Release history
monetr releases
monetr is a budgeting application focused on planning for recurring expenses.
All releases
26 shown
v1.14.0
Breaking risk
Breaking changes
- api: plaidLinkStatus changed from number to string
Notable features
- API now sends Strict-Transport-Security headers
- .qbo file support added (closes #3130)
- Container signing enabled in build pipeline
Full changelog
1.14.0 (2026-05-09)
Features
- api: Adding strict transport security headers (abf3ac4)
- api: Adding support for
.qbofiles (dada9a8), closes #3130 - build: Container signing (#3173) (9bccc2e)
- cmd: Adding password reset command line (c0ba8ea), closes #1969
Dependencies
- api: update module golang.org/x/sys to v0.44.0 (#3192) (2a8471d)
- renovate: pin dependencies (#3177) (7eace0c)
- renovate: update actions/attest-build-provenance action to v4 (#3175) (5735326)
- renovate: update actions/cache action to v5.0.5 (#3178) (2f03105)
- renovate: update actions/checkout action to v6.0.2 (#3179) (81bf7f3)
- renovate: update actions/download-artifact action to v8.0.1 (#3180) (a5e5944)
- renovate: update actions/upload-artifact action to v7.0.1 (#3181) (6fbf2ae)
- renovate: update chrnorm/deployment-action action to v2.0.8 (#3182) (eba1a74)
- renovate: update codecov/test-results-action action to v1.2.1 (#3183) (fd9c228)
- renovate: update docker/login-action action to v4.1.0 (#3184) (e370eae)
- renovate: update getsentry/action-release action to v3.6.0 (#3185) (2da6471)
- renovate: update github/codeql-action action to v4.35.2 (#3186) (9238915)
- renovate: update github/codeql-action action to v4.35.3 (#3194) (45bf45c)
- renovate: update googlecloudplatform/release-please-action action to v3.7.13 (#3187) (32c90ef)
- renovate: update registry docker tag to v3 (#3176) (a89e51f)
- renovate: update sigstore/cosign-installer action to v3.10.1 (#3188) (e145c27)
- renovate: update sigstore/cosign-installer action to v4 (#3189) (7b114fe)
- ui: update dependency @types/react to v18.3.28 (#2841) (ec1fb28)
- ui: update dependency autoprefixer to v10.5.0 (#3114) (602ba9e)
- ui: update dependency cssnano to v7.1.7 (#2994) (18139c0)
- ui: update dependency cssnano to v7.1.8 (#3195) (f39707a)
Bug Fixes
- api: Fixing flakey spending timing tests (#3190) (69b3c22), closes #1599
- api: Fixing lunch flow data corruption bug (4d9df9c)
- api: Prevent Lunch Flow client from following bad redirects (3934bb3)
- build: Fixing dumb attestation bug (e6bc2d1)
- build: Fixing signing container pipeline on main (5b84e3b)
- ui: Fixed UI cache time issue (13cfb79)
Refactor
- api: Plaid link status is now a string instead of a number (1c1c488)
- cmd: Refactor password reset command (95ad6a4)
- ui: Migrate to forked vaul version (31c3372)
- Update renovate config (4466f0c)
Documentation
v1.13.4
Maintenance
Minor fixes and improvements.
Full changelog
1.13.4 (2026-05-06)
Dependencies
- api: update module github.com/fsnotify/fsnotify to v1.10.1 (#3159) (f30a3e3)
- api: update module github.com/getsentry/sentry-go to v0.46.2 (#3169) (2c295f4)
- ui: update dependency postcss to v8.5.14 (#2983) (760de57)
- ui: update dependency satori to v0.26.0 (#2998) (2fdb2c3)
- ui: update rsbuild (#3171) (aa98a58)
Miscellaneous
Refactor
Documentation
v1.13.3
Bug fix
Fixed Plaid sync trampling custom names.
Full changelog
1.13.3 (2026-05-03)
Dependencies
Bug Fixes
- plaid: Fixed plaid sync trampling custom names (93463df), closes #3167
- test: Reduce noise in frontend tests (529e8fe)
- ui: Fix some cancel buttons being treated as destructive (04266b6)
- ui: Fixed transfer modal cancel button being disabled (e98e2ce)
Refactor
- test: Shorten really long test names (ca712e7)
v1.13.2
Bug fix
Fixed incorrect logging around cron schedules in the API.
Full changelog
1.13.2 (2026-05-02)
Dependencies
- api: update module github.com/aws/smithy-go to v1.25.1 (#3120) (b8dc6bd)
- api: update module github.com/getsentry/sentry-go to v0.46.0 (#3142) (9a20c0a)
- api: update module github.com/getsentry/sentry-go to v0.46.1 (#3153) (534d145)
- api: update module github.com/labstack/echo/v4 to v4.15.2 (#3161) (dc028fb)
- renovate: update dependency @biomejs/biome to v2.4.14 (#3162) (db1cf33)
- ui: update dependency @rsbuild/core to v2.0.2 (#3147) (7cc4fd3)
- ui: update dependency @rsbuild/plugin-sass to v1.5.2 (#3149) (570fd98)
- ui: update dependency @rspress/core to v2.0.10 (#3151) (064bdf9)
- ui: update dependency @rspress/plugin-sitemap to v2.0.10 (#3154) (f39f972)
- ui: update dependency @rstest/core to v0.9.10 (#3156) (fc4f4de)
- ui: update dependency @sentry/utils to v8.55.2 (#3150) (b2f5010)
- ui: update dependency @tanstack/react-query to v5.100.5 (#3143) (a2ba74c)
- ui: update dependency @tanstack/react-query to v5.100.6 (#3155) (cb8fde7)
- ui: update dependency @tanstack/react-query to v5.100.8 (#3163) (97451be)
- ui: update dependency html-to-text to v10 (#3165) (510e0ff)
- ui: update dependency lucide-react to v1.11.0 (#3144) (5233e5a)
- ui: update dependency lucide-react to v1.14.0 (#3160) (a7db72c)
- ui: update dependency react-qr-code to v2.0.21 (#3157) (56be0c5)
- ui: update rsbuild (#3158) (64d1702)
- ui: update sentry-javascript monorepo to v10.51.0 (#3164) (0ab74a8)
Bug Fixes
- api: Fixed incorrect logging around cron schedules (3cc3e5f), closes #3128
- build: Fixing typecheck things + tailwind goofiness (c9ff595)
- build: Fixing working directory for spellchecker (85a3bed)
- build: No more .npmrc for local development! (7b27be5)
- lint: Fixing lint error from biome (b65ebc8)
- ui/api: Add preconnect tag for sentry if its configured (3207d12)
- ui: Add integrity reporting header (c6bd4be)
- ui: Adding
Content-Security-Policy-Report-Onlyheader (b116b72) - ui: Fix autocomplete attributes on login and register (d860ca4)
- ui: Fix integrity header style error (3495db6)
- ui: Fix limit balance icon wrapping incorrectly (efd24f4)
- ui: Hashed UI assets should be marked as immutable in cache (1de378f)
- ui: Improving content security policy for frontend (031c3e4)
Miscellaneous
Refactor
v1.13.1
Security relevant
Security fixes
- postcss updated to v8.5.10
Full changelog
1.13.1 (2026-04-25)
Dependencies
- api: update aws-sdk-go-v2 monorepo (#3131) (96d2821)
- containers: update ghcr.io/openbao/openbao docker tag to v2.5.3 (#3136) (68cad73)
- renovate: update dependency @biomejs/biome to v2.4.13 (#3138) (af53d7b)
- ui: update dependency postcss to v8.5.10 [security] (#3135) (6fad415)
- ui: update rsbuild (#3139) (69897b2)
- ui: update rstest (#3141) (a8baefb)
- ui: update sentry-javascript monorepo to v10.50.0 (#3121) (02e2b0f)
Refactor
Documentation
v1.13.0
New feature
Notable features
- Automated expense/funding transactions
- React-day-picker v9 migration
Full changelog
1.13.0 (2026-04-22)
Features
Dependencies
- ui: Upgrading to react-day-picker@v9 (afd2cb5)
Bug Fixes
- api: Enforce minimum TLS versions for internal services (e121954)
- api: Fixed issue with transaction mutation during pagination (#3126) (0da52bc)
- api: Fixing auto create transaction bug (b982c7c), closes #3129
- api: Prevent spending amount from being corrupted (542a721)
- ui: Fix calendar styles from migration (7c6158c)
- ui: Fixing links from the interface (9bd8db8)
Refactor
v1.12.5
Security relevant
Security fixes
- SSRF vulnerability in Lunch Flow setup prevented arbitrary GET requests (GHSA-29v9-frvh-c426)
Full changelog
1.12.5 (2026-04-18)
This patch includes a fix for GHSA-29v9-frvh-c426. Which now prevents a potential issue where GET requests could be made to arbitrary urls during monetr's Lunch Flow setup process.
Thank you to wooseokdotkim for reporting this!
Dependencies
- api: update golang.org/x (#3109) (643a8f0)
- api: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.99.0 (#3103) (beb643a)
- api: update module github.com/getsentry/sentry-go to v0.45.1 (#3113) (efc73f9)
- api: update module github.com/hashicorp/vault/api to v1.23.0 (#3052) (8df0b26)
- api: update module golang.org/x/crypto to v0.50.0 (#3104) (b93d9a1)
- renovate: update actions/deploy-pages action to v5 (#3097) (bc82a71)
- renovate: update actions/upload-pages-artifact action to v4 (#3098) (718da88)
- renovate: update actions/upload-pages-artifact action to v5 (#3115) (93e9c5f)
- renovate: update dependency @biomejs/biome to v2.4.12 (#3117) (f92ab9b)
- renovate: update module golang.org/x/tools/cmd/stringer to v0.44.0 (#3107) (300db73)
- ui: update dependency @imagemagick/magick-wasm to v0.0.40 (#3119) (436153e)
- ui: update dependency @rsbuild/core to v2.0.0-rc.2 (#3102) (21ade9c)
- ui: update dependency @tanstack/react-query to v5.99.0 (#3096) (47923b1)
- ui: update dependency juice to v11.1.1 (#3108) (4f498e5)
- ui: update dependency katex to v0.16.45 (#3091) (f6056cb)
- ui: update dependency sass to v1.99.0 (#3110) (03fdf3a)
- ui: update rsbuild (#3116) (213e375)
- ui: update rstest (#3095) (eaacd5d)
- ui: update sentry-javascript monorepo to v10.48.0 (#3112) (195a0c9)
Bug Fixes
- api: Don't set AWS KMS encryption context to nil (59185c1)
- api: Fixed issue where transactions could be held too long (0842062)
- api: Fixed issue with TOTP recovery code generation (8956594)
- api: Fixed permissions used for filesystem storage (99d9ac9)
- api: Fixed Plaid webhook
iatage check (fcc152a) - api: Fixed SSRF via Lunch Flow onboarding (#3122) (c260caa)
- api: Fixing filesystem permissions for generated certificate (8d16467)
- api: Instrument hard timeouts at a listener level (4f2d4fa)
- api: Move some security headers to be returned on all requests (1e4d5b8)
- ci: Build documentation and test concurrently (667312d)
- container: Fixed group membership of monetr user in container (8f9bf96)
- email: Use padding instead of margin for buttons (990a834)
- ui: Fixing peer dependency warnings (e4cc946)
Miscellaneous
- deps: Fixing email dependencies (7c84a70)
- deps: Fixing pnpm package overrides (d060b14)
- deps: Group golang.org/x dependencies in the future (6cfffaa)
- Updating README (c42f194)
Refactor
v1.12.4
Security relevant
Security fixes
- Denial of service vulnerability in Stripe webhook handling (GHSA-v7xq-3wx6-fqc2)
v1.12.3
Security relevant
Security fixes
- GHSA-hqxq-hwqf-wg83: Prevent unauthorized transaction field modifications via PUT API
v1.12.2
Bug fix
Fixed excessive queue notification spam, go-pg logging issues, and job registration logic. Improved transaction modal handling and cancel button behavior.
v1.12.1
Bug fix
Fixed funding schedules processing getting stuck, preventing scheduled transactions from executing. Updated Sentry and AWS SDK dependencies.
v1.12.0
New feature
Notable features
- New background processing queue system
- SIMD performance improvements
v1.11.0
New feature
Notable features
- Persist similar transactions between calculations
v1.10.4
Bug fix
Updated JWT and Plaid libraries, fixed disabled date picker styling on iOS, bank account dropdown masking, and scroll behavior on iOS mobile devices.
v1.10.3
Bug fix
Fixed failing tests, corrected invalid last day of month rule generation. Updated SWC compiler dependency.
v1.10.2
Bug fix
Fixed lunch flow links failing to sync automatically. Updated autoprefixer dependency.
v1.10.1
Bug fix
Fixed overflow issues when transaction names are very long, preventing text from breaking the UI layout.
v1.10.0
Breaking risk
Breaking changes
- API link type changed from integer to string
Notable features
- Lunch Flow integration for EU/UK/Global banks
- Redis/Valkey credentials support
v1.9.2
Bug fix
Fixed bug preventing users from updating expense dates. Updated ImageMagick WebAssembly dependency.
v1.9.1
Bug fix
Re-added fused-multiply-add x86 SIMD implementations for performance. Fixed transaction button rendering, select dropdown behavior, logout button spacing, and manual setup wizard height.
v1.8.3
Bug fix
Updated Sentry dependency, removed deprecated API links, fixed Babel cache issues, improved error handling for browser extensions, and fixed email verification and password reset page layouts.
v1.8.2
Bug fix
Fixed top navigation buttons not rendering correctly in the UI.
v1.8.1
Bug fix
Moved away from deprecated timeout middleware to use context deadlines. Fixed manual setup page styling and made top navigation bar fixed positioning.
v1.8.0
New feature
Notable features
- Update Plaid webhook URL dynamically
- Improved infinite scroll transactions