bulk Operations
Mass Edit module: select rows via checkboxes → bulk edit fields, export CSV, assign owner, duplicate, or delete with confirmation
Grid keyboard shortcuts (arrow keys, Tab, Ctrl+C copy, Ctrl+F search, Help modal via Ctrl-hold) across all 20 languages
Quick Data Cleanup toolbar button (editors only): find & replace text with live preview, case sensitivity, accent-ignore options

Admin
Renamed "RAG Knowledge Base" → "Centrum AI" heading
Release Migration Manager: pending file/config cleanup tasks after version upgrades, with audit trail and automatic backups

Fixes
Fixed api_rag.php regression: restored page_context support and query logging
Fixed rag_call_ollama() return type annotation (now array instead of string)
CSV Import: fixed duplicate "Step 1" UI race condition; conflict column no longer defaults to id
Pinned qs and uuid dependencies (Dependabot security alerts)

What's Inside
All operations (mass edit, cleanup, bulk delete) are editor-role gated, CSRF-protected, and audit-logged. FK columns render as dropdowns in forms. Full i18n support (20 languages) across all new modules.

Download OpenSparrow

2.3.0 - Multilingual Module

Choose a tag to compare

@wrobeltomasz wrobeltomasz released this 20 May 19:48

What's new:

  • Full UI translation across all modules: grid, form, auth, dashboard, views, calendar, workflows, comments, owners,
    notifications, files
  • Admin language switcher

Download OpenSparrow

2.2.0 - centralize session/CSP headers, extract CSS, add PHPUnit suite

Choose a tag to compare

@wrobeltomasz wrobeltomasz released this 19 May 20:10

What's new in 2.2.0

Refactoring: all pages now use start_session() and send_security_headers() from a single includes/session.php, eliminating ~18 duplicated session and header blocks across the codebase. Inline style blocks removed from all PHP pages and moved to external CSS files.

Testing: PHPUnit unit test suite added — 87 tests, 129 assertions covering the src/ OOP layer (Form, Domain, Csrf, Support). Dev-only, not required in production. New CI workflow runs the suite on PHP 8.1, 8.2, and 8.3 on every push and pull request.

Download OpenSparrow

2.1.0 - security, sessions and Admin panel

Choose a tag to compare

@wrobeltomasz wrobeltomasz released this 18 May 05:36

What's new:

Security & sessions - Reverse-proxy aware: auto-detect HTTPS via X-Forwarded-Proto, CF-Visitor, X-Forwarded-SSL.

  • Real client IP resolved via CF-Connecting-IP / X-Real-IP (fixes rate-limit collapse behind CloudFlare). - Fixed admin login redirect loop (ERR_TOO_MANY_REDIRECTS) caused by relative session.save_path under PHP-FPM.
  • session.gc_maxlifetime synced with SESSION_MAX_LIFETIME to prevent premature logout.
  • IP_HASH_SALT auto-generated on first request and persisted to includes/.secret_salt (chmod 0600, gitignored).
  • New tmp/.htaccess denies HTTP access to session files.
  • Hardened session_regenerate_id() flow in login.php.

Admin panel

  • Improved 403 page on admin/ — shows current user, role, and required role for faster debugging.

CI / release

  • Fixed Docker Hub build tag pattern (now matches both v1.2.3 and bare 1.2.3 semver tags).
  • Release ZIP excludes hardened: tmp/, cypress/, node_modules/, package*.json, .claude/, includes/.secret_salt.
  • Removed dead e2e-tests.yml workflow (Cypress not in repo).
  • CodeQL no longer references non-existent classic branch.
  • PHP lint now runs matrix across PHP 8.1, 8.2, 8.3.
  • vanilla-check.yml extended with chart.js, swiper, htmx, gsap, three, stimulus, d3.

Docs

  • README updated: badges refreshed, IP_HASH_SALT behaviour documented, reverse-proxy notes added, tag examples corrected (X.Y.Z not
    vX.Y.Z).

Upgrade notes

  • No breaking changes. Existing database.json and configuration are preserved.
  • Behind reverse proxy: no action required — detection is automatic.
  • Multi-server deployments should set IP_HASH_SALT explicitly so all nodes share the same salt.

Download OpenSparrow

2.0.0 - admin UX overhaul, advanced data modeling, security hardening, and mobile responsiveness

Choose a tag to compare

@wrobeltomasz wrobeltomasz released this 15 May 18:32
f69636c

What's new:

A comprehensive release focused on admin UX overhaul, advanced data modeling, security hardening, and mobile responsiveness.

Major Features

Admin Interface Redesign

  • Collapsible side panel layout for improved information architecture and navigation
  • Responsive mobile UI with off-canvas navigation for touch devices
  • Icon buttons for grid edit/delete actions replacing text-based controls

Data Modeling Enhancements

  • Virtual computed columns with f(x) badge indicator for formula-based calculated fields
  • Many-to-Many (M2M) grid column support with chip renderer and dedicated Builder tab
  • Schema Map ERD (Entity-Relationship Diagram) tab with search functionality and PNG export

New Administrative Modules

  • Custom Views module for creating and managing personalized data perspectives
  • Database Migrations system (System → Migrations) for tracking and applying schema changes
  • Record Ownership tracking with full assignment history (System → Record Owner)
  • Comprehensive Performance diagnostics tab (System → Performance) with index advisor, slow query analyzer, bloat detection
  • Dedicated Cron Notifications management interface with run history, stats, and log cleanup

Grid & UX Improvements

  • Comment indicators in grid rows highlighting records with discussions
  • Duplicate record button for quick data duplication
  • Grid default sort order and initial load limit configuration per table
  • Grid drilldown quick-add for related records with pre-filled foreign keys
  • Tooltip pattern for grid headers and date columns

Documentation & Configuration

  • Expanded admin documentation (9 new comprehensive reference sections covering Migrations, Ownership, Grid Configuration, Performance, Cron, and more)
  • Dynamic table of contents in documentation sidebar with smooth scroll navigation
  • Demo column descriptions integrated into schema
  • Updated dashboard module documentation

Security

  • 5 security audit priority fixes addressing identified vulnerabilities
  • Enhanced session security and input validation across admin panel

Technical Improvements

  • Refactored HTML rendering with improved DOM structure
  • Anchor IDs on all documentation headings for deep linking support
  • HTML/CSS/JS optimization for better performance
  • Bug fixes for tbody rendering and styling inconsistencies

System Requirements

  • PostgreSQL with mandatory primary key column named id
  • PHP 8.1+ with argon2id password hashing
  • Modern browser with ES6 support (Chrome, Firefox, Safari, Edge)

Installation & Upgrades

Fresh Install: Run System → Migrations → Apply Pending Migrations to initialize all system tables and default admin account.

Upgrading from 1.9:

  1. Back up your database and config
  2. Deploy the new version
  3. Run System → Migrations → Apply Pending Migrations
  4. Review new System tabs (Migrations, Performance) to optimize your setup

Download OpenSparrow

1.9.0 - first-run setup wizard

Choose a tag to compare

@wrobeltomasz wrobeltomasz released this 03 May 15:45
9684fd5

What's new:

Introduce setup.php and setup_api.php — a four-step guided wizard that activates automatically when includes/database.json is absent. Covers database connection testing, schema selection, and system table initialization with admin seed. Security: SSRF guard on host param, size-limited JSON input, sanitized error messages, CSP headers.
index.php, login.php, and admin/index.php all redirect to the wizard until configuration is complete.

Download OpenSparrow

1.8.0 - record snapshot module, admin ux and centralise configuration in config.php

Choose a tag to compare

@wrobeltomasz wrobeltomasz released this 02 May 20:22
98c4b68

What's new:

Centralise configuration in config.php and fix admin login redirect loop

  • Move all hardcoded values (session lifetime, rate-limit thresholds,
    IP hash salt, file limits, cache ages, HSTS, demo mode, timezone,
    DB connect timeout) to includes/config.php as env-overridable constants
  • Fix ERR_TOO_MANY_REDIRECTS: replace SameSite=Strict with SESSION_SAMESITE
    constant (default Lax) across all 9 session controllers
  • Fix admin panel blank screen: add require config.php to admin/api.php
    before DEMO_MODE constant is referenced
  • Update docs.js (section 12) and README with full env variable reference

Add record snapshot module with admin toggle

Add spw_record_snapshots table storing JSONB post-write state for every
INSERT and UPDATE, linked via FK to spw_users_log. Toggle controlled at
runtime via System → Audit & Snapshots (writes includes/settings.json)
or RECORD_SNAPSHOTS_ENABLED env var. Covers both api.php inline edits
and edit.php / create.php OOP path. Fix duplicate const declarations in
users.js that blocked the admin panel from loading.

Add Table builder: column options (NOT NULL, default, index, comment, FK),
timestamps preset, schema.json auto-registration, admin nav redesign

Download OpenSparrow