TREK

v2.8.0

New Features

In-App Notification System

• Real-time in-app notifications with bell icon in the navbar
• Notification types: simple, boolean (accept/decline), and navigation
• Trip invites, booking changes, and reminders delivered in-app
• Mark as read/unread, delete individual or all notifications
• Unread count badge on the bell icon
• Dedicated notifications page with full history

Polish Language Support

• Added Polish (pl) as the 13th supported language

Trip Copy / Duplicate

• Duplicate any trip from the dashboard including all places, days, assignments, and settings

About Section in Settings

• Shows current TREK version and Discord community link in user settings

MCP Rate Limiting

• New MCP_RATE_LIMIT environment variable to control MCP API request rate per user (default: 60/min)

Map Preview in Settings

• Interactive map preview when configuring default latitude/longitude — click to set coordinates

Trip Member Count on Dashboard

• Dashboard cards now display the number of trip members

Holiday Name Tooltip in Vacay

• Hovering over a holiday in the Vacay calendar now shows the holiday name

Comprehensive Backend Test Suite

• 25+ integration test files covering all API endpoints
• 15+ unit test files for services, middleware, and utilities
• WebSocket connection tests
• Vitest configuration with test database isolation

Bug Fixes

Date Display Timezone Bug (#351)

• Fixed off-by-one day display for users in timezones west of UTC
• All date-only strings now parse and display in UTC consistently
• Fixed across 16 frontend files (formatters, date pickers, PDF export, budget, photos, etc.)

Safari Immich Photo Integration (#381)

• Fixed 401 errors when loading Immich photos in Safari
• Replaced ephemeral token + <img src> approach with direct fetch() using cookie auth (blob URLs)
• Added concurrency limiter (max 6 parallel fetches) to prevent ERR_INSUFFICIENT_RESOURCES
• Queue cleared when photo picker closes so gallery thumbnails load immediately

Immich Shared Photo Proxy

• Shared photos now correctly use the photo owner's Immich credentials for proxying

Immich HTTPS Redirect Detection

• Immich connection test now detects http→https redirects and updates the URL automatically

Vacay Bugs

• Fixed entitlement counter, year deletion, and year creation bugs
• Fixed selectedYear not resetting when the active year is deleted

Collab Note Attachments (#343)

• Fixed broken file attachments in collaborative notes

Invite Link Registration (#335)

• Invite links now correctly show the registration page

Mobile Day Detail (#311)

• Day detail panel now opens on single tap instead of requiring double-click on mobile

Day Detail Panel

• Deselecting a day when closing the DayDetailPanel now works correctly

Day Note Validation

• Required indicator shown on day note title, save button disabled when empty

Deleted Chats in Share View

• Deleted chat messages no longer appear in the public share view

iOS Login Fix

• Fixed login issues on iOS Safari

Trip Copy Fix

• Fixed edge case when duplicating trips

APP_URL in Emails

• Email notification links now correctly use APP_URL when defined

Architecture & Refactoring

Service Layer Extraction

• Extracted all business logic from route handlers into dedicated service modules
• 25+ new service files: authService, tripService, placeService, dayService, assignmentService, budgetService, packingService, reservationService, collabService, fileService, immichService, mapsService, weatherService, atlasService, vacayService, adminService, backupService, shareService, oidcService, tagService, categoryService, settingsService, dayNoteService, notificationPreferencesService, inAppNotifications
• Routes now only handle HTTP concerns (request parsing, response formatting)
• Express app setup extracted into app.ts

Cookie Security

• Session cookie changed to SameSite: Lax for improved CSRF protection

SSRF Protection

• Bypass fix for internal IP SSRF check enforcement

Infrastructure & Deployment

Auto Version Bumping (CI)

• New CI workflow: merging dev→main auto-bumps minor version (2.7.x → 2.8.0)
• Direct pushes to main auto-bump patch version (2.8.0 → 2.8.1)
• Version written to both package.json files, git-tagged, Docker image tagged automatically

Helm Chart Improvements

• Added ingressClassName support
• Added config/secret checksum annotations to deployment (auto-restart on config change)
• All missing environment variables from README added to Helm chart values

Docker Image

• Removed unnecessary files from Docker image via updated .dockerignore

Unraid Template

• Updated environment variables in Unraid template

GitHub Workflows

• New test workflow running on PRs
• Auto-close workflow for empty/untitled issues
• Structured bug report issue template (YAML form)
• Feature request bad names exclusion

SonarQube

• Added sonar-project.properties for code quality scanning

Documentation & Community

Contributing Guidelines

• New CONTRIBUTING.md with PR rules: discuss in Discord #github-pr first, PRs target dev branch
• Wiki page with full tech stack, development setup, and detailed guidelines

Wiki Refresh

• New Security page (encryption, MFA, rate limiting, CSRF, SSRF, audit logging)
• Updated: Environment Variables, Admin Panel, Photos, Collab, Budget, File Management, Installation (Helm/Unraid), Trip Planning
• All feature pages brought up to date with current dev state

Discord & Translation Sync

• Discord community links added throughout the app
• Translation files synced across all 13 languages