Server Changelog

All notable changes to the horizOn Server (Backend API).

Back to Overview

1.49.1 (2026-04-20)

Bug Fixes

• ci: allow build/libs jar to enter docker build context (6d6a847)

1.49.0 (2026-04-20)

Features

• blog: add summaries field for blog post summaries (68a50b3)
• blog: add summaries field for per-language blog post summaries (37a7bf6)

Performance Improvements

• api-app: reduce db round-trips across auth, crash-reports, user-logs, leaderboard (fdafc76)
• check-auth: snapshot user state on session + atomic sliding update (998ff96)
• crash-reports: incremental user tracking, cached limit, atomic session mark (ab32972)
• leaderboard/around: facet around query, db-side bulk rank, count cache (709173f)
• user-logs: async limit enforcement, cached count, bulk soft-delete (2cdf460)

1.48.0 (2026-04-20)

Features

• apple-signin: expose authStatus in SignUpResponse (1e18dac)

1.47.0 (2026-04-20)

Features

• auth: apple sign-in for accounts and users (863689c)

1.46.2 (2026-04-19)

Bug Fixes

• email-template: align RESERVED_SLUGS with token-only template variables (ca623e1)

1.46.1 (2026-04-19)

Bug Fixes

• user-email: drop horizon.pm link injection in account-SMTP path (0b5a85f)

1.46.0 (2026-04-19)

Features

• email: allow leading underscore in template slug (a0a81a1)

1.45.2 (2026-04-18)

Bug Fixes

• user-management: regenerate verification token on admin resend (1e26490)

1.45.1 (2026-04-18)

Bug Fixes

• async: propagate AccountContextHolder to async executor threads (1598c79)

1.45.0 (2026-04-18)

Features

• app-api: perf easy-wins + admin resend verification email (99e25d9)

1.44.3 (2026-04-17)

Bug Fixes

• remote-config: batch bulk-delete and bulk-upsert into single-round mongo writes (65158fa)

Performance Improvements

• app-api: atomic $inc on redeem plus api-key from request context (91562e7)
• app-api: cache /remote-config/all responses per api key (fffadc8)
• app-api: cache smtp config and email templates on send hot-path (3ccb7ac)
• app-api: change-name via atomic updateFirst instead of findById+save (eea7e41)
• app-api: skip getUserRank in /leaderboard/submit app path (a65486e)
• app-api: user-feedback submit uses context account plus count cache (2009ccc)

1.44.2 (2026-04-17)

Bug Fixes

• user-auth: scope google, email and anonymous identity per API key (fadf9f1)

1.44.1 (2026-04-17)

Bug Fixes

• api-keys: treat legacy keys without key_type field as PROJECT (538ae24)

1.44.0 (2026-04-16)

Features

• account-api-keys: add CRUD controller and service (7407a64)
• api-keys: add keyType field to distinguish PROJECT and ACCOUNT keys (64e2907)
• api-keys: add keyType filter overload to authenticateApiKey (e796f47)
• api-keys: expose keyType in responses and allow filtering (8883d19)
• api-keys: support custom key prefix and revoke reason (a6e3209)
• security: add @SessionOnly annotation and interceptor (25073be)
• security: add AccountApiKeyAuthentication token (f84ab31)
• security: add AccountApiKeyAuthenticationFilter for X-Account-API-Key header (95829c6)
• security: audit-log mutations performed via account-api-key (d1c4895)
• security: register AccountApiKeyAuthenticationFilter in SecurityConfig (77f81ed)
• security: restrict sensitive endpoints to session auth via @SessionOnly (f32182b)
• user-management: add statistics endpoint for dashboard stats (800deae)

Performance Improvements

• security: add per-key rate-limit bucket for account api keys (20902d1)

1.43.1 (2026-04-14)

Performance Improvements

• blog: embed adjacent posts in detail response to cut payload by 4.98MB (cfd39ab)

1.43.0 (2026-04-13)

Features

• expose deleted api-key count and extended cloud-save statistics (c1b3e3d)

1.42.1 (2026-04-12)

Bug Fixes

• support SMTPS/STARTTLS auto-detection and unsaved-config tests (19a50a9)

1.42.0 (2026-04-12)

Features

• boost test coverage to 82% instructions, add 251 tests (b8f6f45)

1.41.0 (2026-04-11)

Features

• add SMTP settings and system email template routing (2c64b7e)

1.40.0 (2026-04-11)

Features

• email-sending: add email sending feature with template management and queue processing (4e18e07)

1.39.6 (2026-04-11)

Bug Fixes

• remote-config: add bulk delete endpoint and fix duplicate key error on soft-delete (563e76a)

1.39.5 (2026-04-11)

Bug Fixes

• remote-config: raise bulk import limit from 100 to 10000 entries (7217160)

1.39.4 (2026-04-11)

Bug Fixes

• remote-config: raise DTO validation limit to 1024 so role-based limits apply (133253b)

1.39.3 (2026-04-10)

Bug Fixes

• user-mgmt: filter users by API key in getUsers endpoint (1ae5146)

1.39.2 (2026-04-10)

Bug Fixes

• mail: align default SMTP config with cluster Postfix relay (c7cc45e)

1.39.1 (2026-04-09)

Bug Fixes

• security: resolve featureUsageFilter circular bean creation (4fe4d1b)

1.39.0 (2026-04-09)

Features

• marketing: admin marketing API backend (TASK-51 Plan 1) (#21) (cf526ef)

1.38.1 (2026-03-14)

Bug Fixes

• add lastmod to static sitemap URLs for better Google indexing (a9db56a)

1.38.0 (2026-03-06)

Features

• add comparison pages to sitemap and improve index management (213cb3d)

1.37.0 (2026-03-06)

Features

• add cached EUR/USD exchange rate endpoint (ebf28ee)

1.36.2 (2026-03-01)

Bug Fixes

• return 404 instead of 500 for NotFoundException and fix BrotliCompressionFilter order (655984d)

1.36.1 (2026-02-27)

Bug Fixes

• pass release version to Docker build for correct /version endpoint (59c0c0a)

1.36.0 (2026-02-27)

Bug Fixes

• move commit command to parent workspace root (3cab16d)
• refactor CLAUDE.md to remove rules now in workspace root (3b23cb5)
• remote-config: change limit counting from per-API-key to per-account (1dbbcb1)
• send GA4 conversion events for all users regardless of GCLID (921ec4a)
• test: update GoogleAdsConversion tests for always-send behavior (d21d202)

Features

• public-api: add feature-limits endpoint for all tiers (d33d3ca)

1.35.0 (2026-02-24)

Bug Fixes

• usermanagement: move password min-length validation to email signup logic (b8b8530)

Features

• backend: add app.version property with Gradle resource filtering (9a85479)
• backend: add GET /api/v1/public/system/version endpoint (fd291cb)

1.34.2 (2026-02-22)

Bug Fixes

• blog: exclude own blog from slug uniqueness check on update (5227109)

1.34.1 (2026-02-22)

Bug Fixes

• stagger scheduled task startup delays to prevent liveness probe failures (ad44e58)
• tracking: use v4 UUID format for Bing CAPI pageLoadId and log error response body (0f74912)

1.34.0 (2026-02-22)

Features

• add cloud save update endpoint, days-based account lifecycle, and Bing CAPI (4e1b49d)
• sdk: add public SDK resources endpoint (d9ab477)

1.33.0 (2026-02-21)

Bug Fixes

• users: add missing deleted-status filter to cleanup query (03d8013)

Features

• crash: add crash reporting entities (7d401d9)
• crash: add repositories and MongoDB multi-tenant config (17a7127)
• crash: add request and response DTOs (862cb8a)
• crash: add retention cleanup task (39410ba)
• crash: add service and controllers for crash reporting (f3944fa)
• crash: add system config keys for crash report limits and retention (cbd37b8)

1.32.0 (2026-02-21)

Features

• crash: add crash reporting feature (#20) (73db18a)

1.31.0 (2026-02-21)

Features

• support: include updatedAt in ticket list response (860d2da)

1.30.1 (2026-02-20)

Bug Fixes

• seo: remove auth pages from sitemap and fix blog slug truncation (4a2196b)

1.30.0 (2026-02-20)

Features

• support: allow anonymous ticket creation without guest email (98e8100)

1.29.2 (2026-02-20)

Bug Fixes

• ci: enforce clean commit message policy in project guidelines (b369a2e)

1.29.1 (2026-02-20)

Bug Fixes

• account: complete data export with settings, testimonials, sessions, and missing fields (44eddea)
• gift-codes: ensure isActive defaults to true on creation and allow re-creation after soft-delete (bbb3b06)
• remove erroneous googleId assignment in anonymous user creation (6e825cb)
• tickets: fix createdAt 1970 timestamp and guest ticket 400 error with integration tests (9f2a85a)
• user-logs: remove internal accountId from UserLogResponse DTO (bbbd220)

1.29.0 (2026-02-19)

Bug Fixes

• tracking: disable Bing CAPI until pilot activation (75e5dca)

Features

• add Meta CAPI and Bing CAPI configuration properties (568b481)
• add PublicCollectController for server-side tracking (4309d06)
• add server-side tracking feature DTOs (ef0fc39)
• implement BingConversionsClient for server-side Bing CAPI (6d17af7)
• implement Ga4TrackingClient for server-side GA4 events (6b32e78)
• implement MetaConversionsClient for server-side Meta CAPI (e12adb5)
• implement TrackingDispatcherService with client stubs (6a32017)

1.28.1 (2026-02-19)

Bug Fixes

• seo: consolidate domain defaults to horizon.pm (#19) (edc3c06)

1.28.0 (2026-02-17)

Features

• seo: add separate sitemap base URL property (47dd0c6)

1.27.0 (2026-02-16)

Features

• seo: add dynamic sitemap.xml endpoint with blog posts (5ec6a94)

1.26.0 (2026-02-15)

Features

• blog: add image consistency check and improve image retrieval flow (d0f2a8e)

1.25.0 (2026-02-15)

Features

• blog: add admin endpoint to retrieve blog post images (2f614b0)

1.24.0 (2026-02-15)

Features

• blog: expose hasImage field in blog response DTO (ac50f91)

1.23.0 (2026-02-15)

Features

• blog: add URL-friendly slug support for blog posts (ba7eb3d)

1.22.0 (2026-02-15)

Features

• blog: accept slug or UUID in public blog endpoints (9567684)
• blog: add slug field to Blog entity with unique index (05eabf7)
• blog: add slug field to PublicBlogResponse and BlogResponse DTOs (8b96fc7)
• blog: add slug finder methods to BlogRepository (88a07b6)
• blog: add slug generation and lookup to BlogService (724a95d)
• blog: add startup migration to generate slugs for existing posts (0846ab4)
• blog: use slug in imageUrl paths (ef5d9d2)

1.21.0 (2026-02-14)

Features

• blog: add blog image upload and serve via MongoDB GridFS (4afc5b9)

1.20.0 (2026-02-13)

Features

• ci: trigger changelog sync after new release (d9d3bac)

1.19.0 (2026-02-12)

Features

• auth: grant actuator user admin role for n8n blog automation (7667858)

1.18.0 (2026-02-11)

Bug Fixes

• align commit workflow with frontend and document semantic-release (e7f6f06)

Features

• add disposable email blocking and admin accounts list caching (18ad94c)

1.17.0 (2026-02-09)

Features

• blog: add blog management feature with admin and public endpoints (1291253)

1.16.1 (2026-02-08)

Bug Fixes

• move customer testimonial endpoints to /api/v1/admin/ and store gift code on entity (badc9f7)

1.16.0 (2026-02-08)

Features

• testimonial: add approval reward email template with gift code display (e2f5eb3)
• testimonial: add customer DTOs and repository query methods (60f49c7)
• testimonial: add customer submission and admin review endpoints (db60837)
• testimonial: add customer submission fields and reward system config (1175bbc)
• testimonial: implement submission, review, and gift code reward logic (3677308)
• testimonial: trigger release for customer submission and review endpoints (1ba8bbc)

1.15.0 (2026-02-04)

Features

• enhance GA4 conversion tracking with dedicated event methods and GCLID extraction (a9815b5)

1.14.0 (2026-01-30)

Features

• add test endpoint for GA4 conversion service (9bccdfc)

1.13.0 (2026-01-30)

Features

• add Google Ads conversion tracking for free account signups (e8dae5d)

1.12.1 (2026-01-28)

Bug Fixes

• security: register DaoAuthenticationProvider for HTTP Basic auth (686ddb3)

1.12.0 (2026-01-28)

Features

• security: enable HTTP Basic auth for actuator/prometheus endpoint (12a1e7d)

1.11.0 (2026-01-28)

Features

• allow all authenticated users to update their own GCLID (39e1a5c)

1.10.3 (2026-01-28)

Bug Fixes

• add startup log message for better observability (2db5a65)

[Unreleased]

1.10.0 (2026-01-28)

Features

• add GCLID tracking and GA4 server-side conversion events
• optimize ticket queries, improve test infrastructure, and enhance error handling
• add security headers and bulk rank calculation
• add gift code redemption cleanup task
• add caching to user feedback statistics

Bug Fixes

• propagate account context to virtual threads in GiftCodeService
• set AccountContextHolder in GiftCodeServiceUnitTest for virtual thread context propagation

Performance Improvements

• optimize API key fetching to reduce N+1 queries
• replace in-memory log aggregation with MongoDB aggregation pipeline
• replace in-memory statistics calculation in LeaderboardRepositoryCustomImpl
• batch user count queries in AccountUsageService
• make email sending asynchronous with @Async annotation

Refactoring

• split large SupportTicketService into focused services
• remove redundant EmailManager wrapper class
• refactor to constructor injection and remove field injection
• standardize documentation language
• secure Spring Boot Actuator endpoints
• remove hardcoded secrets from configuration files

1.9.7 (2026-01-20)

Bug Fixes

• enable Spring scheduling for scheduled tasks to run (a661400)

1.9.6 (2025-12-14)

Bug Fixes

• use manual JSON parsing when Stripe deserializer fails (e1fa417)

1.9.5 (2025-12-14)

Bug Fixes

• add diagnostic logging to Stripe webhook for debugging (7cf2c41)

1.9.4 (2025-12-14)

Bug Fixes

• extract role from session metadata in Stripe webhook (e1c7eb9)

1.9.3 (2025-12-14)

Bug Fixes

• handle empty Optional in Stripe webhook account resolution (e9f095e)

1.9.2 (2025-12-14)

Bug Fixes

• allow webhook endpoints through security filter (dd017ca)

1.9.1 (2025-12-09)

Bug Fixes

• return empty response instead of 404 for missing LLM settings (195c097)
• return empty response instead of 404 for missing LLM settings (cd23d32)

1.9.0 (2025-12-07)

Bug Fixes

• add missing EmailService mock in GoogleSignInServiceTest (3d17d41)

Features

• add server-side logging to MongoDB with rate limiting (75d0288)

1.8.0 (2025-12-07)

Features

• add admin email notifications for new accounts and support tickets (f78095a)
• integrate email service into support ticket functionality (708ebe4)

1.7.0 (2025-12-07)

Features

• enhance user feedback functionality with additional fields and email verification endpoint (09f8fc6)

1.6.0 (2025-12-05)

Features

• add Discord invite code retrieval and update email templates for dark mode support (1d236a4)

1.5.0 (2025-12-04)

Features

• update Google sign-in flow to include redirect URI in requests (d8c8506)

1.4.0 (2025-12-04)

Features

• add Google redirect URI configuration for OAuth integration (8584549)

1.3.0 (2025-12-04)

Bug Fixes

• enhance ProductService and PublicProductController tests for price and payment link functionalities (d2dc0e0)

Features

• implement Stripe price cache management with refresh and status endpoints (2a5110e)

1.2.0 (2025-12-04)

Features

• add testimonial management feature with public and admin APIs (19548d7)

1.1.0 (2025-12-04)

Features

• add public platform statistics endpoint (e1892bf)

1.0.0 (2025-12-03)

Features

• add semantic-release automation and input validation security (88d1d50)

Changelog

All notable changes to this project will be documented in this file.

This file is automatically updated by semantic-release.