Changelog
Every release, on the record
The canonical version history lives in the GitHub releases page of the software repository. Every release carries release notes, a signed archive, and SHA-256 checksums.
How releases work
Wintertrace follows semantic versioning:
- Major — incompatible changes that may require a migration step. Announced ahead of time in the release notes.
- Minor — new features and improvements that do not break existing installations.
- Patch — bug fixes and security updates without behaviour changes.
Each release contains a release notes section with three categories — Added, Changed, and Fixed — and a highlighted block for security-relevant updates when applicable.
Update integrity
Every published release archive carries an Ed25519 signature verifiable against the root key embedded in the application. The built-in update flow refuses any package whose signature does not match.
SHA-256 checksums for each release archive are published alongside the release on GitHub so that operators who install manually can verify the download themselves.
The cryptographic primitives and the embedded root key are part of the open-source codebase. Anyone can audit them.
Security notices
Security-relevant releases are flagged in the changelog and in the in-app update notification. The repository's security policy describes how to report a vulnerability privately before it is published.
Security policy on GitHub →Why no inline release list on this page? Because the source of truth is the repository — duplicating it here would introduce drift. The link above always shows the current state.