Action required on upgrade if you have encryption enabled: open Cloud Sync settings, enter your passphrase, and hit Save. This overwrites the plaintext sync file on the server with an encrypted version. Do the same on any secondary devices.
Bug fixes
Encryption
Cloud sync files were never actually encrypted despite the UI showing encryption as active. Uploads were always written as plaintext. The fix required three coordinated changes to the Cloud Sync save flow:
encryptionEnabledis now included in the persisted engine config (this is the field the sync engine actually checks before encrypting uploads — distinct from theencryptUI preference that was being saved instead)- The encryption key is now derived with the correct database name so it persists across page reloads without requiring the passphrase to be re-entered every session
- After enabling encryption, the sync file is immediately re-uploaded in encrypted form rather than waiting for the next sync cycle
- Disabling encryption now correctly clears the local key and re-uploads the file in plaintext
- The passphrase unlock modal was calling the wrong function (
setupEncryptionKey, which generates a new random salt) instead ofsetSyncPassphrase(which caches the passphrase so the key can be re-derived from the salt already embedded in the encrypted file)
Auto-backup
- Settings (enabled toggle and frequency) now persist when you close and reopen the modal
- Backup history now loads correctly
- Automatic backups now run on schedule via a background timer; the timer skips if encryption is configured but the session key isn't loaded, preventing unencrypted backup files from being written
UI
- ESC now closes the Timeline Stats modal