v0.5.7 - Webhooks, Date Formats, and Currency Improvements

What's New

Generic Webhook Notifications (#96)

• Send notifications to any webhook endpoint (Slack, Discord, n8n, Home Assistant, etc.)
• Configurable URL and custom headers for authentication
• JSON payloads with full subscription details
• Integrated with all notification triggers (high-cost alerts, renewal reminders, cancellation reminders)

Date Format Support (#101)

• Choose between MM/DD/YYYY, DD/MM/YYYY, and YYYY-MM-DD display formats
• Setting applies across the entire app: subscription lists, emails, Pushover, and API key dates
• Database storage remains ISO format for consistency

Missing Currencies (#100)

• Expanded from 13 to 35 supported currencies
• Added AUD, CAD, NZD, NOK, DKK, KRW, SGD, HKD, MXN, ZAR, TRY, THB, IDR, PHP, TWD, MYR, AED, SAR, ILS, CZK, HUF, RON
• Settings and subscription form are now data-driven (no more hardcoded dropdowns)

Bug Fixes

Subscription Icon Not Refreshing (#99)

• Fixed: Updating a subscription URL now correctly re-fetches the favicon
• Root cause: old icon was preserved before URL-change detection

Currency Display Confusion (#98)

• Fixed: Subscriptions now show their original currency when conversion is unavailable
• Previously, changing preferred currency without Fixer.io would misleadingly swap the symbol (e.g., 4.99 USD displayed as 4.99 JPY)
• Fix applies to subscription lists, dashboard, emails, Pushover notifications, and iCal exports

Technical Changes

• Extracted CurrencySymbolForCode() as reusable utility
• Added CurrencyInfo struct registry replacing hardcoded currency lists
• Added fmtDate/fmtTime template functions for dynamic date formatting
• New WebhookService following existing Pushover notification pattern
• Scheduler notification logic updated to support three channels (email, Pushover, webhook)

v0.5.6 - iCal Subscriptions, MCP Server, and CNY Currency

What's New

iCal Calendar Subscription (#83)

• Subscribe to your renewal calendar from any calendar app (Google Calendar, Apple Calendar, Outlook, etc.)
• Token-protected URL that calendar apps can poll for live updates
• Toggle on/off from Settings, with one-click URL copy and token regeneration
• Subscribe button on the Calendar page when enabled
• Subscription-friendly iCal properties (REFRESH-INTERVAL, X-PUBLISHED-TTL) for automatic hourly refresh

MCP Server (AI Integration)

• New subtrackr-mcp binary that implements the Model Context Protocol
• Allows AI assistants (Claude Desktop, Claude Code) to read and manage subscriptions via natural language
• 6 tools: list_subscriptions, get_subscription, create_subscription, update_subscription, delete_subscription, get_stats
• Uses stdio transport — configure in your MCP client config and point at your database
• Included in Docker image, works via docker exec

CNY Currency Support (#95)

• Added Chinese Yuan (CNY) with ¥ symbol

Base URL Setting

• Configurable base URL for external links (iCal subscription URLs, password reset emails)
• Properly handles reverse proxy setups by checking X-Forwarded-Proto and X-Forwarded-Host headers
• Falls back to auto-detection when not configured

Technical Changes

• Extracted iCal generation into shared generateICalContent() method (no breaking changes to existing export)
• Added /ical/:token public route with auth middleware whitelist
• URL construction centralized in buildBaseURL() helper, used by iCal, settings, and password reset flows
• MCP server reuses existing service layer — no new business logic
• Added github.com/modelcontextprotocol/go-sdk v1.3.0 dependency
• Dockerfile builds both subtrackr and subtrackr-mcp binaries

Full Changelog

v0.5.5...v0.5.6

v0.5.5 - Pushover Notifications and BDT Currency

What's New

Pushover Notifications (#92)

• Mobile push notifications for high-cost alerts and renewal reminders
• Configuration UI in Settings with test connection button
• Integration with existing notification system
• Contributed by @Swe-HimelRana

BDT Currency Support (#92)

• Added Bangladeshi Taka (৳) to supported currencies
• Updated currency dropdowns in forms and settings
• Contributed by @Swe-HimelRana

Cancellation Date Email Notifications (#88) ⚠️ NEEDS TESTING

• Get notified before subscriptions end (cancelled services)
• Email and Pushover notifications for upcoming cancellations
• Configurable reminder days (1-30 days before cancellation)
• Daily scheduler checks for subscriptions ending soon
• Settings UI matches renewal reminders design
• Mirrors renewal reminder architecture for consistency

🧪 Testing Needed: This is a new feature that mirrors the renewal reminder system. While the code structure is solid and all tests pass, we need real-world testing with subscriptions that have cancellation dates set. Please help test by:

1. Setting up email/Pushover notifications in Settings
2. Creating a test subscription with a cancellation date 3-7 days in the future
3. Verifying you receive notifications as expected

Technical Changes

• Added CancellationReminders and CancellationReminderDays to NotificationSettings model
• Database migration for cancellation reminder tracking fields
• New repository method GetUpcomingCancellations()
• New service methods SendCancellationReminder() in email and pushover services
• Cancellation reminder scheduler in main.go (runs daily)
• Settings handlers for cancellation preferences
• New Pushover service with comprehensive test coverage (406 lines)
• Currency integration tests added
• Updated documentation (README, AGENTS.md)

Contributors

• @Swe-HimelRana for Pushover notifications and BDT currency support
• Special thanks for the excellent contribution!

v0.5.4 - Documentation Updates

What's New

Documentation

• Added CLAUDE.md with release workflow instructions
• Updated AGENTS.md with release workflow quick reference
• Documented versioned branch workflow for future releases

CI/CD

• Added Claude PR Assistant workflow for automated PR assistance
• Added Claude Code Review workflow for automated code reviews

Maintenance

• Added beads config files to .gitignore

v0.5.3 - Sort Persistence and PWA Support

What's New

Remember Sorting Preference (#85)

• Sort preferences on the subscriptions list are now saved to localStorage
• Your preferred sort column and order persist across sessions
• Automatically applies saved sort when returning to the subscriptions page

Fix Tab and PWA Icon Missing (#84)

• Added favicon.ico for browser tabs
• Added apple-touch-icon for iOS home screen
• Added PWA manifest with app icons (192x192, 512x512)
• Added theme-color meta tag for mobile browsers
• App can now be installed as a PWA on supported devices

Technical Changes

• New /web/static/js/sorting.js for sort persistence
• New /web/static/manifest.json for PWA configuration
• Added manifest route in server
• Updated all HTML templates with PWA meta tags
• Input validation for sort parameters

v0.5.2 - Currency Improvements

What's New

New Currency Support

• Added Colombian Peso (COP) as a supported currency (#78)

Bug Fixes

• Fixed currency conversion display in subscription list to match dashboard behavior (#79)
• Fixed missing currency symbols for BRL (R$) and CHF (Fr.) in display

UX Improvements

• Added info icon (ⓘ) with tooltip next to converted currency amounts
• Clicking the info icon links to Fixer.io to explain the conversion source
• Tooltip explains "Original amount before conversion (rates from Fixer.io)"

Currency Conversion Setup

To enable automatic currency conversion between different currencies, set up a Fixer.io API key:

# Set the environment variable before starting SubTrackr
export FIXER_API_KEY=your_api_key_here

Without a Fixer API key, subscriptions will display in their original currency without conversion.

Issues Addressed

• Closes #78 (COP currency support)
• Closes #79 (Currency display in subscription list)

New Issues Created

• #80 - Multi-language support (i18n)
• #81 - Telegram notification support

v0.5.1 - Dark Classic Theme & Calendar Fixes

What's New

Dark Classic Theme

• Added Dark Classic theme option that restores the original Tailwind dark mode
• Set as the default theme for new installations
• Provides the familiar dark mode experience from previous versions

Calendar Improvements

• Fixed calendar event styling in dark themes
• Calendar events now have proper dark backgrounds in Dark and Midnight themes
• Improved contrast and readability for subscription events

Bug Fixes

• Eliminated white flash when loading pages in Dark Classic theme
• Fixed white background issue on calendar event cells
• Improved consistency across all theme options

Available Themes

• Default (Light)
• Dark
• Dark Classic (Default)
• Christmas
• Midnight
• Ocean

Upgrade Notes

Important: Back up your data before upgrading.

Download a backup from Settings → Data Management → Download Backup before updating.

v0.5.0 - Optional Login Support 🔐

SubTrackr v0.5.0 introduces optional authentication to protect your subscription data, while maintaining our commitment to simplicity and privacy-first design.

⚠️ Important: Backup Your Data

Before upgrading, we strongly recommend backing up your data:

1. Navigate to Settings → Data Management
2. Click "Download Backup" to save your database
3. Store the backup file in a safe location

This ensures you can restore your data if anything goes wrong during the upgrade.

🎉 New Features

🎄 Holiday Themes (New!)

Spread holiday cheer with our new theming system!

• 5 Beautiful Themes: Default, Dark, Christmas, Midnight, Ocean
• 🎅 Christmas Theme: Festive red & green colors, gold accents, and gentle snowfall animation ❄️
• Easy Switching: Change themes instantly from Settings → Appearance
• Persistent: Your theme choice is saved automatically
• Accessible: Respects prefers-reduced-motion for animations

Perfect for the holiday season! Switch to the Christmas theme and enjoy the festive atmosphere while tracking your subscriptions.

Optional Authentication System

• OFF by default - Zero breaking changes for existing installations
• Single-user authentication with bcrypt password hashing
• Session-based login with secure cookies (HttpOnly, SameSite)
• "Remember me" option (30-day sessions)
• SMTP prerequisite check - ensures password recovery is always available

Password Reset Flow

• Complete forgot password → email reset link → set new password flow
• 1-hour token expiry for security
• Works seamlessly with existing SMTP configuration

CLI Password Reset (Perfect for Docker!)

• Reset admin password without email: ./subtrackr --reset-password
• Non-interactive mode: ./subtrackr --reset-password --new-password "yourpassword"
• Disable authentication: ./subtrackr --disable-auth
• Essential for Docker deployments when SMTP isn't configured

Security Section in Settings

• Easy toggle to enable/disable authentication
• Shows current authentication status
• Warns if SMTP is not configured (required for password recovery)
• Disable authentication option preserves credentials for re-enabling

🔒 Security Improvements

This release includes fixes for several security vulnerabilities identified during security review:

• Fixed: Open redirect vulnerability in authentication handlers
• Fixed: Timing attack in CLI password confirmation (now uses constant-time comparison)
• Fixed: Timing attack in token validation (constant-time string comparison)
• Fixed: Username enumeration via timing (always validates both username and password)
• Fixed: Password validation order in reset handler (prevents information leakage)
• Improved: Redirect URL validation with length limits (max 2048 characters)
• Improved: Error handling prevents authentication bypass

All authentication operations now use constant-time comparisons via crypto/subtle to prevent timing-based attacks.

📝 How to Enable Authentication

1. Configure SMTP first (Settings → Email Configuration)

   • Required for password recovery
   • Cannot enable login without email configured

2. Enable Login (Settings → Security)

   • Toggle "Require Login"
   • Set username and password (min 8 characters)
   • Click "Enable Authentication"

3. You'll be redirected to login on next page load

🐳 Docker Best Practices

Version Pinning (Recommended)

Always pin to specific versions instead of using latest:

# ❌ NOT RECOMMENDED - unpredictable updates
image: bscott/subtrackr:latest

# ✅ RECOMMENDED - controlled, predictable deployments
image: bscott/subtrackr:v0.5.0

Why Pin Versions?

1. Predictability - Know exactly what version is running
2. Stability - Avoid unexpected breaking changes
3. Reproducibility - Same image across all environments
4. Rollback Safety - Easy to revert to previous version
5. Testing - Test specific versions before upgrading production

Version Update Strategy

# docker-compose.yml
services:
  subtrackr:
    image: bscott/subtrackr:v0.5.0  # Pin to specific version
    volumes:
      - ./data:/app/db
    ports:
      - "8080:8080"
    restart: unless-stopped

Upgrade process:

1. Backup your data (via Settings UI)
2. Update version in docker-compose.yml
3. Pull new image: docker-compose pull
4. Recreate container: docker-compose up -d
5. Verify everything works
6. Keep backup until confident in new version

Using latest (Not Recommended)

Only use latest if you:

• Are testing/development (not production)
• Want automatic updates (understand the risks)
• Have good backup/restore procedures
• Monitor for breaking changes in releases

Even then, consider using version tags for better control.

Docker CLI Commands

# Reset Password (when locked out)
docker exec -it subtrackr /app/subtrackr --reset-password

# Disable Authentication
docker exec -it subtrackr /app/subtrackr --disable-auth

🔄 Upgrade Instructions

Standard Installation

# Backup your data first (via Settings UI)
# Then pull the latest version
git pull
go build -o subtrackr ./cmd/server
./subtrackr

Docker (Pinned Version)

# 1. Backup your data first (via Settings UI)

# 2. Update docker-compose.yml to new version
#    image: bscott/subtrackr:v0.5.0

# 3. Pull new image
docker-compose pull

# 4. Recreate container
docker-compose up -d

# 5. Verify logs
docker-compose logs -f subtrackr

⚙️ Technical Details

• Zero Breaking Changes - Authentication is OFF by default
• Backward Compatible - Existing installations work without modification
• Session Secret - Auto-generated 64-byte random key stored in database
• Password Hashing - bcrypt with DefaultCost (10 rounds)
• Token Security - Constant-time comparisons prevent timing attacks
• Public Routes - Login, password reset, and static assets remain accessible

🐛 Bug Fixes

• Fixed public routes not including forgot password pages
• Fixed middleware redirect parameter encoding
• Fixed error handling in authentication username retrieval

📚 Dependencies

• Added golang.org/x/term for secure CLI password input
• Added crypto/subtle for constant-time comparisons (standard library)

🔮 What's Next?

Future enhancements being considered:

• CSRF protection
• Rate limiting for auth endpoints
• Account lockout after failed attempts
• Stronger password requirements

---

🎁 Happy Holidays!

We hope SubTrackr helps you manage your subscriptions effortlessly as we head into the new year. Try out the festive Christmas theme and enjoy the snowfall while you work! ❄️🎄

Wishing you and your loved ones a wonderful holiday season and a prosperous 2026!

---

Full Changelog: v0.4.9...v0.5.0

v0.4.9 - New Currencies & UX Improvements

Release Notes - v0.4.9

🎉 New Features

New Currency Support

• Swiss Franc (CHF): Added Fr. CHF to supported currencies with proper symbol display
• Brazilian Real (BRL): Added R$ BRL to supported currencies
• Both currencies fully integrated with Fixer.io exchange rate API for automatic conversions

Inline Category Creation (#67)

• Create categories on-the-fly: New "+" button next to the category dropdown in the subscription form
• Seamless workflow: Create a new category without leaving the subscription form
• Instant availability: New category is immediately selected after creation
• No more workflow interruption: Users no longer need to create categories before adding subscriptions

🐛 Bug Fixes

Status Change No Longer Resets Renewal Date (#68)

• Fixed: Changing subscription status (Active, Cancelled, Paused, Trial) no longer recalculates the renewal date
• Previous behavior: Changing status would reset renewal date to today + billing cycle
• New behavior: Status and renewal date are now independent - only changing the billing schedule recalculates the renewal date

📦 Files Changed

• internal/service/currency.go - Added CHF and BRL to SupportedCurrencies
• templates/settings.html - Added CHF and BRL currency options with symbols
• templates/subscription-form.html - Added inline category creation, fixed status/renewal date bug, added CHF/BRL options

🔄 Migration Notes

No database migrations required. This is a feature addition that works with existing data.

⚠️ Breaking Changes

None. All changes are backward compatible.

Note: Always create a database backup before updating to a new version. You can export your data from Settings → Data Management → Backup Data.

---

Closes #63, #66, #67, #68

v0.4.8 - Renewal Reminders & Improved Notes Display

Release Notes - v0.4.8

🎉 New Features

Renewal Reminder Emails

• Automatic renewal reminders: SubTrackr now sends email reminders for upcoming subscription renewals
• Configurable reminder window: Set how many days in advance to receive reminders (default: 7 days)
• Daily scheduler: Background process checks for upcoming renewals daily and sends reminder emails
• Smart filtering: Only active subscriptions with renewal dates are included in reminders
• Email template: Beautiful HTML email template with subscription details and renewal date

Improved Subscription Notes Display

• Hover tooltip: Subscription notes are now displayed in a compact tooltip on hover instead of a separate row
• Eye icon indicator: Small eye icon appears next to edit/delete buttons when a subscription has notes
• Auto-sizing tooltip: Tooltip width automatically adjusts to match the note text length
• Better UX: Cleaner table layout with notes accessible on demand

🔧 Technical Improvements

• Added SendRenewalReminder() method to EmailService
• Added GetSubscriptionsNeedingReminders() method to SubscriptionService
• Implemented background scheduler with daily checks
• Added comprehensive test suite for renewal reminder functionality
• Improved template structure for better maintainability

🧪 Testing

• Added 13 test cases covering renewal reminder functionality
• Tests cover edge cases, boundary conditions, and error scenarios
• All tests passing

📝 How to Use

Renewal Reminders

1. Configure SMTP settings in Settings page
2. Enable "Renewal Reminders" toggle in Settings
3. Set "Reminder Days" (how many days before renewal to send reminder)
4. Ensure subscriptions have renewal dates set
5. Reminders will be sent automatically via email

Subscription Notes

• Notes are now visible via hover tooltip on the eye icon
• Tooltip appears when hovering over the eye icon in the Actions column
• No changes needed - works automatically with existing notes

🐛 Bug Fixes

• Fixed subscription notes display taking up unnecessary table space
• Improved tooltip positioning and sizing

📦 Files Changed

• cmd/server/main.go - Added renewal reminder scheduler
• internal/service/email.go - Added SendRenewalReminder method
• internal/service/subscription.go - Added GetSubscriptionsNeedingReminders method
• internal/service/renewal_reminder_test.go - Comprehensive test suite
• templates/subscriptions.html - Updated notes display with tooltip
• templates/subscription-list.html - Updated notes display with tooltip

🔄 Migration Notes

No database migrations required. This is a feature addition that works with existing data.

⚠️ Breaking Changes

None. All changes are backward compatible.