Ackify v1.3.10

Fixes

• Stored files on s3 aren't deleted on document soft deletion

Ackify v1.3.9

New Features

• Dynamic reloading of admin settings — The admin settings GET endpoint now reloads the configuration before returning it, ensuring that the displayed values always reflect the current state.
• CryptoSigner interface exposed — The cryptographic signing interface and the ServerBuilder’s WithCryptoSigner option are now public, allowing SaaS integrations to inject their own signing implementation.

Fixes

• Magic Link & RLS — Fixed a bug where magic link tokens did not have the tenant_id set, causing failures related to PostgreSQL RLS policies.

Ackify v1.3.7

Cleanup fix

Fallback to direct cleanup when tenant context is unavailable

Full Changelog: v1.3.6...v1.3.7

Ackify v1.3.6

unnecessary style-src unsafe-inline

remove unnecessary style-src unsafe-inline from proxy and storage

Ackify v1.3.5

Bug Fixes

Fix

• Resolve signing deadlock when document URL is inaccessible from the server (local network, private IPs) — backend now automatically forces external read mode
• Smart ReadMode deduction when not explicitly set: URLs and uploaded files default to integrated, simple references default to external

Chore

• Bump GitHub Actions to v6 (checkout, setup-node, setup-go, artifacts)
• Add unit and e2e tests for inaccessible URL fallback, fix existing e2e tests

Fixes #25

Ackify v1.3.4

SMTP plain text fix (port 25)

Fixed a bug preventing email delivery through internal SMTP servers without TLS (typically port 25). The mail library was attempting TLS negotiation even when both ACKIFY_MAIL_TLS and ACKIFY_MAIL_STARTTLS were set to false, causing certificate validation errors.

Ackify CE v1.3.3

Release featuring server-side aggregate statistics, email domain restriction, improved signature counting, and migration to the Kolapsis organisation.

⚠️ Breaking Change

Organisation & Package Migration

The project has been migrated from btouchard/ackify-ce to kolapsis/ackify. This impacts:

• GitHub: The repository is now at github.com/kolapsis/ackify
• Docker Hub: The Docker image is now kolapsis/ackify (previously btouchard/ackify-ce)
• Go module: The Go module is now github.com/kolapsis/ackify

Action required: Update your docker-compose.yml files to point to the new image:

# Before
image: btouchard/ackify-ce:latest

# After
image: kolapsis/ackify:latest

New Features

Organisation Domain Restriction

• New ACKIFY_ORGANISATION_DOMAIN variable: Restricts document creation to users whose email matches the organisation domain (e.g., @company.com)
• Admins bypass this restriction
• Empty value preserves current behavior (all users allowed)
• Configurable via admin UI and install script

Server-Side Aggregate Statistics

• New statistics endpoint: Pending/completed document counts computed directly in SQL via GetAggregateDocumentStats
• Replaces client-side computation with an optimized server query
• Statistics returned in API response metadata for admin dashboard and "my documents" page

Pending Documents for Signers (#18)

• New "Awaiting your confirmation" section on the "My Signatures" page: users can now see documents assigned to them that they haven't signed yet
• One-click navigation to the document to sign
• Counter indicator in the page statistics
• New API endpoint: GET /api/v1/users/me/pending-documents

Total Signature Count

• Display total signature count including unexpected signers
• Fixes misleading "0 signatures" when only unexpected signers had signed
• Status badge now shows 4 cases: no signers, free signers, progress with optional +N pill, and complete with optional +N pill

Bug Fixes

• RLS for workers: Fixed RLS policies on queue tables for background workers (email, webhook)
• CI: Go 1.26.0 alignment, covdata fix, and setup-go v5 upgrade

Migrations

New Migrations

Migration	Description
0020_fix_queue_rls_for_workers	Fixes RLS policies on queue tables to allow background workers to process items

Configuration

New Environment Variables

# Restrict document creation by email domain (optional)
ACKIFY_ORGANISATION_DOMAIN=@company.com

---

Useful Links

• Full changelog: https://github.com/kolapsis/ackify/blob/main/CHANGELOG.md
• Documentation: https://github.com/kolapsis/ackify/blob/main/README.md
• Diff: v1.3.0...v1.3.3

Upgrading from v1.3.x

⚠️ This version contains a breaking change, see the dedicated section above.

1. Update the Docker Image

The image name has changed. Update your docker-compose.yml:

# Before
image: btouchard/ackify-ce:latest

# After
image: kolapsis/ackify:latest

2. Apply the Update

Via the installation script (recommended)

bash <(curl -fsSL https://raw.githubusercontent.com/kolapsis/ackify/main/install/install.sh)

The script automatically detects the existing installation and performs the upgrade.

Manually with Docker Compose

docker compose pull
docker compose up -d

3. Post-Update Checks

• Migration 0020 runs automatically at startup
• New optional variable: ACKIFY_ORGANISATION_DOMAIN restricts document creation by email domain

Ackify CE v1.3.2 - Owner Management & Security Improvements

Feature release adding document owner management, container healthcheck, and several security and compatibility fixes.

⚠️ Important: Query Parameter Renamed (ref → doc) (#19)

The ref query parameter used to reference documents (e.g. https://your-instance.com/?ref=my-doc) has been renamed to doc.

Browser privacy extensions (ClearURLs and similar) were silently stripping the ref parameter from URLs, as it is commonly associated with referrer tracking. This caused documents to fail to load for affected users.

New format: https://your-instance.com/?doc=my-doc

Backward compatible: The old ?ref= parameter is still accepted as a fallback, so existing integrations and external tools will continue to work. However, we recommend updating your links to use ?doc= to avoid issues with privacy extensions.

New Features

Owner-Based Document & Signers Management (#16, #17)

Non-admin document owners can now manage their own documents and expected signers without requiring admin privileges (when ACKIFY_ONLY_ADMIN_CAN_CREATE=false).

New endpoints for document owners:

• POST /api/v1/users/me/documents/{docId}/signers - Add an expected signer
• DELETE /api/v1/users/me/documents/{docId}/signers/{email} - Remove an expected signer

Also includes:

• New CanManageDocument method on the Authorizer interface for ownership checks
• Properly quoted PostgreSQL identifiers in migrations to support database names containing special characters (e.g. hyphens)
• Returns 403 Forbidden on owner routes when ACKIFY_ONLY_ADMIN_CAN_CREATE=true

Docker Healthcheck Support (#21)

The container image now includes a built-in healthcheck for better orchestration support.

• New health subcommand on the ackify binary for HEALTHCHECK usage
• HEALTHCHECK directive added to the Dockerfile
• Healthcheck configuration added to all compose files
• Supports custom port via ACKIFY_LISTEN_ADDR

Bug Fixes

Signature List Visibility Restricted to Owner/Admin (#20)

Previously, any authenticated user could see all signatures on a document. The signatures endpoint now enforces proper access control:

• Owner/Admin: can see all signatures
• Other users: can only see their own signature (if they signed)
• signatureCount is now included in the FindOrCreateDocument response so the frontend can display the total count without exposing individual signatures

Signature Count Not Updated After Signing

The frontend did not refresh the signature count after a user signed a document. Also, the embed page relied on signatures.length instead of the API-provided signatureCount, which was incorrect under the new visibility model.

Fixed: HomePage.vue now updates signatureCount after signing, and EmbedPage.vue uses the API value.

Documentation

• Created comprehensive API documentation (docs/en/api.md, docs/fr/api.md)
• Documented Docker healthcheck in deployment guides
• Documented signature endpoint access control rules
• Fixed MagicLink auto-detection description in READMEs

---

Useful Links

• Documentation: https://github.com/btouchard/ackify-ce/blob/main/README.md
• Diff: v1.3.1...v1.3.2

Upgrading from v1.3.1

This version includes a new database migration (owner management). The migration runs automatically on startup.

Query parameter rename: The ?ref= parameter is now ?doc=. The old ?ref= still works as a fallback, but we recommend updating your integrations to use ?doc= to avoid privacy extension issues.

New environment variable behavior: When ACKIFY_ONLY_ADMIN_CAN_CREATE=true, owner-based management routes return 403 Forbidden.

Update

Via the installation script (recommended)

bash <(curl -fsSL https://raw.githubusercontent.com/btouchard/ackify-ce/main/install/install.sh)

The script automatically detects the existing installation and performs the upgrade.

Manually with Docker Compose

docker compose pull
docker compose up -d

Ackify CE v1.3.1 - Bug Fixes

Ackify CE v1.3.1 - Bug Fixes

• #15 Document upload options not saved
• #14 OnlyAdminCanCreate setting ignored
• Image upload content type detection fallback

Ackify CE v1.3.0 - Integrated Reader, Storage & New Design

Major release introducing an integrated document reader, native file storage and a complete user interface redesign.

What's New

Integrated Document Reader

• Direct viewing: intelligent reader allowing document reading without leaving the application (PDF, Markdown, HTML (sanitized))
• Smart read tracking: Automatic detection of complete document reading with scroll tracking
• Integrity verification: Checksum validation on each load to guarantee document authenticity
• Configurable reading options:
  • Read mode: integrated (embedded reader) or external (link to external URL)
  • Download authorization (enabled/disabled per document)
  • Full read required before signing (optional)

Document Storage

• Native file upload: Direct upload of PDFs and other documents (in addition to existing URLs)
• Storage providers: S3 support (MinIO compatible) and local storage
• Automatic S3 bucket creation: Bucket is automatically created if it doesn't exist
• Automatic MIME detection: Extended support including ODF formats (LibreOffice/OpenOffice)
• Automatic checksum calculation: SHA-256 computed on upload to guarantee integrity

New "Technical Trust" Design

• Complete interface redesign: Modern design system with a professional visual identity
• IBM Plex fonts: Technical typography optimized for readability
• Slate palette: Professional and sober colors
• Dark mode: Native dark theme support
• New logos and icons: Renewed visual identity with PWA icons

Tenant Configuration via Admin Interface

• Admin settings page: Runtime configuration without application restart
• SMTP configuration: Integrated connection test to validate email settings
• OIDC/OAuth2 configuration: Endpoint and credential validation
• S3 configuration: Connectivity test to verify storage access
• Hot-reload: Apply changes without service interruption
• Encrypted secrets: Secure AES-256-GCM storage of sensitive information

Anonymous Telemetry (Optional)

• Usage metrics: Anonymous collection of documents, confirmations, webhooks and reminders count
• Opt-in only: Disabled by default, enable via ACKIFY_TELEMETRY=true
• SHM SDK integrated: Integration with SHM metrics service

Migrations

New Migrations

Migration	Description
0017_add_reader_fields_to_documents	Adds reader configuration fields (read_mode, allow_download, require_full_read, verify_checksum)
0018_add_storage_fields_to_documents	Adds storage fields (storage_key, storage_provider, file_size, mime_type, original_filename)
0019_add_tenant_config	Creates tenant_config table for dynamic per-tenant configuration

Configuration

New Environment Variables

# Telemetry (optional, disabled by default)
ACKIFY_TELEMETRY=false

# S3 Storage (optional)
ACKIFY_STORAGE_PROVIDER=s3          # 's3' or 'local'
ACKIFY_STORAGE_S3_ENDPOINT=...      # S3 Endpoint (e.g., minio.example.com)
ACKIFY_STORAGE_S3_BUCKET=...        # Bucket name
ACKIFY_STORAGE_S3_ACCESS_KEY=...    # S3 Access key
ACKIFY_STORAGE_S3_SECRET_KEY=...    # S3 Secret key
ACKIFY_STORAGE_S3_REGION=...        # Region (optional)
ACKIFY_STORAGE_S3_USE_SSL=true      # Use HTTPS (default: true)

# Local Storage (optional)
ACKIFY_STORAGE_LOCAL_PATH=/data     # Local storage path

---

Useful Links

• Full changelog: https://github.com/btouchard/ackify-ce/blob/main/CHANGELOG.md
• Documentation: https://github.com/btouchard/ackify-ce/blob/main/README.md
• Diff: v1.2.8...v1.3.0

Upgrading from v1.2.8

This version is 100% backward compatible with v1.2.8. Existing documents continue to work in external URL mode.

Update

Via the installation script (recommended)

bash <(curl -fsSL https://raw.githubusercontent.com/btouchard/ackify-ce/main/install/install.sh)

The script automatically detects the existing installation and performs the upgrade.

Manually with Docker Compose

docker compose pull
docker compose up -d

Migrations are applied automatically at startup:

• Existing documents default to integrated mode (transparent behavior)
• New storage columns remain null for existing URL documents
• The tenant_config table is created for runtime configuration

Enable File Storage

To allow document uploads instead of just URLs:

Option 1: S3 Storage (recommended for production)

ACKIFY_STORAGE_PROVIDER=s3
ACKIFY_STORAGE_S3_ENDPOINT=s3.amazonaws.com
ACKIFY_STORAGE_S3_BUCKET=ackify-documents
ACKIFY_STORAGE_S3_ACCESS_KEY=your_access_key
ACKIFY_STORAGE_S3_SECRET_KEY=your_secret_key

Option 2: Local Storage (development)

ACKIFY_STORAGE_PROVIDER=local
ACKIFY_STORAGE_LOCAL_PATH=/app/data/uploads

Enable Telemetry (optional)

ACKIFY_TELEMETRY=true

Telemetry helps me understand Ackify usage to improve the product. NO PERSONAL DATA IS COLLECTED.