Checklist for the Gotify 3.0.0 release.
Breaking Changes:
- The `config.yml` file is no longer supported, convert it to the new env format with [`migrate-config`](https://gotify.net/docs/migrate-to-3#migrating-your-config).
- If you set list or map environment variables, their syntax changed, see [List and map syntax](https://gotify.net/docs/migrate-to-3#environment-list-and-map-syntax).
- API tokens are no longer returned in the GET endpoints and are only exposed on creation or rotation. See [Tokens are only shown once](https://gotify.net/docs/migrate-to-3#tokens-are-only-shown-once).
- If you have scripts hitting client-token endpoints, they may now need [elevation](https://gotify.net/docs/migrate-to-3#step-up-authentication).
---
* Add OIDC login support. See [OIDC Docs](https://gotify.net/docs/oidc) (#433 via #941, #977, #982)
* Thanks to @KovachVL and @alanturing881 for reporting security issues for this feature.
* Add session elevation for sensitive actions in the web UI. [Session Elevation Docs](https://gotify.net/docs/session-elevation) (GHSA-3hcj-9m7p-wwm9, #944 via #952, #954).
* Automatically delete inactive clients/sessions (#943 via #959)
* Rework configuration (#366, #392 via #967)
* Don't store tokens in plain text (#325 via #971)
* Publish a `gotify/server:master` docker image for testing unreleased changes (#953, #956)
* Allow sending messages with a client token (#964)
* Allow refreshing application tokens (#985 via #986)
* Increase token keyspace to >128 bits (#936 via #939)
* Switch logging to zerolog (#962)
* Add OCI labels to docker images (#924 via #927)
* Update dependencies
Checklist for the Gotify 3.0.0 release.
Changelog draft: