v0.9.2

• Windows SSH password authentication (CMD) — incorrect Windows ACL setup created a DENY entry that locked the current user out of their own temp files, including the database file on first launch; fixed by correctly setting icacls inheritance and explicit user grants
• Windows SSH password authentication (CMD) — SSH_ASKPASS env vars were silently dropped when passed as inline compounds through the cmd → start → cmd launch chain; replaced with a temp bat file that sets variables directly in the correct process
• Windows SSH password authentication (PowerShell) — | Out-Null appended to the SSH invocation was piping stdout to nothing and preventing PTY allocation; SSH appeared to launch but produced no visible output or response
• SSH askpass helper (all platforms) — upgraded to a file-existence state machine: delivers the stored password on the first call, fails fast on password-retry prompts to prevent silent retry loops, and relays non-password prompts (proxy 2FA challenges, reason fields) to the terminal for interactive input
• In-app SSH authentication failure toast (Windows + macOS) — when SSH exits with a non-zero code (e.g. wrong password), the app now restores from minimised, shows a clear error toast naming the affected profile, and directs the user to edit it; previously the terminal closed silently with no feedback in the app
• Windows terminal selector — removed the generic "Default" option; Windows Terminal is now shown explicitly as the first and default option (pre-installed on Windows 11 since 22H2, October 2022); existing users with "Default" are automatically migrated to "Windows Terminal" on first launch
• macOS terminal selector — renamed "Default (Terminal.app)" to "Terminal" for consistency with Windows naming; existing users with "Default" are automatically migrated to "Terminal" on first launch

v0.9.1

• Windows SSH password authentication — SSH could not invoke the .bat askpass script (CreateProcess returns ERROR_ACCESS_DENIED); replaced the per-connection temp .bat file with a bundled spm-askpass.exe helper that SSH can execute directly
• Update available notification — current and new version numbers are now shown on separate lines with clear labels; previously crammed onto one line
• "What's New" splash screen now shows all versions skipped since the last update; users upgrading across multiple versions (e.g. v0.8.0 → v0.9.1) see a combined view with each version's highlights in clearly labelled sections
• Updated rand 0.8 → 0.10 and rusqlite 0.32 → 0.39 to latest stable versions
• Updated GitHub Actions workflows (actions/checkout@v4 → v5) to address Node.js 20 deprecation on runners

---

⚠️ Known Issues (Windows — stored password auth)

Further issues with the stored password authentication method on Windows have been identified after release and will be addressed in v0.9.2:

• Windows Terminal — connections using stored passwords fail with Access Denied
• Command Prompt — stored password is not passed to SSH correctly
• PowerShell — initial authentication succeeds, but subsequent prompts (e.g. if the SSH login prompts for further user input) fail because the password file is cleaned up before SSH connection finishes

Workaround: Use SSH key authentication or None (Keyboard Interactive) Authentication types or roll back to v0.8.0.

v0.9.0

• Central Passwords Manager — shared credentials that can be linked to multiple profiles; change the password once and all linked profiles immediately use the new value (ideal for AD accounts and shared jump hosts)
• Central Password auth method — new "Central Password" option in the profile auth method dropdown; a searchable picker lets you select which central password to use
• "Manage Central Passwords" link — opens the Central Password Manager directly from the profile editor without losing your place
• SSH_ASKPASS integration — passwords stored in the system keychain are now passed to SSH automatically via SSH_ASKPASS + SSH_ASKPASS_REQUIRE=force; no interactive password prompt appears in the terminal
• Central password export/import — exports include a central_password_ref field (the central password name, never the value); on import, profiles are re-linked by name, or an empty shell is created if the name is not found on the destination machine
• Bulk select and delete in the Central Password Manager — checkboxes on each item, Select All, and a "Delete N Passwords" button with confirmation
• Custom terminal disclaimer — when "Custom Terminal (unsupported)" is selected in Settings, a note explains that password authentication may not work with all custom terminals
• Profile modal save button validation — Save is now disabled until all auth-method-specific required fields are filled: key path for SSH Key, password for Password, and a selected entry for Central Password
• Windows minimum requirement raised to Windows 11 (OpenSSH 8.4+ required for SSH_ASKPASS_REQUIRE=force)
• Central Password Manager bulk delete button now correctly shows a confirmation dialog before deleting
• Tab cycling in the Central Password Manager now correctly includes the Close button when the Add Password form is incomplete
• "Add Password" button focus highlight is now clearly visible (blue outline with gap matches the rest of the app)

v0.8.0

• Move Profile — new modal to move a profile to any group, or to ungrouped, without deleting and recreating it
• Move Group — new modal to move any group (including top-level groups) to a new parent, with full cascade path updates
• Drag profile between groups — drag a profile card onto a group header to move it instantly; a 5-second undo toast lets you reverse the action
• Custom sort order — drag profiles and groups into a custom order within their parent; order persists across app restarts
• Cross-group drag + position — drag a profile from one group and drop it at a specific position within another group in a single gesture
• Padlock button — toolbar toggle for drag reordering; session-only (always starts locked on app launch, resets on quit)
• "Reset to A-Z" — group context menu option to restore alphabetical order for a single group's profiles and child groups
• "Reset Sorting Order" — Settings button to reset all profiles and groups back to alphabetical order globally
• Expand Card Actions — optional Appearance setting to display all six profile actions (Connect, Edit, Move, Duplicate, Export, Delete) as individual buttons on each profile card; automatically reverts to the Actions menu in compact view
• macOS: "Open in new tab" now surfaces an actionable error message when macOS blocks Terminal automation (Accessibility permission), instead of silently failing — includes instructions for resolving the permission issue
• Profiles can now be dragged to the Ungrouped section even when no ungrouped profiles currently exist
• Text in profile titles, group names, and info values no longer becomes selected unexpectedly during drag operations
• Settings modal Tab key now correctly cycles within the modal on macOS (fix for WKWebView treating overflow scroll containers as Tab stops)
• Settings sections now display a visible divider between all section boundaries

v0.7.1

• Parent Group dropdown no longer flickers and disappears when opened
• Group modal no longer occasionally gets stuck at an expanded size after closing
• "What's New" splash screen no longer reappears on app reload — now only shown on genuine app launch
• Compact view: improved card layout for both standard and favourite profile cards

v0.7.0

• Hierarchical groups — organise profiles with nested sub-groups up to 3 levels deep (e.g., Work/Production/WebServers)
• Sub-group management — add, rename, move, and delete groups with cascade or move-profiles options
• Favourites — star any profile for quick access from the virtual "Favourites" group at the top of the list
• Profile icons — choose from 40+ icons for instant visual recognition on profile cards
• Tag system — colour-coded tags with multi-select management and tag:name search syntax
• Individual export/import — export or import a single profile or an entire group tree with duplicate detection (skip, rename, or overwrite)
• Encrypted exports — AES-256-GCM encryption with PBKDF2-HMAC-SHA256 key derivation for secure profile sharing
• Password strength metre — 5-level scale (Weak / Fair / Good / Strong / Stronger) when setting an encryption password
• Version splash screen — highlights changelog features automatically on first launch after an update
• 30+ keyboard shortcuts — comprehensive navigation throughout the app; press ? to view all shortcuts
• Settings "Export/Import" tab renamed to "Backup/Restore" for clarity
• Profile names are now unique within the parent group only — the same profile name is permitted across different groups
• Group filter and collapse state now persists between sessions
• Windows: SSH key path validation now works correctly for Windows home directory paths (e.g., C:\Users\name\.ssh\id_ed25519)
• Cross-platform: Checkbox text is now properly vertically centred on both macOS and Windows
• Group rename and move no longer corrupts sub-group paths when group names share a common prefix (e.g., renaming "Dev" no longer affects "Dev/DevOps")
• Tag manager modal no longer expands to fill all available space when empty or when only a few tags are present
• Exports containing password-authenticated profiles now require encryption (mandatory enforcement)
• HMAC-SHA256 integrity verification on all encrypted imports detects tampering before decryption
• Encryption password requirements enforced on both frontend and backend: 12–128 characters
• Encryption keys and passwords are zeroised from memory immediately after use

v0.6.5

• Hash Character Support: Hash (#) character now supported in Username, Profile Name, and Group Name fields
  • Updated frontend and backend validation patterns
  • Updated field tooltips to show hash as allowed character
• Group Filter Badge on Startup: Groups filter no longer shows "0/0" on app load
  • Fixed initialization order: filter state now loads before profiles
  • Badge updates correctly after profiles load
• Filter State on Startup: Filters now apply correctly when app launches
  • Fixed initialization order issue that prevented filters from applying
  • Group selections now properly filter profiles on startup
• Group Name Validation: Fixed corrupted group state errors from character limit mismatch
  • Updated validation regex to match 64-character limit (was incorrectly checking for 32)
  • Eliminates localStorage corruption errors for valid group names
• Duplicate Profile Workflow: Improved user experience when duplicating profiles
  • Removed automatic "(duplicate)" suffix from duplicated profile names
  • Users can now choose their own name (validation prevents actual duplicates)
  • Save button properly disabled until changes made
• Modal Close Button: Close button now skips confirmation when no changes have been made
  • Eliminates unnecessary confirmation dialog when editing without changes
  • Works correctly for edit, duplicate, and new profile scenarios

v0.6.4

• Windows Terminal Tab Mode: Fixed tab mode to properly open in most recently used window
  • Changed from wt new-tab to wt -w last nt for correct window targeting
  • Tabs now open in existing Windows Terminal window instead of creating new windows
  • Tested and verified working on Windows 11
• Windows Terminal Window Mode: Fixed "window not found" error when opening new windows
  • Changed to wt new-window without window ID targeting
  • Eliminates errors from invalid window ID references
  • Tested and verified working on Windows 11
• Auto-Close Terminal Tab (macOS): Terminal tabs now close reliably using keyboard shortcut simulation
  • Replaced AppleScript close (selected tab) with System Events Cmd+W keystroke
  • Works correctly for both tab mode and window mode
  • Tested with multiple tabs - closes individual tabs correctly without affecting other tabs
• Auto-Close Terminal Tab (Windows): Auto-close now works correctly for all terminal types
  • Simplified SSH command execution to use native terminal exit behavior
  • Works with CMD, PowerShell, and Windows Terminal
  • Session closes cleanly when SSH connection ends
• Windows App Icon Transparency: Fixed white background visible in taskbar and title bar
  • Regenerated all icons with transparent background from SVG source
  • Updated icon.ico, icon.icns, and all platform-specific icon sizes
  • Clean transparency now matches macOS appearance
• Group Filter Counter: Fixed inverted logic showing unselected groups instead of selected
  • Counter now correctly shows number of selected groups, not hidden groups
  • Badge stays visible at all times showing X/Y format (selected/total)
• Profile Count Badge Shifting: Fixed badge size changing when numbers updated
  • Implemented fixed widths: 32px (1 digit), 42px (2 digits), 52px (3 digits)
  • Badges no longer shift size when profile counts change
  • Smooth, consistent UI experience
• CSP Warning on Windows: Removed frame-ancestors directive from meta tag
  • Directive is only valid in HTTP headers, not meta elements
  • Kept frame-ancestors in tauri.conf.json where it's properly supported
  • Eliminates console warning on Windows
• Rust Unused Import Warning: Removed unused std::fs import
  • Cleaned up after refactoring to use create_file_windows_secure helper
  • Zero compiler warnings on all platforms
• Console Logging: Debug logging now requires explicit opt-in via localStorage
  • Console logs only appear when localStorage.debug='true' is set
  • Removes development clutter from production browser console
  • Cleaner user experience for non-developers
• Database File Permissions: Enhanced security with explicit file permissions on Unix systems
  • Database file now set to 0600 permissions (owner-only access)
  • Prevents unauthorized access to profiles.db from other local users
  • Defense-in-depth security enhancement
• Rate Limiting: Added maximum concurrent session limit
  • Maximum 5 concurrent terminal sessions allowed
  • Maintains existing rate limits (2s between sessions, 100 writes/second)
  • Prevents resource exhaustion from excessive terminal connections
• Terminal Dimension Limits: Reduced maximum terminal size for better resource management
  • Reduced from 300×100 to 250×80 (30,000 → 20,000 cells max)
  • More reasonable limits for typical use cases
  • Reduces memory usage and potential DoS vectors
• CDN Resource Integrity: Added Subresource Integrity hashes for xterm.js
  • Added integrity and crossorigin="anonymous" attributes to CDN resources
  • Protects against compromised CDN attacks
  • Ensures loaded resources match expected cryptographic hash
• Developer Tools: Disabled devtools in production builds
  • Changed "devtools": true → "devtools": false in tauri.conf.json
  • Prevents users from accessing developer tools in release builds
  • Can be re-enabled for debugging if needed
• Badge Format: Changed to X/Y format for better clarity
  • Filter badge shows "selected/total" groups (e.g., "3/5")
  • Profile badge shows "visible/total" profiles (e.g., "14/17")
  • Always visible, providing consistent context at a glance
• Filter Reset Button: Renamed "Clear All" to "Reset"
  • More accurately describes behavior (resets to show all, not clears selection)
  • Reduces confusion about button purpose
• Maximum Import Limit: Reduced from 1000 to 999 profiles
  • Cleaner 3-digit maximum for UI consistency
  • Simplifies badge width calculations (no 4-digit support needed)
• Temporary Script Cleanup: Enhanced security for temporary SSH launch scripts
  • Increased cleanup delay from 2s to 5s for safer terminal script execution
  • Added secure deletion: overwrites with random data before unlinking
  • Prevents information disclosure from lingering temporary files
• SSH Host Key Verification: Added MITM attack protection
  • All SSH connections now use -o StrictHostKeyChecking=ask
  • Users prompted to verify host keys on first connection
  • Protects against man-in-the-middle attacks
• Password Operation Logging: Removed sensitive debug logging
  • Eliminated all password-related debug logs (lengths, operation timing)
  • No longer exposes sensitive information during development
  • Simplified password storage logic
• XSS Prevention: Refactored shortcuts modal for defense-in-depth
  • Replaced insertAdjacentHTML with createElement() and appendChild()
  • Safer pattern prevents future XSS vulnerabilities
  • Better code maintainability
• Content Security Policy: Strengthened CSP and eliminated CDN dependencies
  • Vendored xterm.js locally (eliminates external CDN dependency)
  • Updated CSP to script-src 'self' and style-src 'self' only
  • Added frame-ancestors 'none' for clickjacking protection
  • Improved offline functionality and security
• Terminal Session Management: Added automatic cleanup for idle sessions
  • Idle timeout: 30 minutes of inactivity
  • Background monitor checks every 5 minutes
  • Automatically closes inactive sessions and frees resources
  • Prevents resource exhaustion from hung/abandoned sessions
• File Dialog Timeout: Reduced timeout for better resource management
  • Reduced from 120 seconds to 60 seconds
  • Prevents indefinite resource holding
• Windows Batch File TOCTOU: Eliminated race condition in file creation
  • Created create_file_windows_secure() helper function
  • Files created with restrictive permissions atomically
  • Eliminates time-of-check-to-time-of-use window
• Password Authentication Documentation: Clarified password storage behavior
  • Added documentation explaining passwords stored for reference/export only
  • Clarified manual password entry required for SSH connections
  • Recommended SSH key authentication for automated workflows
• Dependency Vulnerability: Fixed rkyv undefined behavior vulnerability (RUSTSEC-2026-0001)
  • Updated rkyv from 0.7.45 to 0.7.46
  • Fixes potential undefined behavior in Arc/Rc on out-of-memory conditions
  • Indirect dependency through tauri-plugin-log
  • Discovered via cargo audit on 2026-01-09
• Dependency Vulnerability Scanning: Automated security auditing
  • Added GitHub Actions workflow for weekly security scans
  • Configured Dependabot for automatic dependency updates
  • Uses cargo audit for Rust and bun audit for JavaScript
  • Runs on pull requests, weekly schedule, and manual dispatch
• CI Workflow Optimization: Improved efficiency with path filtering
  • Security audit and build checks now run only on PRs (not every push)
  • Path filtering skips checks for documentation-only PRs
  • Maintains weekly scheduled scans and manual dispatch options
  • Saves CI minutes while ensuring code quality
• Git Repository Consolidation: Merged development documentation into main repository
  • Added CLAUDE.md, TODO.md, and plans/ to public repository
  • Removed private backup repository setup
  • Simplified multi-machine development workflow
  • Verified no sensitive information in documentation files
• Code Refactoring: Reduced complexity in SSH connection handler
  • Extracted platform-specific helper functions from connect_ssh
  • Reduced main function from 389 lines to 76 lines
  • Improved code maintainability and readability

v0.6.3

Release v0.6.3 - Security hardening and bug fixes (#14)

Co-authored-by: Claude Sonnet 4.5 noreply@anthropic.com

v0.6.2

Changed

• Green Color Scheme: Updated success color from various greens to consistent #34C759 (macOS-style green)
  • Base button color: #34C759, hover: #2A9F47
  • Applied to success buttons, toast notifications, and terminal status indicators
• Settings Modal Behavior: Save button no longer closes settings modal
  • Allows multiple saves without re-opening modal
  • Button disables after save until new changes detected
  • Improved user experience for iterative settings adjustments

Added

• Password Export Toggle: New "Include Passwords in Export" checkbox in Profile Management
  • Defaults to checked (enabled)
  • Persisted to localStorage as user preference
  • Requires clicking Save to apply (follows settings pattern)
  • Settings Management respects this toggle when including profiles in backup
• Enhanced Username Validation: Username field now supports @ symbol
  • Max length increased from 32 to 128 characters
  • Supports formats like user@proxyuser for complex SSH scenarios
  • Backend and frontend validation updated
• Backend Password Retrieval: Added get_profile_password command
  • Retrieves passwords from system keychain for editing profiles
  • Enables password field population when editing existing profiles

Fixed

• Hostname Validation: Reduced max length from 128 to 64 characters (more realistic limit)
• Group Name Validation: Increased max length from 32 to 64 characters (more flexibility)
• Field Tooltips: Updated all validation tooltips to reflect new character limits and rules
• Windows Scrollbar: Hidden persistent scrollbar arrows in Recent Connections on Windows
  • Arrows no longer show when scrolling not needed
  • CSS: scrollbar-button { display: none }
• Windows Button Hover: Fixed text rendering issues during button hover scale animation
  • Added backface-visibility: hidden and -webkit-font-smoothing: subpixel-antialiased
  • Text no longer appears blurry or zoomed during hover
• Windows Icons: Regenerated all icons with transparent backgrounds (PNG32/RGBA format)
  • Removed white box background visible on Windows
  • All icon sizes regenerated from SVG: 32x32, 128x128, 128x128@2x, Square logos (30-310px), StoreLogo, icon.ico
  • Icons now match macOS appearance with clean transparency

Security

• Password Export Warning: Updated security warnings to reflect conditional password inclusion
  • Profile Management warning: Only warns when "Include Passwords in Export" is enabled
  • Settings Management warning: References Profile Management toggle state
  • More accurate risk communication to users

Known Issues

• Password Authentication Not Working: Passwords are not being stored in system keychain despite success messages
  • The keyring library reports success but macOS Keychain Access shows no entries created
  • Passwords cannot be retrieved when editing profiles or exporting
  • Export shows password: null even with "Include Passwords" enabled
  • Workaround: Use SSH Key authentication or None (Keyboard-Interactive) instead
  • Fix planned for v0.6.3: Will investigate keychain permissions and alternative storage methods