-
v0.6.1
StableSome checks failedCI / validate-branch (push) Has been skippedCI / validate-release-pr (push) Failing after 0sPublish / detect-release (push) Successful in 3sPublish / tag (push) Successful in 6sPublish / promote-release (push) Successful in 1sCI / security (push) Successful in 35sCI / lint (push) Successful in 4m4sCI / test (push) Successful in 5m13sCI / build (push) Successful in 1m32sGravity Bot released this
2026-02-23 06:51:59 +00:00 | 46 commits to main since this releaseWhat's Changed
Security Fixes
- OP#1712: Atomic token validate-and-consume to prevent TOCTOU race
- OP#1714: Require authentication for preview mode endpoints
- OP#1718: Add CSRF tokens to fetch() POST calls in edit-mode.js
- OP#1720: Prevent email enumeration in auth responses
- OP#1721: Encrypt OIDC client_secret at application level
Bug Fixes
- OP#1713: Add missing FK index on users.oidc_provider_id
- OP#1715: Implement http.Flusher on gzip response writer
- OP#1716: Demo handler transaction safety and division-by-zero guard
- OP#1719: Handle SSE write errors on client disconnect
- OP#1709: Improve error handling and API clarity in auth subsystem
- OP#1710: Frontend code quality — innerHTML safety, ARIA, event handling
Refactoring
- OP#1704: Extract service layer for auth handler SQL
- OP#1705: Extract long functions into named helpers
- OP#1708: Extract duplicated helpers across auth handlers
- OP#1722: Extract dashboard user groups and query helpers
- OP#1707: Make migrations single-purpose and fully reversible
- OP#1711: Clean up dead code and naming inconsistencies
Testing
- OP#1706: Add HandleLogin success path and redirect validation tests
- OP#1717: Add tests for compress, static, and SSE hub components
Install
go get git.bros.ninja/mike/gashy@v0.6.1Downloads
-
Source code (ZIP)
1 download
-
Source code (TAR.GZ)
1 download