Skip to content

Release history

Zero-TOTP releases

Complete, reliable, secure and zero-trust webapp based on zero-knowledge encryption to store your TOTP codes.

Back to tool Latest release

All releases

13 shown

Review required
v1.13.1 Breaking risk
Auth Breaking upgrade Dependencies

Security patch + vault update flow

Open
v1.12.3 Breaking risk

Minor fixes and improvements.

Full changelog

Before upgrading carefully read the following warning :

[!caution]
We introduced breaking changes in v1.12. Carefully read v1.12.1's release notes if upgrading from v1.11 or prior.
Upgrade from v1.12.x to this version (v1.12.3) should be painless.

[!important]
This version brings security patch. Upgrade is highly recommended.

🐳 New Docker images

Update available upon the following tags : 1.12, 1.12.3 and latest.
Recommended tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.12
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.12

Exact tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.12.2
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.12.3

Latest tag:

  • API : ghcr.io/seaweedbraincy/zero-totp-api:latest
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:latest

What's Changed

  • build(deps-dev): bump tar from 7.5.7 to 7.5.11 in /frontend by @dependabot[bot] in https://github.com/SeaweedbrainCY/zero-totp/pull/392
  • build(deps): bump flatted from 3.3.3 to 3.4.2 in /frontend by @dependabot[bot] in https://github.com/SeaweedbrainCY/zero-totp/pull/396
  • build(deps): bump werkzeug from 3.1.5 to 3.1.6 in /api by @dependabot[bot] in https://github.com/SeaweedbrainCY/zero-totp/pull/402
  • build(deps): bump flask from 3.1.1 to 3.1.3 in /api by @dependabot[bot] in https://github.com/SeaweedbrainCY/zero-totp/pull/401
  • build(deps): bump aiohttp from 3.13.3 to 3.13.4 in /api by @dependabot[bot] in https://github.com/SeaweedbrainCY/zero-totp/pull/400
  • build(deps): bump cryptography from 46.0.2 to 46.0.6 in /api by @dependabot[bot] in https://github.com/SeaweedbrainCY/zero-totp/pull/399
  • build(deps): bump lodash from 4.17.23 to 4.18.1 in /frontend by @dependabot[bot] in https://github.com/SeaweedbrainCY/zero-totp/pull/403
  • build(deps): bump dompurify from 3.3.1 to 3.3.3 in /frontend by @dependabot[bot] in https://github.com/SeaweedbrainCY/zero-totp/pull/398
  • build(deps): bump requests from 2.32.4 to 2.33.0 in /api by @dependabot[bot] in https://github.com/SeaweedbrainCY/zero-totp/pull/397
  • build(deps): bump pyasn1 from 0.5.0 to 0.6.3 in /api by @dependabot[bot] in https://github.com/SeaweedbrainCY/zero-totp/pull/395
View release on GitHub
v1.12.2 Breaking risk
Breaking changes
  • v1.12 contains breaking changes; refer to v1.12.1 release notes when upgrading from v1.11 or earlier
Security fixes
  • CVE-2025-15284
  • CVE-2026-23950
  • CVE-2026-24842
Full changelog

Before upgrading carefully read the following warning :

[!caution]
We introduced breaking changes in v1.12. Carefully read v1.12.1's release notes if upgrading from v1.11 or prior.
Upgrade from v1.12.1 to this version (v1.12.2) should be painless.

[!important]
This version brings security patch. Upgrade is highly recommended.

🐳 New Docker images

Update available upon the following tags : 1.12, 1.12.2 and latest.
Recommended tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.12
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.12

Exact tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.12.2
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.12.2

Latest tag:

  • API : ghcr.io/seaweedbraincy/zero-totp-api:latest
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:latest

What's fixed

  • Bump qs from 6.14.0 to 6.14.1 in /frontend to fix CVE-2025-15284. PR #365 by @SeaweedbrainCY
  • Bump tar and @angular/cli in /frontend to fix CVE-2026-23950, CVE-2026-24842, CVE-2026-23745. PR #377 by @SeaweedbrainCY
  • Bump @angular/core from 20.3.15 to 20.3.16 in /frontend to fix CVE-2026-22610. PR #370 by @SeaweedbrainCY
  • Bump python-multipart from 0.0.18 to 0.0.22 in /api to fix CVE-2026-24486. PR #376 by @SeaweedbrainCY
  • Bump protobuf from 6.31.1 to 6.33.5 in /api to fix CVE-2026-0994. PR #378 by @SeaweedbrainCY
  • Bump filelock from 3.18.0 to 3.20.3 in /api to fix CVE-2025-68146, CVE-2026-22701. PR #372 by @SeaweedbrainCY
  • Bump werkzeug from 3.1.4 to 3.1.5 in /api to fix CVE-2026-21860. PR #368 by @SeaweedbrainCY
  • Bump virtualenv from 20.30.0 to 20.36.1 in /api to fix CVE-2026-22702.PR #371 by @SeaweedbrainCY
View release on GitHub
v1.12.1 Breaking risk
Breaking changes
  • Database migration required that deletes all session tokens
  • New session flow and lifetime management
Security fixes
  • CVE-2025-66418
  • CVE-2025-66471
  • CVE-2025-69224
Notable features
  • Session lifetime increased with new session flow
  • API prepared for user-managed encrypted session information
Full changelog

Before upgrading carefully read the 4 following warnings :

[!warning]
This version requires a database migration
Make sure to follow Zero-TOTP docs to properly backup and then migrate your database

[!caution]
IMPORTANT : This specific migration will delete all session tokens in the database. This means all users will be disconnected when applying the migration.

[!important]
This version brings a new flow regarding users' sessions and their lifetime
Please carefully read this blog post related to this new approach to understand how sessions are now handled and what can be configured

[!important]
This version brings security patch. Upgrade is highly recommended.

🐳 New Docker images

Update available upon the following tags : 1.12, 1.12.1 and latest.
Recommended tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.12
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.12

Exact tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.12.0
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.12.1

Latest tag:

  • API : ghcr.io/seaweedbraincy/zero-totp-api:latest
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:latest

What's Changed

  • IMPORTANT: Users' session lifetime are globally increased with a new session flow. PR #364 by @SeaweedbrainCY.
    • Carefully read the related blog post to understand the changes.
  • API is prepared to receive further update where the user will be able to store encrypted information about session, see them and revoke them. PR #364 by @SeaweedbrainCY.
  • The overall hardening of how session are validated has been reviewed. More particularly the API is now more severe if a potential attack or manipulation is detected. For example the re-use or bad use of some authentication tokens will cause their expiration to be forced by the API to avoid any compromission. PR #364 by @SeaweedbrainCY.

What's fixed

  • Bump urlib3 to 2.6.3 to fix CVE-2025-66418, CVE-2026-21441 & CVE-2025-66471. PR #364 by @SeaweedbrainCY.
  • Bump aiohttp to 3.13.3 to fix CVE-2025-69224, CVE-2025-69230, CVE-2025-69225, CVE-2025-69226, CVE-2025-69229, CVE-2025-69227, CVE-2025-69228, CVE-2025-69223. PR #366 by @SeaweedbrainCY.
  • Fix a bug causing the user deletion to return an error in some scenarios. PR #364 by @SeaweedbrainCY.
View release on GitHub
v1.11.3 Security relevant
Security fixes
  • CVE-2025-62727
  • CVE-2025-66035
  • CVE-2025-58752
Full changelog

🐳 New Docker images

Update available upon the following tags : 1.11, 1.11.3 and latest.
Recommended tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.11
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.11

Exact tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.11.3
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.11.3

Latest tag:

  • API : ghcr.io/seaweedbraincy/zero-totp-api:latest
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:latest

What's Changed

  • Multi-image build is now optimized with several working, building in parrallel.
  • Reduce the number of file copied in docker image via allowlisting and specific declaration.
  • Switch API base image to alpine to reduce the base image size.
  • Build API in multi-stage to get rid of unecessary build cache files.
  • Merge all deploy cicd in only one file. The difference between dev and prod environnements in handled in the workflow directly. This will help to keep a dev iso to prod.
  • Add schedule and regular trivy image scan to improve vulnerability covering.

What's fixed

  • Upgrade starlette to version 0.49.1. Fix CVE-2025-62727.
  • Upgrade angular from 20.0.5 to 20.3.1. Fix CVE-2025-66035, CVE-2025-58752, CVE-2025-58751, CVE-2025-62522, CVE-2025-64756, CVE-2025-66412.
  • Fix CVE-2025-59288. PR #346.
  • Fix CVE-2025-66221. PR #361.
  • Fix CVE-2025-66418 & CVE-2025-66471. PR #362.
View release on GitHub
v1.10.3 New feature
Security fixes
  • CVE-2025-54880
  • CVE-2025-54798
Notable features
  • ARMv8 architecture support
  • Optional local MaxMindDB for IP geolocation
Full changelog

🐳 New Docker images

Update available upon the following tags : 1.10, 1.10.3 and latest.
Recommended tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.10
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.10

Exact tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.10.3
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.10.3

Latest tag:

  • API : ghcr.io/seaweedbraincy/zero-totp-api:latest
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:latest

What's Changed

  • Zero-TOTP docker images now support ARMv8 architecture, in addition to already existent adm64 architecture.
  • The build pipeline has been improved to ease the deployment of test image for forked repositories.
  • Finalize the upgrade to Anglar20
  • Upgrade to python 13
  • The IP geolocation is now optionally fetched from a local MaxMindDB instead of relaying of an external API. See https://docs.zero-totp.com/v1.10/self-host/installation/#installation-via-docker-compose for more information.

What's fixed

  • The link towards privacy policy on signup page has been fixed to redirect on tenant's privacy policy instead of Zero-TOTP's official privacy policy
  • Storage option information has been improve to only display Zero-TOTP related information in zero-totp official instance.
  • Fix CVE-2025-54880
  • Fix CVE-2025-54798
View release on GitHub
v1.9.2 Breaking risk
Breaking changes
  • Frontend docker container must run as root initially to set up permissions, then drops to non-root (default 101:101, configurable via USER_UID/USER_GID)
Security fixes
  • CVE-2025-30360
  • CVE-2025-30359
  • CVE-2025-46565
Full changelog

[!WARNING]
This release introduces breaking changes.
Review carefully the upgrading notes

[!IMPORTANT]
This release introduces security fixes.

🐳 New Docker images

Update available upon the following tags : 1.9, 1.9.2 and latest.
Recommended tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.9
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.9

Exact tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.9.2
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.9.2

Latest tag:

  • API : ghcr.io/seaweedbraincy/zero-totp-api:latest
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:latest

What's Changed

  • Angular bumped to angular v20
  • Bump idna from 3.7 to 3.10
  • Bump exceptiongroup from 1.1.3 to 1.3.0
  • Bump opentelemetry-api from 1.22.0 to 1.34.1
  • Bump google-auth-oauthlib from 1.1.0 to 1.2.2
  • Bump google-api-python-client from 2.171.0 to 2.175.0
  • Add a trivy scan after every images deployment to spot known vulnerabilities
  • The latest tag is only pushed, when all tests (including e2e-tests) passed

What's fixed

  • Downgrade to connexion 3.1 due to spec-first/connexion#2029
  • Due to permissions issue with the frontend docker container, the frontend now follows the same scheme as the API : It starts as root, set up all files and permissions and then drops permission to use a non-root user.
  • fix CVE-2025-30360 CVE-2025-30359 CVE-2025-46565 CVE-2025-32997 CVE-2025-32996 CVE-2025-32395 CVE-2025-31486

Breaking changes

🚨 This version introduces breaking change. Kindly check the how to below BEFORE upgrading

TL;DR :

docker-compose.yml :

  frontend:
    container_name: frontend
    image: ghcr.io/seaweedbraincy/zero-totp-frontend:latest
-   user: 101:101
+   environment:
+      USER_UID: 101
+      USER_GID: 101
    ports:
      - 4200:80
    volumes:
      - ./frontend/log:/var/log/nginx
    restart: always

Description :

  • The frontend needs to setup files and permission at startup that require root privileges. Once, setup the entrypoint will drop root privileges and use a non-root user to execute nginx that will serve the frontend. The default non-root user is 101:101, but you can use any user id and group id with the env variables listed below.
  • Dockerfile and docker compose must not contain any non-root user, otherwise the frontend entrypoint will not be able to configure files and permissions properly. No matter what, the entrypoint will completely drop the root privileges. This doesn't change the default behavior, the frontend will still run as non-root user.
View release on GitHub
v1.8.0 Breaking risk
Breaking changes
  • OAuth config moved from api section to features.google_drive_backup in config.yml
Notable features
  • Google Drive backup can be disabled per tenant
  • Signup can be disabled per tenant
Full changelog

[!IMPORTANT]
This release introduce breaking changes.
Review carefully the upgrading notes

🐳 New Docker images

Update available upon the following tags : 1.8, 1.8.0 and latest.
Recommended tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.8
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.8

Exact tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.8.1
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.8.1

Latest tag:

  • API : ghcr.io/seaweedbraincy/zero-totp-api:latest
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:latest

What's Changed

  • Zero-TOTP status in no longer present in the footer of self-hosted Zero-TOTP tenants.
  • Add a FAQ section dedicated to Google Drive backups
  • Google drive storage option can now be disabled at a tenant level for self hosted version
  • Signup can now be disabled at a tenant level for self hosted version

What's fixed

  • When a user de-associated their google drive account not from Zero-TOTP, Zero-TOTP wasn't correctly unapproved in google drive, therefore creating issues when the user tried to re-associate the account. Now the API catch this kind of issue, and the frontend display to the user a way to fix this.
  • Update some deprecated code

Breaking changes

🚨 This version introduces breaking change. Kindly check the how to below BEFORE upgrading

TL;DR :

config.yml :

api:

[...]

-    oauth: 
-           client_secret_file_path: ".secret/client_secret.json"

[...]

features:

[...]

+    ## Optional
+    ## Google Drive automatic backup
+    ## Allow the users to link their Google Drive account to the API and automatically backup their vaults.
+    ## Follow the documentation to set up the Google Drive OAuth credentials.
+    # google_drive_backup:
+        ## Enable or disable the Google Drive automatic backup feature.
+        ## Default: false
+        # enabled: false

+        ## The path to the client secret file used to authenticate with Google Drive.
+        ## This file must be in JSON format and contain the OAuth credentials.
+        ## See https://developers.google.com/identity/protocols/oauth2 for more information.
+        # client_secret_file_path: ".secret/client_secret.json"

Description :

  • The client_secret_file_path key, that was defined in api.oauth section of the config.yml file is not located in the feature section, under :
features:
     google_drive_backup:
        enabled: true
        client_secret_file_path: ".secret/client_secret.json

Note that google drive backups option needs to be globally enable to be available for users.

How to upgrade

  • Remove the oauth section api
  • If you wish to enable google drive backup options for your users, add
     google_drive_backup:
        enabled: true
        client_secret_file_path: ".secret/client_secret.json

in the features section

View release on GitHub
v1.7.0 New feature
Security fixes
  • CVE-2025-50182
  • CVE-2025-50181
  • CVE-2025-4565
Notable features
  • Users remain logged in on refresh, can re-unlock vault with password
  • Quick TOTP addition via button
  • Smooth page transitions
Full changelog

[!IMPORTANT]
This release introduce security fixes.
Upgrade to this version as soon as possible

🐳 New Docker images

Update available upon the following tags : 1.7, 1.7.1 and latest.
Recommended tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.7
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.7

Exact tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.7.1
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.7.1

Latest tag:

  • API : ghcr.io/seaweedbraincy/zero-totp-api:latest
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:latest

What's Changed

  • Users can now add a TOTP code by simply tapping of a little + button at the bottom right hand corner of the vault page
  • Users are no longer logged out when refreshing the app. Instead, they can still interact with all their accounts settings and must re-type their password to unlock their vault. This is closer to what really happen and is easier for users.
  • Transition betweens page are now smooths
  • Following dependencies have been updated:
    * Bump ruamel-yaml-clib from 0.2.8 to 0.2.12
    * Bump bcrypt from 4.0.1 to 4.3.0
    * Bump alembic from 1.13.1 to 1.16.2
    * Bump identify from 2.6.9 to 2.6.12
    * Bump urllib3 from 2.2.2 to 2.5.0

What's fixed

  • Assets cleanup
  • The following vulnerabilities impacting Zero-TOTP dependencies have been fixed:
    • CVE-2025-50182
    • CVE-2025-50181
    • CVE-2025-4565
View release on GitHub
v1.6.4 Security relevant
Security fixes
  • CVE-2024-47081
  • CVE-2025-5889
Full changelog

[!IMPORTANT]
This release introduce security fixes.
Upgrade to this version as soon as possible

🐳 New Docker images

Update available upon the following tags : 1.6, 1.6.4 and latest.
Recommended tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.6
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.6

Exact tag :

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.6.4
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.6.4

Latest tag:

  • API : ghcr.io/seaweedbraincy/zero-totp-api:latest
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:latest

What's Changed

  • Frontend docker container has now a buit-in healthcheck script
  • Bump google-api-core from 2.14.0 to 2.24.2
  • Bump python-dotenv from 1.0.0 to 1.1.0
  • Bump google-api-python-client from 2.108.0 to 2.171.0
  • Bump ruamel-yaml from 0.18.5 to 0.18.14
  • Bump requests from 2.32.3 to 2.32.4
  • bump google-auth-httplib2 to 0.2.0
  • Legacy code cleaning (mostly code related to JWTs that were used in the past as session token)
  • Bump google-api-core from 2.14.0 to 2.24.2

What's fixed

  • The following vulnerabilities impacting Zero-TOTP dependencies have been fixed:
    • CVE-2024-47081
    • CVE-2025-5889
    • CVE-2025-5889
View release on GitHub
v1.6.3 Breaking risk
Breaking changes
  • API container must run as root initially for setup, then drops to non-root (default 1001:1001)
  • API logs moved from /var/log/api/ to /api/logs/
Notable features
  • Custom privacy policy support for self-hosted instances
  • Instance name displayed in signup/login
Full changelog

[!IMPORTANT]
This release introduce breaking changes.
Review the upgrade notice before updating.

What's Changed

  • You can now use your own privacy policy for self hosted instances.
    • Current Zero-TOTP privacy policy is now available at https://github.com/SeaweedbrainCY/zero-totp/tree/main/api/assets/privacy_policy
    • To use your own privacy policy, simply create one of the following files : privacy_policy_en.md or privacy_policy_fr.md in your mounted folder ./config/assets/privacy_policy. This will override the default privacy policy.
  • In signup and login pages, the currently used instance is now displayed. Especially for self-hosted version, the current instance is flagged as such and displayed to the user. A warning message has also been added to make the user aware of the difference between the official version (zero-totp.com) and the self hosted version.
  • Zero-TOTP has always ran as a non-root user. Thus, to ensure the API is correctly set up, the container now requires to run as root, and is then switching to a non-root user by it-self when starting the API. This is crucial to handle how the API is setup, and ensure it will start. By default 1001:1001 is used, but it can be customized with USER_UID and USER_GUID env varibles. See below the upgrade notice for more information.

[!WARNING]
If you are using a different user than 1001:1001, make sure to specify it is env variables to ensure not breaking file access by the API

  • API logs have been moved from /var/log/api/ to /api/logs/

What's fixed

  • The signup process doesn't require anymore the user to re-type the phrase 'My passphrase is strong and I won't forger it'. Instead a more user-friendly pop-up is displayed to ensure the user understands the importance of the passphrase and that it is strong enough.

Upgrade notice

  • [x] 🔧 This upgrade introduces breaking changes

Breaking changes and how to update

  • TL;DR :
    - Remove user:1001:1001 from api conf in docker-compose.yml
    - Change /api/log:/var/log/api to /api/log/:/api/logs/ in api mounted volumes
  • The API needs to be root to start. It will then drop those rights and launch gunicorn as non-root user once the API is correctly set up.
    • Therefore, the docker-compose file, for the API must NOT contain a user: parameter.
    • By default, the API will be ran as 1001:1001, if you want to change this value, you can set up the following optional env variables in the docker file : USER_UID and USER_GUID.
  • Logs are not located in /api/logs in the container. Make sure to update the mounter volume to continue keeping API logs.

Breaking changes overview in docker-compose.yml:

[...]
  api:
    container_name: api
    image: ghcr.io/seaweedbraincy/zero-totp-api:1.6.3
-   user: '1001:1001'
    ports:
      - 8080:8080
+   environment:
+      USER_UID: 1001 #Optional 
+      USER_GID: 1001 #Optional 
    volumes:
      - ./api/secret:/api/secret
-     - ./api/log:/var/log/api
+     - ./api/log/:/api/logs
      - ./api/config:/api/config
    restart: always

[...]

🐳 Docker image

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.6.3
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.6.3
View release on GitHub
v1.4.1 Breaking risk

Minor fixes and improvements.

Full changelog

What's changed

  • Bump tomli from 2.0.1 to 2.2.1 in /api
  • Bump attrs from 23.1.0 to 25.3.0 in /api
  • Bump typescript from 5.5.4 to 5.8.3 in /frontend
  • Bump @ngx-translate/http-loader from 8.0.0 to 16.0.1 in /frontend
  • Bump node from 20-slim to 24-slim in /frontend

Upgrade notice

  • No breaking change introduced in this upgrade

🐳 Latest stable docker image

  • API : ghcr.io/seaweedbraincy/zero-totp-api:1.4.1
  • Frontend : ghcr.io/seaweedbraincy/zero-totp-frontend:1.4.1
View release on GitHub
v1.3.2 Breaking risk
Breaking changes
  • Docker images moved to GHCR; update references from seaweedbrain/zero-totp-* to ghcr.io/seaweedbraincy/zero-totp-*
Full changelog

[!IMPORTANT]
This release introduce breaking changes.
Review the upgrade notice before updating.

What's Changed

  • Zero-TOTP is now using ghcr as main docker container repository. Dockerhub will only be a mirror.
  • Introducing a new end-to-end test to test every release before deploying it into production. Tests are currently implemented to cover the most classical user flow

What's fixed

  • A bug linked to database deletion was causing the account deletion to be impossible. This is fixed.
  • CSP are now only focused on 'self' instead of related zero-totp instance, to prepare the self host possibility

Upgrade notice

  • [x] 🔧 This upgrade introduces breaking changes

Breaking changes and how to update

  • Since Dockerhub will only act as a mirror and ghcr as the main docker registry, it is highly recommended to switch to GHCR package.
  • Update your docker compose :
    • seaweedbrain/zero-totp-frontend:latest -> ghcr.io/seaweedbraincy/zero-totp-frontend:latest
    • seaweedbrain/zero-totp-api:latest -> ghcr.io/seaweedbraincy/zero-totp-api:latest
View release on GitHub

Beta — feedback welcome: [email protected]