github sushaantu/boxento v1.0.4
v1.0.4 - Local-Only Mode & Security Fixes
on GitHub

2 months ago

🎉 Major UX Improvement: Clear Local-Only Mode

This release resolves the confusion many users experienced with authentication when running Boxento locally.

✨ New Features

🏠 Local-Only Mode Indicator

  • Clear visual feedback: Shows "Local Mode" when Firebase is not configured
  • No more broken login UI: Authentication UI is hidden when not needed
  • Immediate functionality: Start using Boxento right away without any setup

🐛 Bug Fixes

Authentication & UX

  • Fixed #35: Resolved "Firebase: Error (auth/api-key-not-valid)" confusion
  • Hidden authentication UI when Firebase environment variables are not configured
  • Added clear "Local Mode" indicator for users running without cloud sync

Security Fixes

  • Fixed #6, #7, #8, #9: Resolved XSS vulnerabilities in YouTube widget
  • Added proper URL encoding for all videoId parameters
  • Prevented potential code injection through malicious video IDs

Widget Persistence

  • Fixed #42: RSS widget configuration now persists correctly after page refresh
  • Standardized configuration callback mechanism across all widgets

📚 Documentation

  • Enhanced README: Added comprehensive "Operating Modes" section
  • Clear setup instructions: Explained Local-Only vs Cloud Sync modes
  • Docker examples: Updated with latest best practices
  • Troubleshooting: Added solutions for common setup issues

🔧 Technical Improvements

  • Fixed TypeScript compilation errors that prevented Docker builds
  • Improved widget type system with proper callback interfaces
  • Enhanced error handling for missing dependencies

📦 Docker

Perfect local-only experience with zero configuration: 

services:
  boxento:
    image: ghcr.io/sushaantu/boxento:latest
    container_name: boxento
    ports:
      - "5173:5173"
    environment:
      - NODE_ENV=production

No Firebase setup required - just run and start adding widgets!

🚀 For Users

  • Docker users: No more authentication confusion - perfect local experience
  • Self-hosters: Clear documentation about setup options
  • Security-conscious: All XSS vulnerabilities resolved
  • Widget users: RSS feeds now save settings properly

Full Changelog: v1.0.3...v1.0.4

Check out latest releases or
releases around sushaantu/boxento v1.0.4

Don't miss a new boxento release

NewReleases is sending notifications on new releases.

Get notifications