github Studio-Saelix/sencho v0.93.0
on GitHub

4 hours ago

0.93.0 (2026-06-29)

Added

  • add a Simple mode to the New Schedule flow (#1495) (3bece54)
  • add cron scheduling mode for image update checks (#1460) (7320a86)
  • add node update alerts with changelog tab and skip-version handling (#1463) (315e8b6)
  • add ON/OFF toggle for host threshold alerts (#1456) (b7dd9dc)
  • add per-stack project env file selection for Docker Compose (#1457) (a698aaa)
  • add posture reasons and review queue to Security overview (#1462) (0384c47)
  • add Reduced motion setting and polish chrome, files, and stack-detail (#1501) (b5810a9)
  • add syntax highlighting to .env editor tab (#1459) (3bf677a)
  • appearance: add Calm/Signature visual style, readability mode, and chart palette (#1407) (8d9e657)
  • files: copy & duplicate, bulk actions, disk-backed uploads, and an accessible file tree (#1409) (37e6e48)
  • fleet: cross-node bulk label assign with authoritative label discovery (#1389) (d26ab58)
  • make all security features available on every tier (#1502) (04e6902)
  • per-stack storage inventory and portability guardrails (#1399) (9ea2864)
  • purge scan data for deleted images and stacks (#1467) (26d557a)
  • resources: render anonymous volume names readably in the volume browser (#1429) (401980f)
  • scheduler: add helper text and risk badges to scheduled action picker (#1449) (7982251)
  • scheduler: consistent action targeting in Scheduled Operations (#1431) (bc8c051)
  • scheduler: flag one-shot tasks in the Scheduled Operations table (#1433) (2c70e11)
  • scheduler: group schedule action picker by operator intent (#1446) (cc78873)
  • security: action-posture Security dashboard with exploit intel and triage (#1424) (f794702)
  • security: gate deploys on exploitation risk, not just severity (#1432) (6527bc9)
  • security: prioritization-led Overview charts (posture + exploit intel) (#1427) (b163078)
  • security: surface Compose internet-reachability exposure in posture (#1442) (3a22f59)
  • show container name in structured log output (#1452) (f1f64ec)
  • show node and fleet targets on schedule timeline pills (#1480) (5960c1e)
  • sidebar: surface partial status for multi-container stacks (#1426) (bb4ddde)
  • sortable resource tables and richer dashboard stack-health columns (#1498) (60536aa)
  • split Host Alerts into Host Alerts, Container Alerts, and Stacks guardrails (#1461) (e9c262a)
  • stacks: browse and edit mounted volume files in the explorer (#1403) (b9d8e9f)
  • stacks: per-stack environment inventory and secret-safe guardrails (#1397) (57a0856)

Fixed

  • always reconcile the scan banner with the current policy verdict (#1488) (3343630)
  • bind fleet stop-by-label to the exact confirmed nodes and stacks (#1506) (1dc12f7)
  • bind the node-update changelog to the advertised release version (#1492) (4cf0405)
  • block file-explorer binds that overlap Sencho's application directory (#1479) (3e2f045)
  • build: patch bundled Docker CLI golang.org/x/net to v0.55.0 (#1421) (7c5ba1c)
  • classify degraded remote stacks as partial on the compatibility path (#1511) (e9c2c0c)
  • clear stale node-update changelog notes when a refetch fails (#1494) (ed06900)
  • clear structured log viewer rows on stack switch (#1448) (79f840a), closes #1444
  • contain file-explorer binds into Sencho's system directories (#1484) (73f4bc2)
  • contain file-explorer binds into Sencho's temporary and tool directories (#1487) (3386c63)
  • contain file-explorer binds that reach dangling symlinked managed paths (#1490) (bee0dfd)
  • contain file-explorer binds that reach symlinked Sencho-managed paths (#1489) (349ee1f)
  • contain file-explorer writes and browse reachable out-of-base binds (#1465) (1c82e3e)
  • containers: guard container and port reads with stack:read (#1416) (82cc139)
  • copy the full finding set when reusing a cached scan for the deploy gate (#1476) (000a592)
  • dependency-map: stop flagging env-var bind mounts as missing volumes (#1468) (5e2194f)
  • deploy: preserve compose.override.yml when Mesh is enabled (#1420) (b753d2d)
  • deploy: verify atomic-deploy backup integrity before restore (#1422) (96b3c49)
  • differentiate security action links and add suppression editing (#1500) (083442d)
  • distinguish failed image-update checks from "up to date" (#1470) (d9b7911)
  • drift: reconcile the drift ledger on deploy and timestamp its history (#1405) (f9c6c5f)
  • drift: stop flagging declared external networks as drift (#1402) (b611f41)
  • editor: suppress global hotkeys while the code editor is focused (#1413) (1c5b271), closes #1410
  • enforce the originating user's role on remote WebSocket connections (#1508) (ef164f0)
  • enforce the signed-in user's role on cross-node proxied requests (#1505) (78a742f)
  • explain why a failed pre-deploy scan blocks a deploy (#1477) (628400a)
  • export the full vulnerability list to CSV (#1472) (e3b3c3b)
  • fire a one-time schedule on the exact chosen date and time (#1497) (cf0db36)
  • gate cross-node HTTP and stop-by-label on remote RBAC capability (#1509) (997a6bb)
  • harden cross-node fleet label actions and guard container reads (#1503) (05c483f)
  • honor suppressions in the informational scan policy evaluation (#1481) (7c12081)
  • keep security posture accurate for secret-only scans and any-severity KEVs (#1475) (89a13f5)
  • keep the scan banner consistent with the deploy gate after suppression changes (#1485) (04e9d18)
  • keep the schedule's stack selected on prefill and edit (#1496) (a6d431f)
  • load the full vulnerability list in the scan detail sheet (#1483) (1bca75a)
  • make Reduced motion gate overlays, standardize the tab band, and polish fleet/snapshots (#1504) (d6ce60d)
  • name matched risk inputs in policy block messages (#1471) (ca496c8)
  • name matched risk inputs in policy scan banner and alerts (#1473) (1de49f8)
  • networking: treat host-network services as host-exposed in summaries (#1430) (2eafee3)
  • persist a one-time schedule's run time so edit and disable keep its year (#1499) (ba57c67)
  • preflight: suppress node-state checks when the Docker snapshot is unavailable (#1423) (2ed0164)
  • probe remote RBAC capability live and enforce exact stop-result membership (#1510) (a7144d4)
  • rank exploit-risk findings before the cap and disclose truncation (#1482) (7c9c640)
  • rank the exploit-risk cap by the same tiers the overview list shows (#1486) (c2b508e)
  • rate-limit: key authenticated requests by verified JWT, not unverified decode (#1412) (9480cc9)
  • reject atomic restore when a checksummed backup file is missing (#1466) (eaf0642)
  • render node-update changelog notes as formatted markdown (#1474) (6256131)
  • render node-update changelog only for the advertised release version (#1493) (dd49ef6)
  • request registry tokens with the target repository scope (#1478) (2911ccf)
  • require node:read for fleet topology reads and hide Fleet without it (#1507) (dd76b13)
  • schedule the first image-update check on the cron cadence after a restart (#1491) (3ad807b)
  • scheduler: reject 6-field cron in Scheduled Operations (#1435) (db8bb70)
  • search: don't open the command palette via Cmd/Ctrl+K while typing (#1414) (f91227d)
  • security: fix Security page table layouts and exploit-risk pagination (#1434) (330f9f1)
  • skip Docker Compose $$ escaped variables in Anatomy parser (#1450) (ba1be3c)
  • stack the volume browser panels on phones so the file preview is readable (#1512) (8bec32d)
  • stacks: harden stack file path containment against symlink escapes (#1415) (69ba0e6)
Check out latest releases or
releases around Studio-Saelix/sencho v0.93.0

Don't miss a new sencho release

NewReleases is sending notifications on new releases.

Get notifications