Releases: lebe-dev/pw
Releases · lebe-dev/pw
1.15.2
1.15.1
v1.14.2
v1.14.0
New Features
- Added a Prometheus-compatible
/api/metricsendpoint exposing application health, build version, uptime, Redis status and latency, and current configuration limits. The endpoint is blocked from external access by the nginx sidecar by default.
Improvements
- Improved client IP detection in the Helm chart when the nginx sidecar is enabled, ensuring IP-based limits work correctly behind proxies.
- Nginx sidecar access logs are now disabled by default to reduce log noise.
- The application version displayed in the frontend is now kept in sync automatically from a single source of truth.
Documentation
- Updated Helm chart documentation with details on the metrics endpoint and expanded troubleshooting guidance for trusted proxy configuration.
1.13.1
[1.13.1] - 2026-01-13
Security
- Enhanced file size limit enforcement at the HTTP request level for better protection
- Improved reliability of secret loading operations
- Added trusted proxy validation to prevent IP address spoofing attacks
- Improved protection when running behind reverse proxies
Bug Fixes
- Fixed screen flickering when the application initially loads
- Fixed a potential race condition that could occur during secret loading
Improvements
- Updated base Docker images for better performance and security
- Dependency updates and internal optimizations
Documentation
- Updated deployment examples in README and docker-compose configuration
v1.10.3
v1.10.2
v1.10.1
1.10.0
Features:
- Dynamic payload limits based on ip whitelist
ip-limits: enabled: true # Enable IP limits feature whitelist: # Whitelisted network with 2x default limits - ip: "192.168.100.0/24" message-max-length: 2048 # 2KB (2x default 1KB) file-max-size: 20971520 # 20MB (2x default 10MB)
Changes:
- Bump base images (fix CVEs)
- Deprecated: encrypted-message-max-length option