2.2.1

Maintenance release — no consumer-facing behavior changes. Insomnia test suite (61/61) green throughout.

Dependency bumps

• actions/checkout v3→v6, docker/login-action v2→v4, docker/build-push-action v4→v7 (#73)
• viper 1.19.0→1.21.0 (#74)
• gorm 1.25.12→1.30.0 + dotted map-keyed Where regression fix (#75)
• grpc-gateway/v2 2.26.3→2.29.0, transitively grpc 1.79.3→1.80.0 (#76)
• grpc 1.80.0→1.81.0, protoc-gen-go-grpc 1.5.1→1.6.2 + proto regen (#77)
• gorm 1.30.0→1.31.1 (#78)
• redis/go-redis 9.7.3→9.19.0 (#79)

Notable fix

gorm 1.26+ dotted map-keyed Where regression (#75) — FindProfileByKeycloakID and FindProfileByDiscordID were using Where(map[string]interface{}{"xf_user_connected_account.provider": ...}). gorm 1.26+ misqualifies dotted map keys with the current model's table, producing a three-part qualifier MariaDB rejects. Both functions now use placeholder SQL.

Release plumbing

• chore: auto-inject release version into server binary and OpenAPI spec (#81) — releases now bake the tag into the server binary (via -ldflags) and the OpenAPI spec served at / (via build-time sed into the proto sources). Local dev builds report dev. Eliminates the manual two-place version bump that was a recurring near-miss.

Full Changelog: 2.2.0...2.2.1

2.2.0

What's Changed

• chore: gitignore Claude Code local working files by @SyniRon in #52
• feat: tickets endpoint + N-scopes-per-key auth refactor (v2.2.0) by @SyniRon in #53

Full Changelog: 2.1.1...2.2.0

2.1.1

What's Changed

• fix: bearer prefix inconsistency by @SyniRon in #51

Full Changelog: 2.1.0...2.1.1

2.1.0

What's Changed

• build out xenforo api auth by @SyniRon in #49
• Feat/xenforo api auth by @SyniRon in #50

Full Changelog: 2.0.2...2.1.0

2.0.2

Security

Dependency updates addressing 12 Dependabot alerts:

Critical

• google.golang.org/grpc v1.72.0 → v1.79.3 (CVE: AuthZ bypass via missing leading slash in :path)

High

• github.com/opencontainers/selinux v1.12.0 → v1.13.0 (CVE-2025-52881: runc container escape via procfs write redirects)
• github.com/containerd/containerd v1.7.25 → v1.7.29 (local privesc via wide CRI directory permissions)
• github.com/docker/cli v28.1.1 → v29.2.0 (local privesc via uncontrolled search path on Windows)

Medium

• github.com/containerd/containerd v1.7.25 → v1.7.29 (host memory exhaustion, integer overflow in UID handling)
• github.com/quic-go/quic-go v0.51.0 → v0.57.0 (HTTP/3 QPACK header expansion DoS)
• golang.org/x/crypto v0.38.0 → v0.46.0 (ssh/agent panic, unbounded memory consumption)
• github.com/go-chi/chi/v5 v5.2.1 → v5.2.2 (host header injection / open redirect)

Low

• github.com/redis/go-redis/v9 v9.7.0 → v9.7.3 (out-of-order responses on CLIENT SETINFO timeout)
• filippo.io/edwards25519 v1.1.0 → v1.1.1 (invalid MultiScalarMult results)

Other

• Fixed two latent Printf-directive bugs surfaced by Go 1.24 vet

2.0.1

What's Changed

• Oh whoops by @SyniRon in #46

Full Changelog: 2.0.0...2.0.1

2.0.0

BREAKING CHANGE ALL API KEYS ARE DEAD LONG LIVE NEW API KEY

What's Changed

• Goodbye keycloak by @SyniRon in #45

Full Changelog: 1.7.6...2.0.0

1.7.6

Emergency hotfix following website changes

1.7.5

What's Changed

• Add Console Gamertag field to API by @Vercin-G in #43

Full Changelog: 1.7.4...1.7.5

1.7.4

No changes just proper version bump