What's Changed
This release focuses on security hardening and stability improvements across the application, addressing issues identified through a comprehensive code review audit.
🛠 Improvements
- Autostart log privacy — Replaced raw
argvlogging with structured, redacted diagnostic fields (matched_exact,matched_prefixed,other_arg_count). The default log level isDebug, so raw argv would have leaked deep-link URLs and local paths into user-submitted diagnostic ZIPs. - Engine port cleanup — Added
u16port validation at entry and replaced shell-interpolated commands (sh -c) with direct process invocations (lsof,ps,kill) on Unix, eliminating the shell injection surface. - Release pipeline integrity —
release.shnow runs a full pre-release verification gate (format check, type check, unit tests for both frontend and backend) before committing, tagging, or pushing. - Update check timing —
lastCheckUpdateTimeis now written only on successful update checks, preventing failed checks from suppressing subsequent automatic checks for up to 24 hours. - Cross-platform scripts —
bump-version.shnow detects$OSTYPEto use the correctsed -isyntax on both macOS (BSD) and Linux (GNU).
🐛 Bug Fixes
- Fixed
HistoryStorepermanently losing database connectivity when both initial load and rebuild failed —initPromiseis now reset on rebuild failure, allowing subsequent retry.
📦 Downloads
| Platform | Architecture | File |
|---|---|---|
| macOS | Apple Silicon · Intel | .dmg
|
| Windows | x64 · ARM64 | -setup.exe
|
| Linux | x64 · ARM64 | .AppImage .deb
|