-
Simpl'Résultat v0.7.4
StableAll checks were successfulRelease / build-and-release (push) Successful in 26m7s
Ghost
released this
2026-04-14 15:24:40 +00:00 | 169 commits to main since this releaseChanged
- OAuth tokens are now stored in the OS keychain (Credential Manager on Windows, Secret Service on Linux) instead of a plaintext JSON file. Existing users are migrated transparently on the next sign-in refresh; the old file is zeroed and removed. A "tokens stored in plaintext fallback" banner appears in Settings if the keychain is unavailable (#66, #78, #79, #81)
- Cached account info is now HMAC-signed with a keychain-stored key: writing
subscription_statustoaccount.jsonmanually can no longer bypass the Premium gate (#80) - PIN hashing migrated from SHA-256 to Argon2id for brute-force resistance (CWE-916). Existing SHA-256 PINs are verified transparently and rehashed on next successful unlock; new PINs use Argon2id (#54)
Security
- Closed CWE-312 (cleartext storage of OAuth tokens), CWE-345 (missing integrity check on the subscription cache), and CWE-916 (weak PIN hashing). Legacy
tokens.jsonand legacy unsignedaccount.jsoncaches are rejected by the gating path until the next token refresh re-establishes a keychain-anchored trust (#66, #54)
Installation
Windows : Téléchargez le fichier
.execi-dessous.
Linux : Téléchargez le fichier.debou.AppImageci-dessous.Downloads
-
Source code (ZIP)
1 download
-
Source code (TAR.GZ)
1 download
-
Simpl Resultat-0.7.4-1.x86_64.rpm
4 downloads · 9.3 MiB
-
Simpl Resultat-0.7.4-1.x86_64.rpm.sig
4 downloads · 424 B
-
Simpl Resultat_0.7.4_amd64.deb
5 downloads · 9.3 MiB
-
Simpl Resultat_0.7.4_amd64.deb.sig
4 downloads · 420 B
-
Simpl Resultat_0.7.4_x64-setup.exe
3 downloads · 5.1 MiB
-
Simpl Resultat_0.7.4_x64-setup.exe.sig
4 downloads · 428 B
-
latest.json
1 download · 2.4 KiB