@@ -7,6 +7,75 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
77
88## [ Unreleased]
99
10+ ## [ 0.17.0] - 2025-12-22
11+
12+ ### Added
13+
14+ - ** Secure Web Authentication** ([ #408 ] ( https://github.com/netresearch/ofelia/pull/408 ) )
15+ - Complete bcrypt password hashing with HMAC session tokens
16+ - Secure cookie handling with HttpOnly, Secure, and SameSite flags
17+ - Support for reverse proxy HTTPS detection (X-Forwarded-Proto)
18+ - Password hashing utility: ` ofelia hashpw `
19+
20+ - ** Doctor Command Enhancements** ([ #408 ] ( https://github.com/netresearch/ofelia/pull/408 ) )
21+ - Web authentication configuration checks in ` ofelia doctor `
22+ - Validates password hash format and token secret strength
23+
24+ - ** ntfy-token Preset** ([ #409 ] ( https://github.com/netresearch/ofelia/pull/409 ) )
25+ - Bearer token authentication for self-hosted ntfy instances
26+ - Supports both ntfy.sh and self-hosted deployments with access tokens
27+
28+ - ** Webhook Host Whitelist** ([ #410 ] ( https://github.com/netresearch/ofelia/pull/410 ) )
29+ - New ` webhook-allowed-hosts ` configuration option
30+ - Default: ` * ` (allow all hosts) - consistent with local command trust model
31+ - Whitelist mode when specific hosts are configured
32+ - Supports domain wildcards (e.g., ` *.slack.com ` )
33+
34+ - ** CronClock Interface** ([ #412 ] ( https://github.com/netresearch/ofelia/pull/412 ) )
35+ - Testable time abstraction for scheduler testing
36+ - FakeClock implementation for instant, deterministic tests
37+ - go-cron compatible Timer interface
38+
39+ ### Security
40+
41+ - ** Cookie Security Hardening** ([ #411 ] ( https://github.com/netresearch/ofelia/pull/411 ) )
42+ - Secure, HttpOnly, and SameSite=Lax flags on all cookies
43+ - HTTPS detection for reverse proxy deployments
44+ - Security boundaries ADR documenting responsibility model
45+
46+ - ** GitHub Actions Pinning** ([ #411 ] ( https://github.com/netresearch/ofelia/pull/411 ) )
47+ - All workflow actions pinned to SHA for supply chain security
48+ - CodeQL updated to v3.31.9
49+
50+ ### Improved
51+
52+ - ** Test Infrastructure** ([ #412 ] ( https://github.com/netresearch/ofelia/pull/412 ) )
53+ - Complete gocheck to stdlib+testify migration
54+ - Eventually pattern replacing time.Sleep-based synchronization
55+ - Parallel test execution with t.Parallel()
56+ - Race condition fixes detected by -race flag
57+
58+ - ** Performance** ([ #412 ] ( https://github.com/netresearch/ofelia/pull/412 ) )
59+ - Sub-second scheduling for faster test execution
60+ - Optimized pre-commit and pre-push hooks
61+ - Test suite runtime reduced by ~ 80%
62+
63+ - ** Linting** ([ #413 ] ( https://github.com/netresearch/ofelia/pull/413 ) )
64+ - Comprehensive golangci-lint configuration audit
65+ - All linting issues resolved
66+
67+ ### Documentation
68+
69+ - ** Security Boundaries ADR** ([ #411 ] ( https://github.com/netresearch/ofelia/pull/411 ) )
70+ - ADR-002 documenting security responsibility model
71+ - Clear separation between Ofelia and infrastructure responsibilities
72+
73+ - ** Webhook Documentation** ([ #410 ] ( https://github.com/netresearch/ofelia/pull/410 ) )
74+ - Host whitelist configuration guide
75+ - Security model explanation
76+
77+ ## [ 0.16.0] - 2025-12-10
78+
1079### Fixed
1180
1281- ** Docker Socket HTTP/2 Compatibility**
0 commit comments