Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2026-06-22 04:12:06 +10:00
Code Issues Packages Projects Releases Wiki Activity
3,828 Commits 254 Branches 220 Tags
58f0c98038fd22ed550e8bbf9a51b4dcd5666721
Commit Graph

382 Commits

Author SHA1 Message Date
David Nguyen 6faa01d384 feat: add pdf image renderer (#2554) 
## Description

Replace the PDF renderer with an custom image renderer.

This allows us to remove the "react-pdf" dependency and allows us to use
a virtual list to improve performance.
 2026-03-06 12:39:03 +11:00
Lucas Smith 7f271379b9 fix: upgrade @libpdf/core (#2572) 2026-03-06 10:08:58 +11:00
Lucas Smith bff360b084 fix: upgrade @libpdf/core (#2569) 2026-03-05 15:34:40 +11:00
Lucas Smith db1087d76d v2.7.1 2026-03-05 15:16:45 +11:00
Lucas Smith a05251d5ee v2.7.0 2026-03-03 16:19:38 +11:00
Lucas Smith 454f73f2a9 chore: remove old docs (#2550) 2026-03-02 13:47:40 +11:00
Lucas Smith b92c53dbb2 feat: docs v2 (#2460) 
Co-authored-by: Catalin Pit <catalinpit@gmail.com>
 2026-02-27 22:05:27 +11:00
Lucas Smith f8ac782f2e deps: 2026-02-26 upgrades (#2545) 2026-02-26 14:17:08 +11:00
Lucas Smith 6f5014a561 feat: support optional read replicas (#2540) 2026-02-25 19:07:02 +11:00
Lucas Smith 6fb88fede5 chore: upgrade libpdf (#2522) 2026-02-21 20:54:33 +11:00
Lucas Smith 653ab3678a feat: better ratelimiting (#2520) 
Replace hono-rate-limiter with a Prisma/PostgreSQL bucketed counter
approach that works correctly across multiple instances without sticky
sessions.

- Add RateLimit model with composite PK (key, action, bucket) and atomic
upsert
- Create rate limit factory with window parsing, bucket computation, and
fail-open
- Define auth-tier and API-tier rate limit instances
- Add Hono middleware, rateLimitResponse helper, and tRPC
assertRateLimit helper
- Wire rate limit headers through AppError constructor (was declared but
never assigned)
- Apply rate limits to auth routes (email-password, passkey), tRPC
routes
  (2FA email, link org account), API routes, and file upload endpoints
- Add cleanup cron job for expired rate limit rows (batched delete every
15 min)
- Remove hono-rate-limiter dependency
 2026-02-20 12:23:02 +11:00
Lucas Smith 006b1d0a57 feat: per-recipient envelope expiration (#2519) 2026-02-20 11:36:20 +11:00
Lucas Smith f3ec8ddc57 v2.6.1 2026-02-18 21:57:10 +11:00
Lucas Smith 8704c731c0 chore: upgrade libpdf (#2435) 2026-01-29 23:34:46 +11:00
Lucas Smith eaee0d4bc6 v2.6.0 2026-01-29 18:44:58 +11:00
Lucas Smith d08049ed3b v2.5.1 2026-01-27 20:25:31 +11:00
Ted Liang 9c6ee88cc4 fix: security CVE-2026-23527 (#2399) 2026-01-27 15:52:34 +11:00
Lucas Smith 7d38e18f93 v2.5.0 2026-01-26 15:59:30 +11:00
Lucas Smith 42d6e1cbbd chore: upgrade libpdf (#2409) 2026-01-26 12:20:33 +11:00
Lucas Smith 67da488f63 chore: upgrade libpdf (#2408) 2026-01-23 21:38:48 +11:00
Lucas Smith fd3ebc08ec chore: upgrade libpdf (#2406) 2026-01-22 12:45:20 +11:00
Lucas Smith 9035240b4d refactor: replace pdf-sign with libpdf/core for PDF operations (#2403) 
Migrate from @documenso/pdf-sign and @cantoo/pdf-lib to @libpdf/core
for all PDF manipulation and signing operations. This includes:

- New signing transports for Google Cloud KMS and local certificates
- Consolidated PDF operations using libpdf API
- Added TSA (timestamp authority) helper for digital signatures
- Removed deprecated flatten and insert utilities
- Updated tests to use new PDF library
 2026-01-21 15:16:23 +11:00
Ted Liang 158b36a9b7 fix: security CVE-2026-22817 CVE-2026-22818 (#2390) 2026-01-15 18:27:04 +11:00
Lucas Smith fabd69bd62 build: upgrade simplewebauthn packages from v9 to v13 (#2389) 
The v9 packages are deprecated. This updates to v13 which includes
breaking API changes: optionsJSON wrapper for auth functions,
renamed properties (authenticator→credential), and base64 encoding
for credential IDs via isoBase64URL helper.
 2026-01-15 14:22:37 +11:00
Karlo db913e95b6 fix: downgrade pdfjs-dist to version 5.4.296 and update react-pdf to version 10.3.0 (#2383) 2026-01-13 21:01:29 +11:00
Lucas Smith 5bc73a7471 chore: npm audit fix (#2367) 2026-01-13 16:39:10 +11:00
Lucas Smith 6b041c23b4 v2.4.0 2026-01-08 15:16:57 +11:00
Lucas Smith 1e20561e91 v2.3.2 2025-12-24 16:20:23 +11:00
Catalin Pit baa2c51123 feat: add delegate document ownership option (#2272) 
When using an API key created in a team context, the
documents/templates’ owner always defaults to the team API token
creator, rather than the actual uploader.

For example, John creates the API key for the team "Lawyers". Tom and
Maria use the API key to upload documents. All the uploaded documents
are attributed to John.

This makes it impossible to see who actually uploaded a document.

The new feature allows users to enable document ownership delegation
from the organization/team settings.
 2025-12-23 22:08:54 +11:00
Ted Liang 5624484631 fix: security CVE-2025-68130 (#2343) 
## Description

Fix security
[CVE-2025-68130](https://github.com/advisories/GHSA-43p4-m455-4f4j)
 2025-12-22 21:53:49 +11:00
Lucas Smith eeeee2fa0e v2.3.1 2025-12-18 12:02:04 +11:00
Lucas Smith df678d7d69 v2.3.0 2025-12-17 22:10:47 +11:00
Lucas Smith b0248c20eb v2.2.8 2025-12-16 16:04:07 +11:00
Lucas Smith c5c87e3fd1 v2.2.7 2025-12-16 12:38:53 +11:00
Vincent Vu 51e3d5030d fix(security): CVE-2025-55184, CVE-2025-55183 (#2314) 2025-12-12 16:50:00 +11:00
Lucas Smith 43486d8448 v2.2.6 2025-12-09 21:11:01 +11:00
Ted Liang c5032d0c43 refactor: extract image-helpers (#2261) 2025-12-09 09:19:49 +11:00
Lucas Smith bac2bf11f4 v2.2.5 2025-12-08 14:33:00 +11:00
Lucas Smith d93b2a70a7 fix: upgrade react-email/render (#2297) 
Upgrade the `@react-email/render` package to handle
suspense during renders.

We could have just swapped to `renderAsync` for the 0.0.x
version of the package but it's better to upgrade as part
of this change.

CI has been run locally and emails have been verified to
work and render as expected in our local mail trap.
 2025-12-08 13:08:34 +11:00
Lucas Smith 9238f759a6 v2.2.4 2025-12-05 12:23:23 +11:00
Lucas Smith 3f70082146 v2.2.3 2025-12-05 09:53:40 +11:00
Lucas Smith 08a9ab3aaf v2.2.2 2025-12-04 14:50:09 +11:00
Lucas Smith e66bd422e3 chore: upgrade dependencies (#2278) 2025-12-04 14:31:30 +11:00
Lucas Smith 22d99c7410 v2.2.1 2025-12-04 11:39:19 +11:00
Lucas Smith f70e6ac50a v2.2.0 2025-12-04 00:31:11 +11:00
Lucas Smith 7a94ee3b83 feat: add ai detection for recipients and fields (#2271) 
Use Gemini to handle detection of recipients and fields within
documents.

Opt in using organisation or team settings.

Replaces #2128 since the branch was cursed and would include
dependencies that weren't even in the lock file.



https://github.com/user-attachments/assets/e6cbb58f-62b9-4079-a9ae-7af5c4f2e4ec
 2025-12-03 23:39:41 +11:00
Lucas Smith 6ae672c16b v2.1.0 2025-11-25 16:38:06 +11:00
Lucas Smith 11a56f3228 chore: telemetry (#2240) 2025-11-25 16:01:31 +11:00
Lucas Smith d2176627ca chore: dependency updates (#2229) 2025-11-22 20:28:20 +11:00
Lucas Smith 17c6098638 v2.0.14 2025-11-20 15:12:40 +11:00