docs(changelog): v4.1.1

[jmelahman]

Summary

Adds a v4.1.1 entry to the changelog, placed above v4.1.0 and dated to match the v4.1.1 tag (June 12th, 2026). Scoped to the security-hardening behavior changes that may require action on existing self-hosted deployments.

[Update] Action May Be Required

• USER_AUTH_SECRET now required (#12038) — the API server refuses to start on non-dev deployments when it's empty (previously only a warning).
• Hardened default MinIO/S3 credentials (#12003) — install.sh randomizes them; backend warns if minioadmin is still in use.
• SSRF protection moved to the Security & Hardening admin page (#11881) — single SSRF Protection control replacing the per-path env vars; existing deployments derive their initial level from those env vars.

🤖 Generated with Claude Code

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
onyx	🟢 Ready	View Preview	Jun 17, 2026, 6:40 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.