github knadh/listmonk v4.1.0

one day ago

listmonk-logo

v4.1.0 is a major release with a significant number of improvements and fixes.

⚠️ Important: Upgrading from v3.x.x

As always, take a backup of your Postgres database before upgrading.

v4.0.1 is a major upgrade that introduces multi-user management and authentication features, fundamentally changing how login and authentication works. It no longer relies on the browser-based BasicAuth prompt and ships with a build-in login system. The upgrade automatically creates a new Super Admin user based on the admin_username and admin_password fields from the TOML configuration file, after which, the credentials in the TOML file are no longer needed. Read more.

Broken /api/lists/:id: If you're using this API call, please refrain from upgrading to this version for now. It's broken in this release, but has been fixed and a new version will be made available soon.

What's new?

  • Multi-user support with granular permissions, user, role, per-list permissions and API token management.
  • Support for OIDC (OpenID Connect) authentication.
  • First-time Super Admin setup UI for fresh installations.
  • Significant performance improvements to SQL queries underlying concurrent campaign processing. Performance gains of several orders of magnitude on large installations.
  • Styling improvements to UI for better UX including new tabs UI in subscriber modal popup.
  • Markdown syntax highlighting.
  • Static email template subjects are now scriptable with template syntax.
  • Support for CC and BCC in custom email headers.
  • Syntax highlighting in HTML form generator.
  • Many quality-of-life improvements, fixes, and dependency upgrades.

How to upgrade

As always, take a backup of your database before upgrading.

Binary

Download the latest binary. Stop and replace the old binary. Run ./listmonk --upgrade. Start the app again.

Docker

# cd /directory/with/docker-compose.yml

docker-compose down
docker-compose pull && docker-compose run --rm app ./listmonk --upgrade
docker-compose up -d app db

Changelog

  • 0a27de1 Replace type field in user creation UI with radio-button for better usability.
  • 894d284 Fix GET subscribers not filtering by list permissions. Closes #2129.
  • 8b213f0 adds property description to List and NewList, updates docs (#2150)
  • 18edc65 Add v4.1.0 migrations.
  • abe09d6 Refactor OIDC redirect state to have nonce validation. Closes #2138.
  • b995cce Switch login form URLs to relative URIs.
  • cb8b54f Add ForwardEmail (provider) bounce integration (#2016)
  • 0392582 Add % on campaign analytics pie chart hover (#2124)
  • c35ed68 Fix quotes in JSON API req example in docs.
  • e182fb5 Fix the delete/blocklist by SQL query example in docs.
  • 1ac9ccb Reject blocklist-by-query API requests with no query.
  • ac5e101 Reject query-by-delete API requests with no query. Ref #2122.
  • d8a394d Update it.json (#2134)
  • 68df637 Update curl example to remove username/api_username confusion. Closes #2136.
  • 2c02e01 #2114 - Fix issue of wrong platform used during docker build (#2123)
  • 599147c fix: favicon markup (#2115)
  • be9fe9c Update hu.json (#2102)
  • 5abf004 fix dummy detection for OIDC client secret (#2116)
  • cf7d664 Fix broken individual list GET API. Closes #2117.
  • ca73e4f Change wording to 'one-way mailing list' on the static homepage.
  • 998b6e3 Remove version info from docker-compose docs to avoid confusion.
  • f6ed13a Add explicit instructions for older docker-compose files.
  • 319053d Update release link on static site homepage.
  • f5dfb0c Remove root URL from login setup form to prevent bad redirect on first install. Closes #2103.
  • 136d9d1 Don't fail on chown in Docker entry script. Closes #2104.
  • 8ef71aa Fix docker-compose curl command examples.
  • 120d275 Update release link on static site homepage.
  • 3894571 Remove obsolete demo file reference from Docker build commands.
  • 0f2c679 Remove deprecated goreleaser flag from GitHub action workflow.
  • 11cb3ce Update gorelease Go build version to latest.
  • 79f94d3 Update gorelease command and remove deprecated flags.
  • afd5db9 Fix incorrect image tag in docker-compose.
  • fd04fc1 Refresh i18n language files and add (GPT 3.5) auto-translations for new strings.
  • 4eefd42 Remove redundant campaign manager config validations (#2095)
  • 9bad699 Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#2083)
  • d35dbb0 Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 (#2084)
  • b8ae4f6 Change v4.0.0 migration script to not auto-generate credentials.
  • 7fcc6f7 Simplify and refactor docker-compose.yml and remove install scripts.
  • 24bab75 Add first time login setup template
  • 178fa94 Update user login time on password login.
  • 5b3d6e2 Add first-time Super Admin setup UI on fresh install.
  • 1e4b3a2 Separate get individual user and get all users queries.
  • 87db0d5 Fix Cypress admin form test to support rendered HTML.
  • 25cdb7b Pull e-mail from userinfo endpoint if OIDC token endpoint doesn't return it.
  • a37d414 Add missing GH token to Swagger docs workflow.
  • 9760d19 Fix button focus/active styles on the UI.
  • 69de02a Restyle and simplify subscriber form UI with tabs.
  • b5382b8 Add user UI frontend tests.
  • b2866b1 Apply minor style changes and improvements to modals.
  • 74e77bd Add names to user form fields for testing.
  • 3fdf6fe Add individual list permission checks on admin UI.
  • 887d582 Fix get-users query to return all users when no ID param is given.
  • 1075485 Merge branch 'fix-user-query'
  • e7109da Fix missing email validation in OIDC exchange.
  • 7847167 Fix incorrect id logic in user selection.
  • 13222b5 Fix random timing related Cypress test failures (huh).
  • 29aa977 Expand search input width on subscribers UI for smaller screens.
  • 354fb30 Replace hardcoded perm literal with const.
  • 6258fd5 Increase settings UI poll interval to reduce broken requests.
  • 30be235 Add microseconds to log lines.
  • 0f785b7 Fix Cypress tests to work with new auth and other UI changes.
  • 8c07a2a Fix broken status in subscriber export query.
  • 71f9e86 Show OIDC URL warning only when enabled on the UI.
  • 03744e0 Fix broken settings references on forms page
  • d02a9d6 Update it.json (#2085)
  • 6fe47b2 Merge pull request #2082 from knadh/multiuser
  • 39463d7 Refresh i18n langauge strings.
  • cc71899 Add non-prod ODIC URL warning on admin settings UI.
  • af06d2e Upgrade prismjs.
  • f226aca Add missing auth permissions file.
  • cea65c0 Fix and refactor subscriber batch fetching in campaign processing.
  • ee119b0 Fix import not 'unsubscribing' list subs for already blacklisted subscribers. Ref #1931.
  • a268341 Refactor subscriber APIs list permission filtering.
  • d9b4bae Rename migration to v4.0.0
  • 0331e3c Sory users by created_at always.
  • eb47e80 Fix list auth by adding an explicit 'getAll' flag to query.
  • 3671a52 Update profile UI with new user data structures.
  • ae2a386 Add support for "list roles".
  • 12a6451 Add list permission check to subscriber calls.
  • d74e067 Add per-list permission to list management.
  • 982e8d8 Fix post v4.x.x upgrade warning on admin UI.
  • f8e6eaa Add docs for v4.x.x multi-user upgrade changes.
  • 26c6db0 Remove admin user/password from sample config generation.
  • 1649b3b Fix logic for preventing sole super admin from being wrongly updated/deleted.
  • bf00fd2 Add support for setting admin user/password via env on --install.
  • 68870ad Fix update check looping on failed HTTP requests.
  • 2da920d Add legacy TOML user+password to API auth on init with warning.
  • 5024ded Add API user authentication to auth module with caching of creds on user CRUD.
  • 0bea998 Fix role selection on in user form.
  • e6ec1cb User legacy (TOML) admin credentials as API creds for backwards compatibility.
  • b7155a4 Fix admin UI legacy user warning.
  • b0f6c22 Fix broken subscription status tag on subscriber form UI.
  • 1e875af Add OIDC auth hooks (init, callback, session) and finish OIDC support.
  • 7c92b65 Add avatar field to user schema for OIDC avatars.
  • 834f541 Update OIDC auth URL in login form.
  • 90591fc Apply OIDC/user profile related changes to admin UI.
  • 193f8a8 Add one-click provider config shortcut in OIDC settings.
  • 4eabd96 Refactor update check.
  • a8c1778 Add warning on admin UI for legacy creds in the TOML file.
  • ee90496 Apply minor linting fixes to role form.
  • 72c7676 Add cookie check hack to auth for v3 -> 4 browser BasicAuth session issue.
  • 17b5cc1 Sort roles by created date.
  • d52eac0 Update user APIs and queries to embed role + list permissions.
  • 612c1d6 Add per-list permission management to roles.
  • 19527f9 Add new fields to /api/config to remove /settings dependency in camapign UI.
  • f69aa30 Move User/Roles nav items under Settings.
  • 4a69f0a Minor refactor to subscribers UI. Remove superfluous status column.
  • 474f935 Add permission checks to admin UI to toggle visibility/functionality of components.
  • dd9612b Add user profile based permission check in auth middleware.
  • 09145b4 Fix profile edit page.
  • 32d5823 Refactor 'super' user type to a pre-defined super admin role.
  • 8126eec Restyle tags on the UI.
  • d4e4c5f Add granular permissions and role management to backend and admin UI.
  • 2000e9f Style and add OIDC logo to the login page.
  • 7bb14de Upgrade simplesessions to v3.
  • 313b2af Make user avatar field nullable.
  • 4997c10 Add user profile APIs and update UI.
  • 6a34ebc Update login credentials doc in sample config.
  • a6e06d9 Refactor migration for the latest version.
  • 906e0f5 Refactor handler groups and add mising auth features like logout.
  • 57ac9dc Add public login page and auth middleware and handlers.
  • 1516bf2 Add api type user.
  • bf0b500 Add API token authentication.
  • 10f1c38 Add missing user UI files.
  • 0968e58 Add user/password login handler.
  • 435d6d5 Add create/add/delete user management UI and database schema.
  • 4648f91 Fix bug in OIDC cookie check.
  • 83e4f5d Add migrations for OIDC db fields.
  • f8b3ddb Refactor the oidc package and separate out handlers.
  • 8ca95f6 Refactor OIDC middleware handler logic.
  • e406b25 Add a settings UI for OIDC.
  • 1b7128a Implement OIDC
  • 5074987 Add Markdown syntax highlighting (#2068)
  • b0f3891 Make import overwrite off by default and add warning (#2078)
  • 39e1a03 misc:add word wrap to HTML editor (#2081)
  • 36cf85b Fix Catalan translation and add Esperanto. (#2075)
  • 58b13af Fix tx template not being cached on update. Closes #2061.
  • 98fed80 Slightly improve docker-compose feedback (#2054)
  • 5e81d9e Fix typo in German translation (#2064)
  • 560789d Bump vite from 5.0.13 to 5.1.8 in /frontend (#2047)
  • aa168f0 Bump rollup from 4.9.1 to 4.22.4 in /frontend (#2050)
  • 16f4dfd Fix incorrect bulk blocklisting behaviour (#2041). Fixes #1841
  • 550cd3e Update README.md (#2034)
  • 06e4983 Fix tag queyr param in lists.md (#2033)
  • 51e3f17 Fix pre-confirm status not working on subscriber update. Closes #1927.
  • 139267d Tweak docs to highlight one-way mailing lists. Closes #1931.
  • d7fe13c Fix typo and formatting (#2028)
  • 1819480 docs: suggest an FQDN in docker compose file (#2019)
  • c812caa Fix syntax error in GetBounce method (#2007)
  • 242c90d updating campaigns api doc (#2011)
  • e6bf369 adding listmonk-newsletter sdk link (#2013)
  • 55e81f0 Bump axios from 1.6.2 to 1.7.4 in /frontend (#2006)
  • d28e40e update subscribers api docs (#1989)
  • 579fa71 docs: Add Zeabur one-click button (#1994)
  • edc9f73 Fix typo on the website.
  • d2cd9b1 chore: Deploy to Elestio button updated (#2005)
  • fb090f2 Update querying-and-segmentation.md (#1983)
  • 6353fb6 Add bounces API link to the docs page (#1981)
  • 679457c Ensure unique upload filenames by adding a suffix (#1963)
  • 46187b9 Add public list API doc (#1976)
  • 41f01d5 Add docs for bounces api (#1978)
  • e4dcb06 Update API docs of media with missing api (#1975)
  • 1e6e97e Add validation for filename with non-ASCII chars in media upload (#1973)
  • 01f7450 Clean section in config doc.
  • ebac8b3 Fix broken campaign clone with deleted lists (#1966)
  • d284e35 Update configuration.md +performance, batch size (#1967)
  • c334d2e fix #1950:Export of unsubscribed users exports all users (#1965)
  • fedc515 Fix incorrect count in subscriber query when there are no results.
  • 45f1f80 fix(analytics): add to and from dates to campaign analytics URL (#1952)
  • 23d236f docs: send_at will error out without a Z at the end of the timestamp (#1949)
  • 821b43d Add support for running Docker container as non-root user using docker-entrypoint.sh (#1892)
  • 888e33e fix [docs]: correct invalid example request of basic auth in docs (#1946)
  • 326fc30 Refactor subscription form generator to render syntax-highlighted HTML.
  • c2e7c71 Increase campaign subject char limit. Closes #1909.
  • c520337 Add issue/PR comment messages to GitHub stale action bot.
  • 12f32f1 Set GitHub stale issue bot to prod.
  • 766d62b Merge branch 'stale-action'
  • 870b3f7 Add GitHub stale-action bot to handle stale issues.
  • b38f156 fix vanishing attachments in campaign in more the one campaigns setup (#1936)
  • b4294c1 fix(docker): support multi-platform builds (#1935)
  • 2bda94f Update configuration.md (#1930)
  • 22890a1 Bump golang.org/x/image from 0.10.0 to 0.18.0 (#1914)
  • 5d5f484 docs: add important step regarding ses in bounces.md (#1907)
  • 0940e81 Bump braces from 3.0.2 to 3.0.3 in /frontend (#1898)
  • 1ba35d5 Add one-click deploy on sealos (#1880)
  • 3babd90 parse cc and bcc from custom headers to add them on email envelope (#1865)
  • 6886878 ci: add a compile check for open PRs (#1858)
  • c108486 Fix syntax error in manager from a previous, simple looking PR merge. Huh :O
  • c30068d Add kubernetes helm installation instructions to docs (#1847)
  • 42ba157 Add a note about starting listmonk without a config file.
  • c3f4379 chore: fix function name in comment (#1836)
  • e968718 Bump golang.org/x/net from 0.20.0 to 0.23.0 (#1833)
  • 1bf7e36 Fix incorrect filter query in bounces UI. Closes #1820.
  • 1d32d4c 👌 IMPROVE: make RootURL available in email templates (#1812)
  • c48fe97 Bump vite from 5.0.12 to 5.0.13 in /frontend (#1809)
  • d5cfaa9 Remove obsolete subscriber disabled status from docs. Closes #1793.
  • 7bf9481 Add /uploads/ path to HTTP config docs. Closes #1803.
  • e4589d6 Update pl.json (#1800)
  • 124af1e Make static e-mail template subjects scriptable. Closes #1727.
  • f04798a Add URL validation to settings URL inputs on admin UI.
  • 1bd55e1 Bump follow-redirects from 1.15.4 to 1.15.6 in /frontend (#1786)
  • 3a0cf98 chore: remove repetitive word (#1790)
  • 1817bba Update templating.md (#1788)
  • d64ff73 Merge zh-TW i18n updates from #1741. Closes #1741.
  • 7ffe1a4 Add French Canada (fr-CA) i18n translation.
  • 107e6fb Randomize archive slug when cloning campaign on the UI. Closes #1725.
  • 2afac24 fix: check errors.Is instead of strings.Contains for http: Server closed error (#1779)
  • 860009b chore: remove repetitive words (#1778)
  • ec50bef fix: query campaign does not search numbers (#1758)
  • 21c1af0 fix: empty list breaks subscriber page (#1755)
  • d9e2dce Update zh-TW.json (#1744)
  • d7b55cd fix: trim config before use (#1756)
  • 12ab492 fix: use translated string (#1757)
  • fa239db Update de.json (#1749)
  • 51f996d Fixes typo in es.json (#1751)
  • 00a44c0 fix: easy install docker script for macOS (#1742)
  • 3e06b29 Add new SDK/libs page and update messenger list. Closes #1723.
  • 6689b71 Update installation.md (#1700)
  • 1995471 fix: incorrect docs url. (#1715)
  • 2f0f1ee Remove arm release links from the website.
  • 1edf86d Update website with the latest release.

New Contributors

Full Changelog: v3.0.0...v4.1.0

Don't miss a new listmonk release

NewReleases is sending notifications on new releases.