Highlights
- Deprecation warnings: All deprecated features now log warnings with
v1.6.0removal targets — OIDC HTTP discovery, legacy trigger templates (${name},${count}), Dockerwatchatstartenv var, unversioned/api/*path, WUD env vars, CORS wildcard origin, PUT settings endpoint - OIDC logouturl fallback: Providers without
end_session_endpointnow fall back to the configuredlogouturl - Trigger error suppression: Repeated identical trigger errors during bursts are suppressed to reduce log noise
- Compose trigger hardening: File lock manager, validation, reconciliation, batch mode support
- Identity-aware rate limiting: Rate limit keys now include authenticated user identity for shared proxy deployments
- Advisory-only security scanning: New
DD_SECURITY_BLOCK_SEVERITY=NONEmode for scan-without-block - UI compose preview: File path display and preview details for compose-managed containers
- Reactive server feature flags: Composable for SSE-driven feature flag updates
Bug Fixes
- Include container name in non-semver digest warnings
- Fix registry test mock path (was silently ignored since initial commit)
- Fix compose type assertions for ContainerImage
- Prune backups on failed updates and guard undefined maxCount
- Record failing new image as fromVersion in rollback audit entries
- Deduplicate server feature loads and preview normalization
- E2E: skip GHCR/LSCR containers when credentials unavailable
Test & Quality
- 3,959 backend tests, 1,575 UI tests (100% coverage thresholds)
- 665 lines of compose trigger edge case coverage
- Identity-aware rate limiter integration tests across all API routers
- Deprecation warning coverage for OIDC, triggers, watchatstart, API path
Full Changelog
See CHANGELOG.md for the complete list of changes.