Security Enhancements
-
CSRF protection middleware (#13)
- Added comprehensive CSRF protection for form submissions
- Validates Origin and Host headers for state-changing requests
-
CSRF configuration step in onboarding (#20)
- New setup step guides users through CSRF domain configuration
-
CSRF warning banner for unconfigured users (#21)
- Warning banner displayed in admin panel when CSRF protection is not configured
New Features
-
Environment variable precedence for settings (#14)
- Settings can now be configured via environment variables
- Environment values take precedence over database-stored settings
-
Upgraded default AI model to gpt-5-mini for improved fun facts generation
-
Pre-commit hooks with prek (#15)
- Added automated code quality checks before commits
- CI workflow validates hook configuration (#17)
Bug Fixes
-
Toggle switch visibility improvements (#25)
- Enhanced contrast and theme button alignment in UI
-
Admin logs page stability (#19)
- Added defensive checks for filter handling
-
Year navigation edge case
- Fixed undefined array access when navigating between years
Performance
- Optimized startup performance (#16)
- Settings conflict cleanup now runs once at startup instead of per-request
Other Changes
- Streamlined Plex settings form (#18)
- Expanded test coverage across settings, funfacts, and core modules (#22, #23, #24)
- Documentation updates and corrections
Full Changelog: 0.1.5...0.1.6