v0.8.3

Added

• Push notifications via Apprise: Send notifications to 100+ services (Slack, Discord, Telegram, Pushover, etc.)
  • Configure multiple notification channels in Settings > Integrations
  • Trigger notifications on admin login, OTP requests, project approvals, and new comments
  • Test notifications before saving configuration
  • Notification logs with delivery status tracking
• Email unsubscribe: Recipients can opt out of email notifications
  • One-click unsubscribe links in all email templates
  • Dedicated unsubscribe page with confirmation
• Project archiving: Archive projects to hide them from active views
  • New ARCHIVED status blocks share page access
  • Filter dropdown to show/hide archived projects
• Client approval control: Per-project toggle to restrict video approval to admins only
• Custom 404 pages: Branded error pages for root, admin, and share routes
• Configurable admin session timeout: Set inactivity timeout in Settings
• Comment timestamp display setting: Choose between timecode or simple time per project
• Header about dialog: Quick access to version info and website link

Changed

• Analytics moved into projects (/projects/[id]/analytics)
• Project settings reorganized with cleaner section order
• User management uses modal dialogs for password/passkey changes
• Settings UI uses CollapsibleSection throughout
• Button styling standardized across admin pages
• Comment UI refined with theme tokens

Fixed

• Share authentication hardened with proper 401 handling
• Dialog close button highlight removed
• Session timeout wording aligned

Security

• Base image updated to node:24.13.0-alpine3.23
• npm audit clean (0 vulnerabilities in project dependencies)

0.8.2

• Share pages: video sidebar now fills the full visible height consistently (including admin share view)

0.8.1

[0.8.1] - 2025-12-24

Changed

• Admin UI spacing tightened and made consistent across pages; grid view is now the default (with improved mobile layouts)
• Analytics + security dashboards condensed overview metrics into single cards and reduced filter UI height
• Share pages: removed footer, moved shortcuts button below the comment field, corrected shortcuts list, and added Ctrl+/ to reset speed to 1x

Release v0.8.0

[0.8.0] - 2025-12-21

Added

• Multiple asset upload queue with concurrent upload support
  • Upload multiple assets at once with progress tracking
  • Support for mixed file types (video/image/subtitle) in single selection
  • Auto-detected categories for uploaded files
  • Improved upload queue UI with auto-start functionality
• Analytics improvements for share page tracking
  • Track public share pages with authMode NONE
  • Asset download tracking (individual assets and ZIP downloads)
  • Unified activity feed showing authentication and download events
  • Changed "Accesses" to "Visits" and "Unique Users" to "Unique Visitors"
  • Expandable activity entries with click-to-expand details
  • Display asset filenames in download analytics
• Expanded keyboard shortcuts for video playback with speed control and frame stepping
  • Ctrl+, / Ctrl+. to decrease/increase playback speed by 0.25x (range: 0.25x - 2.0x)
  • Ctrl+J / Ctrl+L to step backward/forward one frame when paused (uses actual video FPS)
  • Speed indicator overlay shows current playback rate when different from 1.0x
  • Shortcuts help button with HelpCircle icon displays all available keyboard shortcuts
• Allow image assets to be set as project thumbnails

Changed

• Mobile video dropdown now starts collapsed by default and auto-collapses after video selection
  • Added contextual labels: "Tap to select video" when collapsed, "Currently viewing" when expanded
  • Improves mobile UX by prioritizing video player visibility
• Share page authentication UI clarity improvements
  • Added "This authentication is for project recipients only" message
  • Guest button styled with orange (warning) color to stand out
  • Separator text changed from "Or" to "Not a recipient?" for better context
  • Password/OTP fields hidden when OTP code is being entered (BOTH mode)
  • Changed "account" to "recipient" in OTP verification message
• Default sorting set to alphabetical across all pages (projects, videos, versions)
• Replace chevron emoji with Lucide icons throughout UI
• Improved comment reply UI with extended bubble design
• Analytics UI revamped with unified activity feed
  • Removed Access Methods card (redundant with activity feed)
  • Renamed "Recent Access Activity" to "Project Activity"
  • Shows ALL activity with no pagination limit
  • Download events show type (VIDEO/ASSET/ZIP) with appropriate icons
  • Simplified color scheme: blue for visits, green for downloads
  • Improved expanded details layout with clear labels

Fixed

• TUS upload resume handling and fingerprint detection
  • Fixed fingerprint format to match library exactly
  • Use absolute URL for TUS endpoint to fix fingerprint matching
  • Prevent TUS from resuming uploads to wrong video/project
• Upload queue auto-start bug fixed
• Double tracking for NONE projects with guest mode
  • Only track as NONE when guest mode is disabled
  • When guest mode enabled, let guest endpoint track as GUEST
• TypeScript error: Added NONE to access method types

Security

• Updated Next.js to fix security vulnerabilities
• Session invalidation now triggered when security settings change
  • Password changes invalidate all project sessions
  • Auth mode changes (NONE/PASSWORD/OTP/BOTH) invalidate all project sessions
  • Guest mode changes invalidate all project sessions
  • Guest latest-only restriction changes invalidate all project sessions
  • Uses Redis-based session revocation with 7-day TTL
  • Deterministic sessionIds for NONE auth mode based on IP address
  • Invalid tokens handled appropriately based on auth mode (reject for PASSWORD/OTP/BOTH, allow for NONE)
  • Optimized database queries with single fetch for all security checks
  • Comprehensive logging shows all changed security fields

v0.7.0

[0.7.0] - 2025-12-07

Changed

• IP and domain blocklists moved into Security Settings with dedicated management UI, inline add/remove, and loading states; Security Events page now focuses on event history and rate limits only
• Rate limit controls refreshed automatically on load and lay out responsively alongside filters and actions

Fixed

• Admin project view now updates comments immediately when new comments are posted, avoiding stale threads until the next full refresh
• Hotlink blocklist forms stack cleanly on mobile and include clearer lock expiration messaging in rate limit details

0.6.9

Fixed

• OTP-only projects now correctly display name selection dropdown in comment section
• Recipients API now returns data for all authenticated modes (PASSWORD, OTP, BOTH, NONE), not just password-protected projects
• Security dashboard blocklist forms no longer overflow on mobile devices
• Blocklist item text (IP addresses and domains) now wraps properly on small screens

Changed

• Removed admin session detection from public share page for cleaner code separation
• Public share page now treats all users (including admins) as clients — admins should use dedicated admin share page
• Made adminUser parameter optional in comment management hook for better backwards compatibility
• Improved responsive layout for security blocklist UI (stacks vertically on mobile, horizontal on desktop)

Technical

• Updated share API route to include recipients for all non-guest authenticated users
• Added flex-col sm:flex-row responsive classes to blocklist forms
• Added min-w-0, break-all, and break-words classes to prevent text overflow in blocklist items
• Made adminUser optional with default null value in useCommentManagement hook

Release 0.6.8

What's Fixed

Public Share Page Comment System

• Real-time updates: Comments now appear immediately without manual page refresh
• Name persistence: Custom names and recipient selections persist across comment submissions using sessionStorage
• Cleaner display: Removed version labels (v1, v2, etc.) from comment headers while preserving version filtering logic

Files Changed

• src/app/share/[token]/page.tsx - Added real-time comment event listeners
• src/components/MessageBubble.tsx - Removed version label display
• src/hooks/useCommentManagement.ts - Added sessionStorage persistence for name selection

Full Changelog: v0.6.7...v0.6.8

v0.6.7

v0.6.7

Added

• Security dashboard overhaul: event tracking, rate-limit visibility/unblock, IP/domain blocklists (UI + APIs). Migration:
  20251206000000_add_ip_domain_blocklists.
• Share auth logging: successful password and guest access now generate security events.
• Keyboard shortcut: Ctrl+Space toggles play/pause even while typing comments.
• FPS now shown in admin video metadata; video list displays custom version labels when available.

Changed

• Standardized security event labels across admin/share auth (password, OTP, guest, passkey); clear existing security events after
  upgrading to avoid mixed legacy labels in the dashboard.
• Timecode: full drop-frame support (29.97/59.94) with HH:MM:SS;FF parsing/formatting; format hints aligned with display; DF/NDF badge
  removed; hint sits above the timecode.
• Comment UX: auto-pause video when typing comments; format hint sizing/layout tweaks; version label shown instead of raw version
  number in lists.
• Admin share view: fixed optimistic comment persistence when switching videos.

Fixed

• Comment system: improved optimistic updates/deduping, prevent anonymous comments when a recipient name is required, clear optimistic
  comments on server responses, and cancel pending notifications on deletion to avoid duplicate emails.

Security

• Consistent naming for admin/share auth events (password/OTP/guest/passkey); blocklist APIs cached with Redis and invalidated on
  updates.

v0.6.6 - Critical Docker Worker Fix

🔧 Critical Fix Release

Fixed

• CRITICAL: Re-fixed file-type ESM import issue in Docker worker
  • Static imports were accidentally reintroduced, breaking the worker again
  • Restored dynamic imports (await import('file-type')) for ESM compatibility
  • Static imports cause ERR_PACKAGE_PATH_NOT_EXPORTED error with tsx in Docker
  • Affects asset-processor.ts and video-processor-helpers.ts
  • Worker now starts correctly in Docker environments

Technical Details

This release ensures the worker can properly handle ESM-only packages when running with tsx in containerized environments. The file-type package v19.x is a pure ESM module that requires dynamic imports when used with TypeScript executors like tsx.

Upgrade Notes

If you're experiencing Docker worker crashes with ERR_PACKAGE_PATH_NOT_EXPORTED, upgrade to this version immediately.

v0.6.5 - Hotfix

v0.6.5 - Hotfix Release

Fixed

• Worker Startup Issue: Fixed ERR_PACKAGE_PATH_NOT_EXPORTED error preventing worker from starting
  • Changed file-type package import from static to dynamic import for ESM compatibility
  • Worker now starts correctly and processes video uploads without errors

Technical Details

This hotfix resolves a critical issue where the worker process failed to start due to ESM module import incompatibility with the file-type package (v19.x). The fix ensures seamless video processing by using dynamic imports instead of static imports.

Docker Images

Pull the latest version:

docker pull crypt010/vitransfer:0.6.5
docker pull crypt010/vitransfer:latest

Upgrade Instructions

For Docker Compose users:

docker-compose pull
docker-compose up -d

Important: This hotfix is recommended for all 0.6.4 users experiencing worker startup failures.