Tags

Tags give the ability to mark specific points in history as being important

v1.4.3
protected

a2162489 · fix: bump version to 1.4.3, fix GTK window title, update changelogs · Mar 30, 2026
```
v1.4.3: fix Flutter GUI binary name in Flatpak launcher, fix GTK window title
```
v1.4.2
protected

c5068e99 · docs: update changelogs and version history for v1.4.2 · Mar 29, 2026

Release: v1.4.2 — Desktop GUI Simple/Pro Mode, Modernized Security Defaults & Security Hardening
```
Release v1.4.2: Desktop GUI Simple/Pro mode & modernized STANDARD template
```
v1.4.1
protected

9d2f6208 · chore: bump version to 1.4.1 stable · Mar 22, 2026

Release: OpenSSL Encrypt v1.4.1
v1.4.1rc2
protected

b16085bc · chore: bump version to 1.4.1rc2 with nltk security update · Mar 22, 2026

Release: OpenSSL Encrypt v1.4.1rc2
v1.4.1rc1
protected

8e255e5e · chore: bump version to 1.4.1rc1 and update changelogs · Mar 21, 2026

Release: OpenSSL Encrypt v1.4.1rc1

v1.4.0

protected

768df5cd · docs: Update Flatpak HTML pages and metainfo for v1.4.0 stable release · Mar 03, 2026

Release: OpenSSL Encrypt v1.4.0 -- Stable Release

v1.4.0 - Stable Release

Comprehensive security hardening addressing 14 Dependabot advisories.
In-memory rekey: encrypt_file() accepts bytes input/output, plaintext never touches disk.
Forward-ported --rekey action. Flatpak backward-compatibility test infrastructure.
Production-ready and security-audited.

v1.4.0-rc.2
protected

ac895075 · chore: Bump version to 1.4.0rc2 for second release candidate · Mar 02, 2026
v1.4.0-rc.1
protected

c093616e · chore: Bump version to 1.4.0rc1 for first release candidate · Feb 26, 2026
```
v1.4.0 Release Candidate 1
```
v1.4.0.beta.11
protected

c1cbb364 · Merge branch 'feature/v1.4.x-development' into releases/1.4.x · Feb 10, 2026
v1.4.0.beta.10
protected

5836760a · Merge branch 'feature/v1.4.x-development' into releases/1.4.x · Feb 10, 2026
v1.3.6
protected

f69305ef · Merge branch 'feature/v1.3.x-development' into releases/1.3.x · Jan 11, 2026
```
Release v1.3.6: Independent XOR (v9) with parallel KDF and progress improvements
```

v1.4.0.beta.9

protected

77c5a98f · Merge branch 'feature/v1.4.x-development' into releases/1.4.x · Jan 09, 2026

Release v1.4.0.beta.9 - Test infrastructure improvements and cross-version compatibility

- Fixed 6 salt derivation test failures
- Completed Threefish-512/1024 cipher support
- Fixed BLAKE3 buffer sizing for backward compatibility
- Fixed metadata v7 schema compatibility with v1.3.4
- Resolved Scrypt bytearray conversion issues
- Enhanced debug logging for version-aware salt derivation
- Test suite: 1535 tests passing, 0 failures
- Format Version 9 security model validated across all KDF algorithms

v1.3.5

protected

570d1b10 · Merge feature/v1.3.x-development into releases/1.3.x · Jan 09, 2026

Release v1.3.5 - BLAKE3 Integration & Forward Compatibility

This release delivers critical bugfixes and forward compatibility with v1.4.x:

- Fixed BLAKE3 hash algorithm support with proper 32-byte key handling
- Implemented BLAKE3-aware buffer sizing (64-byte minimum) for deterministic KDF
- Enhanced BLAKE3 detection in both flat (v3) and nested (v4+) hash formats
- Zero-initialization for consistent keyed hashing
- No regression: BLAKE3 was not used in encryption before this bugfix

- Made 'mode' field optional in metadata v7 schema for v1.3.4 compatibility
- Fixed Scrypt bytearray to bytes conversion in salt derivation
- Resolved SecureBytes slice handling in XChaCha20 nonce operations

- Comprehensive build scripts for liboqs and liboqs-python dependencies
- scripts/build_local_deps.sh: Automated dependency building with version verification
- scripts/cleanup_liboqs.sh: Clean removal of locally built dependencies
- Environment variable support for custom installation paths

- Backported Flatpak build and publish jobs from v1.4.x
- Automated Flatpak packaging on release branches
- Separate clean build jobs for testing without cache
- Integration with Flatpak repository for distribution

- Enhanced BLAKE3 operation logging for troubleshooting

- Cross-version compatibility: Files encrypted with v1.3.5 are fully compatible with v1.4.x
- Maintains Format Version 7 secure chained salt derivation (from v1.3.4)

v1.3.5 includes the v1.3.4 critical security fix (CVSSv3 8.1 HIGH):
- Fixed predictable salt derivation vulnerability (CWE-330) in multi-round KDF
- Format Version 7 implements secure chained salt derivation

- Backward: Decrypts files from v1.3.0-1.3.4
- Forward: Compatible with v1.4.x releases
- Test suite: 960 tests passing, 0 failures

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

backup/pre-consolidation-1.3.4

9fbd0f43 · test: Increase timing variance threshold for constant_time_compare test · Jan 08, 2026
backup/pre-consolidation-1.4.0

8b29e356 · chore: Add Rust build artifacts to .gitignore · Jan 08, 2026
v1.4.0.beta.8
protected

8b29e356 · chore: Add Rust build artifacts to .gitignore · Jan 08, 2026

Release: Release v1.4.0.beta.8 - Critical Security Fix

v1.3.4

protected

1bb285c4 · security: Fix predictable salt derivation in multi-round KDF (CVSSv3 8.1) · Jan 07, 2026

Release: Release v1.3.4 - Critical Security Fix

Release v1.3.4 - Critical Security Fix

CVSSv3 8.1 (High): Fixed predictable salt derivation in multi-round KDF
CWE-330: Use of Insufficiently Random Values

This release implements Format Version 7 with secure chained salt derivation,
resolving a vulnerability where multi-round KDF operations used predictable
salts that could be precomputed from plaintext metadata.

Security Fix:
- Implemented secure chained salt derivation for all multi-round operations
- Each round now uses previous round output as salt (unpredictable chain)
- Affects: BLAKE2b, BLAKE3, SHAKE-256, Argon2, Scrypt, Balloon, PBKDF2, HKDF

Backward Compatibility:
- Full support for decrypting Format Versions 3-6
- Files encrypted with v1.3.4 require v1.3.4+ to decrypt

Additional Fixes:
- Fixed pytest-xdist enum serialization issues
- Updated keystore_wrapper.py for Format Version 7 support

Recommendation: Upgrade immediately and re-encrypt files with multi-round KDF.

All tests passing (960+)

v1.4.0.beta.7

protected

2a421b44 · Merge branch 'feature/v1.4.0-development' into releases/1.4.0 · Jan 06, 2026

Release v1.4.0.beta.7

Remote pepper plugin integration and integrity plugin improvements.

New Features:
- Remote pepper plugin with CLI and Flutter GUI support
- Auto-generate and named pepper modes
- Client-side AES-256-GCM pepper encryption with mTLS transport
- Combined HSM + remote pepper support

Bug Fixes:
- Fix integrity plugin 409 Conflict on re-encryption
- Fix pepper plugin auto-generate logic
- Fix YubiKey notification and integrity verification hang
- HSM plugin loading improvements

Testing:
- Added comprehensive unit tests for integrity plugin
- Verified pepper plugin encryption/decryption flow
- Tested combined pepper + integrity + HSM workflows

v1.4.0.beta.6

protected

5d230bb0 · Merge branch 'feature/v1.4.0-development' into releases/1.4.0 · Jan 05, 2026

Release version 1.4.0 beta 6

- Homepage URL now points to releases/1.4.0 branch
- All project URLs consistently reference releases/1.4.0 branch
- Ready for PyPI deployment with correct metadata

v1.4.0.beta.5

protected

01f0b03e · Merge branch 'feature/v1.4.0-development' into releases/1.4.0 · Jan 05, 2026

Release version 1.4.0 beta 5

- Updated project URLs to point to GitHub repository
- Documentation and Source Code links reference releases/1.4.0 branch
- PyPI package metadata improvements