@@ -5,6 +5,35 @@ All notable changes to CodeHero will be documented in this file.
55The format is based on [ Keep a Changelog] ( https://keepachangelog.com/en/1.0.0/ ) ,
66and this project adheres to [ Semantic Versioning] ( https://semver.org/spec/v2.0.0.html ) .
77
8+ ## [ 2.83.1] - 2026-01-25
9+
10+ ### Security
11+ - ** Fixed Cookie Injection** - Sanitized project folder names in cookie names/paths
12+ - ** Fixed Path Injection** - Added extra validation for context type in file paths
13+
14+ ### Improved
15+ - ** Global Context v4.0** - Enhanced AI development guidelines
16+ - Mandatory 7-step workflow for all tasks
17+ - Verification Protocol with syntax check, log check, and visual verification
18+ - Multi-platform visual verification (Playwright for web, ADB for Android, simctl for iOS, etc.)
19+ - Stricter code quality rules (no minified code, no CDN, relative paths only)
20+ - Mandatory project documentation (technologies.md, map.md)
21+
22+ - ** Persistent Project Auth Secret** - Session cookies now last full 7 days
23+ - Secret stored in ` /opt/codehero/data/project_auth_secret `
24+ - Survives server restarts (previously regenerated on each restart)
25+
26+ - ** CORS Headers for Static Files** - Fixed cross-origin resource loading
27+ - Added ` Access-Control-Allow-Origin: * ` to static file responses
28+ - Added ` Cross-Origin-Resource-Policy: cross-origin `
29+ - Added ` Cross-Origin-Embedder-Policy: unsafe-none `
30+ - Fixes ORB/CORS errors when accessing projects from different origins
31+
32+ - ** Update Flow Improvements** - Better handling of server restart
33+ - Increased wait time before checking server (2s → 5s)
34+ - Added 5-second wait for services after server responds
35+ - Better feedback during restart ("Waiting for services...")
36+
837## [ 2.83.0] - 2026-01-24
938
1039### Added
0 commit comments