Summary
- Users can now choose a per-account date format from their profile, so the interface language and displayed date order can be configured independently while the application timezone still controls the local time shown.
- Changing or resetting a password now revokes trusted 2FA devices for that user. Existing trusted-device records are cleared during the upgrade so browsers must pass the 2FA challenge again before they can be trusted.
- Installation save imports now re-encrypt user TOTP secrets and recovery codes with the new instance
APP_KEY, matching the existing destination and notification handling and preventing 2FA lockouts after migration.
Upgrade Notes
- This release includes a database migration that clears existing trusted 2FA device records; run migrations as part of the upgrade.
- No new environment variables are required.
- Rebuild and restart the VolumeVault container after upgrading.
Verification
- Local verification before release included
docker run --rm --user "$(id -u):$(id -g)" -v "/home/darkdragon/VolumeVault:/app" -w /app volumevault:local php artisan changelog:validate v1.16.2 --release --no-interaction. - Local verification before release included
docker run --rm --user "$(id -u):$(id -g)" -v "/home/darkdragon/VolumeVault:/app" -w /app volumevault:local php artisan test --compact. - Local verification before release included
npm run build. - Local verification before release included
docker run --rm --user "$(id -u):$(id -g)" -v "/home/darkdragon/VolumeVault:/app" -w /app volumevault:local php ./vendor/bin/pint --dirty --format agent.