MantisBase v0.3.4 — Admin Upgrades, Bug Fixes & Docker Updates
We're shipping v0.3.4 today with a handful of quality-of-life improvements, a cleaner configuration story, and a few important bug fixes. Here's what's new.
Unified MB_* Environment Variable Prefix
All environment variables now consistently use the MB_* prefix. If you were previously setting MANTIS_JWT_SECRET, update that to MB_JWT_SECRET — the old name is no longer recognised. This brings every runtime knob under one coherent namespace and makes it easier to manage configuration in Docker and CI environments.
| Variable | Description | Default |
|---|---|---|
MB_JWT_SECRET |
JWT signing secret (set this in production!) | built-in default |
MB_DISABLE_FILE_UPLOADS |
Set to 1 to disable file uploads globally |
0 |
MB_DISABLE_ADMIN_ON_FIRST_BOOT |
Set to 1 to skip auto-admin creation browser spin off |
0 |
MB_DISABLE_RATE_LIMIT |
Set to 1 to disable rate limiting |
enabled |
File Upload Kill Switch
A new MB_DISABLE_FILE_UPLOADS=1 flag lets you turn off file uploads at the server level without touching your schema. Any upload attempt while this flag is active will receive a 403 Forbidden response. Useful for read-only deployments or environments where you want to enforce that no files land on disk.
Docker Improvements
The Dockerfile has been updated to debian:trixie-slim as its base, and the build arg has been renamed from MANTIS_VERSION to MB_VERSION (default 0.3.4) to match the new naming convention. The docker-compose file now also surfaces all MB_* variables as commented-out stubs, so it's clear what you can configure without digging through docs.
The published image on Docker Hub is allankoech/mantisbase — the quick-start command is simply:
docker run -p 7070:80 allankoech/mantisbase
All submodules have also been switched from SSH to HTTPS URLs and set to shallow fetch, which significantly speeds up fresh clones in CI pipelines.
Admin Panel Updates
Several improvements have landed in the admin UI this release:
Entity cloning — You can now clone an existing entity directly from the admin panel. Cloning copies the source entity's schema (field names, types, and structure) into a new entity, giving you a clean starting point to build on without recreating common field sets from scratch. No records are carried over, only the schema.
Entity renaming — Entities can now be renamed from within the admin panel without having to drop and recreate them.
Long entity name overflow fix — Entity names that exceeded the available sidebar/panel width were pushing other UI elements off screen. This has been corrected so long names truncate gracefully and the layout stays intact.
Minor bug fixes and improvements across the admin panel generally.
Bug Fixes
- PATCH requests with password fields — a missing-field error that surfaced when patching records containing a
passwordfield has been resolved. - Last-activity tracking — activity timestamps now only update on actual database record changes, not on every SSE ping or passive connection event. This prevents misleading "active" signals for idle clients.
- SSE session cleanup — auth tokens are no longer held in memory on SSE sessions. The token field is explicitly nulled out after verification, reducing the risk of credentials lingering in heap memory across a long-lived connection.
Internal / Code Quality
soci_wrappers.hsaw a significant cleanup — redundant nesting in the field-binding logic was flattened, making the type-dispatch code considerably easier to follow.- SSE event queuing now uses
emplaceinstead ofpushfor slightly cleaner construction. - SQL update column formatting moved to
std::formatfor consistency.
Upgrading
Update your environment variables from MANTIS_JWT_SECRET → MB_JWT_SECRET and pull the new image or rebuild from source. No schema migrations are required for this release.
The full changelog and binaries are available on the GitHub releases page.
