You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+22Lines changed: 22 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,27 @@
1
1
# Changelog
2
2
3
+
## Changes 03/15/2026 (v3.9.3)
4
+
5
+
`release(v3.9.3): legacy fallback worker-env fix after persistent-token key rotation`
6
+
7
+
**Commit message**
8
+
9
+
```text
10
+
release(v3.9.3): legacy fallback worker-env fix after persistent-token key rotation
11
+
12
+
- crypto(startup): stop exporting the legacy fallback key as a process-wide env value on compatibility-path installs
13
+
- crypto(resolve): prefer the persisted key file over legacy_default source hints once a rotation has written metadata/persistent_tokens.key
14
+
- admin(ui): eliminate post-rotation getConfig/siteConfig failures caused by workers still decrypting with the inherited legacy fallback
15
+
```
16
+
17
+
**Fixed**
18
+
19
+
-**Post-rotation request consistency**
20
+
- Fixed a case where some Apache workers could keep using the legacy fallback persistent-token key immediately after an in-app rotation, causing transient `getConfig.php` / `siteConfig.php``500` responses until a refresh or restart.
21
+
- Compatibility-path installs no longer export the legacy fallback key as a worker-wide env value, and the key resolver now prefers the persisted key file once rotation has written `metadata/persistent_tokens.key`.
22
+
23
+
---
24
+
3
25
## Changes 03/15/2026 (v3.9.2)
4
26
5
27
`release(v3.9.2): admin config decrypt retry after persistent-token key transitions`
0 commit comments