# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Added
- New feature or capability that has been added
- Can be multiple items

### Changed
- Changes in existing functionality
- Updates to how features work

### Deprecated
- Features that will be removed in upcoming releases
- Include timeline for removal

### Removed
- Features that have been removed
- Previously deprecated features

### Fixed
- Bug fixes
- Security patches

### Security
- Security vulnerabilities that have been fixed
- Important security updates

## [2.1.0] - 2025-01-15

### Added
- Added OAuth2 authentication support for GitHub and Google
- New dashboard widget system for customizable layouts
- Bulk operations API for processing multiple records
- Export to Excel functionality with custom templates
- Dark mode theme support across all pages
- WebSocket support for real-time notifications
- GraphQL API alongside existing REST endpoints
- Internationalization support for 10 new languages
  - Spanish, French, German, Italian, Portuguese
  - Japanese, Korean, Chinese (Simplified/Traditional), Arabic

### Changed
- Updated user profile page with improved layout and performance
- Migrated from REST to GraphQL for main API endpoints
- Improved error messages with more context and suggestions
- Refactored authentication system for better security
- Updated dependencies to latest versions
  - React 18.2.0 → 19.0.0
  - Node.js 16.x → 18.x (minimum required version)
  - PostgreSQL 13 → 14
- Changed default pagination from 20 to 50 items
- Improved search algorithm for 3x faster results

### Deprecated
- REST API v1 endpoints (will be removed in v3.0.0)
  - Use GraphQL API or REST API v2 instead
  - Migration guide: [docs/migration-v1-to-v2.md](docs/migration-v1-to-v2.md)
- Legacy authentication tokens (remove by 2025-06-01)
  - Replace with JWT tokens
- Old configuration format in `config.json`
  - Use new YAML format in `config.yaml`

### Removed
- Removed deprecated `/api/users/list` endpoint
  - Use `/api/v2/users` instead
- Removed support for Internet Explorer 11
  - Minimum browser versions: Chrome 90+, Firefox 88+, Safari 14+, Edge 90+
- Removed jQuery dependency (now pure JavaScript)
- Removed old dashboard widgets (replaced with new widget system)

### Fixed
- Fixed race condition in order processing causing duplicate charges
  - Affected versions: 2.0.0 - 2.0.5
  - Issue: [#1234](https://github.com/user/repo/issues/1234)
- Fixed memory leak in WebSocket connections
- Fixed incorrect timezone handling in date pickers
- Fixed CSV export not including all columns
- Fixed CSRF vulnerability in form submissions (CVE-2025-12345)
- Fixed accessibility issues in navigation menu
  - Now fully keyboard navigable
  - Screen reader friendly
- Fixed mobile responsive issues on iPad Pro
- Fixed SQL injection vulnerability in search (CVE-2025-12346)
  - **Security Impact**: High
  - **Affected Versions**: 2.0.0 - 2.0.9
  - **Recommended Action**: Upgrade immediately

### Security
- **CRITICAL**: Fixed SQL injection in user search (CVE-2025-12346)
  - Impact: Allows unauthorized database access
  - Affected: v2.0.0 to v2.0.9
  - Action: Upgrade to v2.1.0 immediately
- Fixed XSS vulnerability in comment rendering (CVE-2025-12347)
- Updated all dependencies with known security vulnerabilities
- Implemented rate limiting on all API endpoints
- Added CSRF protection to all forms
- Enabled Content Security Policy headers

## [2.0.5] - 2025-01-08

### Fixed
- Hotfix: Critical bug causing data loss in export functionality
- Fixed authentication issues with LDAP integration
- Resolved performance degradation with large datasets

### Security
- Patched authentication bypass vulnerability (CVE-2025-12344)

## [2.0.0] - 2025-01-01

### Added
- Complete UI redesign with modern look and feel
- New REST API v2 with better performance
- User roles and permissions system
- Audit logging for all administrative actions
- Email templates customization
- Two-factor authentication (2FA)
- API rate limiting
- Database backup automation

### Changed
- **BREAKING**: Changed API response format from XML to JSON
  - All API consumers must update their integration
  - See migration guide: [docs/api-v1-to-v2.md](docs/api-v1-to-v2.md)
- **BREAKING**: Renamed database tables for consistency
  - `user` → `users`
  - `order` → `orders`
  - Run migration script: `npm run migrate:v2`
- **BREAKING**: Changed authentication from session-based to JWT
  - Existing sessions will be invalidated
  - Users need to log in again
- Improved database query performance by 50%
- Updated minimum Node.js version to 16.x

### Removed
- **BREAKING**: Removed support for Node.js 12 and 14
- **BREAKING**: Removed deprecated configuration options
  - `USE_OLD_AUTH` - Use JWT authentication
  - `LEGACY_MODE` - No longer supported

### Migration Guide

**From v1.x to v2.0:**

1. Update Node.js to version 16 or higher
2. Update your API integration:
   ```javascript
   // Old (v1)
   fetch('/api/users/list')
     .then(res => res.text())
     .then(xml => parseXML(xml));

   // New (v2)
   fetch('/api/v2/users')
     .then(res => res.json())
     .then(data => console.log(data));

## Release Notes Template

```markdown
# Release Notes - Version 2.1.0

**Release Date:** January 15, 2025

**Download:** [v2.1.0](https://github.com/user/repo/releases/tag/v2.1.0)

## 🎉 Highlights

- **OAuth2 Authentication**: Sign in with GitHub and Google
- **GraphQL API**: New GraphQL endpoint alongside REST API
- **Dark Mode**: Full dark mode support across all pages
- **Real-time Notifications**: WebSocket-powered live updates
- **10 New Languages**: Expanded internationalization support

## 📦 What's New

### OAuth2 Authentication

You can now sign in using your GitHub or Google account. Configure OAuth in Settings > Authentication.

```javascript
// Enable OAuth in your config
{
  "auth": {
    "providers": ["github", "google"],
    "github": {
      "clientId": "your-client-id",
      "clientSecret": "your-client-secret"
    }
  }
}

query GetUser {
  user(id: "123") {
    id
    name
    email
    orders {
      id
      total
      items {
        product {
          name
          price
        }
      }
    }
  }
}

# Backup your database first
pg_dump your_database > backup.sql

# Pull latest version
git pull origin main

# Install dependencies
npm install

# Run migrations
npm run migrate

# Restart application
npm start

## Semantic Versioning Guide

## Best Practices

### ✅ DO
- Follow Keep a Changelog format
- Use Semantic Versioning
- Document breaking changes prominently
- Include migration guides
- Link to relevant issues/PRs
- Categorize changes (Added, Changed, Fixed, etc.)
- Include security fixes in separate section
- Date all releases (YYYY-MM-DD format)
- Link to release tags
- Document deprecations with timelines
- Include upgrade instructions
- Mention contributors

### ❌ DON'T
- Skip documenting breaking changes
- Forget to update changelog before release
- Mix multiple types in one category
- Use vague descriptions
- Skip dates on releases
- Forget semantic versioning
- Hide security issues

## Resources

- [Keep a Changelog](https://keepachangelog.com/)
- [Semantic Versioning](https://semver.org/)
- [Conventional Commits](https://www.conventionalcommits.org/)
- [Release Drafter](https://github.com/release-drafter/release-drafter)