## [1.5.5] - 2025-08-08
### Security
- **Comprehensive Rate Limiting Enhancement**: Applied rate limiting protection to all previously unprotected routes
- Added authentication rate limiter (5 attempts per 15 minutes) to prevent brute force attacks on login endpoints
- Added general rate limiter (200 requests per 15 minutes) for static content and non-API routes
- Extended API rate limiting coverage to `/api/status`, `/api/generate`, and auth status endpoints
- Protected OIDC authentication routes with rate limiting
- Added rate limiting to all authentication-related routes including traditional form login
- Configured environment variables for authentication rate limits (AUTH_RATE_LIMIT_WINDOW, AUTH_RATE_LIMIT_MAX)
- **Critical Security Fix**: Implemented command validation and input sanitization for shell command execution
- Added allowlist-based command validation to prevent command injection attacks
- Restricted shell command execution to specific safe patterns for mkcert and openssl operations
- Added timeout and buffer limits for command execution
- Enhanced logging of blocked command attempts for security monitoring
- **BREAKING**: Commands not matching allowed patterns will now be rejected
## [1.5.0] - 2025-08-08
### Added
- **Drag & Drop Certificate Upload**: New upload interface for importing existing certificate/key pairs
- Intuitive drag & drop zone with visual feedback and hover effects
- Click-to-browse file selection with multi-file support
- Smart certificate-key pairing (automatically matches .crt with .key files, .pem with -key.pem files)
- Comprehensive file validation (supports .pem, .crt, .key, .cer, .p7b, .p7c, .pfx, .p12 formats)
- Real-time upload progress tracking with visual progress bar
- Detailed upload results with success/error reporting for each file
- Uploaded certificates stored in dedicated "uploaded" folder for organization
- Full integration with existing certificate management (download, archive, bundle, PFX generation)
### Fixed
- **Root CA Generation Error**: Fixed `showNotification is not defined` JavaScript error
- Changed incorrect `showNotification` function call to use existing `showAlert` function
- Root CA generation now completes successfully without JavaScript errors
- **CA Installation Timing Issues**: Improved CA installation status refresh mechanism
- Added retry mechanism with exponential backoff for CA status checking
- Eliminates need for manual page refresh after CA installation
- More reliable detection of newly installed Certificate Authorities
### Enhanced
- **Certificate Listing**: Enhanced recursive directory scanning to properly display uploaded certificates
- **Upload Processing**: Streamlined file processing logic to prevent duplicate file operations
- **User Experience**: Improved visual feedback and error handling throughout upload process
## [1.3.0] - 2025-08-01
### Added
- **PFX Generation**: On-demand PKCS#12 (.pfx) file generation for Windows/IIS compatibility
- User-friendly password modal for PFX protection with optional encryption
- Enhanced certificate card layout with improved text handling for long filenames
- Better responsive design for mobile devices with optimized button sizes
- Text truncation with tooltips for long domain lists (100+ characters)
- Structured file information display with dedicated styling for certificate and key files
- URL encoding fixes for proper handling of complex folder paths with special characters
### Changed
- **Certificate Cards**: Complete redesign with better organization and overflow handling
- Improved mobile responsiveness with single-column layout on small screens
- Enhanced button styling and spacing for better user experience
- Updated certificate information display with clearer visual hierarchy
- Better word wrapping and text breaking for long strings
### Fixed
- **Download Functionality**: Fixed 404 errors in download buttons due to URL encoding issues
- **PFX Generation**: Resolved routing issues with complex folder paths containing slashes
- **Archive/Restore**: Fixed double URL encoding problems in certificate management
- **UI Consistency**: Removed confusing question mark cursor from filename displays
- **Mobile Layout**: Fixed text overflow and improved touch-friendly button sizing
### Removed
- Debug console logging from production PFX generation
- Unnecessary cursor help indicators from file name displays
## [1.2.0] - 2025-07-29
### Added
- Complete Docker containerization support
- Multi-stage Dockerfile with Node.js 18 Alpine base image
- Pre-installed mkcert CLI in Docker container
- Docker Compose configuration for easy deployment
- Volume persistence for certificates and application data
- Comprehensive Docker documentation (DOCKER.md)
- Docker-specific npm scripts for container management
- Health check configuration for container monitoring
- Non-root user security implementation in containers
- Environment variable support for all configuration options
- Automatic Root CA generation when none exists
- Manual Root CA generation option with user-friendly interface
- Visual indicators for auto-generated Root CAs
- New API endpoint `/api/generate-ca` for manual CA creation
### Changed
- Updated .gitignore to exclude Docker-related build files
- Enhanced package.json with Docker-related scripts
- Optimized .dockerignore for efficient Docker builds
- Cleaned up unused backup and development files
- **Docker**: Added OpenSSL to container for full certificate functionality
### Fixed
- **Docker**: OpenSSL now included in container for certificate analysis and operations
### Removed
- Unused backup files
- Development test utility
### Security
- Docker container runs as non-root user (nodejs:1001)
- Secure volume mounting for certificate persistence
- Production-ready security configurations
