Avg Release Cycle
88 days ago
- Apps can now make a powerbox request for an identity. The user will choose from among their contacts. This can be used e.g. to assign a task in Wekan to a user who hasn't yet visited the board.
- 👌 Improved usability of setup wizard based on user testing.
- 👌 Improved installer usability.
- Activity events generated by anonymous users should now work correctly.
- 🛠 Fixed that if a user on a server manually updated a preinstalled app via the app market before the update notification had gone out, then new users would continue to receive the old version of the app.
- 🛠 Fixed bug where timing issues in template rendering could lead to a blank screen, for instance when a demo account expires.
- ⚡️ Self-hosted Sandstorm updates will now have "zero" downtime, whereas previously users would experience connection failures for several seconds. This is accomplished by keeping the listen sockets open, so instead of errors, users only perceive a delay.
- 🛠 Fixed that pronoun selection was always showing up as "they" in account settings.
- Alphabetical sorting of grains is now locale-aware.
- 🔄 Changed various text to call Sandstorm a "productivity suite".
- 🛠 Fixed that the collections app was not being automatically selected for pre-installation on self-hosted instances.
- ➕ Added a way for users to leave feedback when deleting their account.
- 🛠 Fixed display of user limit for feature keys with unlimited users.
X-Phabricator-*headers in HTTP requests.
- 🛠 Fixed a problem preventing some LDAP users from receiving notification e-mails.
- 🛠 Fixed that refactoring in 0.181 could cause SAML login to fail.
- 🚀 The security hardening in 0.181 broke Gogs, for a different reason. This release rolls back the hardening temporarily while we resolve the issue.
- 🚀 The security hardening in 0.181 broke Ethercalc. This release fixes it.
- Sandstorm for Work: Feature keys now automatically renew when they expire. If automatic renewal isn't possible, the administrators will receive notifications by bell menu and (if possible) e-mail.
- ➕ Added hardening against clickjacking and CSRF attacks on apps. On Chrome and Safari, CSRF attacks should now be totally blocked, even if the app fails to implement proper protections.
- 🛠 Fixed that newly-received shares were appearing at the bottom of the grain list using the default sort order (by last-opened date). Never-opened grains will now sort according to the share date, and will show "Unopened" in the last-opened column.
- 🛠 Fixed bug in Meteor that could cause the server to suddenly spawn tens of thousands of fibers, which in turn due to a bug in V8 would make the server permanently consume excessive CPU, even after the fibers exited.
- 🛠 Fixed that the "stay anonymous" button on the sign-in hint didn't work (but closing the hint dialog worked and had the same effect).
- 🛠 Fixed that after manually updating an app, the button to upgrade existing grains did not appear. (When auto-updating an app via the notifications menu, grains are updated automatically.)
- 🛠 Fixed grain tab close buttons sometimes being the wrong size on new builds of Chrome.
- 🛠 Fixed some console log spam.
- 🔨 Various refactoring.
- ⚡️ Updated all dependencies.
- The "Who has access" dialog now shows collections of which the grain is a part, and (more generally) other grains through which this grain has been shared.
- The "Delete Account" button now makes you type a phrase to confirm. (It still doesn't actually delete your account for 7 days.)
- When a user deletes their own account, they will now receive an e-mail notification, in case of hijacking.
- The "Sandstorm for Work" section of the admin panel now contains a direct link to manage your feature key's billing preferences.
- ➕ Added
spk dev --procflag which requests that
/procbe mounted in the sandbox for debugging purposes. This may decrease security of the sandbox, so is only allowed in dev mode.
- The account settings page now looks reasonable on mobile.
- 🛠 Fixed grains in trash sometimes missing icon and other app details.
- Setting a BASE_URL with a trailing slash will no longer subtly break things.
- ⬇️ Dropping a SturdyRef not owned by the calling grain will now act as if the SturdyRef doesn't exist rather than throwing an exception. This particularly affects grains that have been backup/restored and so have someone else's tokens in their storage.
- 👻 HTTP API requests will no longer throw an exception if the user-agent header is missing.
- 👀 sandstorm-http-bridge will now log a note if the app doesn't seem to be coming up on the expected port.
- Oasis: Added self-monitoring and auto-restart for the "fiber bomb" problem. Also added instrumentation to track down root cause.
- A user can now request deletion of their own account, unless they are a member of a Sandstorm for Work organization. Deletion has a 7-day cooldown during whith the user can change their mind.
- Admins can now suspend and delete accounts from the admin panel.
- ⚡️ Apps can now request that an offer template be a link with a special protocol scheme that can trigger a mobile intent, allowing one-click setup of mobile apps. Apps will need to be updated to take advantage of this.
- Identity capabilities now have a getProfile() method, allowing a grain to discover when a user's profile information has changed without requiring the user to return to the grain.
- 🛠 Fixed that admins were unable to un-configure SMTP after it had been configured.
- 🛠 Fixed problems in sandstorm-http-bridge that could make notifications unreliable. Affected apps will need to rebuild.
- Increased expiration time for uploading a backup from 15 minutes to 2 hours, to accommodate large backup files on slow connections.
- 🛠 Fixed email attachments from apps having incorrect filenames.
- 🛠 Fixed various styling issues.
- 🔨 Various ongoing refactoring.
- The grain list can now be sorted by clicking on the column headers.
- 💻 Many improvements to mobile UI. (Still more to do.)
- Your current identity's profile picture now appears next to your name in the upper-right.
- 🛠 Fixed desktop notifications displaying grain titles incorrectly.
- 🛠 Fixed
spk publishthrowing an exception due to a bug in email handling.
- 👌 Improved accessibility of "Sandstorm has been updated - click to reload" bar.
- 🌲 When an app returns an invalid
ETagheader, sandstorm-http-bridge will now log an error and drop it rather than throw an exception.
- ⚡️ Updated to Meteor 1.4.1.
- 🛠 Oasis: Fixed appdemo not working for Davros.