# v0.1.7 **Release date:** May 8, 2026 ## New Features ### S3 Asset Storage - A new optional `ASSETS_STORAGE_MODE=s3` setting lets stores push uploads to an S3-compatible bucket and serve them from a CDN, instead of the default local `data/files/` directory - When S3 mode is on, every uploaded image is pre-generated at common widths (200/400/600/800/1200) as WebP variants and stored alongside the original, so the storefront can serve correctly-sized images without on-the-fly conversion - A new optional `ASSETS_MAX_BYTES` cap limits cumulative file storage (in either local or S3 mode), so a runaway upload flow can't blow up the bucket bill — per-upload caps (5 MB image / 50 MB video) are unchanged - A one-shot `migrate-assets-to-s3.mjs` script ships with the Docker image; running it inside a container uploads existing local files to the bucket, rewrites their stored URLs to the CDN, and pre-generates variants ### CSV Exports for Users and Orders - The Users list has a new **Export Users** button that downloads the current view as a CSV - The Orders list has a new **Export Orders** button that downloads the current view as a CSV - Both endpoints are CSRF-protected and rate-limited ### Responsive Storefront Images - Product cards, product pages, slideshow slides, image-with-text sections, collection tiles, and other storefront images now render with `srcSet` and `sizes`, snapped to pre-generated WebP widths (200/400/600/800/1200) - Phones and tablets pull the smallest variant that fits their viewport instead of always loading the desktop-sized asset, cutting page weight and improving Core Web Vitals on slow connections ### Error Telemetry - When **Platform Telemetry** is enabled in Settings → Integrations, server-side exceptions and unhandled client-side errors (`window.onerror`, unhandled promise rejections) are reported anonymously to the Capyshop team as `$exception` events - No personal data, customer information, or store details are forwarded — the existing telemetry toggle gates the entire pipeline, and turning it off halts all error reporting too ### Page-Builder Font Loading - Slideshow titles and subtitles, image-with-text titles/subtitles/body, and text-section body fonts picked in the page builder are now loaded with the page automatically - Previously only the store-wide theme font was loaded, which meant admin font choices on home-page sections silently fell back to the default font on first paint ### Stripe Checkout Localization - Stripe Elements (the embedded card form) now mounts in the customer's selected language, so card field labels, error messages, and the "Pay" button match the rest of the checkout ## Improvements - Webfont loading is now non-render-blocking — the storefront renders immediately and the webfont swaps in once it's loaded, eliminating the previous "blank screen until Google Fonts responds" stall - Build target updated to modern browsers (Chrome 111+, Edge 111+, Firefox 128+, Safari 16+) so the bundle no longer ships ES6 polyfills no current browser needs - Admin dashboard, analytics overview, and analytics funnel chart sizing refined for clearer visualization - The Docker image release pipeline moved to a dedicated workflow triggered by GitHub Releases, gated on a green CI run on `main` for the same commit — no more ad-hoc image pushes ## Security Fixes - All state-changing API endpoints (POST/PATCH/PUT/DELETE) now validate the request `Origin` against `TRUSTED_ORIGINS` and reject mismatches; only Stripe webhooks opt out, since they authenticate by signature instead of cookie - The AI assistant proxy (`/api/admin/chat`, `/api/admin/generate-text`) and the sign-up endpoint now count every call against the rate limit — not just failed ones — to defend against paid-API drain and bulk account creation abuse