Skip to content

FocusWell 26.6.6

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 12 Jun 11:28
26.6.6
This tag was signed with the committer’s verified signature.
NihilDigit NihilDigit
SSH Key Fingerprint: NkCMWvpi/Rr41k1UVCvUKZY7CxaNS0cCSyFtZf9jW2s
Verified
Learn about vigilant mode.
77e1880
This commit was signed with the committer’s verified signature.
NihilDigit NihilDigit
SSH Key Fingerprint: NkCMWvpi/Rr41k1UVCvUKZY7CxaNS0cCSyFtZf9jW2s
Verified
Learn about vigilant mode.

Security hardening release for reminders, cloud sync, and the browser gate.

What changed:

  • Reminder device registration now protects existing device identities. Re-registering a known device must prove the current install secret, and secret hash rotation is rejected from the normal register endpoint.
  • GitHub sign-in now validates the OAuth state returned from the browser before exchanging a code. Mismatched or missing state is rejected.
  • OAuth tokens and reminder install secrets are stored through Android Keystore-backed encrypted preferences, and app backup is disabled with explicit sensitive prefs exclusions.
  • The browser extension UI is now fully English and can add the current page to the whitelist from the popup without manually editing JSON.

Build verification:

  • Backend typecheck and tests passed in CI.
  • Android unit tests passed in CI.
  • Signed APKs are attached for arm64-v8a, armeabi-v7a, and x86_64.

Install the APK that matches your device ABI. Most modern phones should use arm64-v8a.

Assets 6
Loading