✨ New Features
- Auto-Map from Seerr: Detects Seerr users who have linked their Discord account and lets you map them in one click. Shows a preview modal with checkboxes before saving — Discord usernames and avatars are resolved automatically via the bot
- Sync with Seerr: Companion button that checks existing bot mappings against Seerr and surfaces stale ones (Discord unlinked, ID changed, or Seerr user deleted) for bulk removal
🔒 Security
- Discord token no longer logged: Debug log previously emitted the first 6 characters of the bot token — now logs
SET/UNDEFINEDonly - Webhook debug log sanitized: No longer dumps the full payload — only logs
ItemType,ItemId, andName - XSS fix — log viewer:
timestampandlevelfields are now escaped before rendering into the dashboard - XSS fix — library selector: Jellyfin library name and ID are now escaped before inserting into the UI
- XSS fix — role color: Role color value is now validated against a strict hex pattern before use in a
styleattribute
🐛 Bug Fixes
- Bot no longer crashes after a few days: Unhandled promise rejections were calling
process.exit(1)— now logged as errors without terminating the process - Discord user dropdown missing members: Removed the 1000-member cap from
guild.members.fetch()and added a manual Discord User ID input field as fallback for offline/uncached members - Auto-Map breaking the dashboard: Discord lookups previously fired N parallel browser requests per modal open, exhausting the API rate limit and causing the dashboard to lose bot status and mappings — resolution is now done server-side (sequential, cache-first)