Sandboxlib

- **Activity/Notifications API:** Apps can now inform Sandstorm when a grain has been modified. Sandstorm will then highlight the grain in the user interface to show that it has new content, and in some cases deliver notifications to interested users. Apps need to be updated to use the API, but an update to Etherpad will ship on Sunday with updates to Rocket.Chat and Wekan soon thereafter.
- Fixed regression where grain UIs would not refresh when the grain's package was updated.
- Fixed bug where it was possible to have a "shared with me" copy of a grain you own show up in your grain list, which in turn caused other bugs.
- Fixed spurrious deprecation warning in server logs and reduced the size of the Sandstorm bundle by 10% by eliminating redundant copies of the Connect framework which were being included due to npm dependency semantics.
- Fixed some modal dialogs stretching off the screen on mobile.
- Various code refactoring.
- Oasis: Fixed that save()ing a capability was producing a SturdyRef that could not be restored due to bookkeeping errors.
- Sandstorm for Work: The SAML XML blob is now available even if the SAML identity provider has not yet been enabled. This should make setup easier.

- Meteor-based apps will no longer go into redirect loops when WebSockets are not working.
- Sandstorm for Work: Fixed SAML login failing when a user's name contained non-ASCII characters.
- The Powerbox API has changed slightly to involve a server-side exchange after the client-side selection operation. This improve security. Existing powerbox-using apps will need to be updated -- but no major apps are using it yet.
- When using email login and clicking the link (rather than copy/pasting the token), you will now be redirected back to the URL from which you initiated login.
- Improved design of profile editor UI.
- The user table in the admin panel can now be sorted by clicking column headers.
- Fixed "guided tour" hint bubble for installing apps showing for users who aren't allowed to install apps.

- Fixed regression in static web publishing that caused requests that should have returned 404s or redirect-to-add-trailing-slash to instead return a 500 status with a blank page.
- Added ability for admin to request a heapdump (to debug memory leaks).

- Sandstorm for Work: SAML connector should now work with Active Directory.
- Fixed various subtle resource leaks in Sandstorm front-end and sandstorm-http-bridge.
- Fixed random crash/hang bug introduced in sandstorm-http-bridge v0.166. Apps build since that time will need to be rebuilt.
- The old admin interface has been completely removed (the new admin interface has been the default since v0.164).
- The email configuration test dialog now shows more informative error messages.
- The "most-used" apps row is now only shown if you have more than 6 apps, without which it isn't helping.
- Added "guided tour" hint highlighting the "share access" button.
- Added explanatory text to admin user invite page.
- Fixed search bar autofocus on app list page.
- The question mark info button on Grains page was supposed to have a circle around it.

- Updated to Meteor 1.3.3.1.
- Implemented hard flow control at the Cap'n Proto layer so that an errant (or malicious) app cannot cause excessive memory use elsewhere in the system by making excessive simultaneous calls. This should improve the stability of Oasis.
- Implemented flow control for uploads to an app (though it rarely comes into play unless running Sandstorm locally).
- Fixed that after losing internet connectivity for a while (or suspending your laptop) and then coming back, grains would refresh.
- Fixed some memory leaks in shell server.
- Added more "guided tour" points to help new users learn Sandstorm.
- Sandstorm for Work: SAML connector now exports XML auto-configuration blob.
- Sandstorm for Work: Improved UI around feature keys.

- Implemented flow control for large file downloads from apps so that they don't buffer in the front-end consuming excessive RAM. Apps that handle large files will need to re-pack using the latest sandstorm-http-bridge and push an update.
- Sandstorm for Work: Made SAML entity ID configurable; added more setup instructions.
- Updated Google login setup instructions to match latest gratuitous UI changes.