Releases: darkroomengineering/specto
Releases · darkroomengineering/specto
Specto v1.2.5
Fixes & Improvements
Mobile
- Fixed mobile sidebar appearing behind header content (z-index issue)
Desktop App
- Release artifacts no longer include version in filenames for cleaner OTA updates
Website
- Updated homepage mockup to match current desktop app design
- Search trigger with ⌘K shortcut
- Leaderboard navigation
- PRO badge on Settings
- Updated stats layout (commits, PRs, issues)
- Export button
Full Changelog: v1.2.4...v1.2.5
Specto v1.2.4
Security Hardening Release
This release addresses multiple security vulnerabilities identified during a comprehensive security audit.
Security Fixes
- Tauri CSP: Added Content Security Policy to desktop app to prevent XSS attacks
- CORS Restrictions: API routes now validate origins instead of allowing wildcard
* - Security Headers: Added HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy to web app
- Webhook Validation: Polar webhook endpoint now validates secret is properly configured before processing
- Filesystem Scope: Tauri file write permissions restricted to
$APPDATAdirectory only - Input Validation: Added validation for JSON.parse calls to handle corrupted data gracefully
- PII Protection: Removed customer emails from server logs
Dependencies
- Updated
esbuildto 0.27.2 (fixes moderate severity vulnerability)
Upgrade
This is a security release. All users are encouraged to upgrade immediately.
What's Changed
New Contributors
Full Changelog: v1.1.12...v1.2.4