0.5.0 (2025-05-17)
BREAKING
- The server verifies user accounts by sending a cryptographically signed link to the provided email address. This requires an SMTP section in the config file. This behaviour and thus the need for the SMTP section can be bypassed with another configuration, but because BOMnipotent is secure-by-default, the server does not start if neither is configured.
- The client does not allow approving unverified users. This security measure can be bypassed with the “–allow-unverified” flag.
Added
- Using the “–robot” flag, the client can request a robot account intended for automation. This account does not get verified via email, and needs to be approved by again using the “–robot” flag.