v0.1.7

Release date: May 8, 2026

New Features

A new optional ASSETS_STORAGE_MODE=s3 setting lets stores push uploads to an S3-compatible bucket and serve them from a CDN, instead of the default local data/files/ directory
When S3 mode is on, every uploaded image is pre-generated at common widths (200/400/600/800/1200) as WebP variants and stored alongside the original, so the storefront can serve correctly-sized images without on-the-fly conversion
A new optional ASSETS_MAX_BYTES cap limits cumulative file storage (in either local or S3 mode), so a runaway upload flow can't blow up the bucket bill — per-upload caps (5 MB image / 50 MB video) are unchanged
A one-shot migrate-assets-to-s3.mjs script ships with the Docker image; running it inside a container uploads existing local files to the bucket, rewrites their stored URLs to the CDN, and pre-generates variants

The Users list has a new Export Users button that downloads the current view as a CSV
The Orders list has a new Export Orders button that downloads the current view as a CSV
Both endpoints are CSRF-protected and rate-limited

Product cards, product pages, slideshow slides, image-with-text sections, collection tiles, and other storefront images now render with srcSet and sizes, snapped to pre-generated WebP widths (200/400/600/800/1200)
Phones and tablets pull the smallest variant that fits their viewport instead of always loading the desktop-sized asset, cutting page weight and improving Core Web Vitals on slow connections

When Platform Telemetry is enabled in Settings → Integrations, server-side exceptions and unhandled client-side errors (window.onerror, unhandled promise rejections) are reported anonymously to the Capyshop team as $exception events
No personal data, customer information, or store details are forwarded — the existing telemetry toggle gates the entire pipeline, and turning it off halts all error reporting too

Slideshow titles and subtitles, image-with-text titles/subtitles/body, and text-section body fonts picked in the page builder are now loaded with the page automatically
Previously only the store-wide theme font was loaded, which meant admin font choices on home-page sections silently fell back to the default font on first paint

Stripe Elements (the embedded card form) now mounts in the customer's selected language, so card field labels, error messages, and the "Pay" button match the rest of the checkout

Webfont loading is now non-render-blocking — the storefront renders immediately and the webfont swaps in once it's loaded, eliminating the previous "blank screen until Google Fonts responds" stall
Build target updated to modern browsers (Chrome 111+, Edge 111+, Firefox 128+, Safari 16+) so the bundle no longer ships ES6 polyfills no current browser needs
Admin dashboard, analytics overview, and analytics funnel chart sizing refined for clearer visualization
The Docker image release pipeline moved to a dedicated workflow triggered by GitHub Releases, gated on a green CI run on main for the same commit — no more ad-hoc image pushes

All state-changing API endpoints (POST/PATCH/PUT/DELETE) now validate the request Origin against TRUSTED_ORIGINS and reject mismatches; only Stripe webhooks opt out, since they authenticate by signature instead of cookie
The AI assistant proxy (/api/admin/chat, /api/admin/generate-text) and the sign-up endpoint now count every call against the rate limit — not just failed ones — to defend against paid-API drain and bulk account creation abuse