📋 Reading: Release Notes & Changelogs

# Changelog

All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog (https://keepachangelog.com/en/1.0.0/)
and this project adheres to Semantic Versioning (https://semver.org/spec/v2.0.0.html).

## [2.4.0] - 2024-09-12

### Added
- New `rate_limit` field in API responses showing remaining request quota
- Dark mode support for the admin dashboard
- Batch endpoint: POST /api/v2/items/bulk-create (max 500 items per request)

### Changed
- `/api/v1/users` now returns 20 results per page (was 50) to improve performance
- Authentication tokens expire after 7 days instead of 30 days

### Deprecated
- `GET /api/v1/legacy/export` — will be removed in v3.0.0. Use `POST /api/v2/export` instead.

### Fixed
- Fixed crash when uploading files larger than 50MB via the web UI (#1847)
- Fixed incorrect timezone conversion in scheduled job emails (#1902)

---

## [2.3.1] - 2024-08-05

### Security
- Updated `jsonwebtoken` dependency to v9.0.2 to address CVE-2022-23529
- Enforced HTTPS-only cookies for session tokens (was HTTP-allowed in development mode)

### Fixed
- Fixed XSS vulnerability in user-submitted markdown content (#1799)

# Changelog

All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog (https://keepachangelog.com/en/1.0.0/)
and this project adheres to Semantic Versioning (https://semver.org/spec/v2.0.0.html).

## [2.4.0] - 2024-09-12

### Added
- New `rate_limit` field in API responses showing remaining request quota
- Dark mode support for the admin dashboard
- Batch endpoint: POST /api/v2/items/bulk-create (max 500 items per request)

### Changed
- `/api/v1/users` now returns 20 results per page (was 50) to improve performance
- Authentication tokens expire after 7 days instead of 30 days

### Deprecated
- `GET /api/v1/legacy/export` — will be removed in v3.0.0. Use `POST /api/v2/export` instead.

### Fixed
- Fixed crash when uploading files larger than 50MB via the web UI (#1847)
- Fixed incorrect timezone conversion in scheduled job emails (#1902)

---

## [2.3.1] - 2024-08-05

### Security
- Updated `jsonwebtoken` dependency to v9.0.2 to address CVE-2022-23529
- Enforced HTTPS-only cookies for session tokens (was HTTP-allowed in development mode)

### Fixed
- Fixed XSS vulnerability in user-submitted markdown content (#1799)

# Changelog

All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog (https://keepachangelog.com/en/1.0.0/)
and this project adheres to Semantic Versioning (https://semver.org/spec/v2.0.0.html).

## [2.4.0] - 2024-09-12

### Added
- New `rate_limit` field in API responses showing remaining request quota
- Dark mode support for the admin dashboard
- Batch endpoint: POST /api/v2/items/bulk-create (max 500 items per request)

### Changed
- `/api/v1/users` now returns 20 results per page (was 50) to improve performance
- Authentication tokens expire after 7 days instead of 30 days

### Deprecated
- `GET /api/v1/legacy/export` — will be removed in v3.0.0. Use `POST /api/v2/export` instead.

### Fixed
- Fixed crash when uploading files larger than 50MB via the web UI (#1847)
- Fixed incorrect timezone conversion in scheduled job emails (#1902)

---

## [2.3.1] - 2024-08-05

### Security
- Updated `jsonwebtoken` dependency to v9.0.2 to address CVE-2022-23529
- Enforced HTTPS-only cookies for session tokens (was HTTP-allowed in development mode)

### Fixed
- Fixed XSS vulnerability in user-submitted markdown content (#1799)