v.1.10.0 (main 1.10)

Back End / API Changelog

This changelog only refers to chanegs to the API and back end. If you want to read about changes in the front end, take a look at the front end releases.

Major Changes

Refresh Access Token Authentication

The authentication system was rewritten and now uses refresh and access tokens to address CSRF vulnerabilities of the old authentication system. Also, it is now possible again to revoke active sessions.

Docker Image

myrunes docker images

# docker pull myrunes/backend:1.10.0

v.1.9.1 (main 1.9)

Back End / API Changelog

This changelog only refers to chanegs to the API and back end. If you want to read about changes in the front end, take a look at the front end releases.

Security Hotfix

This update fixes a severe security issue where sensible user account information where included in the API response conent when requesting a shared rune page.

Docker Image

myrunes docker images

# docker pull myrunes/backend:1.9.1

v.1.9.0 (main 1.9)

Back End / API Changelog

This changelog only refers to chanegs to the API and back end. If you want to read about changes in the front end, take a look at the front end releases.

Major Changes

ReCAPTCHA Validation

Requests to the POST /api/users (account registration) endpoint and POST /api/users/me/passwordreset/confirm (password reset confirmation) now must be validated using a ReCAPTCHA v2 response which is then validated against Google's ReCAPTCHA validation API endpoint.

If you are self-hosting myrunes, you need to add the site key as well as the secret key to the myrunes backend config file under the webserver category.

webserver:
  # ...
  recaptcha:
    sitekey:   "your_site_key_here"
    secretkey: "your_secret_key_here"

Then, you can access your site key via the GET /api/recaptchainfo endpoint.

Minor

• It will be checked now if an entered e-mail address is already being used by another account. This fixes an unconventional behaviour which resets the password of the account which was queried first by e-mail when resetting password by e-mail address.
  This means you should change the mail of accounts which use same e-mail addresses!

Docker Image

myrunes docker images

# docker pull myrunes/backend:1.9.0

v.1.8.0 (main 1.8)

Back End / API Changelog

This changelog only refers to chanegs to the API and back end. If you want to read about changes in the front end, take a look at the front end releases.

Major Changes

The myrunes backend now fetches champion avatar assets from mobafire.com (better resoluton, better cropping) automatically on startup and periodically every 24h from startup. The fetched sources are stored in a configured storage device which is currently either a file based storage on the application host or an object storage supported by the MinIO client (MinIO, Amazon S3, Google Cloud). Then, the front end fetches the files directly from the myrunes backend.

So when a new champion is up or a champion got new resources, like for a champion rework, no assets needs to be updated manually and no hard patches are required to update assets each time.

Minor

• The web server does not start anymore when no webserver is configured on startup.
  Attention: This also disables all verification bound to e-mails!

Backstage

• Update to go compiler v1.14.
• Refactored and cleaned up code base a bit.

Docker Image

myrunes docker images

# docker pull myrunes/backend:1.8.0

v.1.7.1 (main 1.7.0) - hotfix

Back End / API Changelog

This changelog only refers to chanegs to the API and back end. If you want to read about changes in the front end, take a look at the front end releases.

This is just a hotfix release. If you are looking for the release notes of main release 1.7.0, see here.

Fixes

• Fix issue that email is not updated in cache after setting or resetting email [#18]

Docker Image

myrunes docker images

# docker pull myrunes/backend:1.7.1

v.1.7.0 (main 1.7.0)

Back End / API Changelog

This changelog only refers to chanegs to the API and back end. If you want to read about changes in the front end, take a look at the front end releases.

API Changes

• Following Endpoints are now no more valid and marked as DEPRECATED:
  • GET /api/sessions
  • DELETE /api/sessions/:SESSIONID

Major Changes

• Sessions are now stored on the client side using JWTs instead of session tokens compared against the database. If you want to read more about this and what has changed whith this, read issue #14
• newly generated passwords (for example when creating new accounts or changing a password) are now hashed with argon2id instead of bcrypt, which is way more safe and secure. Old password hashes will be still compared with bcrypt, only new passwords are saved with argon2. [#16]
• user and page requests are now memory-cached on the server side to accelerate requests and minimize database load
• static resources like champion and rune informations are now shipped with proper browser caching headers to reduce server load and speed up the front end experience

Fixes

• Fix a critical bug on querrying users from the MongoDB database which would have led to the ability of logging into other users account on creating a new account because of the new caching methods
• Page share links are now generated from an URL safe character set instead of a default base64 character set [#13]
• Changing the e-mail address now requires the current password as same as all other critical user settings [#15]

Docker Image

myrunes docker images

# docker pull myrunes/backend:1.7.0

v.1.6.0 (main 1.6.0)

Back End / API Changelog

This changelog only refers to chanegs to the API and back end. If you want to read about changes in the front end, take a look at the front end releases.

API Changes

• The GET /pages endpoint now has a query flag filter.
  Using this, results are filtered by page name or assigned champions (case-insensitive).
• Editing and creating pages may now return an invalid title exception if the title is longer than 1024 characters.

Major Changes

• Rune Data (Names and Descriptions) and Champion Data (IDs and Display Names) are now polled from Riot's Data Dragon API on start up of the back end process.

Fixes

• Password reset endpoints are now secured and working properly.
• Fix potential context leakage in MongoDB database driver

Docker Image

myrunes docker images

# docker pull myrunes/backend:1.6.0

v.1.5.0

Changelog

New Features

• Password Reset
  You can now set your E-Mail address in your profile settings (of course, this is optional) so you can re-set your password if forgot it.
  
  

Major Changes

• Chapion names are now displayed properly
  Champion names are now displayed properly so that KAI'SA is no more titled as KAI-SA or LEE SIN is no more LEE-SIN.
  

• Optimized champion search
  Champions can now be searched way more intuitive and also search by common shorthands like lb, tf or gp is now available.
  

Minor Changes

• Input fields and checks are more consitent now
• Added GitHub Actions as alternative CI integration alongside Travis CI
• Repository domain has now moved from github.com/zekroTJA to github.com/myrunes to allow bundling together side projects belonging to myrunes project like the scraping tool or the example docker-compose stack.

Docker Image

myrunes docker images

# docker pull zekro/myrunes:1.5.0

v.1.4.0

Changelog

New Features

• Custom Page Sorting
  You can now sort your pages simply by drag and drop. Then, there is a seperate sort type called Custom so you can switch back from other sortings to your custom order.
  

• Page Availability
  You can now see if you have created pages for champions on the main page and how much pages are tagged to the champ you are hovering over.
  

Minor Changes

• Page search and sorting is now optimized and updated
  

• Update for LoL Patch 9.23+

  • Added Champion Senna
  • Changed Cleptomancy to Prototype Omnistone

• Also, the Docker image is now built in two stages which makes the resulting image a bit more lightweight

Docker Image

myrunes docker images

# docker pull zekro/myrunes:1.4.0

v.1.3.0

Changelog

New Features

• Add page search to MY PAGES and champion pages view which can be triggered with CTRL + F
• Add info bubbles which are used to show information and tipps in an non-annoing way
• You can now generate an API token in the settings view which can be used as basic authorization token for API requests
• You can now clean up local storage data set up by MYRUNES in the settings view

Major Changes

• The RESTful API is now rate limited - further details on that you can find here
• Failed login attempts are now limited so brute-force login attempts are much more difficult

Minor Changes

• Current active session is now highlighted in the settings session view
• Add Address-Check on share links to avoid multiple-access-counting of one host access
• In release mode, API responses are now compressed (no tabs, spaces or line breaks)
• Static content like JavaScript, HTML and CSS file chunks are now delivered gzip-ed
• The banner (where error and success messages are displayed) structures are now optimized for cleaner code and easier usage
• You can now configure database and TLS settings of the back end by environment variables wich is especially useful for hosting MYRUNES with docker and docker-compose - here you can read more about that

Fixes

• Update remote address detection
• Fix footer version information

Docker Image

myrunes docker images

# docker pull zekro/myrunes:1.3.0