Wintertrace On GitHub →

Feature · Auto-updates

Updates in the browser, verified end to end

Small operators rarely run shell commands. Wintertrace's update flow works from inside the admin area on shared hosting — and every release is cryptographically verified before it touches the application.

How an update runs

  1. 1

    Daily version check

    The application checks once per day for new releases. The check can be disabled in settings.

  2. 2

    Admin sees the notification

    New versions appear in the admin dashboard with version number and changelog.

  3. 3

    Admin decides

    Nothing installs automatically. The admin chooses if and when to apply the update.

  4. 4

    Click to install

    The update is downloaded, verified, and applied. The application enters maintenance mode briefly.

  5. 5

    Migrations run

    Any database schema changes are applied automatically as part of the install.

Cryptographic safeguards

Five layers of verification stand between a release and a running installation.

Ed25519 signature verification

Every update manifest is signed. A root verification key embedded in the application validates the signature on download.

Trust list with key rotation

The update server can rotate signing keys without a code update. Compromised keys can be revoked immediately.

SHA-256 checksums

The downloaded archive is byte-checked against the signed checksum before installation.

Rollback protection

A monotonically increasing version counter prevents older versions from being served as updates.

No path of tampering

Neither the transport layer nor the update server can inject a modified update as long as the embedded root key is safe.

Wintertrace admin update detail showing version, release date, an Ed25519 fingerprint, a Verified badge and a changelog excerpt.
Update detail with the Ed25519 fingerprint and a Verified badge before installation.

Why this matters for small operators

A small contractor with no IT department will not run an update that requires SSH access or manual FTP uploads. Updates that require effort do not happen — and skipped updates leave security holes open.

A browser-based update reduces the friction to a single click. It keeps installations current without forcing operators to learn an admin skill they would rather not learn.

Control retained

Convenience does not mean automation. The admin decides:

  • Updates never install automatically.
  • The daily version check can be disabled entirely.
  • If an install fails partway, the application stays in maintenance mode and the next attempt resumes safely.
See the changelog Back to features