Back

v1.3.x

v1.3.x

Released

Tag: web-v1.3.1 (includes v1.3.0)

Published: 2026-03-25

The 1.3 line combines feature expansion in v1.3.0 and authentication stabilization in v1.3.1. This release series has two priorities: add a structured admin promo-code operation flow with subscription entitlement foundations, and resolve legacy HS256 authentication regressions introduced after JWT hardening.

[v1.3.1 details] - Restored production authentication for legacy Supabase HS256 tokens without kid to resolve widespread 401 responses. - Replaced the unsafe claims-only fallback with explicit HS256 signature verification using SUPABASE_JWT_SECRET. - Added regression tests for HS256 success/failure and missing-secret rejection paths. [v1.3.0 details] - Added internal admin promo code issue/list/disable flows in the web app. - Added promo subscription entitlement schema and API contract test coverage. - Hardened Supabase JWT validation with JWKS signature verification, claim checks, and key/algorithm safeguards. - Improved dark-mode contrast in billing/help/admin promo surfaces. - Enforced consistent admin access checks across web route guards and API admin endpoints. - Resolved migration drift that caused UndefinedTableError on promo endpoints.

Highlights

  • Auth stabilization hotfix (v1.3.1)

    Recovered legacy HS256 compatibility and tightened signature verification to reduce production auth failures.

  • Admin promo operations (v1.3.0)

    Added in-product flows for issuing, listing, and disabling promo codes for internal operators.

  • JWT validation hardening

    Strengthened JWT trust boundaries with explicit signature/claim/key checks and regression coverage.

  • Operational consistency and UI polish

    Improved dark-mode readability, admin guard consistency, and migration discipline for runtime stability.