Skip to content

Releases: yellowcooln/meshcore-mqtt-dashboard

v1.3.3

Choose a tag to compare

@yellowcooln yellowcooln released this 10 Jun 19:12
575e68d

v1.3.3

This release focuses on security hardening, dependency maintenance, and CI/CD improvements.

Highlights

Security

  • Hardened the dashboard against CVE-2026-45323-style stored XSS attacks from untrusted MeshCore/MQTT data.
  • Reviewed and validated rendering paths across the dashboard, traffic page, and battery information views.
  • Added regression tests covering malicious metadata, node fields, retained traffic data, and decoded message content.

Dependencies

  • Updated safe non-major Python dependencies.
  • Verified Node dependencies are current.
  • npm audit --audit-level=low reports zero vulnerabilities.

CI/CD

  • Synced dev with main while preserving the self-hosted Docker build workflow.

  • Docker builds now run on:

    • Pushes to main
    • Pushes to dev
    • Pull requests targeting main
    • Version tags (v*)
    • Manual workflow dispatches
  • Pull request validation now builds Docker images without requiring Docker Hub credentials or publishing artifacts.

Other Changes

  • Updated application version to v1.3.3.
  • Refreshed release documentation and changelog entries.

Validation

  • Full test suite passed (33 passed).
  • GitHub Actions test workflow passed.
  • Docker build workflow completed successfully on the self-hosted runner.

See CHANGES.MD for the complete list of changes.

What's Changed

  • Use self-hosted runner for Docker publish and improve XSS coverage by @yellowcooln in #9

Full Changelog: v1.3.2...v1.3.3

v1.3.2 - CPU Reduction and Docker Publishing

Choose a tag to compare

@yellowcooln yellowcooln released this 08 May 19:05
a376bc4

v1.3.2 focuses on reducing unnecessary runtime overhead and improving deployment options.

This release reduces idle CPU work in the MQTT hot path. When battery telemetry is disabled, the dashboard now skips the battery decode path entirely. It also avoids building websocket stats, traffic summaries, and broadcast queue work when no dashboard clients are connected.

For the write-heavy SQLite path, the app now uses:

  • journal_mode=WAL
  • synchronous=NORMAL
  • temp_store=MEMORY

to reduce database overhead under sustained message traffic.

This release also improves distribution and deployment support. A GitHub Actions Docker publish workflow is now included, and the published image is documented as:

yellowcooln/meshcore-mqtt-dashboard

The README now includes practical examples for:

  • Pulling the published image
  • Running with docker run
  • Using the image in docker compose

Validation

  • Automated test suite passing
  • Added regression coverage for new hot-path guards

What's Changed

  • Bump cryptography from 46.0.6 to 46.0.7 by @dependabot[bot] in #6
  • Bump pytest from 8.3.5 to 9.0.3 by @dependabot[bot] in #7
  • Enhance Docker support and optimize MQTT performance by @yellowcooln in #8

Full Changelog: v1.3.1...v1.3.2

v1.3.1 - Optional Battery Telemetry Dashboard

Choose a tag to compare

@yellowcooln yellowcooln released this 29 Mar 19:53
08e5280

v1.3.1 adds an optional battery telemetry dashboard and the supporting decode pipeline behind it.

This release introduces a new public /batteryinfo page for decoded channel-based battery reports. It charts retained battery telemetry, shows the latest decoded values per sender, and keeps the page fast by persisting decoded events in SQLite instead of rescanning the full packet table on every load.

Battery info is fully opt-in. Fresh installs keep it disabled by default, and the page stays hidden unless it is explicitly enabled and configured with a channel key. The feature also has its own retention window and channel display controls, so it can be managed independently from the main packet retention settings.

This release also moves battery decoding to the official @michaelhart/meshcore-decoder package.

Included in v1.3.1

  • New optional public /batteryinfo page
  • Decoded battery telemetry charts and recent decoded reports
  • SQLite-backed batteryinfo_events persistence with retained-packet backfill
  • Battery-specific environment controls:
    • BATTERYINFO_ENABLED
    • BATTERYINFO_CHANNEL_NAME
    • BATTERYINFO_SHOW_CHANNEL_NAME
    • BATTERYINFO_RETENTION_SECONDS
    • BATTERYINFO_CHANNEL_KEY
  • Default battery feature state set to off in .env.example
  • Switched battery decoding to official @michaelhart/meshcore-decoder
  • Added automated tests for battery decode, persistence, and disabled-route behavior

Live Example

A live example can be found at the Boston MQTT Dashboard.

v1.3.0 - Traffic Dashboard and Presence Accuracy

Choose a tag to compare

@yellowcooln yellowcooln released this 24 Mar 19:23

v1.3.0

v1.3.0 adds a dedicated traffic dashboard and improves live node accuracy.

This release introduces a new public /traffic page that shows retained packet activity across the full retention window. It includes route and payload charts, top talkers, and burst detection so operators can see not just who is online, but what the network is actually doing over time.

Traffic history is now persisted in SQLite and rebuilt from retained packet data when needed, so the page survives restarts without losing context.

Role inference is also improved. The dashboard now uses MQTT payload hints from /status and /internal messages before falling back to name-based matching, improving classification for repeaters, observers, room systems, and MQTT-connected infrastructure.

This release also fixes a presence bug caused by retained /internal MQTT messages. Those retained startup replays no longer create ghost online nodes, resulting in more accurate node counts after reconnects and restarts.

Included in v1.3.0

  • New public /traffic page
  • Retained route and payload traffic charts
  • Top talkers and burst detection views
  • SQLite-backed traffic history persistence
  • Improved role inference from MQTT payload metadata
  • Fix for ghost online nodes caused by retained /internal messages
  • Startup console log showing the running app version

v1.2.1 focuses on deployment cleanup and dashboard presentation improvements.

Choose a tag to compare

@yellowcooln yellowcooln released this 13 Mar 17:44

Release Summary

This release adds DASH_BROKER_HOST, allowing administrators to show a clean public broker label in the dashboard without changing the actual MQTT connection target.

The application can still connect to an internal Docker address such as host.docker.internal, while the UI displays a public-facing endpoint like broker.example.net:443. The override is rendered exactly as provided.

This release also simplifies Docker configuration. docker-compose.yaml now loads runtime settings from .env using env_file, instead of duplicating the environment list directly in the Compose file. This reduces configuration drift and makes local overrides easier.

Highlights

  • Added DASH_BROKER_HOST for display-only broker endpoint overrides
  • Simplified docker-compose.yaml to load runtime configuration from .env
  • Updated documentation to reflect the new broker display override and Compose behavior

New Environment Variable

  • DASH_BROKER_HOST — optional broker endpoint shown in the dashboard UI only

Validation

  • Pytest suite passing

v1.2.0

Choose a tag to compare

@yellowcooln yellowcooln released this 09 Mar 14:25

v1.2.0 — 2026-03-03

Added

  • Server-rendered share/embed metadata on / so previews use live configuration values.
  • Wired title, og:title, and twitter:title to DASH_TITLE.
  • Optional favicon support via DASH_LOGO_URL (.png, .jpg, .jpeg).
  • Optional external header button controlled by environment variables with URL validation.
  • Pytest test suite (tests/) covering:
    • API authentication
    • index metadata and favicon rendering
    • redaction behavior
  • GitHub Actions CI test workflow at .github/workflows/tests.yml for PRs and pushes.
  • Documentation updates covering:
    • embed behavior
    • external link configuration
    • manual verification steps.

Environment Variables

  • DASH_LOGO_URL
    Optional favicon URL or path (.png, .jpg, .jpeg).

  • DASH_EXTERNAL_URL
    Optional external header button URL (must be http or https).

  • DASH_EXTERNAL_LABEL
    Label for the external header button (default: External).