Skip to content

One Time Secret

v0.25.5-coda Breaking

This release includes 2 breaking changes for platform teams planning a safe upgrade.

Published 12d Secrets & Credentials
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

chat email messaging onetime onetimesecret privacy
+1 more
secrets-management

Affected surfaces

breaking_upgrade auth

ReleasePort's take

Light signal
editorial:auto 11d

Release v0.25.5‑coda removes two configuration keys related to trusted proxies and adds several new environment variables for health checks, emailer control, UI feedback elements, version display, help modals, and API key visibility.

Why it matters: The removal of `site.interface.ui.homepage.trusted_proxy_depth` and `site.interface.ui.homepage.trusted_ip_header` requires updating configuration schemas; new vars let you fine‑tune health endpoint access, disable emailer, hide UI elements, and control API key exposure.

Summary

AI summary

Updates Highlights, feat, and fix across a mixed release.

Changes in this release

Breaking Medium

Removes `site.interface.ui.homepage.trusted_proxy_depth` config; replaces with `site.network.trusted_proxy` settings.

Removes `site.interface.ui.homepage.trusted_proxy_depth` config; replaces with `site.network.trusted_proxy` settings.

Source: llm_adapter@2026-05-23

Confidence: high
Breaking Medium

Removes `site.interface.ui.homepage.trusted_ip_header` config; replaces with `site.network.trusted_proxy.header` settings.

Removes `site.interface.ui.homepage.trusted_ip_header` config; replaces with `site.network.trusted_proxy.header` settings.

Source: llm_adapter@2026-05-23

Confidence: high
Feature Medium

Adds `HEALTH_TRUSTED_CIDR` env var to allowlist IP ranges for health endpoint.

Adds `HEALTH_TRUSTED_CIDR` env var to allowlist IP ranges for health endpoint.

Source: llm_adapter@2026-05-23

Confidence: low
Feature Medium

Introduces `EMAILER_MODE=disabled` to silence outbound mail delivery.

Introduces `EMAILER_MODE=disabled` to silence outbound mail delivery.

Source: llm_adapter@2026-05-23

Confidence: low
Feature Medium

Adds `WORKSPACE_FEEDBACK_ENABLED` env var to hide the feedback widget.

Adds `WORKSPACE_FEEDBACK_ENABLED` env var to hide the feedback widget.

Source: llm_adapter@2026-05-23

Confidence: low
Feature Medium

Adds `FOOTER_VERSION_ENABLED` env var to hide the version string in footer.

Adds `FOOTER_VERSION_ENABLED` env var to hide the version string in footer.

Source: llm_adapter@2026-05-23

Confidence: low
Feature Medium

Adds `HELP_ENABLED` env var to hide the "Need help?" modal on secret pages.

Adds `HELP_ENABLED` env var to hide the "Need help?" modal on secret pages.

Source: llm_adapter@2026-05-23

Confidence: low
Feature Medium

Adds `API_ENABLED` env var to hide the API key section in Account Settings.

Adds `API_ENABLED` env var to hide the API key section in Account Settings.

Source: llm_adapter@2026-05-23

Confidence: low
Feature Medium

Introduces consolidated trusted proxy configuration (`TRUSTED_PROXY_ENABLED`, `TRUSTED_PROXY_MODE`, `TRUSTED_PROXY_DEPTH`, `TRUSTED_PROXY_HEADER`).

Introduces consolidated trusted proxy configuration (`TRUSTED_PROXY_ENABLED`, `TRUSTED_PROXY_MODE`, `TRUSTED_PROXY_DEPTH`, `TRUSTED_PROXY_HEADER`).

Source: granite4.1:30b@2026-05-23-audit

Confidence: low
Feature Low

Adds declarative deprecation system with `compatibility.on_deprecated_config` setting (strict/warn/silent).

Adds declarative deprecation system with `compatibility.on_deprecated_config` setting (strict/warn/silent).

Source: granite4.1:30b@2026-05-23-audit

Confidence: low
Dependency Low

Updates dependency postcss to ^8.5.10.

Updates dependency postcss to ^8.5.10.

Source: granite4.1:30b@2026-05-23-audit

Confidence: low
Dependency Low

Updates dependency timecop to v0.9.11.

Updates dependency timecop to v0.9.11.

Source: granite4.1:30b@2026-05-23-audit

Confidence: low
Bugfix Medium

Fixes region filter defeating `stripe_product_id` override in catalog push.

Fixes region filter defeating `stripe_product_id` override in catalog push.

Source: llm_adapter@2026-05-23

Confidence: high
Bugfix Medium

Fixes client IP resolution behind RFC‑1918 proxy chains (issue #3107).

Fixes client IP resolution behind RFC‑1918 proxy chains (issue #3107).

Source: llm_adapter@2026-05-23

Confidence: high
Bugfix Low

Fixes site name visibility regression in MastHead (regression #3160).

Fixes site name visibility regression in MastHead (regression #3160).

Source: granite4.1:30b@2026-05-23-audit

Confidence: low
Bugfix Low

Corrects BillingCatalog result.success check and adds PlanCacheRefreshJob spec.

Corrects BillingCatalog result.success check and adds PlanCacheRefreshJob spec.

Source: granite4.1:30b@2026-05-23-audit

Confidence: low
Bugfix Low

Prevents fork PR workflow failures on labeler and CI metrics checks.

Prevents fork PR workflow failures on labeler and CI metrics checks.

Source: granite4.1:30b@2026-05-23-audit

Confidence: low
Bugfix Low

Replaces deprecated `no-clobber` flag with `update=none` in relevant commands.

Replaces deprecated `no-clobber` flag with `update=none` in relevant commands.

Source: granite4.1:30b@2026-05-23-audit

Confidence: low
Bugfix Low

Resolves pre-push hook false failures on YAML/JSON validation checks.

Resolves pre-push hook false failures on YAML/JSON validation checks.

Source: granite4.1:30b@2026-05-23-audit

Confidence: low
Full changelog

[!NOTE]
This v0.25.5-coda release tag exists due to an issue with the GH releases UI. When we published v0.25.5 with these release notes, it created the tag and started the build but did not create the release notes. The tag is immutable and it is not possible to create a release from an existing tag so here we are.

Highlights

Boot-time config break-checks

Several config paths moved in this release. We added a declarative deprecation system for removed and relocated configuration. At boot, the loader walks a manifest of deprecated paths and env vars; the behaviour is determined by a new config setting compatibility.on_deprecated_config (environment variable: ON_DEPRECATED_CONFIG):

  • strict: raises OT::ConfigError and halts startup (default)
  • warn: logs the message and continues
  • silent: ignores the match

Pre-1.0 semver permits breaking changes; this system makes them actionable rather than silent. It's a way to keep the codebase nimble without making dev installs and self‑hosted upgrades too painful. When a setting moves or gets removed, you get a clear message pointing at the replacement instead of silent and/or indeterminate behavior.

Breaking config changes in v0.25.5:

| Removed | Replaced by |
|---|---|
| site.interface.ui.homepage.trusted_proxy_depth (UI_HOMEPAGE_TRUSTED_PROXY_DEPTH) | site.network.trusted_proxy (TRUSTED_PROXY_ENABLED, TRUSTED_PROXY_MODE=depth, TRUSTED_PROXY_DEPTH) |
| site.interface.ui.homepage.trusted_ip_header (UI_HOMEPAGE_TRUSTED_IP_HEADER) | site.network.trusted_proxy.header (TRUSTED_PROXY_HEADER) |

New configuration

Consolidated trusted proxy chain (replaces the homepage-specific settings above):

TRUSTED_PROXY_ENABLED=true
TRUSTED_PROXY_MODE=filter          # filter (default) | depth
TRUSTED_PROXY_DEPTH=1              # hops to trust when MODE=depth
TRUSTED_PROXY_HEADER=X-Forwarded-For

Health endpoint IP allowlist (#3118):

# RFC 1918 + loopback are already trusted by default. This is a way to 
# include additional CIDR ranges for /health checks. (e.g. CGNAT for k8s ingress)
HEALTH_TRUSTED_CIDR=100.64.0.0/10

Silence outbound mail for dev, test, or air‑gapped deployments (#3167):

EMAILER_MODE=disabled              # smtp, ses, sendgrid, lettermint, disabled, none, logger

UI surface toggles (#3167, #3169, #3170):

WORKSPACE_FEEDBACK_ENABLED=false   # hide the feedback widget
FOOTER_VERSION_ENABLED=false       # hide the version string in the footer
HELP_ENABLED=false                 # hide the "Need help?" modal on secret pages
API_ENABLED=false                  # hide the API key section in Account Settings

What's Changed

  • Standardize plan IDs to canonical family-keyed format https://github.com/onetimesecret/onetimesecret/pull/3154
  • Remove interval-suffixed plan ID references from tests and docs https://github.com/onetimesecret/onetimesecret/pull/3156
  • Expand catalog API to flat per-interval records for frontend https://github.com/onetimesecret/onetimesecret/pull/3159
  • Skip Claude code review on fork PRs https://github.com/onetimesecret/onetimesecret/pull/3163
  • Replace Stripe-based pro-bono migration with direct entitlement grant https://github.com/onetimesecret/onetimesecret/pull/3162
  • Refresh VCR cassettes and fix billing spec mock conflicts https://github.com/onetimesecret/onetimesecret/pull/3166 https://github.com/onetimesecret/onetimesecret/pull/3155
  • Extract DataExtractor, remove shims and deprecated delegators https://github.com/onetimesecret/onetimesecret/pull/3180
  • Wire ui.capabilities flags to their UI surfaces https://github.com/onetimesecret/onetimesecret/pull/3179
  • Add HEALTH_TRUSTED_CIDR by @daanpersoons in https://github.com/onetimesecret/onetimesecret/pull/3118
  • Consolidate entitlement resolution: cleanup gaps https://github.com/onetimesecret/onetimesecret/pull/3183
  • feat: add EMAILER_MODE=disabled to silence mail delivery by @syphernl in https://github.com/onetimesecret/onetimesecret/pull/3167
  • Make entitlement schema fail-open for unknown values https://github.com/onetimesecret/onetimesecret/pull/3186
  • Extract billing catalog operations into composable service objects https://github.com/onetimesecret/onetimesecret/pull/3173 https://github.com/onetimesecret/onetimesecret/pull/3165
  • Consolidate proxy config: remove homepage-specific trusted_proxy settings https://github.com/onetimesecret/onetimesecret/pull/3181
  • feat: add WORKSPACE_FEEDBACK_ENABLED and FOOTER_VERSION_ENABLED env vars by @syphernl in https://github.com/onetimesecret/onetimesecret/pull/3169
  • feat: add HELP_ENABLED env var to hide Need help? modal on secret pages by @syphernl in https://github.com/onetimesecret/onetimesecret/pull/3170
  • feat: hide API key section in Account Settings when API_ENABLED=false by @syphernl in https://github.com/onetimesecret/onetimesecret/pull/3168
  • Change jurisdiction config via ENV string format https://github.com/onetimesecret/onetimesecret/pull/3188

Fixed

  • Fix region filter defeating stripe_product_id override in catalog push https://github.com/onetimesecret/onetimesecret/pull/3158
  • Fix #3107: resolve client IP behind RFC-1918 proxy chains by @syphernl in https://github.com/onetimesecret/onetimesecret/pull/3116
  • Fix site name visibility priority in MastHead (regression #3160) https://github.com/onetimesecret/onetimesecret/pull/3164
  • Fix BillingCatalog result.success check, add PlanCacheRefreshJob spec https://github.com/onetimesecret/onetimesecret/pull/3184
  • fix: prevent fork PR workflow failures on labeler and CI metrics https://github.com/onetimesecret/onetimesecret/pull/3174
  • fix: replace deprecated no-clobber flag with update=none by @bendehaan in https://github.com/onetimesecret/onetimesecret/pull/3046
  • fix: resolve pre-push hook false failures on YAML/JSON checks https://github.com/onetimesecret/onetimesecret/pull/3176

Dependencies

  • Update dependency postcss to ^8.5.10 by @renovate[bot] in https://github.com/onetimesecret/onetimesecret/pull/3171
  • Update dependency timecop to v0.9.11 by @renovate[bot] in https://github.com/onetimesecret/onetimesecret/pull/3172

New Contributors

  • @syphernl made their first contribution in https://github.com/onetimesecret/onetimesecret/pull/3116
  • @bendehaan made their first contribution in https://github.com/onetimesecret/onetimesecret/pull/3046
  • @daanpersoons made their first contribution in https://github.com/onetimesecret/onetimesecret/pull/3118

Full Changelog: https://github.com/onetimesecret/onetimesecret/compare/v0.25.4...v0.25.5-coda

Breaking Changes

  • Removed config paths `site.interface.ui.homepage.trusted_proxy_depth` and its env var `UI_HOMEPAGE_TRUSTED_PROXY_DEPTH`; replaced by consolidated proxy settings under `site.network.trusted_proxy` with new env vars (`TRUSTED_PROXY_ENABLED`, `TRUSTED_PROXY_MODE`, `TRUSTED_PROXY_DEPTH`, `TRUSTED_PROXY_HEADER`).
  • Removed config path `site.interface.ui.homepage.trusted_ip_header` and its env var `UI_HOMEPAGE_TRUSTED_IP_HEADER`; replaced by new proxy header setting `site.network.trusted_proxy.header` (`TRUSTED_PROXY_HEADER`).
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track One Time Secret

Get notified when new releases ship.

Sign up free

About One Time Secret

Share sensitive information securely with self-destructing links that are only viewable once.

All releases →

Related context

Beta — feedback welcome: [email protected]