Server releases

Published hush-server releases, newest first: the component self-hosters run. Each entry lists the user-facing highlights, whether a database migration is required, the minimum client version the server will talk to, and a link to the signed-image verification steps. Releases marked BREAKING require updating clients before upgrading the server.

Looking for the desktop app instead? Download it from the desktop releases.

v0.2.0May 30, 2026

Boot-time DB schema compatibility gate: the server refuses to start if the live database has been migrated past the binary's schema version, turning a silent-corruption rollback into a fail-safe stop.
Browser invite landing pages at `/invite/<code>` and `/join/<host>/<code>`, so opening an invite link in a browser shows join instructions instead of a raw reverse-proxy fallback.
Documented upgrade path plus release and versioning policy (`docs/release-policy.md`).

Migration: No. Schema version unchanged at 37 (this release adds no migration). The new guardrail is a no-op on the v0.1.0 to v0.2.0 upgrade and protects future rollbacks.
Min client: 0.0.0

Full notes and verification

v0.1.0May 30, 2026

First signed, multi-arch (linux/amd64 + linux/arm64) container release. Every image is cosign-signed and ships an SPDX SBOM attestation.
Self-host overlay: `docker-compose.selfhost.yml`, `setup.sh --from-image vX.Y.Z`, and `scripts/verify-release.sh`.
Backend hardening: MLS X-Wing ciphersuite enforcement, audience-bound auth challenges, unsafe attachment MIME rejection, first-class RTC signaling domain, instance attachment quotas, voice presence snapshot, S3 path-style presigned URLs.
Dependency bumps clearing flagged HIGH/CRITICAL CVEs (pgx, go-jose, otel, grpc; alpine base 3.21).

Migration: No. First published release. Fresh installs initialize at schema version 37.
Min client: 0.0.0

Full notes and verification