v2.6.1

Bug Fix

• Lucene lock recovery: Fixed LockObtainFailedException on startup when the Lucene index is corrupt. The retry logic now properly closes the IndexWriter and Directory before deleting index files and re-initializing. (#8)

v2.6.0

Teedy v2.6.0 — Security Hardening + Unified Navigation

Highlights

• Unified document view — three-zone layout with persistent tag tree, document list, and slide-over preview. AND/OR tag mode, tag exclusion, quick tagging from context menu.
• File drop zones — drag-and-drop upload on document edit and Files tab.
• Auto-tag from filter — new documents inherit currently selected tags.
• Security hardening — login rate limiting (429 + exponential backoff), 90-day session tokens with rotation, password complexity enforcement.
• Upload limits — configurable max upload size exposed in Settings.
• Unified color palette — self-contained primary ramp, PrimeVue semantic status tokens, automatic dark mode.
• Frontend modernization — component decomposition, PDF.js renderer, accessibility pass (ARIA labels, tab roles), design tokens.
• Infrastructure — Docker signal forwarding fix, CI Node.js 24, legacy AngularJS removal.

Breaking changes

None. Fully backward-compatible upgrade from v2.5.0.

Upgrade

Pull the new image and restart:
```
docker pull ghcr.io/fmaass/teedy-docs:v2.6.0
docker compose up -d
```

Or use `ghcr.io/fmaass/teedy-docs:latest` to track the newest release.

Teedy v2.5.0

Teedy v2.5.0 — Automation + Integration

New Features

• Multi-tag filtering: Checkbox-based tag tree with AND logic for progressive narrowing. Selected tags shown as removable filter chips.
• Trash / recycle bin: DELETE /document/{id} now soft-deletes (files preserved). Dedicated trash view with restore and permanent delete. Auto-purge configurable via DOCS_TRASH_RETENTION_DAYS (default 30 days).
• API key authentication: Bearer token auth (Authorization: Bearer tdapi_<hex>) for programmatic access. Keys stored as SHA-256 hashes. Management UI in Settings.
• Webhook management UI: Ported from legacy AngularJS to Vue 3. Added DOCUMENT_TRASHED and DOCUMENT_RESTORED event types.
• Tag browser: Faceted tag navigation — select any combination of tags, see co-occurring tags with dynamic counts.

Security Hardening

• Auth cookie now sets Secure + HttpOnly flags
• Added X-Content-Type-Options, X-Frame-Options, Referrer-Policy response headers
• Lucene: removed NoLockFactory (index corruption risk), commit-only-on-success, synchronized reader access
• AsyncEventBus exceptions now routed to SLF4J (were silently lost to JUL)
• Fixed soft-delete cascade bugs in TagDao.delete(), GroupDao.delete(), ShareDao.delete()
• Ownership checks on trash restore/permanent-delete endpoints
• OIDC client secret fully redacted from logs

Breaking Changes

• DELETE /document/{id} now soft-deletes instead of immediately removing files. Use DELETE /document/{id}/permanent for immediate file cleanup. Existing integrations that relied on immediate deletion need to call the permanent endpoint instead.

Infrastructure

• GitHub Actions bumped to Node.js 24 (checkout@v5, setup-java@v5, upload-artifact@v6, download-artifact@v7)
• Removed 180 dead AngularJS files (src-legacy/)
• DB migration 035: T_API_KEY table with hash index
• DB migration 036: cleanup of pre-existing orphan soft-deleted documents
• New integration tests for API keys, trash lifecycle, and tag facets

New Environment Variables

Variable	Default	Description
DOCS_TRASH_RETENTION_DAYS	30	Days to keep deleted documents before auto-purge. Set to 0 to disable.

New API Endpoints

Method	Path	Description
GET	/document/trash	List trashed documents
POST	/document/{id}/restore	Restore from trash
DELETE	/document/{id}/permanent	Permanently delete
DELETE	/document/trash	Empty trash
GET/PUT/DELETE	/apikey	API key management
GET	/tag/stats	Document counts per tag
GET	/tag/facets?tags=id1,id2	Co-occurring tag counts

Docker

ghcr.io/fmaass/teedy-docs:v2.5.0

Fully backward-compatible upgrade from v2.4.0 (additive schema changes, same storage format).

Teedy v2.4.0

Teedy v2.4.0 — Modern UI + Smart Document Handling

Frontend rewrite

The entire frontend has been rewritten from AngularJS to Vue 3 + PrimeVue + Vite + TypeScript.

• Sidebar navigation layout with Documents, Tags, Users & Groups, Settings
• Full-width document list with DataTable, search, and collapsible hierarchical tag tree filter
• Document view with Files, Extracted Text, Permissions, and Activity tabs
• Hierarchical tag management with Tree view and parent selector
• Theme picker (Aura, Lara, Material, Nora) with dark mode support
• OIDC login ("Login with SSO") and guest login buttons
• Language picker (28 OCR languages), OCR toggle, per-file reprocess, search index rebuild
• User management (list, add, edit, delete) for admins
• Password reset flow
• Extracted Text tab showing OCR output per file with status indicators

Auto-tagging via regex

• New TagMatchRule entity: match document title, filename, or content against regex patterns to automatically apply tags
• REST API for CRUD on rules, plus a regex test endpoint
• Runs automatically after content extraction

Configurable tag search mode

• Switch between prefix matching (default) and exact matching in admin settings

Technical debt

• joda-time replaced with java.time across all modules
• DbOpenHelper refactored to plain JDBC
• Fixed TestPdfFormatHandler test

Upgrade notes

• Fully backward-compatible upgrade from v2.3.0
• DB migrations 32-34 run automatically on startup (additive only — new columns and tables)
• Same file storage format, same Lucene 10.4.0 index
• Same Docker port (8080) and data volume (/data)
• OIDC redirect URIs unchanged (/api/oidc/callback)

docker pull ghcr.io/fmaass/teedy-docs:v2.4.0

v2.3.0

Teedy v2.3.0 — Modern Foundation

A modernization release focused on bringing the project to current state. No new end-user features — this release is about making the codebase solid, maintainable, and welcoming to contributors.

Runtime & Framework

• Java 21 LTS (from Java 17) — current long-term support release
• Hibernate ORM 6.6.18 (from 6.3.1) — better module system support, removed --add-opens JVM flags
• Lucene 10.4.0 (from 9.12.3) — improved analyzers, merge performance, Java 21 required

Dependencies

All dependencies bumped to current stable versions:

• commons-compress 1.28, commons-lang3 3.20, commons-io 2.21, Guava 33.4
• Log4j2 2.25, SLF4J 2.0.17, jsoup 1.21, PostgreSQL JDBC 42.7
• Jersey 3.1.10, PDFBox 2.0.36, TwelveMonkeys 3.12, and more

Test Suite

• JUnit 5 (from JUnit 4) — modern test API across all 55 tests
• Removed junit-vintage-engine bridge

Docker

• Ubuntu 24.04 LTS base (from 22.04)
• JRE-headless instead of full JDK — smaller image
• Removed vim and less from runtime image
• Example docker-compose.yml updated with PostgreSQL 17

Build

• Maven Wrapper (./mvnw) for reproducible builds
• CI updated to use ./mvnw and JDK 21

Security

• JWKS key caching with 10-minute TTL — JWT auth no longer fetches keys on every request

Project Health

• Dependabot configured for Maven, npm, GitHub Actions, and Docker
• SECURITY.md with vulnerability disclosure policy
• Issue templates (bug report, feature request) and PR template
• README updated for Java 21, Jetty 12, current image tags

Removed

• Android module removed — targeted API 28, used deprecated jcenter(), unmaintained

Upgrade Notes

• Java 21 is now required (Java 17 is no longer sufficient)
• Existing Lucene indexes will be rebuilt automatically on first startup
• Docker image tag: ghcr.io/fmaass/teedy-docs:v2.3.0

v2.2.0

What's New

Jetty 12 + Jakarta EE 10

• Upgraded from Jetty 11.0.20 to Jetty 12.0.21 with the EE10 module architecture
• Jakarta Servlet API 5.0.0 → 6.0.0, aligning with Jersey 3.1.5

Full Test Suite

• 74 integration tests now run in CI (previously broken since the Java 17 upgrade)
• New CI test job gates Docker builds — no broken code ships

Dependency Modernization

• Lucene 8.7.0 → 9.12.3 (latest compatible with Java 17)
• BouncyCastle bcprov-jdk15on:1.70 → bcprov-jdk18on:1.83
• auth0 java-jwt 4.4.0 → 4.5.1
• docs-importer Node 14 → Node 20 LTS
• Removed Apache Snapshots repository

External Logout Support

• New docs.logout_url system property to redirect users to an external logout page (e.g. Authelia, Keycloak)
• OIDC RP-Initiated Logout: redirects to the IdP's end_session_endpoint with id_token_hint when supported
• Works correctly with header-based proxy authentication

Security Fixes

• Guest users can no longer access /api/user/list, /api/user/{username}, /api/group, or /api/group/{groupName} (upstream sismics#507)

Docker Hardening

• HEALTHCHECK instruction for orchestrator readiness probes
• Runs as non-root jetty user by default (USER jetty)

---

Upgrading from v2.1.0

Breaking Changes

Non-root container user: The Docker image now runs as the jetty user (UID 1000) by default. If your bind-mounted data directory was created by a previous root-owned container and your filesystem enforces ACLs (e.g. Synology NAS), add user: "0:0" to your compose service to continue running as root.

Lucene index migration: Lucene 9 reads existing 8.x indexes via backward-codecs (automatic). Once written by Lucene 9, the index cannot be read by v2.1.0. A rollback would require deleting the Lucene index directory and triggering a full reindex.

DB migration 033: Adds AUT_OIDC_IDTOKEN_C column to T_AUTHENTICATION_TOKEN. Non-destructive, but existing OIDC sessions won't have the id_token stored until the next login.

New Configuration

Property	Default	Description
docs.logout_url	(none)	External URL to redirect to on logout (e.g. https://auth.example.com/logout)

v2.1.0

v2.1.0 — OIDC Security Hardening & Bug Fixes

Security

• OIDC: PKCE (S256) — Authorization code flow now includes Proof Key for Code Exchange, protecting against code interception attacks
• OIDC: Stable subject binding — Users are bound to their IdP sub claim after first login, preventing email-based account takeover
• OIDC: Persistent state/nonce — CSRF state and nonce stored in database instead of in-memory maps, surviving restarts
• OIDC: Nonce fail-closed — Missing nonce always rejects the login (previously skipped validation)
• OIDC: Discovery issuer validation — Cross-checks the OIDC discovery document's issuer against configuration
• OIDC: JWKS key filtering — Only considers keys with kty=RSA, use=sig, alg=RS256
• OIDC: Multi-key support — Tries all eligible JWKS keys when ID token has no kid header
• OIDC: JWKS auto-refresh — Automatically refreshes JWKS cache on key rotation (rate-limited to prevent storms)
• JWT bearer filter — Now requires docs.jwt_expected_issuer and docs.jwt_expected_audience configuration; fails closed if not set

Features

• Return URL preservation — Deep links are preserved across OIDC login redirects (fixes sismics#472)
• Database migration 032 — New T_OIDC_STATE table and OIDC binding columns on T_USER

Bug Fixes

• Search suggestion NPE — Fixed NullPointerException when only simpleSearch is provided without fullSearch (fixes sismics#723)

Documentation

• README rewritten for fork identity with GHCR image references
• Added OIDC security features documentation and JWT bearer auth setup
• Fixed pom.xml SCM URLs and package.json upstream references

Docker

```
docker pull ghcr.io/fmaass/teedy-docs:v2.1.0
```

v2.0.0

v2.0.0 — Modernized fork of sismics/docs (Teedy)

Breaking Changes

• Java 11 → 17, Jetty 9 → 11, Jakarta EE 9 (servlet namespace change)

Security

• Replace log4j 1.2.17 with Logback (CVE mitigation)
• Fix header-based proxy auth crash with PostgreSQL (null token handling)

Infrastructure

• Multi-arch Docker builds (amd64 + arm64) via GHCR
• CI/CD rewritten for GitHub Actions with GHCR publishing
• Dockerfile modernization (curl for healthchecks, COPY over ADD)
• Better JVM defaults (2 GB heap, G1GC tuning, --add-opens for Java 17)

Dependencies

• Bump Guava, H2, Jersey, OkHttp, Hibernate, Jetty
• Fix garbled non-ASCII filenames in downloads
• Attribute email-imported docs to sender instead of always admin