RELEASE HISTORY
Changelog
Transparent release history. What changed, when, and why. Security-relevant items are always listed.
Unreleased
Features in active development.
Planned
- Prometheus + Grafana monitoring via Tailscale-only access
- Outlook add-in (
addin.paramant.app) — source scaffold done - Chrome Web Store public listing
- Stripe integration for billing (currently stub mode)
- Team accounts + SSO
- WebAuthn / Passkey second-factor option
- Admin email preview modal with per-user send actions
- Public status page
v0.9.0-beta
20 April 2026Admin panel hardening + email overhaul + TOTP security sprint.
Added
- Enterprise email templates — centralized
admin/lib/email-templates.jswith 5 dual-body (plain-text + HTML) transactional emails. Brand-consistent Paramant design. Preheader text, masked IP footer, List-Unsubscribe header, reply-to. - Force TOTP per user — admin can require TOTP setup before next login; active sessions revoked immediately on enable
- Two-stage TOTP reset — request email → confirmation email (1h TTL) → TOTP cleared only after confirmation link clicked
- Email enumeration protection on
/api/user/auth/request-totp-reset(always returns 200) - Rich per-user email action menu with preview-before-send
- Server-side pagination on Users list (
page,page_size,status,planfilters) - Audit logging on all mutating admin endpoints
- Global audit ZSET for O(log n) recent-events queries
email+createdfields on user records (new + backfilled)- API key masking in users list (first 8 + last 4 chars)
- Clean JSON error responses — no HTML stack traces
- WCAG AA on admin panel (ARIA, keyboard nav, skip link, focus indicators)
- Admin panel documentation (
admin/ADMIN.md)
Changed
- From-address on all transactional emails:
noreply@→hello@paramant.app - TOTP reset confirmation TTL: 15 min → 60 min
delete_accountadmin rate limit: 3/day → 50/day
Fixed
- Admin panel showing
—instead of0for empty stat cards - Relay dashboard showing 0h uptime
- Delete-account causing "Error loading users" on next refresh
- Missing
ADMIN_TOKENheaders on internalcallRelay()calls (all returning 401) - Modal element IDs not matching JS function references
Security
- TOTP reset requires inbox access — attacker with known email cannot force a reset
- Rate limits on reset flow: 5/email/24h + 10/IP/1h
- Error responses are JSON only — no internal paths or server info leaked
- 24/24 integration tests passing
v0.9.0-beta
19 April 2026Enterprise readiness sprint. Admin panel redesign + security audit.
Added
- Five-tab admin dashboard (Overview, Users, Audit, Billing, Relay) — v4 Denim Edit styling
- User signup flow at
/signupwith TOTP enrollment (no password) - Billing scaffold with Stripe placeholder — checkout, cancel, status, history
- Chromium browser extension (dual-mode: API key + TOTP)
- Wazuh SIEM agent connected via Tailscale
- Security audit executed — 6-layer scope, low risk (0 critical, 0 high)
Changed
- GitHub Actions pinned to commit SHAs for supply-chain security
- TOTP v2 rolled out to beta users; Q2 2026 banners removed
- Setup flow button-gated to prevent email scanner token consumption
POST /api/user/auth/setup/:tokenidempotent for provisional enrollments@noble/post-quantumupdated to 0.6.1
Fixed
- Setup token consumed by email scanners (Gmail, Barracuda, Proofpoint)
INTERNAL_AUTH_TOKENmissing from admin container — relay calls returning 401- Wazuh agent connectivity after UFW default-deny reboot
Security
- Setup tokens no longer consumed by email preview scanners
- Full 6-layer automated audit completed; all findings fixed same session
- Load tested to 500 req/s — p95 135ms, zero errors