v0.5.0

New Features

Webhooks

• HTTP POST webhook delivery as a notification channel alongside email
• HMAC-SHA256 request signing with configurable header (default X-Signature-256)
• Outbox-based delivery with exponential backoff retry (up to 5 attempts: 30 s → 2 min → 10 min → 1 h → failed)
• 30-day delivery history retained per webhook
• Per-webhook respect_quiet_hours flag (default: false)
• Test endpoint (POST /api/v2/alerts/{id}/notify-webhooks/{wid}/test) sends a ping event immediately
• Delivery history API (GET /api/v2/alerts/{id}/notify-webhooks/{wid}/deliveries)
• HMAC secret stored write-only; never returned in any GET response

CORS Proxy Endpoints

• GET /api/probe/client-api — proxies a client API path server-side and returns status code + CORS origin header
• GET /api/probe/well-known — same for well-known endpoints (support, etc.)
• Enables the frontend to detect CORS misconfigurations without browser interference

Additional Alert Types

• tls_expiry_warning — fires when a TLS certificate expires within 14 days
• tls_cert_changed — fires when the TLS fingerprint changes
• version_changed — fires when the server software version changes
• server_name_changed — fires when delegation or server name changes

Daily Statistics

• New daily aggregation endpoint for finer-grained graphs in the frontend

Quiet Hours

• Quiet hours properly wired into alert dispatch; delivery deferred until the window ends

Configurable Sponsor URLs

• Sponsor URLs now configurable via config.yaml; passed through to all email templates

Authentication & Accounts

• Replaced magic-link login with full password-based authentication
• Password reset, password set, and password change flows with email confirmation
• Primary email promotion and verification-resend endpoints
• Timezone stored per account; exposed in account API
• Tightened password entropy requirements
• Fixed account deletion to cascade-delete all associated data (alerts, emails, outbox entries)
• Fixed server_name leaking into the database in alert-related paths

API

• New /api/v2/alerts endpoints required for the v3 frontend redesign
• Alert notification emails now scoped to specific addresses per alert (not just the account email)
• Fixed permissions and response payload in the alerts v2 API
• Fixed double-send race condition in the email outbox
• Added detail fields to federation check responses for improved frontend readability
• Fixed DateTime serialisation for time-zoned values

Email

• Email dispatch is now non-blocking (no longer stalls the alert check loop)
• Fixed outbox double-send race condition under concurrent pod execution
• Correct retention policy enforced for delivered/failed outbox entries
• SMTP can be disabled entirely via config (previously required)
• All email templates updated to the new v3 design
• OAuth2 consent template updated to new design

Performance & Reliability

• HTTP federation check path refactored for lower allocations
• TLS handling improvements (certificate parsing and fingerprint extraction)
• Small database query optimisations
• Improved Redis distributed locking (lock renewal via Lua script to prevent expiry races)

Observability & Tooling

• CodSpeed benchmark integration: full_check and validation_only benchmark suites
• Clippy cognitive_complexity lint enforced globally via [lints.clippy] in Cargo.toml
• cargo nextest adopted as the test runner
• Pre-commit hook runs Clippy automatically
• HEALTHCHECK instruction added to the Dockerfile
• Cargo.lock no longer excluded from Docker image builds
• Credential leak protection in structured logs

Dependency Updates

• hickory-resolver 0.25 → 0.26.1 — security update (CVE affecting >= 0.25.0-alpha.3, <= 0.25.2)
• redis 0.27 → 1.2.1
• deadpool-redis 0.18 → 0.23
• css-inline 0.19 → 0.20
• axum-tracing-opentelemetry 0.32 → 0.33.1
• askama 0.15 → 0.16
• axum-test (dev) 18 → 20
• Removed unused rustls-pemfile dependency (RUSTSEC-2025-0134)
• Removed direct ed25519 dependency (now sourced transitively through ed25519-dalek)

---

Full Changelog: v0.4.2...v0.5.0