Releases

Chatalot follows semantic versioning, with three release channels. Every release is signed with cosign and the signing model is documented on the Security page.

Latest stable

v0.25.18 — current (2026-05-26, forward-secrecy hardening)

Foundations for AI assistants in encrypted channels. A bot can now authenticate over the live messaging connection and register its own encryption keys, so an external AI assistant can take part in end-to-end-encrypted channels as a real member — the server never holds a bot’s private keys. Also hardens forward secrecy: removing a key-holding bot from a community now rotates the channel keys.

Full release notes →

v0.25.17 (2026-05-25)

Scheduled & recurring channel meetings. Schedule one-off or recurring meetings on a channel, with RSVP, reminders before start, one-click join into the channel call, a shareable link, and calendar (.ics) export for Google / Outlook / Apple. Plus: instance admins can add a bot account to a community from the admin panel.

Full release notes →

v0.25.9 (2026-04-26, security)

Community assets + emojis are now authenticated. Closes the workspace-branding leak — community icons, group banners, voice-call backgrounds, and custom emojis no longer load for non-members. Service worker handles auth header injection transparently for <img>-driven loads.

Full release notes →

v0.25.8 (2026-04-26)

Feedback redesign — local-first, Forgejo fan-out. The in-app feedback dialog now writes to a local feedback_submissions table on the chatalot instance itself. External mirroring (Forgejo Issues, GitHub Issues) is opt-in and fire-and-forget. New admin "Feedback" tab for triage. Closes the cross-tenant risk where managed-customer feedback was posted to a vendor GitHub repo.

Full release notes →

v0.25.7 (2026-04-26, security)

Workspace-isolation polish. Three forward-secrecy fixes (WS subscription drain on kick/leave/ban, sender-key rotation on community ban, sender-key rotation on voluntary channel leave), plus discoverable=false as the default for new workspaces and pre-assignable roles on community invites. Closes the “kick is incomplete” thread the v0.25.6 sender-key fix opened.

Full release notes →

v0.25.6 (2026-04-26, security)

Critical forward-secrecy fix in the community-level kick / leave flow — the channel-kick path correctly rotated sender keys on member removal but the community-kick path skipped the rotation. Strongly recommended for any deployment running multiple workspaces in a single chatalot instance.

Full release notes →

v0.25.5 (2026-04-26)

Admin Updates UI hardening: Test connection button (server-to-updater HMAC roundtrip self-test), apply state restoration on tab navigation (progress panel survives nav away and back), and OIDC admin auto-promote on ADMIN_USERNAME match (removes the dual-account dance for SSO-only deployments).

Full release notes →

v0.25.4 (2026-04-26)

Admin Updates UI: image digest visible in both Running and Latest cards, and prominent banners for breaking_changes and security_advisory flags hoisted above the version display so they can't be missed.

Full release notes →

v0.25.3 (2026-04-26)

Admin Updates UI: humanized apply progress states. The progress panel now shows a friendly label, one-line description, and a phase tag (Pre-flight / Active swap / Verifying / Rollback) per state instead of raw JSON.

Full release notes →

v0.25.2 (2026-04-26)

Admin Updates UI polish:

Stylized apply confirmation dialog — replaces the browser-default confirm() with a Chatalot-themed modal showing current and target versions explicitly.
Clearer post-apply success state — the panel now shows the new version, explains that the browser still runs the previous build's JavaScript, and offers a one-click Reload button.

Full release notes →

v0.25.1 (2026-04-26)

Two customer-blocking bug fixes in the managed-update pipeline itself, surfaced by the first real apply test on v0.25.0:

Admin Updates UI no longer hangs. The chatalot-server /v1/apply/:id deserializer now matches the chatalot-updater's actual wire format, so the progress panel advances through apply states in real time.
First apply no longer fails on snapshot. The chatalot-updater image now self-heals the chatalot_backups volume ownership at startup.

Full release notes →

v0.25.0 (2026-04-25)

Closes the X3DH AD-binding gap in the Double Ratchet AAD plus a batch of pre-public-launch audit closures. Wire-format change auto-handled via TOFU re-handshake on next DM message.

Full release notes →

Channels

Channel	Audience	Update cadence
`stable`	Production deployments, default for managed customers	Every few weeks, only after canary and beta have soaked
`beta`	Early-adopter self-hosters, opt-in managed customers	Roughly weekly
`canary`	Maintainer dogfooding, feature previews	Continuous

Managed-tier customers default to stable and can opt their instance into beta for early access to specific features.

Release manifests

Every release publishes a manifest at:

https://updates.seglamater.app/chatalot/channels/<channel>/latest.json

Replace <channel> with stable, beta, or canary. The manifest is the single source of truth the in-app updater reads from. It contains the version, cosign signature, container digests, and migration set for the release.

For managed customers, per-instance manifests are namespaced under the same origin and are only reachable from the instance that owns them.

Verifying a release manually

Self-host operators who want to verify signatures by hand can do so with the cosign CLI and the published public key:

cosign verify-blob \
  --key https://updates.seglamater.app/.well-known/keys/chatalot.pub \
  --signature release.sig \
  release.tar.gz

The pinned public key fingerprint and rotation policy live on the Security page.

Older releases

Per-version pages will be added as we publish full release notes. Until then, the repository changelog is the source of truth for the version history: seglamater/chatalot/CHANGELOG.md.