v1.3.2

What's Changed

• Add Mission Control by @reesericci in #65
• Fix bug where record broadcasts were not scoped to the domain by @reesericci in 3f6f2e9. Closes #10

Full Changelog: v1.3.1...v1.3.2

v1.3.1

What's Changed

• Adds support for the OAuth device grant flow by @reesericci in #63

Full Changelog: v1.3.0...v1.3.1

v1.3.0

What's Changed

• Add rebound [for checking email bounces] @reesericci in #37
• Provisional Domains by @reesericci in #44
• Standard Linting by @reesericci in #45
• Remove Sorbet by @reesericci in #57
• Full OAuth & OIDC compliant API by @reesericci (with help from @polypixeldev and @cjdenio) in #55
• Slack webhook notifications for domain & developer app review
• Ruby 3.1.2 -> Ruby 3.3.0
• Squashing various bugs

Full Changelog: v1.2.0...v1.3.0

v1.2.0

Release Notes

• Adds Record cache with Solid Cache, speeds up site immensely, closes #28 (DNSimple caching) - does not fetch in background though, i don't think it matters too much, the caching works wonders
• Updates to rails 7.1
• Migrates asset pipeline to Propshaft, and does other asset pipeline cleanup
• Creates healthcheck at /up
• Enables discoverable passkey credentials (resident keys), closes #16 (yubikey support) (however people will have to renroll), fixes regression from v1.1.0
• Domain card aesthetic updates, closes #7 (text overflow)
• Fix registration (email OTP invalid issue) and turbo frame issues

Quirks

• Must copy app/javascript/application.js to public/assets/application-{hash}.js manually after running rails assets:precompile

v1.1.3

Release Notes

• Fixed email OTP security bugs (relates to expiration of OTP)
• Adds sent email confirmation on resend code
• Create security disclosure policy (SECURITY.md)

v1.1.2: URGENT SECURITY PATCH

This release contains an urgent security patch for email OTP login.

On previous versions, any actor could log into any account with email OTP enabled by entering any number into the OTP field after requesting an email.

We thank zinc for reporting this issue.

Administrators: update your version of Obl.ong immediately.

Lastly, email OTPs now only get sent if the code has expired, or you manually hit resend - cutting down on SMTP costs.

v1.1.1

Release Notes:

• Added domain creation & transfer emails

v1.1.0

Release Notes:

• Made passkey authentication more reliable, by not sending all pubkeys to the browser, but sending RP information instead.
• Fixed transfer UI in the domain settings
• Added email code authentication & opt-out
• Added production DNSimple api endpoint if production environment detected
• Added postgres db for production
• BREAKING CHANGE/REDUCTION: yubikeys no longer supported at this time due to them not being a discoverable credential.

v1.0.0 !

This is the initial release for admin.obl.ong! There's no support for email forwarding or link creation at the moment, just DNS records.