Skip to main content

Version 0.8.x

Overview

Version 0.8.x is a major update that introduces significant security enhancements, improved server management capabilities, and a comprehensive notification system with SMTP email support. This release focuses on strengthening security, enhancing user experience, and providing more flexible backup monitoring options.

New Features

Server Management Enhancements

  • Automatic server URL and password persistence when collecting backups
    • Users can update URL and password using two methods:
      • Re-collecting backups with updated values
      • Modifying settings in Settings → Server Settings

Enhanced Overdue Monitoring

  • New Overdue Monitoring configuration tab with Duplicati server-compatible interval settings
    • Support for custom intervals (e.g., "1D12h")
    • Automatic overdue interval updates from Duplicati configuration during backup log collection
    • Recommended: Run collection after changing backup job intervals in Duplicati server to synchronise duplistatus configuration
    • Notifications templates now use {backup_interval} instead of {backup_interval_value} and {backup_interval_type}.

NTFY Device Configuration

  • QR code generation for automatic device configuration to receive notifications from duplistatus
    • Right-click on View NTFY Messages button in the application toolbar
    • "Configure Device" button in Settings → NTFY Settings

Improved Backup Collection

  • Automatic HTTP/HTTPS detection, connections are tried in this order: HTTPS → HTTPS with self-signed → HTTP fallback
  • Server selection dropdown in Collect Backup Logs interface for direct server-specific collection
  • Multiple addresses in the hostname (comma-separated) are now accepted (must share same password and port)
  • Single-server backup collection buttons added to Dashboard (table), Settings → Overdue Monitoring and Settings → Servers
  • Bulk collection functionality for all servers with valid configuration (url and password)
    • Collect All buttons in Settings → Overdue Monitoring and Settings → Servers
    • Right-click context menu on Collect Backup Logs button in application toolbar

Enhanced Notification System

  • SMTP Email Notification Support:

    • SMTP server configuration in Settings → Email Settings
    • Per-backup job configuration for NTFY and/or email notifications
    • HTML-formatted templates using existing Settings → Notification Templates

  • Per-Backup Job Notification Configuration:

    • Individual notification preferences in Settings → Backup Notifications
    • Visual indicators (greyed icons) when NTFY or email is not properly configured

  • Locale support:

    • created a new environment variable LANG to set the locale in the application
    • now it's predictable the format of dates and numbers in the notifications and logs

🔒 Security Enhancements

CSRF Protection

  • Session-based authentication with robust session management
  • CSRF token validation enforced for all state-changing API requests
  • Sessions expire automatically after 24 hours; CSRF tokens refresh every 30 minutes
  • Ensures protection against Cross-Site Request Forgery while preserving compatibility with external APIs

Plaintext Password Minimization

  • Passwords can only be set via the user interface; no API endpoint exposes stored passwords
  • Plaintext password manipulation is minimized throughout the system

Advanced Cryptography for Sensitive Data

  • Sensitive data encryption (e.g., passwords, SMTP credentials) using AES-256-GCM
  • Master key is generated automatically and stored securely in .duplistatus.key
  • PBKDF2 with 100,000 iterations used for key derivation to strengthen security
  • Authentication tags are verified and memory is securely cleared after use
  • Master key file permissions are strictly set to 0400 for maximum protection

🎨 User Interface Improvements

  • Enhanced application styling with new colour scheme and iconography for improved usability
  • Modern design system with improved status indicators
  • Colored icons and progress indicators for better visual feedback
  • Settings tabs renamed to facilitate usage
  • Streamlined API interactions and improved user experience

📚 Documentation Updates

  • Comprehensive documentation using Docusaurus for improved navigation and search
  • Enhanced API documentation with detailed endpoint descriptions
  • Updated user guides covering new features and security enhancements
  • Installation guides with improved setup instructions
  • Development documentation for contributors

🔧 Technical Improvements

  • Enhanced Next.js configuration with improved performance and user experience
  • Optimised bundle splitting to reduce preload warnings
  • Improved error handling for connection issues and API interactions
  • Refactored backup settings management for better configuration handling
  • Enhanced session management and CSRF protection across API interactions
  • Improved database migrations and schema updates
  • Several bug fixes and code simplification.

🚀 Migration Notes

From Version 0.7.x

This release includes significant security enhancements and new features. When upgrading from version 0.7.x:

  1. Automatic Database Migration: The application will automatically migrate your database schema to support new features
  2. Master Key Generation: A new master key will be generated for encryption of sensitive data
  3. Session Management: Existing sessions will be invalidated and new CSRF-protected sessions will be established
  4. Configuration Updates: Some configuration keys have been updated to support new features
  5. Template changes: The variables {backup_interval_value} and {backup_interval_type} were replaced by {backup_interval}. Default templates will be adjusted automatically, but customised templates will not be migrated. Please check your templates.

Security Considerations

  • Master Key File: Ensure the .duplistatus.key file is properly backed up and secured
  • File Permissions: The master key file will have restricted permissions (0400) for security
  • Password Encryption: Existing passwords will be encrypted using the new cryptographic system

🐛 Bug Fixes

  • Fixed relative time formatting to return "just now" for time differences under 15 seconds
  • Improved error handling for missing environment variables
  • Enhanced connection testing and validation
  • Fixed various UI inconsistencies and improved user feedback

This release represents a significant step forward in security, usability, and functionality. We recommend upgrading to take advantage of the new features and security enhancements.