ExcaliDash

v0.5.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 1mo Dashboards & Home Pages

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

excalidash excalidraw excalidraw-platform self-hosted websocket

Summary

AI summary

OpenID Connect security hardening with improved token validation and admin controls.

Full changelog

Release date: 2026-04-17

| Area | Key Changes |
|------|-------------|
| OIDC hardening | ID token signing alg resolution with discovery fallback + explicit override (OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG), token endpoint auth method override (OIDC_TOKEN_ENDPOINT_AUTH_METHOD), HS-alg mismatch auto-retry in callback, Keycloak/Authentik preflight warnings, oidc-doctor.cjs diagnostic tool, provider-specific .env example files |
| Admin OIDC controls | Runtime JIT provisioning toggle via admin panel + DB (oidcJitProvisioningEnabled column + migration), OIDC-only invited user creation (oidcOnly flag), block self-registration toggle in oidc_enforced mode |
| HTTPS redirect policy | Refactored into pure httpsRedirectPolicy.ts module, new ENFORCE_HTTPS_REDIRECT env var, mixed http/https FRONTEND_URL support, IPv4 loopback healthchecks |
| Frontend resilience | AuthStatusErrorPanel with retry for backend connectivity failures, registrationEnabled propagation to hide register link/route, multi-image drag-and-drop import in Editor, Excalidraw asset copy script for dev + build |

Upgrading

Show upgrade steps

Data safety checklist

Back up backend volume (dev.db, secrets) before upgrading.
Let migrations run on startup (RUN_MIGRATIONS=true) for normal deploys.
Run docker compose -f docker-compose.prod.yml logs backend --tail=200 after rollout and verify startup/migration status.

Recommended upgrade (Docker Hub compose)

docker compose -f docker-compose.prod.yml pull
docker compose -f docker-compose.prod.yml up -d

Pin images to this release (recommended for reproducible deploys)

Edit docker-compose.prod.yml and pin the release tags:

services:
  backend:
    image: zimengxiong/excalidash-backend:v0.5.0
  frontend:
    image: zimengxiong/excalidash-frontend:v0.5.0

Example:

docker compose -f docker-compose.prod.yml up -d

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ExcaliDash

Get notified when new releases ship.

About ExcaliDash

A self-hosted dashboard and organizer for Excalidraw with multi-user collaboration and scoped sharing.

All releases →