@@ -83,68 +83,66 @@ jobs:
8383 tag_name : v${{ steps.version.outputs.VERSION }}
8484 name : Seal Plus v${{ steps.version.outputs.VERSION }}
8585 body : |
86- ## ✨ Seal Plus v2.5 .0 - Hidden Content, Download Engine Reliability & Performance
86+ ## ✨ Seal Plus v2.6 .0 - Security Hardening, 20 Stability Fixes & Material3 Stable
8787
8888 ---
8989
90- ### 🔒 Hidden Content & Privacy
90+ ### 🔒 Security Hardening
9191
92- * **Hidden Content Management System**
93- + New **Hidden Content** page in the navigation drawer
94- + Mark videos as hidden — relocated to a private isolated directory
95- + Access requires PIN or biometric authentication
96- + Optimistic UI — card vanishes instantly before the database write completes
92+ * **PBKDF2 PIN Hashing**
93+ + PIN-based App Lock now uses PBKDF2WithHmacSHA256 with 16-byte salt and 200,000 iterations
94+ + Existing PINs are automatically migrated on next unlock
9795
98- ### 🎨 Format Selection UI Overhaul
96+ * **Removed Overly Broad Storage Permission**
97+ + `MANAGE_EXTERNAL_STORAGE` removed — no more "All Files Access" required
9998
100- * **Redesigned Format Cards **
101- + File size and bitrate shown in dedicated sections on every card
99+ * **ADB Backup Protection **
100+ + MMKV preferences (PIN hash, settings) excluded from ADB backups via `backup_rules.xml`
102101
103- * **List View for Format Cards **
104- + New list-style layout option — toggle in Settings → SealPlus Extras
102+ * **NotificationActionReceiver Secured **
103+ + `exported=false` set in manifest — blocks fake notification intent injection
105104
106- * **Merge Audio Stream Option **
107- + New toggle to merge a separate audio stream into the selected video format
105+ * **MITM Prevention on Proxy **
106+ + `--no-check-certificate` disabled when proxy is active
108107
109- * **Removed Suggested Section **
110- + Cleaner format selection page without the "Suggested" section
108+ * **Proxy Security Warning Dialog **
109+ + Warning shown before enabling free proxy mode
111110
112- * **Download Dialog Loading State**
113- + Loading screen now shows a thumbnail alongside the progress indicator
111+ ### 🛡️ Brute-Force Protection
114112
115- ### ⬇️ Download Engine Reliability
113+ * **30-Second Lockout on App Lock**
114+ + Animated 30-second countdown after 5 failed PIN attempts
116115
117- * **Auto-Retry on Network Error**
118- + Up to **3 automatic retries** with 5-second backoff — shows `Retrying (1/3)...`
116+ ### 🐛 Stability & Correctness (20 Fixes)
119117
120- * **Resume Partial Downloads**
121- + `--continue` always passed to yt-dlp — never restart an interrupted download from scratch
118+ * Context leak fixed — Activity context no longer overwrites App.context
119+ * All `runBlocking` calls replaced with `lifecycleScope.launch(IO)` (prevents ANRs)
120+ * OkHttp timeouts added to UpdateUtil; singletons shared across 4 utilities
121+ * SQLiteDatabase and Cursor properly closed with `.use{}` on all paths
122+ * `ConcurrentHashMap` used for download maps — race conditions fixed
123+ * 5-minute deadline added to `addToDownloadQueue` — prevents coroutine leaks
124+ * `av01` removed from unsupported codec blacklist — AV1 downloads work again
125+ * `filterValidFormats` parallelized with `async/awaitAll` — faster format page
126+ * `makeKey()` uses null-char delimiter — hash collision fixed
127+ * Error notifications use `throwable.message` instead of full stack trace
128+ * And 10 more fixes in DatabaseUtil, DownloadUtil, HomePageViewModel, CookiesViewModel, FileUtil
122129
123- * **WiFi-Only Mode Fully Enforced**
124- + Network restriction enforced inside the engine, queued tasks auto-resume on reconnect
130+ ### 🎨 Material3 1.3.1 Stable Migration
125131
126- * **Fixed Task ID Collision**
127- + Downloading the same URL twice no longer silently overwrites the first task
132+ * **Upgraded from alpha to stable Compose BOM**
133+ + `SheetState`, `TooltipDefaults`, `ExposedDropdownMenu` APIs updated across 7 files
134+ * `OkHttp`: `5.0.0-alpha.14` → `4.12.0` (stable)
135+ * `biometric` upgraded to `1.2.0-alpha05` for better OEM compatibility
128136
129- ### 📊 Download Progress UI
137+ ### 🏠 Home Page Sync Fix
130138
131- * **Active Download List Sorting** — stable order: Running → ReadyWithInfo → Idle → Paused → Canceled/Error → Completed
132- * **Speed & ETA on Home Cards** — live `2.50 MiB/s • ETA 00:03`
133- * **Merging Phase Detection** — cards show **"Merging..."** during post-processing
134- * **Fixed -1% / 0% Progress Bug** — smooth indeterminate animation before yt-dlp reports progress
139+ * Deletions on VideoList page now reflect in Recent Downloads **immediately** — no restart needed
140+ * File existence re-checked on every `ON_RESUME` — deleted files gray out instantly
135141
136- ### 🗂️ Other Fixes & Improvements
142+ ### 🌐 Sponsor Data Refactor
137143
138- * **Missing File Detection** — grayed-out cards for deleted/moved files
139- * **Reduced CPU & Storage Writes** — near-zero overhead during active downloads
140- * **SSL Certificate Bypass** — ignore SSL certs for filtered networks (Netfree etc.) — thanks to @613avi
141- * **Code Cleanup** — removed unused imports across 24 source files (89 lines)
142-
143- ### 🌍 Translations
144-
145- * **61 Languages Updated** — new merge-hint strings across all supported locales
146- * **Complete Hebrew Translation** — thanks to @613avi
147- * **Improved Turkish Translation** — thanks to @mikropsoft
144+ * Richer sponsor profiles with `SocialAccount`, `SponsorEntity`, `Tier` data classes
145+ * Thread-safe `@Volatile` + synchronized double-checked locking cache
148146
149147 ---
150148
@@ -157,19 +155,16 @@ jobs:
157155 - **x86_64**: For 64-bit x86 devices
158156 - **x86**: For 32-bit x86 devices
159157
160- ### ✨ Key Features (v2.5)
161- - 🔒 **Hidden Content System** - Biometric vault with file relocation & optimistic UI
162- - 🎨 **List View & Redesigned Format Cards** - File size, bitrate, codec info at a glance
163- - 🔀 **Merge Audio Stream Option** - Combine separate audio into video
164- - 📋 **Active Download Sorting** - Stable order: Running → Queued → Paused → Done
165- - 🔄 **Auto-Retry on Network Error** - Up to 3 retries with 5s backoff
166- - ▶️ **Resume Partial Downloads** - Continue from where you left off
167- - 📶 **WiFi-Only Fully Enforced** - Engine-side, auto-resumes on reconnect
168- - 📊 **Speed & ETA on Home Cards** - Live download speed and time remaining
169- - 🔀 **Merging Phase Indicator** - "Merging..." shown during post-processing
170- - 🖼️ **Missing File Detection** - Grayed-out cards for deleted/moved files
171- - ⚡ **CPU & Storage Optimized** - Near-zero overhead during downloads
172- - 🌍 **61 Languages Updated** - New strings across all locales
158+ ### ✨ Key Features (v2.6)
159+ - 🔒 **PBKDF2 PIN Hashing** - Industry-standard 200K-iteration secure PIN with salt
160+ - 🛡️ **30-Second Brute-Force Lockout** - Countdown after 5 failed PIN attempts
161+ - 🔐 **Removed MANAGE_EXTERNAL_STORAGE** - No overbroad permission required
162+ - 💾 **ADB Backup Protection** - Sensitive MMKV data excluded from backups
163+ - 🚫 **MITM Prevention** - SSL check re-enabled when proxy is active
164+ - 🧹 **20 Stability Fixes** - Context leak, runBlocking, timeouts, race conditions & more
165+ - 🎨 **Material3 1.3.1 Stable** - Migrated from alpha BOM, OkHttp stable 4.12.0
166+ - 🏠 **Instant Home Sync** - Recent Downloads updated instantly on deletion or file removal
167+ - 🌐 **Richer Sponsor Profiles** - Thread-safe cache with structured data
173168 - ⏯️ **Pause/Resume downloads** with queue support
174169 - 🌐 Download from 1000+ sites via yt-dlp
175170
@@ -210,49 +205,49 @@ jobs:
210205 MESSAGE+="📱 <b>App Name:</b> Seal Plus\n\n"
211206 MESSAGE+="🏷️ <b>Version:</b> v${{ steps.version.outputs.VERSION }}\n\n"
212207 MESSAGE+="━━━━━━━━━━━━━━━━━━━━━━━\n\n"
213- MESSAGE+="📋 <b>Changelog (v2.5):</b>\n\n"
214- MESSAGE+="<b>🔒 Hidden Content & Privacy</b>\n"
215- MESSAGE+=" ➤ New Hidden Content page — private biometric-protected vault\n"
216- MESSAGE+=" ➤ Hidden files relocated to isolated directory, invisible to file manager\n"
217- MESSAGE+=" ➤ Optimistic UI — card vanishes instantly before DB write completes\n\n"
218- MESSAGE+="<b>🎨 Format Selection UI Overhaul</b>\n"
219- MESSAGE+=" ➤ Redesigned Format Cards with file size and bitrate displayed\n"
220- MESSAGE+=" ➤ New List View option for format cards (toggle in SealPlus Extras)\n"
221- MESSAGE+=" ➤ New Merge Audio Stream toggle on the Format Page\n"
222- MESSAGE+=" ➤ Removed Suggested section for a cleaner layout\n"
223- MESSAGE+=" ➤ Download dialog shows thumbnail while fetching info\n\n"
224- MESSAGE+="<b>⬇️ Download Engine Reliability</b>\n"
225- MESSAGE+=" ➤ Auto-Retry on network error — up to 3 retries with 5s backoff\n"
226- MESSAGE+=" ➤ Resume partial downloads — --continue always passed to yt-dlp\n"
227- MESSAGE+=" ➤ WiFi-Only mode enforced inside the engine, auto-resumes on reconnect\n"
228- MESSAGE+=" ➤ Fixed task ID collision for duplicate URL downloads\n\n"
229- MESSAGE+="<b>📊 Download Progress UI</b>\n"
230- MESSAGE+=" ➤ Active download sorting: Running → ReadyWithInfo → Idle → Paused → Done\n"
231- MESSAGE+=" ➤ Speed & ETA shown on home cards: 2.50 MiB/s • ETA 00:03\n"
232- MESSAGE+=" ➤ Cards correctly show Merging... during post-processing\n"
233- MESSAGE+=" ➤ Fixed -1% / 0% progress bug with smooth indeterminate animation\n\n"
234- MESSAGE+="<b>⚡ Performance & Fixes</b>\n"
235- MESSAGE+=" ➤ Missing file detection — grayed-out cards for deleted/moved files\n"
236- MESSAGE+=" ➤ CPU & storage writes reduced to near zero during downloads\n"
237- MESSAGE+=" ➤ SSL certificate bypass for filtered networks (Netfree etc.)\n"
238- MESSAGE+=" ➤ Removed & cleaned up unused imports across 24 source files\n\n"
239- MESSAGE+="<b>🌍 Translations</b>\n"
240- MESSAGE+=" ➤ 61 languages updated with new merge-hint strings\n"
241- MESSAGE+=" ➤ Complete Hebrew translation — thanks to @613avi\n"
242- MESSAGE+=" ➤ Improved Turkish translation — thanks to @mikropsoft\n\n"
208+ MESSAGE+="📋 <b>Changelog (v2.6):</b>\n\n"
209+ MESSAGE+="<b>🔒 Security Hardening</b>\n"
210+ MESSAGE+=" ➤ PBKDF2WithHmacSHA256 PIN hashing — 200K iterations, 16-byte salt\n"
211+ MESSAGE+=" ➤ MANAGE_EXTERNAL_STORAGE removed — no overbroad permission required\n"
212+ MESSAGE+=" ➤ ADB backup protection — MMKV excluded via backup_rules.xml\n"
213+ MESSAGE+=" ➤ NotificationActionReceiver exported=false — blocks fake intents\n"
214+ MESSAGE+=" ➤ MITM prevention — SSL check re-enabled when proxy is active\n"
215+ MESSAGE+=" ➤ Proxy security warning dialog before enabling free proxy\n\n"
216+ MESSAGE+="<b>🛡️ Brute-Force Protection</b>\n"
217+ MESSAGE+=" ➤ 30-second animated countdown lockout after 5 failed PIN attempts\n\n"
218+ MESSAGE+="<b>🐛 Stability & Correctness (20 Fixes)</b>\n"
219+ MESSAGE+=" ➤ Activity context leak fixed in MainActivity\n"
220+ MESSAGE+=" ➤ All runBlocking calls replaced with lifecycleScope.launch(IO)\n"
221+ MESSAGE+=" ➤ OkHttp timeouts added; singletons shared across 4 utilities\n"
222+ MESSAGE+=" ➤ SQLiteDatabase/Cursor closed with .use{} on all paths\n"
223+ MESSAGE+=" ➤ ConcurrentHashMap for download maps — race conditions fixed\n"
224+ MESSAGE+=" ➤ av01 removed from unsupported codec blacklist — AV1 works again\n"
225+ MESSAGE+=" ➤ filterValidFormats parallelized — faster format page loading\n"
226+ MESSAGE+=" ➤ Hash collision in makeKey() fixed with null-char delimiter\n"
227+ MESSAGE+=" ➤ Error notifications use throwable.message (not full stack trace)\n"
228+ MESSAGE+=" ➤ 11 more fixes in DatabaseUtil, DownloadUtil, FileUtil, and more\n\n"
229+ MESSAGE+="<b>🎨 Material3 1.3.1 Stable Migration</b>\n"
230+ MESSAGE+=" ➤ Upgraded from alpha to stable Compose BOM\n"
231+ MESSAGE+=" ➤ SheetState, TooltipDefaults, ExposedDropdownMenu APIs updated\n"
232+ MESSAGE+=" ➤ OkHttp 5.0.0-alpha.14 → 4.12.0 stable\n"
233+ MESSAGE+=" ➤ biometric upgraded to 1.2.0-alpha05 for OEM compatibility\n\n"
234+ MESSAGE+="<b>🏠 Home Page Sync Fix</b>\n"
235+ MESSAGE+=" ➤ Deletions reflected in Recent Downloads instantly — no restart needed\n"
236+ MESSAGE+=" ➤ File existence re-checked on ON_RESUME — deleted files gray out live\n\n"
237+ MESSAGE+="<b>🌐 Sponsor Data Refactor</b>\n"
238+ MESSAGE+=" ➤ SocialAccount, SponsorEntity, Tier data classes for richer profiles\n"
239+ MESSAGE+=" ➤ Thread-safe @Volatile + synchronized double-checked locking cache\n\n"
243240 MESSAGE+="━━━━━━━━━━━━━━━━━━━━━━━\n\n"
244- MESSAGE+="✨ <b>Key Features (v2.5):</b>\n"
245- MESSAGE+="🔒 Hidden Content System — biometric vault with file relocation\n"
246- MESSAGE+="🎨 List View & Redesigned Format Cards — size & bitrate at a glance\n"
247- MESSAGE+="🔀 Merge Audio Stream Option\n"
248- MESSAGE+="📋 Active Download Sorting — stable, priority-based order\n"
249- MESSAGE+="🔄 Auto-Retry — 3 retries with 5s backoff\n"
250- MESSAGE+="▶️ Resume Partial Downloads\n"
251- MESSAGE+="📶 WiFi-Only fully engine-enforced\n"
252- MESSAGE+="📊 Speed & ETA on home cards\n"
253- MESSAGE+="🖼️ Missing file detection\n"
254- MESSAGE+="⚡ CPU & storage optimized\n"
255- MESSAGE+="🌍 61 languages updated\n"
241+ MESSAGE+="✨ <b>Key Features (v2.6):</b>\n"
242+ MESSAGE+="🔒 PBKDF2 PIN Hashing — 200K-iteration secure PIN with salt\n"
243+ MESSAGE+="🛡️ 30-Second Brute-Force Lockout — countdown after 5 failed attempts\n"
244+ MESSAGE+="🔐 Removed MANAGE_EXTERNAL_STORAGE — no overbroad permission\n"
245+ MESSAGE+="💾 ADB Backup Protection — MMKV sensitive data excluded\n"
246+ MESSAGE+="🚫 MITM Prevention — SSL check re-enabled when proxy active\n"
247+ MESSAGE+="🧹 20 Stability Fixes — context leak, runBlocking, timeouts, races\n"
248+ MESSAGE+="🎨 Material3 1.3.1 Stable — from alpha BOM, OkHttp 4.12.0 stable\n"
249+ MESSAGE+="🏠 Instant Home Sync — Recent Downloads updated on deletion live\n"
250+ MESSAGE+="🌐 Richer Sponsor Profiles — thread-safe structured data\n"
256251 MESSAGE+="⏯️ Pause/Resume with queue\n"
257252 MESSAGE+="🌐 1000+ sites via yt-dlp\n\n"
258253 MESSAGE+="━━━━━━━━━━━━━━━━━━━━━━━\n\n"
@@ -265,7 +260,7 @@ jobs:
265260 MESSAGE+="🔗 <b>Download Now:</b>\n"
266261 MESSAGE+="<a href=\"${RELEASE_URL}\">Click here to download v${{ steps.version.outputs.VERSION }}</a>\n\n"
267262 MESSAGE+="━━━━━━━━━━━━━━━━━━━━━━━\n\n"
268- MESSAGE+="💡 <b>Note:</b> v2.5 brings a biometric-protected hidden content vault with optimistic UI, list view for format cards, active download sorting, auto-retry on network errors, yt-dlp resume support, WiFi-only fully enforced engine-side, live speed/ETA on cards, redesigned format cards with merge audio option, removed Suggested section , and near-zero CPU/storage overhead during downloads .\n\n"
263+ MESSAGE+="💡 <b>Note:</b> v2.6 is a major security and stability release — PBKDF2 PIN hashing, MANAGE_EXTERNAL_STORAGE removed, ADB backup protection, 30-second brute-force lockout, 20 stability/correctness fixes, Material3 1.3.1 stable migration (OkHttp 4.12.0 stable), instant Recent Downloads sync , and richer sponsor profiles with thread-safe cache .\n\n"
269264 MESSAGE+="🕐 <i>Released: $(date '+%B %d, %Y at %H:%M UTC')</i>"
270265
271266 # URL encode the message to avoid HTML parsing issues
0 commit comments