What's Changed
- fix: enforce group ownership on mutating endpoints by @samanhappy in #769
- fix: harden auth and ownership checks by @samanhappy in #770
- Add headless mode to disable the bundled web UI by @Copilot in #772
- fix: enhance skipAuth functionality to allow guest user access by @samanhappy in #773
- fix: update skipAuth description and enhance auth middleware for guest access by @samanhappy in #774
- fix(security): require admin and redact secrets in MCP settings export (CWE-862) by @sebastiondev in #776
- fix(auth): reject scoped bearer keys on dashboard API (CWE-863) by @sebastiondev in #782
- chore(deps-dev): bump @eslint/js from 9.39.2 to 9.39.4 by @dependabot[bot] in #780
- chore(deps): bump jsonwebtoken from 9.0.2 to 9.0.3 by @dependabot[bot] in #779
- chore(deps): bump cors from 2.8.5 to 2.8.6 by @dependabot[bot] in #778
- chore(deps): bump typeorm from 0.3.27 to 0.3.28 by @dependabot[bot] in #777
- chore(deps-dev): bump @swc/core from 1.15.11 to 1.15.32 by @dependabot[bot] in #781
Full Changelog: v0.12.14...v0.12.15