Log in
v1.5.3 - Theme API v2, Anonymous Instance Telemetry, and Extension Preview
28 April 2026 om 19:17
1.5.3 (2026-04-28)
New: Help shape Bulwark Webmail. Each instance now sends a lightweight daily heartbeat (version, platform, bucketed account counts, feature toggles - never message data or PII) so we can see which platforms and features actually get used and prioritize fixes where they matter most. You're in control: opt out any time from Admin β Telemetry or by setting
BULWARK_TELEMETRY=off. Full schema in the privacy notice.
Features
- Telemetry: Anonymous instance telemetry, on by default. Reports schema version, platform, bucketed account counts, and feature toggles only - disable from the admin UI, with
BULWARK_TELEMETRY=off, or by clearing the endpoint - Telemetry: Track unique logins (HMAC'd per instance, 90-day retention) so the heartbeat can report bucketed account totals without storing usernames
- Plugins: Theme API v2 with token compiler and skin slot
- Plugins: Extension preview page and detailed extension info API
- Calendar: Right-click context menu on empty calendar space
- Docker: Persistent named volume for telemetry data so the instance id and admin's consent choice survive container upgrades
Fixes
- Security: Block telemetry endpoint from pointing at internal/loopback hosts (validation + DNS-rebind re-check at fetch time)
- Security: Harden plugin config, TOTP token exchange, and branding file serving
- Mail: Batch shortcuts now act on the multi-selection when one is present (#228)
