Skip to content

Releases: netresearch/ldap-manager

v1.1.4

14 Jan 16:15
Immutable release. Only release title and notes can be modified.
v1.1.4
57e5dab

Choose a tag to compare

What's Changed

Security Fixes

  • fix(security): add ReferrerPolicy header for CSRF validation - Browsers were not sending Referer header required by Fiber's CSRF middleware, causing "referer not supplied" validation failures on HTTPS
  • fix(security): remove Cross-Origin-Embedder-Policy header - The default COEP header was breaking browser extensions like Bitwarden

Developer Experience

  • chore: migrate dev tools to go tool directive - Dev tools (templ, golangci-lint, goimports, gofumpt) now use Go 1.24+ tool directives for version-locked consistency

Full Changelog

v1.1.3...v1.1.4

v1.1.3

14 Jan 12:34
Immutable release. Only release title and notes can be modified.
v1.1.3
5a1b284

Choose a tag to compare

Security Fix: Session-based CSRF Storage

This release fixes the root cause of CSRF token validation failures that persisted after v1.1.2.

Root Cause

The CSRF middleware was using its own internal in-memory storage, separate from the session store. This caused:

  • Tokens to fail validation on subsequent requests
  • Session-based authentication to work, but CSRF to fail
  • Issues in production even with PersistSessions=true

Fix

  • CSRF middleware now uses session-based storage (Session: sessionStore)
  • Tokens persist in the session and survive container restarts
  • Full alignment between session and CSRF token lifecycle

Changes

  • internal/web/server.go: Added Session and SessionKey to CSRF config
  • Updated createCSRFConfig to accept sessionStore parameter
  • Added regression test confirming the fix

Full Changelog

v1.1.2...v1.1.3

v1.1.2

14 Jan 07:21
Immutable release. Only release title and notes can be modified.
v1.1.2
ec7d0dd

Choose a tag to compare

Security Fix

CSRF Token Expiration Bug Fixed

Critical fix: CSRF token expiration was incorrectly set to 3600 nanoseconds instead of 1 hour, causing all login attempts to fail with "CSRF token validation failed".

What was affected

  • All login attempts failed with "Access Forbidden - CSRF token validation failed"
  • The bug was introduced when CSRF middleware was configured with Expiration: 3600 (interpreted as nanoseconds) instead of Expiration: time.Hour

Changes

  • Fixed CSRF token expiration from ~3.6 microseconds to 1 hour (#390)

Full Changelog: v1.1.1...v1.1.2

v1.1.1

12 Jan 12:10
Immutable release. Only release title and notes can be modified.
v1.1.1
f8ffc5a

Choose a tag to compare

What's Changed

Bug Fixes

  • fix: restore Docker HEALTHCHECK with built-in --health-check flag (#385)
    • Added --health-check CLI flag that performs HTTP health check against /health/live
    • Works with distroless images (no shell/curl required)
    • Re-enabled HEALTHCHECK in Dockerfile

Dependencies

  • fix(deps): update module github.com/a-h/templ to v0.3.977 (#377)
  • chore(deps): update pnpm to v10.28.0 (#384)
  • chore(deps): update dependabot/fetch-metadata action to v2.5.0 (#381)

Testing & Quality

  • refactor: replace go-mutesting with gremlins for mutation testing (#379)
  • test(retry): add mutation-killing tests for retry package (#380)
  • test(options): add mutation-killing tests for Parse function (#382)

Full Changelog: v1.1.0...v1.1.1

v1.1.0

29 Dec 01:05
Immutable release. Only release title and notes can be modified.
359b13d

Choose a tag to compare

What's Changed

Features

  • Enhanced Detail Views: Add email, description, copy-to-clipboard for users/groups/computers (#373)
  • GUI Rework: Theme switching (light/dark/system), density controls, accessibility improvements (#370)
  • Client-side Search: Add real-time search filter for users, groups, and computers lists
  • Searchable Combobox: Filterable dropdown for user/group selection
  • Rate Limiting: Add rate limiting for authentication endpoints
  • Graceful Shutdown: Proper signal handling with context propagation
  • Retry Logic: Exponential backoff for LDAP operations
  • TLS Skip Verify: Support for self-signed certificates
  • WCAG Compliance: Title attributes and accessibility improvements

Bug Fixes

  • LDAP DN Handling: Properly handle special characters in LDAP DNs (#371)
  • UTF-8 Parsing: Fix invalid UTF-8 handling in URL parsing (#369)
  • Template Cache: Resolve data race in template cache Get method
  • Connection Pooling: Disable pooling and use reverse membership lookup
  • CSS Cache Busting: Preserve current CSS file when cleaning old versions

Documentation

  • Update README screenshots with enhanced detail views (#375)
  • Add SECURITY.md for vulnerability reporting
  • Fix password inconsistency in AGENTS.md examples
  • Improve screenshot presentation with borders and single-column layout

Testing & Quality

  • Implement comprehensive testing pyramid with unit, integration, and fuzz tests
  • Add gremlins mutation testing configuration
  • Add health handler tests for improved coverage
  • Add durationcheck, fatcontext, and forcetypeassert linters
  • Add standalone vet and vuln-check Makefile targets

Dependencies

  • Update Go to 1.25.x
  • Update simple-ldap-go to v1.6.0
  • Update Tailwind CSS to v4.1.x
  • Update numerous GitHub Actions to latest versions
  • Various npm dependency updates

CI/CD

  • Fix auto-merge workflow circular dependency
  • Improve merge queue integration
  • Update GitHub Actions security hardening

Upgrading

No breaking changes. Direct upgrade from v1.0.x is supported.

Full Changelog: v1.0.8...v1.1.0

v1.0.8

14 Feb 08:33

Choose a tag to compare

fix build

  • fix build of css

What's Changed

  • chore(deps): update tailwindcss monorepo to v4.0.3 by @renovate in #168
  • chore(deps): update pnpm to v10.2.0 by @renovate in #169
  • chore(deps): update dependency go to v1.23.6 by @renovate in #170

Full Changelog: v1.0.7...v1.0.8

v1.0.7

31 Jan 13:21

Choose a tag to compare

What's Changed

  • chore(deps): update pnpm to v9.13.0 by @renovate in #150
  • fix(deps): update module github.com/netresearch/simple-ldap-go to v1.0.1 by @renovate in #149
  • chore(deps): update pnpm to v9.13.2 by @renovate in #152
  • chore(deps): update dependency tailwindcss to v3.4.15 by @renovate in #151
  • chore(deps): update pnpm to v9.14.2 by @renovate in #156
  • chore(deps): update dependency prettier-plugin-tailwindcss to v0.6.9 by @renovate in #155
  • chore(deps): update pnpm to v9.14.4 by @renovate in #158
  • chore(deps): update dependency prettier to v3.4.1 by @renovate in #157

Full Changelog: v1.0.6...v1.0.7

v1.0.6

13 Nov 09:33

Choose a tag to compare

What's Changed

  • chore(deps): update pnpm to v9.5.0 by @renovate in #102
  • chore(deps): update dependency prettier to v3.3.3 by @renovate in #103
  • chore(deps): update dependency tailwindcss to v3.4.6 - autoclosed by @renovate in #104
  • chore(deps): update dependency tailwindcss to v3.4.7 by @renovate in #108
  • chore(deps): update pnpm to v9.6.0 by @renovate in #106
  • fix(deps): update github.com/netresearch/simple-ldap-go digest to a5323ef by @renovate in #105
  • chore(deps): update dependency postcss to v8.4.40 by @renovate in #107
  • chore(deps): update dependency autoprefixer to v10.4.20 by @renovate in #109
  • chore(deps): update dependency postcss to v8.4.41 by @renovate in #110
  • chore(deps): update pnpm to v9.7.0 by @renovate in #111
  • chore(deps): update dependency tailwindcss to v3.4.9 by @renovate in #113
  • fix(deps): update github.com/netresearch/simple-ldap-go digest to 089547a by @renovate in #112
  • chore(deps): update dependency tailwindcss to v3.4.9 by @renovate in #114
  • chore(deps): update dependency prettier-plugin-tailwindcss to v0.6.6 by @renovate in #116
  • chore(deps): update dependency cssnano to v7.0.5 - autoclosed by @renovate in #115
  • chore(deps): update dependency tailwindcss to v3.4.10 by @renovate in #117
  • chore(deps): update pnpm to v9.7.1 by @renovate in #119
  • fix(deps): update github.com/netresearch/simple-ldap-go digest to 4a28ba8 by @renovate in #120
  • chore(deps): update dependency concurrently to v9 by @renovate in #125
  • chore(deps): update dependency cssnano to v7.0.6 by @renovate in #124
  • chore(deps): update dependency @tailwindcss/forms to v0.5.9 by @renovate in #122
  • chore(deps): update pnpm to v9.9.0 by @renovate in #121
  • chore(deps): update dependency postcss to v8.4.45 by @renovate in #123
  • chore(deps): update golang docker tag to v1.23 by @renovate in #118
  • chore(deps): update dependency nodemon to v3.1.6 by @renovate in #132
  • chore(deps): update dependency postcss to v8.4.47 by @renovate in #131
  • chore(deps): update dependency concurrently to v9.0.1 by @renovate in #130
  • chore(deps): update pnpm to v9.11.0 by @renovate in #128
  • chore(deps): update dependency nodemon to v3.1.6 by @renovate in #133
  • fix(deps): update github.com/netresearch/simple-ldap-go digest to 15999f1 by @renovate in #127
  • chore(deps): update pnpm to v9.12.1 by @renovate in #136
  • chore(deps): update dependency prettier-plugin-tailwindcss to v0.6.8 by @renovate in #135
  • chore(deps): update dependency nodemon to v3.1.7 by @renovate in #134
  • chore(deps): update dependency tailwindcss to v3.4.13 by @renovate in #129
  • chore(deps): update dependency prettier-plugin-tailwindcss to v0.6.8 by @renovate in #137
  • chore(deps): update dependency @tailwindcss/forms to v0.5.9 by @renovate in #126
  • fix(deps): update github.com/netresearch/simple-ldap-go digest to 8c3de1c by @renovate in #139
  • chore(deps): update dependency tailwindcss to v3.4.13 by @renovate in #138
  • fix(deps): update module github.com/netresearch/simple-ldap-go to v1 by @renovate in #140
  • chore(deps): update dependency tailwindcss to v3.4.14 by @renovate in #141
  • chore(deps): update pnpm to v9.12.2 by @renovate in #142
  • chore(deps): update node.js to v22 by @renovate in #144
  • chore(deps): update pnpm to v9.12.3 by @renovate in #143
  • chore(deps): update dependency concurrently to v9.1.0 by @renovate in #146
  • chore(deps): update dependency postcss to v8.4.49 by @renovate in #147
  • chore(deps): update dependency postcss to v8.4.49 by @renovate in #148

Full Changelog: v1.0.5...v1.0.6

v1.0.5

04 Jul 13:10
b79269b

Choose a tag to compare

What's Changed

  • chore(deps): update pnpm to v9.1.2 by @renovate in #81
  • chore(deps): update pnpm to v9.1.4 by @renovate in #86
  • fix(deps): update github.com/netresearch/simple-ldap-go digest to 4a351a8 by @renovate in #84
  • chore(deps): update dependency nodemon to v3.1.2 by @renovate in #85
  • chore(deps): update dependency nodemon to v3.1.2 by @renovate in #87
  • fix(deps): update module github.com/rs/zerolog to v1.33.0 by @renovate in #83
  • chore(deps): update pnpm to v9.4.0 by @renovate in #94
  • chore(deps): update dependency cssnano to v7.0.3 by @renovate in #92
  • chore(deps): update dependency prettier-plugin-tailwindcss to ^0.6.0 by @renovate in #88
  • chore(deps): update dependency nodemon to v3.1.4 by @renovate in #90
  • chore(deps): update docker/build-push-action action to v6 by @renovate in #95
  • fix(deps): update github.com/netresearch/simple-ldap-go digest to 86bc235 by @renovate in #91
  • chore(deps): update dependency tailwindcss to v3.4.4 by @renovate in #93
  • fix(deps): update module github.com/gofiber/fiber/v2 to v2.52.5 [security] by @renovate in #98

Full Changelog: v1.0.4...v1.0.5

v1.0.4

07 May 12:56

Choose a tag to compare

What's Changed

  • chore(deps): update pnpm to v9.1.0 by @renovate in #77
  • fix(deps): update module github.com/a-h/templ to v0.2.680 by @renovate in #79
  • chore(deps): update dependency cssnano to v7 by @renovate in #78

Full Changelog: v1.0.3...v1.0.4