Fixes & Improvements

Mobile

• Fixed mobile sidebar appearing behind header content (z-index issue)

Desktop App

• Release artifacts no longer include version in filenames for cleaner OTA updates

Website

• Updated homepage mockup to match current desktop app design
  • Search trigger with ⌘K shortcut
  • Leaderboard navigation
  • PRO badge on Settings
  • Updated stats layout (commits, PRs, issues)
  • Export button

Full Changelog: v1.2.4...v1.2.5

Security Hardening Release

This release addresses multiple security vulnerabilities identified during a comprehensive security audit.

Security Fixes

• Tauri CSP: Added Content Security Policy to desktop app to prevent XSS attacks
• CORS Restrictions: API routes now validate origins instead of allowing wildcard *
• Security Headers: Added HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy to web app
• Webhook Validation: Polar webhook endpoint now validates secret is properly configured before processing
• Filesystem Scope: Tauri file write permissions restricted to $APPDATA directory only
• Input Validation: Added validation for JSON.parse calls to handle corrupted data gracefully
• PII Protection: Removed customer emails from server logs

Dependencies

• Updated esbuild to 0.27.2 (fixes moderate severity vulnerability)

Upgrade

This is a security release. All users are encouraged to upgrade immediately.

What's Changed

• feat: comprehensive design & UX improvements by @arzafran in #2

New Contributors

• @arzafran made their first contribution in #2

Full Changelog: v1.1.12...v1.2.4