๐ Critical Bug Fix
This release fixes a critical bug that prevented CSRF token fetching, causing all POST requests to fail with 403 Forbidden errors.
Fixed
- CSRF Token Fetch: Corrected URL path in
CsrfContext.tsxfrom relative'api/csrf-token'to absolute'/api/csrf-token'- Fixes 403 Forbidden errors when sending messages
- Fixes 403 Forbidden errors when sending reactions
- Fixes all other POST request failures due to missing CSRF token
Impact
Users on v2.4.1 who were unable to send messages or reactions should upgrade to v2.4.2 immediately.
Full Changelog
v2.4.2 (Current Release)
- Fixed CSRF token fetch URL path (#187)
v2.4.1 (Previous Release) - Also included in this release:
- Fixed CSP blocking inline styles in production (#186)
- Changed default SameSite cookie policy from 'strict' to 'lax' for better reverse proxy compatibility (#186)
- Added comprehensive ALLOWED_ORIGINS documentation (#185)
- Fixed environment variable documentation (#185)
Docker Image
```bash
docker pull ghcr.io/yeraze/meshmonitor:2.4.2
docker pull ghcr.io/yeraze/meshmonitor:latest
```
Upgrade Notes
- No configuration changes required
- Simply pull the new Docker image or update your deployment
- All v2.4.1 fixes are included in this release
๐ MeshMonitor v2.4.2
๐ฆ Installation
Docker (recommended):
docker run -d \
--name meshmonitor \
-p 8080:3001 \
-v meshmonitor-data:/data \
ghcr.io/Yeraze/meshmonitor:v2.4.2๐งช Testing
โ
All tests passed
โ
TypeScript checks passed
โ
Docker images built for linux/amd64, linux/arm64, linux/arm/v7
๐ Changes
See commit history for detailed changes.