From cedb5b69cc3795a37ac423e3e1315d11897c5bdd Mon Sep 17 00:00:00 2001 From: Evan Tahler Date: Wed, 16 Jul 2025 15:52:33 -0700 Subject: [PATCH 1/5] Arcade engine 2.0.0 breaking change note --- pages/home/changelog.mdx | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pages/home/changelog.mdx b/pages/home/changelog.mdx index 5d3c2b6f..e1164e40 100644 --- a/pages/home/changelog.mdx +++ b/pages/home/changelog.mdx @@ -7,6 +7,14 @@ description: "What's new at Arcade.dev" *Here's what's new at Arcade.dev!* +## For the week ending on 2025-07-18 + + + Versions 2.0.0 of the Arcade Engine was released this week. Upgrading to version 2.0.0 is recommended for all users, and includes an important security fix for [secure OAuth flows](/home/auth/secure-auth-production). After upgrading, all arcade projects will default to using the arcade verifier. If desired, you can then implement a custom verifier in your application/agent and make the switch via the Arcade Dashboard. + + Self-hosed Arcade users do not have the option to be grandfathered into the old (unsafe) behavior of skipping the verifier. + + ## For the week ending on 2025-07-11 **Frameworks** From dcf630c96a16ed9a4c232b94f6c59a23d9705e17 Mon Sep 17 00:00:00 2001 From: Evan Tahler Date: Wed, 16 Jul 2025 15:54:19 -0700 Subject: [PATCH 2/5] grammar --- pages/home/changelog.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/home/changelog.mdx b/pages/home/changelog.mdx index e1164e40..3fa67f3e 100644 --- a/pages/home/changelog.mdx +++ b/pages/home/changelog.mdx @@ -10,7 +10,7 @@ description: "What's new at Arcade.dev" ## For the week ending on 2025-07-18 - Versions 2.0.0 of the Arcade Engine was released this week. Upgrading to version 2.0.0 is recommended for all users, and includes an important security fix for [secure OAuth flows](/home/auth/secure-auth-production). After upgrading, all arcade projects will default to using the arcade verifier. If desired, you can then implement a custom verifier in your application/agent and make the switch via the Arcade Dashboard. + Version 2.0.0 of the Arcade Engine was released this week. Upgrading to version 2.0.0 is recommended for all self-hosted users, and includes an important security fix for [secure OAuth flows](/home/auth/secure-auth-production). After upgrading, all arcade projects will default to using the arcade verifier. If desired, you can then implement a custom verifier in your application/agent and make the switch via the Arcade Dashboard. Self-hosed Arcade users do not have the option to be grandfathered into the old (unsafe) behavior of skipping the verifier. From cfa0cc0ace380e067f208ef0e45c8de656bb9f12 Mon Sep 17 00:00:00 2001 From: Evan Tahler Date: Wed, 16 Jul 2025 16:32:12 -0700 Subject: [PATCH 3/5] Update pages/home/changelog.mdx Co-authored-by: Nate Barbettini --- pages/home/changelog.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/home/changelog.mdx b/pages/home/changelog.mdx index 3fa67f3e..b8480239 100644 --- a/pages/home/changelog.mdx +++ b/pages/home/changelog.mdx @@ -10,7 +10,7 @@ description: "What's new at Arcade.dev" ## For the week ending on 2025-07-18 - Version 2.0.0 of the Arcade Engine was released this week. Upgrading to version 2.0.0 is recommended for all self-hosted users, and includes an important security fix for [secure OAuth flows](/home/auth/secure-auth-production). After upgrading, all arcade projects will default to using the arcade verifier. If desired, you can then implement a custom verifier in your application/agent and make the switch via the Arcade Dashboard. + Version 2.0.0 of the Arcade Engine was released this week. Upgrading to version 2.0.0 is recommended for all self-hosted developers, and includes an important security fix for [secure OAuth flows](/home/auth/secure-auth-production). After upgrading, all projects will default to using the Arcade user verifier. If desired, you can then implement a custom user verifier in your application/agent and make the switch via the Arcade Dashboard. Self-hosed Arcade users do not have the option to be grandfathered into the old (unsafe) behavior of skipping the verifier. From 1857e5f088bff5c1398f21ef50d20e3df3ce4dea Mon Sep 17 00:00:00 2001 From: Evan Tahler Date: Wed, 16 Jul 2025 16:32:23 -0700 Subject: [PATCH 4/5] Update pages/home/changelog.mdx Co-authored-by: Nate Barbettini --- pages/home/changelog.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/home/changelog.mdx b/pages/home/changelog.mdx index b8480239..c93c3361 100644 --- a/pages/home/changelog.mdx +++ b/pages/home/changelog.mdx @@ -12,7 +12,7 @@ description: "What's new at Arcade.dev" Version 2.0.0 of the Arcade Engine was released this week. Upgrading to version 2.0.0 is recommended for all self-hosted developers, and includes an important security fix for [secure OAuth flows](/home/auth/secure-auth-production). After upgrading, all projects will default to using the Arcade user verifier. If desired, you can then implement a custom user verifier in your application/agent and make the switch via the Arcade Dashboard. - Self-hosed Arcade users do not have the option to be grandfathered into the old (unsafe) behavior of skipping the verifier. + Self-hosed Arcade developers cannot be grandfathered into the old (insecure) behavior of skipping user verification once the Engine is upgraded to version 2.0.0 or higher. ## For the week ending on 2025-07-11 From 514ccca9353049116bf7c71ba66d269f509afbfb Mon Sep 17 00:00:00 2001 From: Evan Tahler Date: Fri, 18 Jul 2025 17:10:24 -0700 Subject: [PATCH 5/5] add cahngelog --- pages/home/changelog.mdx | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/pages/home/changelog.mdx b/pages/home/changelog.mdx index c93c3361..2a5d8fa1 100644 --- a/pages/home/changelog.mdx +++ b/pages/home/changelog.mdx @@ -15,6 +15,31 @@ description: "What's new at Arcade.dev" Self-hosed Arcade developers cannot be grandfathered into the old (insecure) behavior of skipping user verification once the Engine is upgraded to version 2.0.0 or higher. +**Frameworks** + +**Toolkits** +* `[feature - 🚀]` Add Linear Toolkit ([PR #465](https://github.com/ArcadeAI/arcade-ai/pull/465)) +* `[feature - 🚀]` Add Zendesk Toolkit ([PR #458](https://github.com/ArcadeAI/arcade-ai/pull/458)) +* `[bugfix - 🐛]` Fix bug in Slack user processing ([PR #488](https://github.com/ArcadeAI/arcade-ai/pull/488)) +* `[bugfix - 🐛]` fix URL expansion in Twitter ([PR #500](https://github.com/ArcadeAI/arcade-ai/pull/500)) + +**CLI and TDK** +* `[feature - 🚀]` Toolkit docs generator command for Arcade CLI ([PR #414](https://github.com/ArcadeAI/arcade-ai/pull/414)) +* `[feature - 🚀]` custom `callback_host` for arcade login ([PR #481](https://github.com/ArcadeAI/arcade-ai/pull/481)) + +**Platform and Engine** +* `[feature - 🚀]` Dashboard: Add filter for user id and providers in Connected Accounts +* `[feature - 🚀]` Add new endpoint for upcoming scheduled subs +* `[bugfix - 🐛]` Engine OAuth hardening: secure defaults, config updates, validation, additional API flags, and route for user confirmation +* `[feature - 🚀]` Dashboard: UI for security settings +* `[bugfix - 🐛]` Engine: Correctly handle nils in auth provider responses +* `[bugfix - 🐛]` Platform: Improved success & error pages for OAuth + +**Misc** +* `[documentation - 📝]` replaced creating toolkit video with full tutorial ([PR #349](https://github.com/ArcadeAI/docs/pull/349)) +* `[documentation - 📝]` Add secure/brand auth in production doc ([PR #341](https://github.com/ArcadeAI/docs/pull/341)) + + ## For the week ending on 2025-07-11 **Frameworks**