Sandstorm Blog

July changelog - what's new in Sandstorm

By Asheesh Laroia - 03 Aug 2016

In July, we introduced a new Sandstorm feature: Apps can notify users when something interesting happens within a grain. For example, Etherpad uses this to tell you when someone leaves a comment on a document. This ActivityEvent API was designed by Kenton Varda and its visual elements were designed by Néna Nguyễn. You can read more in its Cap’n Proto definition; any app within Sandstorm can use it. The easiest way to try it out is to make a new Etherpad document, then open it in an incognito window, and use the incognito window to leave yourself a comment.

This change, and many more, went live during July. To keep your Sandstorm server updated, you can sit back and relax. In the default configuration, Sandstorm’s automatic updates will install updates within 24 hours of a new release.

Here’s the full July changelog!

v0.173 (2016-07-23)

• Sandstorm for Work: Added server whitelabeling features. Find under “Personalization” in the admin panel.
• Apps now receive profile pictures for all users. Users who have no picture get an identicon. Previously, apps were expected to generate identicons themselves.
• HTTP requests to / responses from apps now pass through any header prefixed with X-Sandstorm-App-. Also, X-OC-Mtime is whitelisted in responses, to improve Davros’ compatibility with ownCloud clients.
• Attempting to download a backup of a collection will show a warning explaining that this doesn’t do what you expect.
• Prevented guests from uploading grain backups. These uploads weren’t creating actual grains, but could use up server-side disk space.
• Fix bug in grainlist deduplification on app details page.
• Fixed that the admin page for managing a specific user only showed their login identities, not non-login identities. The main list showed both, but the non-login identities would disappear when clicking through to a specific user.
• The favicon is now transparent instead of white-background.
• The guided tour highlight of the “share access” button no longer blacks out the button on Firefox.
• The admin UI’s “Personalization” page no longer fails to save if you haven’t entered a Terms of Service or Privacy Policy URL.
• “204 No Content” responses from apps now preserve the ETag.
• Refactored powerbox client-side code to make it more pluggable.

v0.172 (2016-07-15) [bugfixes]

• Fixed a regression that caused accepting an app update notification to have no effect. Sandstorm will re-notify about missed updates within 24 hours.
• Fixed bugs preventing Sandstorm from working on IE10.
• Tweaked new activity event API.
• Major refactor of powerbox-related code.
• Bugfixes related to upcoming collections app.

v0.171 (2016-07-09)

• Activity/Notifications API: Apps can now inform Sandstorm when a grain has been modified. Sandstorm will then highlight the grain in the user interface to show that it has new content, and in some cases deliver notifications to interested users. Apps need to be updated to use the API, but an update to Etherpad will ship on Sunday with updates to Rocket.Chat and Wekan soon thereafter.
• Fixed regression where grain UIs would not refresh when the grain’s package was updated.
• Fixed bug where it was possible to have a “shared with me” copy of a grain you own show up in your grain list, which in turn caused other bugs.
• Fixed spurious deprecation warning in server logs and reduced the size of the Sandstorm bundle by 10% by eliminating redundant copies of the Connect framework which were being included due to npm dependency semantics.
• Fixed some modal dialogs stretching off the screen on mobile.
• Various code refactoring.
• Oasis: Fixed that save()ing a capability was producing a SturdyRef that could not be restored due to bookkeeping errors.
• Sandstorm for Work: The SAML XML blob is now available even if the SAML identity provider has not yet been enabled. This should make setup easier.

v0.170 (2016-07-02) [bugfixes]

• Meteor-based apps will no longer go into redirect loops when WebSockets are not working.
• Sandstorm for Work: Fixed SAML login failing when a user’s name contained non-ASCII characters.
• The Powerbox API has changed slightly to involve a server-side exchange after the client-side selection operation. This improve security. Existing powerbox-using apps will need to be updated – but no major apps are using it yet.
• When using email login and clicking the link (rather than copy/pasting the token), you will now be redirected back to the URL from which you initiated login.
• Improved design of profile editor UI.
• The user table in the admin panel can now be sorted by clicking column headers.
• Fixed “guided tour” hint bubble for installing apps showing for users who aren’t allowed to install apps.