VERSION HISTORY

CHANGELOG

COMPLETE RELEASE HISTORY FOR VANTAGEVAULT
LATEST: v1.0.0-BETA · BUILD 1 · MARCH 2026

v1.0.0
PUBLIC BETA — BUILD 1
MARCH 2026  ·  WINDOWS
LATEST
SECURITY
FIX
PASSWORD VALIDATION MATCHES BACKEND (12+ CHARS)
Alpha accepted passwords as short as 6 characters. Beta enforces the real backend rules: 12+ characters, uppercase, lowercase, number, and special character (@$!%*?&). Validation runs on both client and server — no more confusing rejections.
SECURITY
DEBUG SECRETS REMOVED FROM LOGS
Alpha printed APP_SECRET and its decrypted value to stdout in plain text. Both debug lines removed entirely.
SECURITY
LOGGING HARDENED TO CRITICAL ONLY
Alpha ran with logging.INFO, leaking session details and internal state. Beta sets the root logger to CRITICAL — no credentials or user data in the log stream by default.
NEW FEATURES
NEW
EMAIL VERIFICATION WITH 6-DIGIT OTP
New accounts now complete an OTP verification step before accessing the vault. Existing unverified accounts are detected at login and gracefully redirected to verify.
NEW
IN-APP SUPPORT CENTER TAB
Dedicated Support tab with contact channels (email & Discord), response time SLAs, bug reporting guide, pre-contact tips, and a security vulnerability reporting section.
NEW
PASSWORD RESET VIA EMAIL (RESEND)
Settings now includes a "Send Reset Email" option that dispatches a reset link via Resend. Links expire in 1 hour.
NEW
RESEND CONFIRMATION EMAIL
Re-dispatch your verification email directly from Settings if you missed the original.
NEW
LIVE WHAT'S NEW FEED
After login the app fetches vantagevault.dev/whats-new.json in the background and updates the sidebar version label to always reflect the latest build.
NEW
CTRL+U KEYBOARD SHORTCUT TO UPLOAD
Press Ctrl+U from anywhere in the app to open the file picker and start a new deposit immediately.
NEW
WEBP FILE FORMAT SUPPORT
The file picker now accepts .webp in addition to PNG, JPG, JPEG, BMP, and GIF.
NEW
50MB CLIENT-SIDE FILE SIZE GUARD
Files over 50MB are rejected before upload starts with a clear error showing the actual file size — matching the backend cap exactly.
NEW
HISTORY: REVEAL NAMES TOGGLE
System logs now hide deposit names by default (shown as ••••••••). A "👁 REVEAL NAMES" button in the history toolbar shows them on demand.
NEW
PRIVACY POLICY & TERMS LINKS IN SIDEBAR
The Security & Privacy box in the sidebar now includes direct buttons to vantagevault.dev/privacy and vantagevault.dev/terms.
NEW
VERSION LABEL + WHAT'S NEW BUTTON IN SIDEBAR
Sidebar footer now shows the current version, build number, and a "WHAT'S NEW" button linking directly to release notes.
IMPROVEMENTS
IMPROVED
LOGIN RUNS IN BACKGROUND THREAD — NO MORE UI FREEZE
Alpha blocked the main thread during authentication. Beta dispatches login to a background thread and shows "AUTHENTICATING..." on the button while waiting.
IMPROVED
RATE LIMIT & UNVERIFIED EMAIL ERRORS HANDLED
HTTP 429 now shows a 15-minute lockout message. HTTP 403 with email_not_confirmed redirects to the OTP dialog instead of showing a generic "access denied".
IMPROVED
HISTORY SHOWS ALL DEPOSITS (WAS CAPPED AT 20)
Alpha silently limited history to the last 20 entries. Beta displays all deposits. The textbox is also locked to read-only after population.
IMPROVED
SESSION CHECK CHANGED FROM GET TO POST
Fixes silent auth failures on auto-login where the server responded with method-not-allowed errors.
IMPROVED
FULL NODE ID VISIBLE IN SIDEBAR
Alpha truncated to 12 characters. Beta shows the full UID for easier support lookups.
IMPROVED
GALLERY & HISTORY REFRESH AFTER UPLOAD
fetch_history() is now called on upload success, keeping System Logs in sync without a manual refresh.
IMPROVED
SCROLLBAR STYLING UNIFIED ACROSS ALL PANELS
All CTkScrollableFrame instances share a consistent teal-on-dark scrollbar style, replacing the mismatched CustomTkinter defaults.
IMPROVED
RECOVERY KEY DETECTION USES CORRECT FIELD NAME
Alpha checked recovery_key; Beta correctly checks recovery_key_hash — fixing false "no recovery code" warnings for users who had already generated one.
IMPROVED
DUPLICATE STATS THREAD CALL REMOVED
Alpha accidentally called update_stats() twice per trigger, doubling network requests. The duplicate has been removed.
IMPROVED
PROXY URL UPDATED TO BETA ENDPOINT
PROXY_URL now points to the vantagebeta Hugging Face Space.
REMOVED
REMOVED
GOOGLE SIGN-IN BUTTON HIDDEN FROM LOGIN SCREEN
OAuth flow is retained in code for a future release. Removed from the UI until the redirect experience is fully polished.
REMOVED
LEGACY ROOT WINDOW REMOVED
Alpha instantiated a bare ctk.CTk() root window at module load, causing a ghost window to flash on startup. Removed entirely — VantageApp is the only window now.
v0.1.0
PUBLIC ALPHA — INITIAL RELEASE
2026  ·  WINDOWS
ARCHIVED
// THIS VERSION IS NO LONGER SUPPORTED — UPGRADE TO BETA
NEW
AES-256 END-TO-END ENCRYPTION
Initial implementation of Fernet-based AES-256 encryption with PBKDF2-HMAC-SHA256 key derivation at 100,000 iterations. Keys derived from user password — server never sees plaintext.
NEW
OCR TEXT EXTRACTION WITH TESSERACT
Local Tesseract integration for offline optical character recognition. Extracted text is encrypted before leaving the device and indexed for vault search.
NEW
CLOUD VAULT SYNC VIA PROXY
Images and encrypted OCR content sync to a secure cloud backend via a hardened proxy. Supabase credentials are never exposed to the client binary.
NEW
GHOST MODE
Toggle to blur all image thumbnails and replace file names with [HIDDEN] in the gallery. Content reveals on hover only.
NEW
RECOVERY CODE SYSTEM
One-time cryptographic recovery code generated at signup for password reset without data loss.
NEW
OS KEYRING SESSION TOKEN STORAGE
Access and refresh tokens stored in Windows Credential Manager — not plain disk files. Remember Me option for skip-login sessions.
PERF
50MB FREE VAULT STORAGE
Free tier provides 50MB cloud vault capacity. Pro tier (2048MB) available.