From 1da2fdb856012e1ad17950983756e49fba657d74 Mon Sep 17 00:00:00 2001 From: Jonathan Miller Date: Tue, 23 Jun 2026 17:01:11 -0500 Subject: [PATCH] docs: comprehensive CHANGELOG consolidation for v01.41.00 Consolidated all fragmented changelog entries from the session into a single clean v01.41.00 release entry organized by feature area. Covers: multi-remote, snapshots, SFTP, MokoRestore, sanitization, engine improvements, admin UI, CLI/API, notifications, security. --- CHANGELOG.md | 135 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 110 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d641130..9a92f44 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,38 +1,123 @@ # Changelog + ## [Unreleased] -## [01.41.00] --- 2026-06-23 +## [01.41.00] — 2026-06-23 -## [01.41.00] --- 2026-06-23 +### Added — Multi-Remote Storage +- New `#__mokosuitebackup_remotes` table for multiple destinations per profile +- Remote destinations UI: AJAX-driven add/edit/delete/toggle modal on profile edit +- Engine uploads to ALL enabled destinations (BackupEngine + SteppedBackupEngine) +- Migration auto-converts existing SFTP/S3/GDrive/FTP profile columns to new table +- Backward compatibility: falls back to legacy single-remote columns if table empty +- Secrets masked in API responses, merged from DB on save -### Added -- Multi-remote storage: new `#__mokosuitebackup_remotes` table for multiple destinations per profile (#97) -- Remote destinations UI: AJAX-driven add/edit/delete/toggle modal on profile edit view -- Engine integration: BackupEngine and SteppedBackupEngine upload to all enabled destinations -- Migration SQL: auto-migrates existing SFTP/S3/GDrive/FTP configs to new table -- Backward compatibility: falls back to legacy single-remote columns if remotes table is empty -- Secrets masked in API responses, merged from DB on save to prevent leakage +### Added — Content Snapshots +- Lightweight JSON snapshots of articles, categories, and modules +- Includes tags, custom fields, workflow associations, field values +- Restore modes: Replace (clean slate), Merge (upsert), Selective (per-article) +- Snapshot retention: max count + max age with automatic cleanup +- Scheduled snapshot task via com_scheduler +- CLI: `mokosuitebackup:snapshot create|restore|list|delete` +- REST API: create, list, restore, delete, download snapshots +- Tabbed browse modal: Articles / Categories / Modules with item counts -## [01.40.00] --- 2026-06-23 +### Added — SFTP Remote Storage +- SFTP support with SSH key file authentication (key stored base64 in database) +- Auth type dropdown: Password / Key File / Key File + Passphrase +- SshKeyField: file upload via FileReader, key never exposed in HTML +- SFTP remote directory browser for path selection +- `__KEEP_EXISTING__` sentinel preserves key on profile re-save +### Added — MokoRestore Wizard (9 steps) +- Per-table conflict resolution: Replace / Skip / Merge / Data Only +- Preset buttons: "All Replace", "All Skip", "Everything except users" +- Post-restore actions: reset passwords, hits, versions, sessions, cache +- Auto-detect sanitized passwords and prompt for reset (random temp password) +- Standalone mode: restore.php scans directory for ZIP files +- Wrapped mode: restore.php bundled inside backup ZIP +- Security gate with filesystem verification + path traversal protection -## [01.40.00] --- 2026-06-23 +### Added — Data Sanitization +- Sanitize user passwords: replace hashes with invalid sentinel +- Sanitize user emails: replace with dummy values +- Clear session data: exclude `#__session` table +- Preserve super admin credentials (optional) +- GDPR-friendly backup sharing for demos and staging sites -## [01.39.01] --- 2026-06-23 +### Added — Backup Engine +- Pre-flight validation: directory, disk space, extensions, credentials, running backups +- Auto-verify archive integrity after creation (ZIP, tar.gz, 7z) +- 7z archive format via system 7za/7z CLI binary with native encryption +- Streaming database dump to temp file (prevents OOM on large sites) +- S3 streaming upload via CURLOPT_PUT (prevents OOM) +- Graceful remote degradation: local backup preserved if upload fails +- DatabaseDumper::dumpToFile() for memory-efficient operation -## [01.39.01] --- 2026-06-23 +### Added — Admin UI +- Dashboard: snapshot widget, 30-day backup trend chart, per-profile storage breakdown +- CPanel admin dashboard module (mod_mokosuitebackup_cpanel) with quick actions +- Backup type filter dropdown in backups list +- Backup comparison: select two backups for side-by-side diff +- Archive browser: view files inside backup without extracting +- Manual purge: delete backups older than a date with count preview +- Run Backup button on profile list and edit views with backup count badges +- "Do not navigate away" warning in backup/restore progress modals +- Clickable placeholder pills for backup directory and archive name fields +- Comprehensive help modal with absolute/relative/placeholder path documentation +- Placeholder resolution display with EXAMPLE prefix +- All placeholders UPPERCASE: [HOST], [SITE_NAME], [DATE], [DATETIME], etc. -### Added -- MokoRestore: post-restore reset options — passwords, hits, versions, sessions, cache (#131) -- MokoRestore: per-table conflict resolution — replace, skip, merge, data-only per table (#132) -- MokoRestore: preset buttons — "All Replace", "All Skip", "Everything except users" -- MokoRestore: auto-detect sanitized passwords and prompt for reset -- Data sanitization: passwords, emails, sessions in backup profile settings (#129) -- Manual purge: delete all backups older than a selected date with count preview (#119) -- CPanel admin dashboard module with backup status, quick actions, and profile buttons (#105) -- 7z archive format via system 7za/7z binary with optional password encryption (#122) -- SFTP remote file browser: browse remote server directories to select backup path (#98) +### Added — CLI & API +- `mokosuitebackup:restore` with --files-only, --db-only, --password options +- `mokosuitebackup:snapshot` with create, restore, list, delete actions +- REST API for snapshots: create, list, restore, delete, download +- Profile credentials masked in API responses + +### Added — Notifications & Logging +- Email/ntfy notifications for site restore, snapshot create/restore +- Joomla Action Logs for restore, snapshot, and snapshot restore events +- Global ntfy server/topic/token settings (fallback for profiles) + +### Added — Security & Configuration +- Webcron secret field with CSPRNG generator + strength meter +- IP whitelist field with current IP detection + one-click "Add my IP" +- 10 ACL permissions with full enforcement audit across all controllers +- Config defaults: archive format, MokoRestore mode, sanitization settings +- Path traversal protection on all archive extraction (ZIP, tar.gz, JPA) ### Fixed -- MokoRestore: data-only mode now uses REPLACE INTO to handle existing rows -- MokoRestore: temporary password is now randomly generated (not hardcoded "changeme") +- CLI RestoreCommand passed wrong arguments (filepath instead of record ID) +- JPA path traversal: reject `../` in archive entry paths +- S3Uploader OOM: streaming upload instead of file_get_contents +- DatabaseDumper OOM: streaming to file instead of in-memory string +- AkeebaImporter: removed unserialize() (PHP object injection risk) +- BackupTable: delete DB row before file (prevents data loss) +- RestoreEngine: staging path sanitized with preg_replace +- API profiles: sensitive fields masked with `***` +- Webcron: missing return after sendJsonResponse on auth failure +- loadFormData(): cast array to object (PHP 8.x TypeError fix) +- MokoRestore data-only mode: uses REPLACE INTO for existing rows +- Plaintext archive deleted on encryption failure +- TarGzArchiver: intermediate .tar cleaned in finally block +- Install script: single-line comments converted to block comments +- Orphaned root-level webservices plugin files removed +- include_mokorestore column: TINYINT changed to VARCHAR(20) +- Script.php merge conflict markers resolved + +## [01.24.00] — 2026-06-02 + +### Added +- Initial release: full-site backup and restore for Joomla 6 +- Database, files, and configuration backup +- ZIP and tar.gz archive formats with AES-256 encryption +- Differential backups based on file manifests +- FTP/FTPS, S3, Google Drive remote storage +- MokoRestore standalone restore wizard +- CLI backup and restore commands +- REST API for remote management +- Scheduled tasks via com_scheduler +- Email and ntfy push notifications +- Per-profile retention, exclusions, and notifications +- Akeeba Backup migration tool +- Admin dashboard with system health checks