v4.1.0 is a major release with a significant number of improvements and fixes.
⚠️ Important: Upgrading from v3.x.x
As always, take a backup of your Postgres database before upgrading.
v4.1.0 is a major upgrade that introduces multi-user management and authentication features, fundamentally changing how login and authentication works. It no longer relies on the browser-based BasicAuth prompt and ships with a built-in login system. The upgrade automatically creates a new Super Admin user based on the admin_username
and admin_password
fields from the TOML configuration file, after which, the credentials in the TOML file are no longer needed. Read more.
What's new?
- Multi-user support with granular permissions, user, role, per-list permissions and API token management.
- Support for OIDC (OpenID Connect) authentication.
- First-time Super Admin setup UI for fresh installations.
- Significant performance improvements to SQL queries underlying concurrent campaign processing. Performance gains of several orders of magnitude on large installations.
- Styling improvements to UI for better UX including new tabs UI in subscriber modal popup.
- Markdown syntax highlighting.
- Static email template subjects are now scriptable with template syntax.
- Support for CC and BCC in custom email headers.
- Syntax highlighting in HTML form generator.
- Many quality-of-life improvements, fixes, and dependency upgrades.
How to upgrade
As always, take a backup of your database before upgrading.
Binary
Download the latest binary. Stop and replace the old binary. Run ./listmonk --upgrade
. Start the app again.
Docker
# cd /directory/with/docker-compose.yml
docker-compose down
docker-compose pull && docker-compose run --rm app ./listmonk --upgrade
docker-compose up -d app db
Changelog
- 0a27de1 Replace type field in user creation UI with radio-button for better usability.
- 894d284 Fix GET subscribers not filtering by list permissions. Closes #2129.
- 8b213f0 adds property
description
toList
andNewList
, updates docs (#2150) - 18edc65 Add v4.1.0 migrations.
- abe09d6 Refactor OIDC redirect state to have nonce validation. Closes #2138.
- b995cce Switch login form URLs to relative URIs.
- cb8b54f Add ForwardEmail (provider) bounce integration (#2016)
- 0392582 Add % on campaign analytics pie chart hover (#2124)
- c35ed68 Fix quotes in JSON API req example in docs.
- e182fb5 Fix the delete/blocklist by SQL query example in docs.
- 1ac9ccb Reject blocklist-by-query API requests with no query.
- ac5e101 Reject query-by-delete API requests with no query. Ref #2122.
- d8a394d Update it.json (#2134)
- 68df637 Update curl example to remove username/api_username confusion. Closes #2136.
- 2c02e01 #2114 - Fix issue of wrong platform used during docker build (#2123)
- 599147c fix: favicon markup (#2115)
- be9fe9c Update hu.json (#2102)
- 5abf004 fix dummy detection for OIDC client secret (#2116)
- cf7d664 Fix broken individual list GET API. Closes #2117.
- ca73e4f Change wording to 'one-way mailing list' on the static homepage.
- 998b6e3 Remove version info from docker-compose docs to avoid confusion.
- f6ed13a Add explicit instructions for older docker-compose files.
- 319053d Update release link on static site homepage.
- f5dfb0c Remove root URL from login setup form to prevent bad redirect on first install. Closes #2103.
- 136d9d1 Don't fail on chown in Docker entry script. Closes #2104.
- 8ef71aa Fix docker-compose curl command examples.
- 120d275 Update release link on static site homepage.
- 3894571 Remove obsolete demo file reference from Docker build commands.
- 0f2c679 Remove deprecated goreleaser flag from GitHub action workflow.
- 11cb3ce Update gorelease Go build version to latest.
- 79f94d3 Update gorelease command and remove deprecated flags.
- afd5db9 Fix incorrect image tag in docker-compose.
- fd04fc1 Refresh i18n language files and add (GPT 3.5) auto-translations for new strings.
- 4eefd42 Remove redundant campaign manager config validations (#2095)
- 9bad699 Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#2083)
- d35dbb0 Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 (#2084)
- b8ae4f6 Change v4.0.0 migration script to not auto-generate credentials.
- 7fcc6f7 Simplify and refactor docker-compose.yml and remove install scripts.
- 24bab75 Add first time login setup template
- 178fa94 Update user login time on password login.
- 5b3d6e2 Add first-time Super Admin setup UI on fresh install.
- 1e4b3a2 Separate get individual user and get all users queries.
- 87db0d5 Fix Cypress admin form test to support rendered HTML.
- 25cdb7b Pull e-mail from userinfo endpoint if OIDC token endpoint doesn't return it.
- a37d414 Add missing GH token to Swagger docs workflow.
- 9760d19 Fix button focus/active styles on the UI.
- 69de02a Restyle and simplify subscriber form UI with tabs.
- b5382b8 Add user UI frontend tests.
- b2866b1 Apply minor style changes and improvements to modals.
- 74e77bd Add names to user form fields for testing.
- 3fdf6fe Add individual list permission checks on admin UI.
- 887d582 Fix get-users query to return all users when no ID param is given.
- 1075485 Merge branch 'fix-user-query'
- e7109da Fix missing email validation in OIDC exchange.
- 7847167 Fix incorrect id logic in user selection.
- 13222b5 Fix random timing related Cypress test failures (huh).
- 29aa977 Expand search input width on subscribers UI for smaller screens.
- 354fb30 Replace hardcoded perm literal with const.
- 6258fd5 Increase settings UI poll interval to reduce broken requests.
- 30be235 Add microseconds to log lines.
- 0f785b7 Fix Cypress tests to work with new auth and other UI changes.
- 8c07a2a Fix broken status in subscriber export query.
- 71f9e86 Show OIDC URL warning only when enabled on the UI.
- 03744e0 Fix broken settings references on forms page
- d02a9d6 Update it.json (#2085)
- 6fe47b2 Merge pull request #2082 from knadh/multiuser
- 39463d7 Refresh i18n langauge strings.
- cc71899 Add non-prod ODIC URL warning on admin settings UI.
- af06d2e Upgrade prismjs.
- f226aca Add missing auth permissions file.
- cea65c0 Fix and refactor subscriber batch fetching in campaign processing.
- ee119b0 Fix import not 'unsubscribing' list subs for already blacklisted subscribers. Ref #1931.
- a268341 Refactor subscriber APIs list permission filtering.
- d9b4bae Rename migration to v4.0.0
- 0331e3c Sory users by
created_at
always. - eb47e80 Fix list auth by adding an explicit 'getAll' flag to query.
- 3671a52 Update profile UI with new user data structures.
- ae2a386 Add support for "list roles".
- 12a6451 Add list permission check to subscriber calls.
- d74e067 Add per-list permission to list management.
- 982e8d8 Fix post v4.x.x upgrade warning on admin UI.
- f8e6eaa Add docs for v4.x.x multi-user upgrade changes.
- 26c6db0 Remove admin user/password from sample config generation.
- 1649b3b Fix logic for preventing sole super admin from being wrongly updated/deleted.
- bf00fd2 Add support for setting admin user/password via env on
--install
. - 68870ad Fix update check looping on failed HTTP requests.
- 2da920d Add legacy TOML user+password to API auth on init with warning.
- 5024ded Add API user authentication to auth module with caching of creds on user CRUD.
- 0bea998 Fix role selection on in user form.
- e6ec1cb User legacy (TOML) admin credentials as API creds for backwards compatibility.
- b7155a4 Fix admin UI legacy user warning.
- b0f6c22 Fix broken subscription status tag on subscriber form UI.
- 1e875af Add OIDC auth hooks (init, callback, session) and finish OIDC support.
- 7c92b65 Add
avatar
field to user schema for OIDC avatars. - 834f541 Update OIDC auth URL in login form.
- 90591fc Apply OIDC/user profile related changes to admin UI.
- 193f8a8 Add one-click provider config shortcut in OIDC settings.
- 4eabd96 Refactor update check.
- a8c1778 Add warning on admin UI for legacy creds in the TOML file.
- ee90496 Apply minor linting fixes to role form.
- 72c7676 Add cookie check hack to auth for v3 -> 4 browser BasicAuth session issue.
- 17b5cc1 Sort roles by created date.
- d52eac0 Update user APIs and queries to embed role + list permissions.
- 612c1d6 Add per-list permission management to roles.
- 19527f9 Add new fields to
/api/config
to remove/settings
dependency in camapign UI. - f69aa30 Move User/Roles nav items under Settings.
- 4a69f0a Minor refactor to subscribers UI. Remove superfluous status column.
- 474f935 Add permission checks to admin UI to toggle visibility/functionality of components.
- dd9612b Add user profile based permission check in auth middleware.
- 09145b4 Fix profile edit page.
- 32d5823 Refactor 'super' user type to a pre-defined super admin role.
- 8126eec Restyle tags on the UI.
- d4e4c5f Add granular permissions and role management to backend and admin UI.
- 2000e9f Style and add OIDC logo to the login page.
- 7bb14de Upgrade simplesessions to v3.
- 313b2af Make user avatar field nullable.
- 4997c10 Add user profile APIs and update UI.
- 6a34ebc Update login credentials doc in sample config.
- a6e06d9 Refactor migration for the latest version.
- 906e0f5 Refactor handler groups and add mising auth features like logout.
- 57ac9dc Add public login page and auth middleware and handlers.
- 1516bf2 Add
api
type user. - bf0b500 Add API token authentication.
- 10f1c38 Add missing user UI files.
- 0968e58 Add user/password login handler.
- 435d6d5 Add create/add/delete user management UI and database schema.
- 4648f91 Fix bug in OIDC cookie check.
- 83e4f5d Add migrations for OIDC db fields.
- f8b3ddb Refactor the
oidc
package and separate out handlers. - 8ca95f6 Refactor OIDC middleware handler logic.
- e406b25 Add a settings UI for OIDC.
- 1b7128a Implement OIDC
- 5074987 Add Markdown syntax highlighting (#2068)
- b0f3891 Make import overwrite off by default and add warning (#2078)
- 39e1a03 misc:add word wrap to HTML editor (#2081)
- 36cf85b Fix Catalan translation and add Esperanto. (#2075)
- 58b13af Fix tx template not being cached on update. Closes #2061.
- 98fed80 Slightly improve docker-compose feedback (#2054)
- 5e81d9e Fix typo in German translation (#2064)
- 560789d Bump vite from 5.0.13 to 5.1.8 in /frontend (#2047)
- aa168f0 Bump rollup from 4.9.1 to 4.22.4 in /frontend (#2050)
- 16f4dfd Fix incorrect bulk blocklisting behaviour (#2041). Fixes #1841
- 550cd3e Update README.md (#2034)
- 06e4983 Fix tag queyr param in lists.md (#2033)
- 51e3f17 Fix pre-confirm status not working on subscriber update. Closes #1927.
- 139267d Tweak docs to highlight one-way mailing lists. Closes #1931.
- d7fe13c Fix typo and formatting (#2028)
- 1819480 docs: suggest an FQDN in docker compose file (#2019)
- c812caa Fix syntax error in GetBounce method (#2007)
- 242c90d updating campaigns api doc (#2011)
- e6bf369 adding listmonk-newsletter sdk link (#2013)
- 55e81f0 Bump axios from 1.6.2 to 1.7.4 in /frontend (#2006)
- d28e40e update subscribers api docs (#1989)
- 579fa71 docs: Add Zeabur one-click button (#1994)
- edc9f73 Fix typo on the website.
- d2cd9b1 chore: Deploy to Elestio button updated (#2005)
- fb090f2 Update querying-and-segmentation.md (#1983)
- 6353fb6 Add bounces API link to the docs page (#1981)
- 679457c Ensure unique upload filenames by adding a suffix (#1963)
- 46187b9 Add public list API doc (#1976)
- 41f01d5 Add docs for bounces api (#1978)
- e4dcb06 Update API docs of media with missing api (#1975)
- 1e6e97e Add validation for filename with non-ASCII chars in media upload (#1973)
- 01f7450 Clean section in config doc.
- ebac8b3 Fix broken campaign clone with deleted lists (#1966)
- d284e35 Update configuration.md +performance, batch size (#1967)
- c334d2e fix #1950:Export of unsubscribed users exports all users (#1965)
- fedc515 Fix incorrect count in subscriber query when there are no results.
- 45f1f80 fix(analytics): add to and from dates to campaign analytics URL (#1952)
- 23d236f docs: send_at will error out without a Z at the end of the timestamp (#1949)
- 821b43d Add support for running Docker container as non-root user using docker-entrypoint.sh (#1892)
- 888e33e fix [docs]: correct invalid example request of basic auth in docs (#1946)
- 326fc30 Refactor subscription form generator to render syntax-highlighted HTML.
- c2e7c71 Increase campaign subject char limit. Closes #1909.
- c520337 Add issue/PR comment messages to GitHub stale action bot.
- 12f32f1 Set GitHub stale issue bot to prod.
- 766d62b Merge branch 'stale-action'
- 870b3f7 Add GitHub stale-action bot to handle stale issues.
- b38f156 fix vanishing attachments in campaign in more the one campaigns setup (#1936)
- b4294c1 fix(docker): support multi-platform builds (#1935)
- 2bda94f Update configuration.md (#1930)
- 22890a1 Bump golang.org/x/image from 0.10.0 to 0.18.0 (#1914)
- 5d5f484 docs: add important step regarding ses in bounces.md (#1907)
- 0940e81 Bump braces from 3.0.2 to 3.0.3 in /frontend (#1898)
- 1ba35d5 Add one-click deploy on sealos (#1880)
- 3babd90 parse cc and bcc from custom headers to add them on email envelope (#1865)
- 6886878 ci: add a compile check for open PRs (#1858)
- c108486 Fix syntax error in manager from a previous, simple looking PR merge. Huh :O
- c30068d Add kubernetes helm installation instructions to docs (#1847)
- 42ba157 Add a note about starting listmonk without a config file.
- c3f4379 chore: fix function name in comment (#1836)
- e968718 Bump golang.org/x/net from 0.20.0 to 0.23.0 (#1833)
- 1bf7e36 Fix incorrect filter query in bounces UI. Closes #1820.
- 1d32d4c 👌 IMPROVE: make RootURL available in email templates (#1812)
- c48fe97 Bump vite from 5.0.12 to 5.0.13 in /frontend (#1809)
- d5cfaa9 Remove obsolete subscriber
disabled
status from docs. Closes #1793. - 7bf9481 Add
/uploads/
path to HTTP config docs. Closes #1803. - e4589d6 Update pl.json (#1800)
- 124af1e Make static e-mail template subjects scriptable. Closes #1727.
- f04798a Add URL validation to settings URL inputs on admin UI.
- 1bd55e1 Bump follow-redirects from 1.15.4 to 1.15.6 in /frontend (#1786)
- 3a0cf98 chore: remove repetitive word (#1790)
- 1817bba Update templating.md (#1788)
- d64ff73 Merge zh-TW i18n updates from #1741. Closes #1741.
- 7ffe1a4 Add French Canada (fr-CA) i18n translation.
- 107e6fb Randomize archive slug when cloning campaign on the UI. Closes #1725.
- 2afac24 fix: check errors.Is instead of strings.Contains for http: Server closed error (#1779)
- 860009b chore: remove repetitive words (#1778)
- ec50bef fix: query campaign does not search numbers (#1758)
- 21c1af0 fix: empty list breaks subscriber page (#1755)
- d9e2dce Update zh-TW.json (#1744)
- d7b55cd fix: trim config before use (#1756)
- 12ab492 fix: use translated string (#1757)
- fa239db Update de.json (#1749)
- 51f996d Fixes typo in es.json (#1751)
- 00a44c0 fix: easy install docker script for macOS (#1742)
- 3e06b29 Add new SDK/libs page and update messenger list. Closes #1723.
- 6689b71 Update installation.md (#1700)
- 1995471 fix: incorrect docs url. (#1715)
- 2f0f1ee Remove arm release links from the website.
- 1edf86d Update website with the latest release.
New Contributors
- @abhinavxd made their first contribution in #1715
- @paulocr made their first contribution in #1751
- @Biepa made their first contribution in #1749
- @Sedna1125 made their first contribution in #1744
- @tgolang made their first contribution in #1778
- @mkadirtan made their first contribution in #1779
- @ericbegin made their first contribution in #1729
- @availhang made their first contribution in #1790
- @imklau made their first contribution in #1800
- @violoncelloCH made their first contribution in #1812
- @largemouth made their first contribution in #1836
- @th0th made their first contribution in #1847
- @usverger made their first contribution in #1865
- @yangchuansheng made their first contribution in #1880
- @bhartshorn made their first contribution in #1907
- @frankievalentine made their first contribution in #1930
- @zevszym made their first contribution in #1936
- @Prachi-Jamdade made their first contribution in #1946
- @lmmendes made their first contribution in #1892
- @iloveitaly made their first contribution in #1949
- @admoya made their first contribution in #1952
- @keshavg2 made their first contribution in #1965
- @Bowrna made their first contribution in #1966
- @kaiwalyakoparkar made their first contribution in #2005
- @pan93412 made their first contribution in #1994
- @flow6979 made their first contribution in #2007
- @eastonman made their first contribution in #2019
- @vnoitkumar made their first contribution in #2028
- @knpwrs made their first contribution in #2033
- @bish0polis made their first contribution in #2034
- @j-maas made their first contribution in #2064
- @xeruf made their first contribution in #2054
- @enricpineda made their first contribution in #2075
- @rk9595 made their first contribution in #2081
- @albanobattistella made their first contribution in #2085
- @abhinandkakkadi made their first contribution in #2095
- @pbence made their first contribution in #2116
- @ovari made their first contribution in #2102
- @salim-b made their first contribution in #2115
- @Dygwah98 made their first contribution in #2134
- @shaunwarman made their first contribution in #2016
- @smoebody made their first contribution in #2150
Full Changelog: v3.0.0...v4.1.0