github CodesWhat/drydock v1.4.0
on GitHub

7 hours ago

Drydock v1.4.0

The biggest release yet — a complete UI overhaul, fail-closed security hardening, and 80+ changes.

Docker
Docs

What's New

UI Modernization

  • Tailwind CSS 4, Vue 3 Composition API, shared component library
  • 6 color themes — One Dark, GitHub, Dracula, Catppuccin, Gruvbox, Ayu (dark + light)
  • 7 icon libraries — 500+ icons with tree-shaking, offline-capable
  • Font size preference, borderless redesign, responsive layouts

Dashboard

  • Real-time stat cards (containers, updates, security, registries)
  • Update summary, security overview, and host status widgets
  • Drag-and-drop widget ordering with localStorage persistence

Compose Trigger Overhaul

  • Auto compose file detection from container labels with Docker inspect fallback
  • Pre-commit docker compose config validation before writes
  • Digest pinning, reconciliation modes (warn/block), compose-file-once batch mode
  • Directory-as-FILE support (DD_TRIGGER_DOCKERCOMPOSE_{name}_FILE=/path/to/dir)

Security Hardening

  • Argon2id password hashing (OWASP recommended, Node.js built-in crypto.argon2Sync)
  • OIDC redirect URL validation, CSRF Sec-Fetch-Site protection
  • Rate limiting with identity keying for shared proxies
  • Permissions-Policy, Cross-Origin-Embedder-Policy, tightened CSP
  • Timing side-channel elimination on auth, LokiJS metadata stripping from all API responses
  • Production image: wget/nc removed, zlib upgraded, npm stripped

Home Assistant / MQTT

  • HASS discovery with entity_picture auto-resolution from container icons
  • Attribute filtering — short (default) and full presets
  • dd.display.picture label for direct entity picture URL override

Container Operations

  • Update, rollback, scan, start/stop/restart with confirmation dialogs
  • Compose trigger affinity — actions route to the correct compose trigger
  • Group operations with per-container progress feedback

More Highlights

  • Self-update controller — automated Drydock self-update via Docker trigger
  • Tag-family semverdd.tag.transform regex rewriting for non-standard versioning
  • OpenAPI 3.1.0 — full spec at GET /api/openapi.json
  • mTLS client certificatesCLIENTCERT/CLIENTKEY registry options
  • Audit log for external state changes — container start/stop/restart via Portainer or CLI

Breaking Changes

MQTT HASS_ATTRIBUTES default changed from full to short

This excludes large SBOM documents, scan vulnerabilities, details, and labels from Home Assistant entity payloads. To retain the previous behavior: 

DD_TRIGGER_MQTT_{name}_HASS_ATTRIBUTES=full

Migration from v1.3.9

Drop-in upgrade — pull the new image and restart. Legacy v1.3.9 password hashes ({SHA}, $apr1$, crypt, plaintext) are accepted with a deprecation banner. Upgrade to argon2id at your convenience; legacy hash support is removed in v1.6.0. 

docker pull codeswhat/drydock:1.4.0

See the full CHANGELOG for the complete list of changes.

Documentation · Configuration Guide · GitHub

Check out latest releases or
releases around CodesWhat/drydock v1.4.0

Don't miss a new drydock release

NewReleases is sending notifications on new releases.

Get notifications