2023-11-18

• Fix three regressions caused by the changes made in preparation for packaging the proxy as a Python module:
  • #204: Startup in --no-gui mode failed when the GUI dependency pystray was present but broken – thanks @w5pny
  • #206: Prompt toolkit was not available globally, so --external-auth using this method was broken – thanks @roboshim
  • Make sure log file output and auto-start features properly handle packaged versions of the proxy
• #205: Remove unnecessary whitespace in the sample configuration file – thanks @brianjmurrell
• Fix an incorrect import (that previously only worked because pystray provided the correct import)

2023-11-01

This release features two significant improvements contributed by @terencehonles:

• #198: Add support for encrypted secret rotation, which allows the security of locally-cached account access tokens to be automatically improved periodically when recommended.
  • Please note: in almost every case this will be a positive update, but this change does mean that encrypted credentials in the proxy's configuration files are not fully backward compatible between this version of the proxy and previous versions (i.e., opening this version's configuration file with a previous version of the proxy will lead to a re-authentication request). If you currently share a configuration file (or local/AWS --cache-store) between multiple instances of the proxy, be sure to upgrade all of these at the same time to avoid being asked to re-authenticate your accounts.
• #199 and #201: Package the proxy to support distribution as a standard Python module on PyPI, which simplifies installation in most cases, and also allows further customisation or combination with other tools.

In addition:

• #189: Add an option to disable credential censoring to help with troubleshooting (requires a script edit for safety) – thanks @ronald-wentworth and @Mrstaubsauger
• #194: Specify local_address in all sample server configurations to avoid unintentionally listening outside the local system when using the example unedited – thanks @bemoody
• #196: Catch SIGUSR1 to toggle debug mode, improve the display of full addresses in debug mode, and show connection attempts more clearly – thanks @deepjansari

2023-09-06

• #155: Explicitly handle concurrent configuration file access – thanks @fpl
• #170: Update pywebview version to resolve a macOS issue – thanks @Draykan
• #175: Proactively update the GUI menu whenever new catch-all accounts are added – thanks @Draykan (and subsequently #190: fix a regression caused by this change – thanks @ray-magini)
• #179: Switch to :: (i.e., dual-stack loopback) as the default local_address when no value is specified – thanks @bwbug and @mtlg
• #183: Improve handling of expired access tokens when the refresh token is still valid – thanks @Draykan
• #185: Improve error messages when there is a possible encryption mismatch – thanks @manu-msf
• #186: Link to an improved Docker example – thanks @blacktirion
• #187: Use an inverse colour icon when starting in a light Windows theme – thanks @bwbug
• Add an icon for PyInstaller builds
• Format IPv6 addresses more clearly (surround with [] consistently)
• Improve documentation about IPv4 vs. IPv6 support and defaults
• Provide a more helpful error message when a local certificate/key is specified but not found
• Make sure stdin exists before checking it is a TTY
• Work around an incompatibility when using pystray <= 0.19.4 with PIL >= 10.0.0

2023-05-18

• #143: Warn (rather than crash) when loading invalid/tampered token_salt values – thanks @ibravos75
• #146: Fix regression in redirect_uri values with path components – thanks @pstutzinger
• #148: Fix an issue when using PyInstaller --onefile on Windows that caused servers not to load – thanks @migozz
• #149: Correct PyInstaller additional import to work around timeago issue – thanks @migozz
• #152: Clarify documentation around usage of IPv6 vs. IPv4 – thanks @wtcline-intc
• #151: Better error messages when using buggy clients – thanks @migozz (and previously @Schmass with #101)
• Fix crash when using macOS pre-Mojave and older versions of pywebview
• Group and clarify command-line arguments

2023-03-09

This release contains a major improvement effort led by @michaelstepner to support alternative stores for the proxy's cached OAuth 2.0 tokens. This allows the use of external stores (currently AWS Secrets Manager) or a separate local file for this purpose.

This release also adds semi-automatic building of macOS and Windows executables that do not require python or any dependencies to be configured (see various requests/discussions in #100, #125 and #135). It is important to note that unlike the proxy itself these are not tested, and are provided only in case they are useful. No support can be provided for these files.

In addition:

• #137: Make sure that configuration files are writable before saving – thanks @andre13794
• #140: Add IPv6 binding with dual-stack support – thanks @sahilph
• Various other minor improvements – thanks @mikhailter (#138) and @bwbug (#134)

2023-02-08

• #62 and #94: Add an option to paste authentication results into the terminal in no-GUI mode (avoids --local-server-auth; requires prompt_toolkit) – thanks @MatthewJWalters, @Jonher937 and @jlevon
• #121: Improve SSL handshake retries on unreliable network connections – thanks @brianjmurrell
• #135: Improved compatibility with PyInstaller, and better handling of Start at login arguments – thanks @bwbug
• Clarify PyInstaller installation requirements (#125)
• Document usage of external proxy handlers (#113, #123, #130)
• Include the proxy's version in its startup message

2022-12-14

• Catch SIGHUP to reload the current configuration file
• Make notifications clickable, and ensure they are always displayed (macOS)
• Visually hint secure local connections in the menu bar (macOS)
• Override cmd+q to close (rather than quit) the browser popup (macOS)
• Separate IMAP/POP/SMTP servers into different menu bar sections
• Clarify various error and authentication failure messages (#90, #92, #102)
• #69: Remove dependency pinning now that pywebview 3.7 has added compatibility with pythonnet 3 – thanks @dbilewicz and @yon-y
• #96: Allow redirect_uri to match over different schemes – thanks @ThorstenEngel
• #103: Work around redirect_uri mismatch on some platforms when using redirect_listen_address – thanks @pstutzinger and @marcoideait

2022-11-01

Many thanks to @sflamm for generously sponsoring two enhancements that are included in this release:

• #81: Add support for the resource owner password credentials grant flow
• #78: Add support for catch-all account sections in the proxy's configuration file

This release also contains the following improvements/fixes:

• #88: Invalidate tokens within their expiry margin if no refresh token is available – thanks @lakelse
• #87: Add basic support for rotating log files – thanks @cobwash
• #75: Add support for string literals in IMAP LOGIN commands – thanks @M4tDR

2022-10-10

• #67: Include account name in log messages in normal (as well as debug) mode – thanks @Steltek
• #69: Temporary requirements.txt fix for a Windows pywebview issue (to be removed when pywebview 3.6.4 is released) – thanks @dbilewicz
• #73: Only encrypt client secret if actually present – thanks @athoms

2022-09-27

• #61: Add support for O365 client credentials grant flow (IMAP.AccessAsApp / POP.AccessAsApp; see #61 for discussion) – thanks @ft3411 and @edombroski
• #63: New parameter to allow logging to file regardless of platform defaults – thanks @Steltek