2026-01-03T09:37:48Z - 2026-07-03T08:37:48Z
Overview
2 Releases published by 2 users
Published
v0.24.6
Published
v0.18
v0.18
62 Issues closed from 1 user
Closed
#67 Column labels need larger font (not bold — bills are already bold)
Closed
#5 Projected Cash Flow
Closed
#60 Client computeLiveProjection ignores snowball_exempt bills
Closed
#33 Consistent form state management pattern
Closed
#14 Keyboard navigation and shortcuts
Closed
#42 Project-wide Data Input & Sync — Manual + CSV Import + Provider Abstraction
Closed
#59 Dual-block migration structure in database.js duplicates every migration entry
Closed
#81 LOW: LIVE constant interpolated into SQL queries in payments.js
Closed
#78 MEDIUM: No pagination on core list endpoints - returns all records
Closed
#54 Imported payments have no payment_source
Closed
#47 Phase 5: SimpleFIN Provider Sync
Closed
#53 PATCH /api/snowball/order doesn't exclude soft-deleted bills
Closed
#50 Mortgage category not auto-detected as debt (snowball DEBT_LIKE_CLAUSES gap)
Closed
#49 Imported payments don't update debt balance (balance_delta always NULL)
Closed
#38 Recurring bill generation from cycle rules
Closed
#55 Client snowball projection duplicates server simulation (drift risk)
Closed
#52 PATCH /api/snowball/order silently swallows invalid rows
Closed
#58 isRamseyMode() called twice per snowball projection request
Closed
#51 rotateSessionId uses raw BEGIN/COMMIT/ROLLBACK instead of db.transaction()
Closed
#1 Overdue Command Center
Closed
#10 Filtered Exports
Closed
#13 Payment method tracking and summary
Closed
#66 Month navigation arrows should bracket the month name (< MAY >)
Closed
#79 MEDIUM: Admin routes use req.params.id without integer validation
Closed
#84 LOW: OIDC client secret stored in plaintext in user_settings table
Closed
#48 Phase 6: Background Sync & Polish
Closed
#62 Analytics — Expense vs Spend color key partially covered by bar graph on desktop
Closed
#64 Calendar shows Due dot on days with no bills due (e.g. Saturday 16th)
Closed
#80 MEDIUM: CSRF cookie defaults to httpOnly=false - XSS bypasses CSRF protection
Closed
#85 LOW: Auto-generated encryption key stored in same SQLite database as encrypted data
Closed
#77 MEDIUM: TrackerPage.jsx is 2386 lines with 44 hooks - maintainability and re-render risks
Closed
#76 MEDIUM: 10x .catch(() => {}) silently swallowing errors in client code
Closed
#75 MEDIUM: Floating-point REAL type for monetary amounts in SQLite
Closed
#74 HIGH: No explicit JSON body size limit on express.json() - default 100KB
Closed
#65 Add Bill link should always be visible at top, not only under Tracker tab
Closed
#73 HIGH: No process-level unhandledRejection/uncaughtException handler
Closed
#63 Overview page — Upcoming bills field hard to read
Closed
#72 HIGH: Payment UPDATE/DELETE lack user_id in WHERE clause (defense-in-depth)
Closed
#71 HIGH: SQL injection surface in analyticsService.js - string interpolation in WHERE clause
Closed
#70 CRITICAL: Incomplete user deletion - orphaned data risk
Closed
#69 CRITICAL: SMTP password stored in plaintext in SQLite
Closed
#68 CRITICAL: Async route handlers lack try/catch - unhandled rejections crash process
Closed
#40 cycle_type and billing_cycle not acted on in statusService
Closed
#41 SimpleFIN Bank Sync — Backend + UI
Closed
#57 updateCheckService.js Forgejo URL is hard-coded with no env override
Closed
#15 Unit and integration tests
Closed
#16 Bill grouping and reorganization API
Closed
#39 UI for defining recurring bill generation rules
Closed
#46 Phase 4: Transaction Matching
Closed
#45 Phase 3: CSV Import
Closed
#44 Phase 2: Data Sources & Shared Transactions
Closed
#43 Phase 1: Standardize Payments as the Manual Bill Payment Model + Surface on Bills Detail
Closed
#12 Business logic extraction to service layers
Closed
#8 Recurring Payment Rules
Closed
#11 Debt Snowball Readiness Checklist
Closed
#7 Duplicate Bill / Templates
Closed
#4 Partial Payments — track paid $80 of $150
Closed
#6 Bill Health / Setup Audit
Closed
#3 Search + Filters everywhere
Closed
#2 No confirmation before destructive actions
Closed
#36 Authentik logo not displaying correctly on login/admin page — corrected file location
Closed
#37 Category seed added: Food, Beauty, Entertainment, Pets
4 Issues created by 1 user
Opened
#9 Calendar Agenda Mode
Opened
#56 parseUserAgent in ProfilePage.jsx has weak OS detection
Opened
#82 LOW: CORS_ORIGIN accepts comma-separated origins without URL validation
Opened
#83 LOW: Login rate limiter bypassed when no users exist (first-run timing window)