Constella v1.2.6 -- Polaris

Constella v1.2.6 -- Polaris是一次以安全加固为主的维护版本更新，重点解决了后端 JWT 密钥安全隐患，同时继续修复已知问题并提升整体稳定性。

咱更新了啥

安全加固：解决 JWT 密钥硬编码问题，改为优先读取环境变量，缺失时自动生成随机密钥（Node.js 的加密安全随机源：具体实现是 crypto.randomBytes(48)再转成十六进制字符串）并持久化到用户配置文件，避免令牌伪造风险。
优化配置加载优先级，确保环境变量能够正确覆盖配置文件值。
完善打包分发版本的密钥管理流程，普通用户无需手动配置，首次启动时自动处理。
继续修复若干已知问题，增强整体稳定性与可靠性。

兼容性与运行要求

本次为维护版本更新，不涉及破坏性 API 变更。
既有项目与房间数据可正常沿用。
推荐所有用户升级以获得安全增强。

升级说明

后端 JWT 密钥管理与安全加固涉及：
- server/src/config/index.ts
- server/README.md
前端配置文档更新涉及：
- web/README.md
- web/README-en.md

已知说明

Markdown 中对于 Mermaid 图表的渲染仍旧存在瑕疵：
- 滚动时可能出现闪回
- 个别情况下可能渲染失败，退出节点后重新进入可恢复
- 深色模式适配仍需进一步优化
不同屏幕尺寸分辨率适配有问题

版本号

Frontend / Electron：v1.2.6
Backend：v1.2.6

Constella v1.2.6 -- Polaris is a maintenance release focused on security hardening. It addresses JWT secret handling vulnerabilities in the backend and continues to fix known issues while improving overall stability.

What's changed

Security hardening: Resolved JWT secret hardcoding issue. The backend now prioritizes environment variables for JWT secrets; if not provided, a random secret is automatically generated and persisted to the user's local config file on first startup, preventing token forgery risks.
Optimized config loading priority to ensure environment variables correctly override file-based values.
Improved the JWT secret management workflow for packaged distributions, so end users don't need manual configuration—it's handled automatically on first startup.
Continued to fix known issues and improve overall stability and reliability.

Compatibility & Runtime Requirements

This is a maintenance release and introduces no breaking API changes.
Existing projects and room data remain compatible.
All users are recommended to upgrade for enhanced security.

Upgrade Notes

Backend JWT secret management and security hardening involve:
- server/src/config/index.ts
- server/README.md
Frontend configuration documentation updates involve:
- web/README.md
- web/README-en.md

Known Notes

Mermaid rendering in Markdown still has known issues:
- Scroll flashing / flicker
- Occasional render failures; leaving and re-entering the node resolves it
- Dark mode adaptation still needs improvement
There are issues with adapting to different screen sizes and resolutions.

Version

Frontend / Electron: v1.2.6
Backend: v1.2.6

Provide feedback

Saved searches

Use saved searches to filter your results more quickly