Aquiis.SimpleStart v1.1.0

🔒 Aquiis SimpleStart v1.1.0 - Security & Schema Enhancement Release

Release Date: February 19, 2026
Previous Version: v1.0.1
Database Schema: v1.1.0 (requires automatic migration)

🎯 Release Highlights

This is a major security and schema release featuring enterprise-grade database encryption, sample data management, multi-tenant data integrity enhancements, and comprehensive Content Security Policy implementation. All features include automatic migration with zero manual intervention required.

---

🆕 What's New

🔒 Database Encryption at Rest

The flagship feature of v1.1.0 - Enterprise-grade database encryption using SQLCipher AES-256.

• User-controlled master password with 12+ character requirement
• PBKDF2 key derivation (100,000 iterations with SHA-256)
• OS keychain integration for password caching (Linux via libsecret)
• One-click enable/disable with automatic app restart
• Encrypted backups preserve encryption automatically
• Compliance ready: GDPR, CCPA, SOC 2 Type II, HIPAA-ready

Location: Application Settings → Database Management → Database Encryption

🏷️ Sample Data Management

New IsSampleData flag added to 30+ entity tables to distinguish real data from demo/sample data.

• Automatic flagging of system-created sample data
• Enables bulk operations targeting sample data only
• Data export/import can exclude sample data
• Supports clean testing and training scenarios

🛡️ Multi-Tenant Data Integrity

Fixed unique index constraints on Invoice and Payment tables:

• New composite indexes: (OrganizationId + Number)
• Prevents number conflicts across organizations
• Ensures data integrity in multi-tenant deployments

🔐 Content Security Policy (CSP)

Comprehensive security headers to protect against XSS, clickjacking, and MIME-sniffing attacks:

• Content-Security-Policy (Blazor-compatible)
• X-Content-Type-Options: nosniff
• X-Frame-Options: DENY
• X-XSS-Protection: 1; mode=block
• Referrer-Policy: strict-origin-when-cross-origin
• Permissions-Policy

Smart Detection: Automatically skipped in Electron mode, applied in web mode.

---

🔄 Breaking Changes & Automatic Migrations

Database Schema v1.1.0

New Tables:

• DatabaseSettings - Tracks encryption state and configuration

New Columns:

• IsSampleData (boolean) - Added to 30+ tables
• EncryptionSalt (nullable string) - Encryption support

Index Changes:

• Invoice/Payment indexes now composite: (OrganizationId + Number)

Migration: All schema changes applied automatically on first startup. No manual intervention required.

Database Location Change

Old: ~/.config/Electron/app_v1.0.0.db (or %APPDATA%\Electron\)
New: ~/.config/Aquiis/app_v1.1.0.db (or %APPDATA%\Aquiis\)

User Impact: None - migration happens automatically on first launch.

Application Naming Convention

Old: Aquiis-SimpleStart-1.0.0.AppImage
New: Aquiis-1.1.0-x86_64.AppImage

Cleaner naming convention that supports multiple products (SimpleStart, Professional).

---

🐛 Bug Fixes

• Electron Port Binding Issue: Fixed blank page with ERR_CONNECTION_REFUSED by removing conflicting Kestrel endpoints from appsettings.Production.json
• Database Path Inconsistency: Synchronized async/sync path resolution to consistently use "Aquiis" folder
• Startup Deadlock: Changed service registration to use synchronous path resolution

---

📦 Downloads

Linux:

• Aquiis-1.1.0-x86_64.AppImage - Universal Linux binary

Windows:

• Aquiis-1.1.0-x64-Setup.exe - NSIS installer
• Aquiis-1.1.0-x64-Portable.exe - Portable executable

Installation:

# Linux
wget https://github.com/xnodeoncode/Aquiis/releases/download/v1.1.0/Aquiis-1.1.0-x86_64.AppImage
chmod +x Aquiis-1.1.0-x86_64.AppImage
./Aquiis-1.1.0-x86_64.AppImage

---

🚀 Upgrade Instructions

For Existing Users

1. Download and install v1.1.0 from above links

2. Launch the application

3. Automatic migration happens on first launch:

   • Database schema upgraded from v1.0.0 to v1.1.0
   • Database file moved to new Aquiis folder
   • All backups migrated automatically
   • Complete in < 1 second

4. (Optional) Clean up old files:

   # After verifying migration success
   rm -rf ~/.config/Electron/

For New Users

No special steps - download, install, and run!

---

🧪 Testing Summary

All features tested and verified:

• ✅ Database encryption/decryption with password
• ✅ Keychain auto-unlock (Linux)
• ✅ Cross-computer database restore
• ✅ Schema migration v1.0.0 → v1.1.0
• ✅ Database location migration
• ✅ CSP headers in web mode
• ✅ Sample data flagging
• ✅ Composite unique indexes
• ✅ Zero-downtime migration

---

⚠️ Known Issues

Database Encryption:

• Windows/macOS keychain integration not yet implemented (Linux only)
• Users will see Database Unlock Password Prompt on startup (no auto-unlock)
• Workaround: Enter password once per session (cached for duration)
• Planned: Windows Credential Manager (v1.2.0), macOS Keychain (v1.2.0)

Note: This does not affect encryption security, only convenience.

---

📚 Documentation

• 📖 Full Release Notes
• 🚀 Quick Start Guide
• 💾 Database Management Guide
• 🔒 CSP Implementation Guide
• 🛡️ Security Enhancements

---

🔜 Coming in v1.2.0

Phase 2 Security Completion:

• Antiforgery tokens in all forms (CSRF protection)
• Rate limiting for login endpoints (brute-force prevention)
• Windows Credential Manager integration
• Code signing (Windows Authenticode)

---

💬 Support

Getting Help:

• 🐛 Report Issues
• 💡 Feature Requests
• 📧 Email: cisguru@outlook.com

Security Vulnerabilities:
Please report privately to: cisguru@outlook.com

---

🙏 Thank You

Thank you to all users who provided feedback on v1.0.1. Your input directly shaped the security enhancements in this release.

⭐ Star this repository if you find Aquiis helpful!

---

Full Changelog: v1.0.1...v1.1.0

Copyright © 2026 CIS Guru. Licensed under the MIT License.