- API tokens now work even when DISABLE_AUTH is set
- Added API token section back to Security tab in settings
- API tokens can protect API access for automation while keeping UI open
- Invalid tokens are rejected even with auth disabled
- Export/import endpoints still require valid API token
- API tokens now hashed before storage (never stored in plain text)
- Raw token shown only once during generation
- Backward compatible with existing plain text tokens
- Added migration warnings for users with plain tokens
- Updated documentation to reflect security improvements
- Fix alternating zero I/O metrics by implementing rate caching for stale data from Proxmox
- Hardcode polling interval to 10 seconds (matching Proxmox cluster/resources update cycle)
- Remove polling interval settings from UI (no longer user-configurable)
- Implement efficient VM/container polling using single cluster/resources API call
- Remove 'Remove Password' feature (auth is now mandatory)
- Fix CSRF validation for Basic Auth (exempt from CSRF checks)
- Fix Generate API Token modal and authentication
- Remove redundant 'Active' status from Authentication section
- Remove Connection Timeout setting from frontend (backend-only)
- Clean up frontend console logging (reduce verbosity)
- Remove PBS polling interval setting (fixed at 10s)
- Add frontend rebuild detection to backend-watch script
- Improve first-run setup flow and error handling
- Add backend endpoint to regenerate API tokens without resetting auth
- Updates .env file with new token while preserving other settings
- Frontend component with clear UX for token generation
- Shows new token once with copy functionality
- Indicates restart required to activate new token
- Works across all deployment types (Docker, LXC, native)
Much better UX than telling users to 'reconfigure security' just for a new token
- Add pending restart detection when .env exists but not loaded
- Update frontend to show pending state instead of re-showing setup
- Fix QuickSecuritySetup to refresh security status after configuration
- Remove auto-restart attempts from security setup
- Show deployment-appropriate restart instructions
- Update documentation to reflect new update mechanism
Related to security setup issues after removing sudo/auto-restart capabilities
