Changes 03/14/2026 (v3.9.0)
release(v3.9.0): persistent-token key lifecycle updates and admin rotation workflow
Commit message
release(v3.9.0): persistent-token key lifecycle updates and admin rotation workflow
- docker(startup): remove baked persistent-token key defaults and auto-generate a unique key for pristine installs
- admin(ui): warn when the instance is still using a legacy or placeholder persistent-token key and expose guided rotation for compatible installs
- admin(crypto): add persistent-token key rotation that re-encrypts stored secrets and expires remember-me sessions
- docs(docker): refresh docker run / compose guidance so metadata-backed generated keys are documented as the default path
Added
- Admin rotation workflow for persistent-token keys
- Added an admin-only rotation action that generates a new persistent-token key, re-encrypts stored secret-bearing data, writes
metadata/persistent_tokens.key, and intentionally expires remember-me sessions. - Added an admin warning card with rotation guidance for instances still using a legacy or placeholder persistent-token key.
- Added an admin-only rotation action that generates a new persistent-token key, re-encrypts stored secret-bearing data, writes
Changed
- Docker startup behavior
- Pristine Docker installs now auto-generate and persist a unique persistent-token key in
metadata/persistent_tokens.key. - Existing installs without an explicit key continue on the legacy compatibility path until the operator rotates them.
- Pristine Docker installs now auto-generate and persist a unique persistent-token key in
- Docker examples and env reference
- Updated
docker run, compose, and env-reference guidance soPERSISTENT_TOKENS_KEYis optional by default and no published placeholder value is documented.
- Updated
Fixed
- Persistent-token key lifecycle
- Existing installs can now move off the legacy compatibility key without losing admin config, user-permissions, stored TOTP secrets, or source credentials.
- Remember-me sessions are explicitly expired during rotation instead of being left in a mixed-key state.
Security
- Install defaults
- The runtime image no longer ships a baked-in persistent-token key default.
- New Docker installs now start with instance-unique key material by default as long as
metadata/is persistent.
v3.9.0
Full Changelog
SHA-256 (zip)
f0757584dddccb5bbdd522cc45bf11f6a58d5f5e12666dd25ac56bd4ea9f6e00 FileRise-v3.9.0.zip