Summary

This release focuses on several security improvements to the backend. These are mostly breaking changes and may require minimal backend production config adjustment. The most important changes include an overhaul of admin authentication, reduced API attack surface and improved CORS and HTTP caching config.

Admin Access

BREAKING: Admin access to actuator endpoints is now controlled via environment variables (TORMAP_ADMIN_PASSWORD for plaintext or TORMAP_ADMIN_PASSWORD_BCRYPT for bcrypt hash). Passwords are no longer stored in files, and actuator endpoints are inaccessible unless a password is set. Admin username is configurable, and best practices for production are documented.

CORS and HTTP Caching

BREAKING: CORS is now explicitly configurable for development and production via application.yml and application-prod.yml. Only specific frontend origins are allowed, and CORS headers are set accordingly. HTTP caching is introduced for public API endpoints (/relay/**). In production, responses are cached for 5 minutes; in development, caching is disabled. Static resources are also cacheable.

API and Controller Improvements

BREAKING: The root endpoint (/) now returns version/build info instead of the previous swagger UI. Swagger can still be optionally enabled via application-prod.yml. Controller request size limits for relay and family identifiers are now defined as constants reflecting realistic upper bounds, improving validation and maintainability. A deprecated endpoint was removed from RelayDetailsController.

What's Changed

• fix(deps): update dependency axios to v1.15.2 by @renovate[bot] in #466
• fix(deps): update dependency org.postgresql:postgresql to v42.7.11 by @renovate[bot] in #468
• Feature/workflows by @JuliusHenke in #467
• Enhance security, update documentation, and remove deprecated endpoints by @JuliusHenke in #473
• chore(deps): update dependency vite to v8 by @renovate[bot] in #472
• fix(deps): update frontend-minor by @renovate[bot] in #469
• chore(deps): update docker/login-action action to v4 by @renovate[bot] in #448
• chore(deps): update docker/build-push-action action to v7 by @renovate[bot] in #447
• chore(deps): update dependency vite-plugin-checker to v0.13.0 by @renovate[bot] in #470
• chore(deps): update eslint monorepo to v10 (major) by @renovate[bot] in #452
• fix: replace deep MUI icon path imports with barrel imports to fix Vite 8 dev-mode rendering by @Copilot in #474

Full Changelog: v2.4.0...v3.0.0

Contributors

• @renovate
• @JuliusHenke

Summary

This release brings a nice reverse DNS lookup feature implemented by @center2055 to the relay details dialog. Besides that many dependencies were updated and some CI/CD workflows improved.

What's Changed

• fix(deps): update dependency com.fasterxml.jackson.module:jackson-module-kotlin to v2.17.1 by @renovate[bot] in #265
• fix(deps): update backend-patch to v1.19.8 by @renovate[bot] in #268
• chore(deps): update gradle/gradle-build-action action to v3 by @renovate[bot] in #267
• fix(deps): update dependency io.mockk:mockk to v1.13.11 by @renovate[bot] in #270
• fix(deps): update frontend-patch by @renovate[bot] in #273
• chore(deps): update backend-minor by @renovate[bot] in #271
• [Snyk] Security upgrade nginx from 1.25.5-alpine to 1.26.1-alpine by @JuliusHenke in #274
• chore(deps): update frontend-minor by @renovate[bot] in #272
• fix(deps): update frontend-patch by @renovate[bot] in #275
• chore(deps): update frontend-patch by @renovate[bot] in #276
• fix(deps): update backend-patch to v5.9.1 by @renovate[bot] in #277
• fix(deps): update frontend-patch by @renovate[bot] in #278
• chore(deps): update dependency @types/node to v20.14.9 by @renovate[bot] in #279
• fix(deps): update frontend-patch by @renovate[bot] in #280
• fix(deps): update frontend-minor by @renovate[bot] in #281
• chore(deps): update dependency @types/node to v20.14.10 by @renovate[bot] in #282
• fix(deps): update backend-patch by @renovate[bot] in #284
• fix(deps): update frontend-minor by @renovate[bot] in #287
• chore(deps): update dependency vite-plugin-checker to v0.7.2 by @renovate[bot] in #288
• fix(deps): update dependency axios to v1.7.4 [security] by @renovate[bot] in #292
• fix(deps): update dependency org.postgresql:postgresql to v42.7.4 by @renovate[bot] in #294
• chore(deps): update backend-minor by @renovate[bot] in #286
• chore(deps): update frontend-minor by @renovate[bot] in #290
• chore(deps): update docker/build-push-action action to v6 by @renovate[bot] in #283
• chore(deps): update dependency gradle to v8.10.1 by @renovate[bot] in #296
• chore(deps): update frontend-minor by @renovate[bot] in #297
• chore(deps): update backend-patch by @renovate[bot] in #302
• Update dependencies by @JuliusHenke in #307
• fix(deps): update backend-patch to v1.20.4 by @renovate[bot] in #311
• chore(deps): update dependency vite to v5.4.6 [security] by @renovate[bot] in #310
• [Snyk] Security upgrade nginx from 1.26.1-alpine to 1.27.1-alpine by @JuliusHenke in #304
• chore(deps): update frontend-minor by @renovate[bot] in #303
• chore(deps): update backend-minor by @renovate[bot] in #301
• chore(deps): update dependency vite-plugin-checker to v0.8.0 by @renovate[bot] in #298
• fix(deps): update frontend-patch by @renovate[bot] in #285
• fix(deps): update dependency com.fasterxml.jackson.module:jackson-module-kotlin to v2.18.2 by @renovate[bot] in #312
• fix(deps): update frontend-patch by @renovate[bot] in #313
• [Snyk] Security upgrade axios from 1.6.8 to 1.7.8 by @JuliusHenke in #306
• Frontend CI by @JuliusHenke in #314
• ci: fix triggering preview deployment by @JuliusHenke in #315
• fix(deps): update frontend-patch by @renovate[bot] in #318
• chore(deps): update dependency vite to v6 by @renovate[bot] in #317
• chore(deps): update dependency eslint to v9 by @renovate[bot] in #266
• fix(deps): update frontend-patch by @renovate[bot] in #319
• fix(deps): update dependency io.mockk:mockk to v1.13.14 by @renovate[bot] in #321
• fix(deps): update dependency react-leaflet to v5 by @renovate[bot] in #323
• Revert "fix(deps): update dependency react-leaflet to v5" by @JuliusHenke in #326
• fix(deps): update frontend-patch by @renovate[bot] in #327
• chore(deps): update dependency vite to v6.0.9 [security] by @renovate[bot] in #328
• fix(deps): update backend-patch by @renovate[bot] in #329
• chore(deps): update dependency gradle to v8.12 by @renovate[bot] in #322
• fix(deps): update frontend-minor by @renovate[bot] in #324
• chore(deps): update dependency gradle to v8.12.1 by @renovate[bot] in #330
• [Snyk] Security upgrade nginx from 1.27.3-alpine to 1.27.4-alpine by @JuliusHenke in #331
• fix(deps): update frontend-patch by @renovate[bot] in #332
• chore(deps): update dependency @types/node to v20.17.19 by @renovate[bot] in #334
• fix(deps): update backend-patch to v1.20.5 by @renovate[bot] in #335
• chore(deps): update dependency @types/node to v20.17.23 by @renovate[bot] in #339
• chore(deps): update dependency globals to v16 by @renovate[bot] in #338
• chore(deps): update dependency vite-plugin-checker to v0.9.0 by @renovate[bot] in #337
• fix(deps): update dependency axios to v1.8.2 [security] by @renovate[bot] in #340
• chore(deps): update dependency @types/node to v20.17.24 by @renovate[bot] in #341
• fix(deps): update backend-patch by @renovate[bot] in #342
• fix(deps): update frontend-patch by @renovate[bot] in #343
• fix(deps): update frontend-minor by @renovate[bot] in #344
• chore(deps): update dependency gradle to v8.13 by @renovate[bot] in #336
• chore(deps): update dependency vite to v6.2.3 [security] by @renovate[bot] in #346
• fix(deps): update frontend-patch by @renovate[bot] in #347
• chore(deps): update frontend-minor by @renovate[bot] in #348
• chore(deps): update dependency vite to v6.2.4 [security] by @renovate[bot] in #349
• chore(deps): update dependency vite to v6.2.5 [security] by @renovate[bot] in #350
• chore(deps): update backend-patch by @renovate[bot] in #351
• chore(deps): update dependency vite to v6.2.6 [security] by @renovate[bot] in #352
• chore(deps): update frontend-patch by @renovate[bot] in #353
• fix(deps): update frontend-patch by @renovate[bot] in #355
• fix(deps): update dependency io.mockk:mockk to v1.14.0 by @renovate[bot] in #354
• chore(deps): update dependency vite to v6.2.7 [security] by @renovate[bot] in #356
• chore(deps): update dependency @types/node to v20.17.32 by @renovate[bot] in #357
• fix(deps): update frontend-patch by @renovate[bot] in #360
• fix(deps): update dependency io.mockk:mockk to v1.14.2 by @renovate[bot] in #359
• chore(deps): update dependency @types/node to v20.17.50 by @renovate[bot] in #362
• fix(deps): update backend-minor by @renovate[bot] in #361
• fix(deps): update dependency jotai to v2.12.5 by @renovate[bot] in #363
• fix(deps): update backend-patch by @renovate[bot] in #364
• fix(deps): update backend-patch by @renovate[bot] in #367
• fix(deps): update frontend-minor by @renovate[bot] in #365
• fix(deps): update backend-patch by @renovate[bot] in #368
• fix(deps): update backend-patch to v1.21.3 by @renovate[bot] in #370
• fix(deps): update frontend-patch...

Contributors

• @renovate
• @JuliusHenke
• @center2055

This patch release improve the nickname tooltip that is shown when you hover over a relay on the map.

This release adds nicknames to relays, when you hover your mouse over them. We also added a donations section in the information dialog. Finally many dependencies have been updated.

This minor release mainly improves caching behaviour.

Previously the cache could grow uncontrolled. Now there is fixed limit of elements that are stored simultaneously in the cache. They add up to < 100 MB of heap size.

We also reduced the amount of times heavy computations like updating relay details run when processing recent descriptors.

This release brings down the typical memory usage of the backend to less than 1 GB. This should fix different OutOfMemory bugs that were previously encountered in the production environment.

Optimisations are mainly achieved by not queuing to many descriptors into memory at once and processing hibernate inserts & updates in batches.

BREAKING: Configuration values for scheduling are removed and instead explicitly configured in the SchedulingService.

This release changes how IP lookup DB files are stored in the repo. Due to GitHub's pricing model, we currently cannot use git LFS for these. Instead we add a Gradle task to unzip the DB files into the resources folder.

BREAKING: The backend config application.yml structure for ip-lookup has been changed and new default values are used:

ip-lookup:
 shouldCache: true
 locationDatabaseFile: /ip-lookup/location.mmdb
 autonomousSystemDatabaseFile: /ip-lookup/autonomous-system.mmdb

With this release all the shell script files are removed that could previously be used for installation or running the project. These seem to be not useful enough for a typical developer and were hard to maintain with changing architecture.

The documentation has been split up into a main, backend and frontend part.

Major parts of the backend service code has been refactored and optimised. More tests were added for better test coverage.

As usual a lot of dependencies have been updated. The frontend now also uses the current LTS Node version 20. Finally a lot of large blobs were removed from the git history to bring the repo size down back to a healthy amount.

This version replaces the old way of collecting user traces in the backend. Instead now anonymised metrics can be optionally collected to New Relic. To enable this, set the environment variable NEW_RELIC_INGEST_KEY in your deployment environment.
Besides that some frontend dependencies have been updated.

The frontend got a really cool new search feature. Depending on what you have currently selected on the map, you can search over the selection of relays and view their details. The map stats now always show counts for families and countries. There are also minor bug fixes in the frontend and backend.

This release brings breaking changes for the backend, since we previously used a H2 DB and have migrated to PostgreSQL. We also improved the Docker image tagging and new images are available at https://hub.docker.com/r/tormap/backend. Docker images now support amd64 and arm64 architectures.

Besides that, many dependencies have been updated. Most notably the frontend dev tools have been improved with a new version of Vite and Eslint.