v13.1.1 - Security Patches

Security

Fixes 5 CVEs by bumping dependencies to latest stable:

• cryptography 46.0.6 → 46.0.7 (CVE-2026-39892)
• pyopenssl 25.3.0 → 26.0.0 (CVE-2026-27448, CVE-2026-27459)
• cbor2 5.8.0 → 5.9.0 (CVE-2026-26209)
• pyasn1 0.6.2 → 0.6.3 (CVE-2026-30922)
• pygments 2.19.2 → 2.20.0 (CVE-2026-4539)

Fixes

• Pin setuptools<82 for passlib pkg_resources compatibility
• Dark mode consistency fix
• Admin-only dashboard content visibility fix

Other Updates

• SQLAlchemy 2.0.49, Werkzeug 3.1.8, Pillow 12.2.0, Requests 2.33.1
• All dependencies bumped to latest stable

v13.1.0 - OAuth Fix & VPS Deploy

What's New

• Fix OAuth user password flow
• Add VPS deployment documentation

v13.0.0 - Email-Only Auth & Dark Mode

What's New

• Switch to email-only authentication
• Fix 2FA disable bug and add dark mode QR inversion
• Unified Vuetify config across all security templates
• Remove hardcoded security defaults, require env vars
• Fade transitions for dropdown menus
• Live demo link added to README

v12.1.0 - 2FA & WebAuthn

What's New

• 2FA, WebAuthn, and recovery codes security templates
• Recovery codes added to sidebar navigation
• DISABLE_MULTIPLE_SESSIONS env option
• README updated with detailed 2FA and WebAuthn docs

v12.0.0 - UI Overhaul

What's New

Collapsible Navigation

• Nested navigation groups with smooth expand/collapse animations
• Role-based menu filtering
• Collapse state persisted to localStorage

Dark Mode

• Theme toggle in navbar
• Auto-detects system preference
• Persists user choice to localStorage

Tabler Icons

• 5000+ icons via CDN
• No build step required
• Replaces MDI icons

Ember Color Palette

• Fire-inspired theme matching the Enferno brand
• Optimized for both light and dark modes

UI Polish

• Card hover effects
• Smooth scrollbars (light/dark aware)
• Enhanced data tables (hover, alternating rows, styled headers)
• Consistent form field styling

Auth Pages

• Cleaner login/register layouts
• Social auth buttons only shown when enabled
• Side-by-side name fields on register

Docker Improvements Release

This release focuses on enhancing Docker support with production-ready configurations.

Added

• Production-ready Docker configuration with multi-stage builds
• PostgreSQL service in Docker Compose setup
• Improved environment variable handling for Docker
• Support for user-specific Docker UID configuration
• Enhanced setup.sh script with Docker configuration option

Changed

• Optimized Dockerfile with multi-stage build for smaller, more secure images
• Fixed Redis connectivity by using correct environment variables
• Improved nginx configuration with proper retry settings
• Enhanced tmpfs configuration for better performance
• Added proper health checks for all Docker services

Upgrade Instructions

• Pull the latest code: git pull origin master
• If using Docker: docker compose down && docker compose build && docker compose up -d

Release v11.1.0

This release marks a significant update to the project's build and dependency management system by migrating from the standard pip and venv tools to uv.

Summary

uv is an extremely fast Python package installer and resolver from Astral. By adopting uv, Enferno aims to provide a much faster and smoother development setup and build experience.

Key Changes

• UV Integration: Replaced pip install and python -m venv with uv pip install and uv venv respectively throughout the project.
• Updated Setup Script (setup.sh):
  • Now utilizes uv for virtual environment creation (in .venv) and dependency installation.
  • Checks for uv installation and provides instructions if missing.
  • Allows reusing an existing .venv directory instead of aborting.
  • Added explicit instruction to activate the virtual environment (source .venv/bin/activate) in the "Next steps" output.
• Updated Documentation:
  • README.md, docs/getting-started.md, and docs/deployment.md have been updated to reflect the use of uv and the .venv directory structure.
  • Added the source .venv/bin/activate step to README.md and docs/getting-started.md local setup instructions for clarity.
  • Systemd service configurations in docs/deployment.md were updated for the new .venv path.
• Updated Dockerfile:
  • Installs uv during the build process (using pip as a bootstrap mechanism).
  • Uses uv for virtual environment creation and dependency installation within the container.
• Updated Demo GIF: Replaced the main demo animation in README.md.

Notes

• uv is now a prerequisite for local development setup. Please install it via pip install uv or curl -sSf https://astral.sh/uv/install.sh | bash before running ./setup.sh.

v10.0

Enferno Framework v10 Release Notes

Major Features

Social Authentication Integration

• Added comprehensive OAuth support via Flask-Dance
• Implemented Google OAuth integration
  • Profile and email scope support
  • Secure token storage using SQLAlchemy
  • Automatic account linking with existing users
• Added GitHub OAuth integration
  • User email scope support
  • Support for private email addresses
  • Seamless account creation/linking

Authentication Enhancements

• New OAuth storage model for managing social connections
• Improved session management and security
• Smart IP detection with Cloudflare and proxy support
• Unified login flow between traditional and social auth

Configuration Updates

• New environment variables for OAuth setup:

  GOOGLE_AUTH_ENABLED
  GOOGLE_OAUTH_CLIENT_ID
  GOOGLE_OAUTH_CLIENT_SECRET
  GITHUB_AUTH_ENABLED
  GITHUB_OAUTH_CLIENT_ID
  GITHUB_OAUTH_CLIENT_SECRET
  

UI Improvements

• Added social login buttons to login page
• Material Design icons integration
• Improved error handling and user feedback

Security Enhancements

• Secure token storage
• Protection against OAuth state forgery
• Safe account linking mechanism
• Proper session handling for social auth

Documentation

• Added comprehensive OAuth setup guide
• Updated authentication documentation
• New development guidelines for social auth integration

Requirements

• Flask-Dance
• SQLAlchemy-Utils
• Redis (for session storage)

Migration Notes

• New database migrations for OAuth models
• Environment configuration updates required
• Redis session storage now required