Changelog

Stay up to date with all Zunario updates and improvements

v1.1.3 Latest 2026-05-05

Bug Fixes

  • Auto-update finally works on Windows. Until now every download failed silently with "New version is not signed by the application owner: publisherNames: Zunario" because electron-updater verifies the publisher signature of the downloaded installer, and Zunario builds aren't code-signed yet. We now explicitly skip the publisher check on Windows (autoUpdater.verifyUpdateCodeSignature = () => null). SHA512 in latest.yml is still verified end-to-end and the channel is HTTPS, so a tampered installer still gets rejected — only the missing-cert false positive is gone.
  • This is the last manual install you will need. From 1.1.3 onwards, in-app updates are expected to apply themselves. The proper long-term fix (an actual code-signing certificate) is still tracked in PHASE-A-CHECKLIST.md.
v1.1.2 2026-05-05

Bug Fixes

  • Sidebar version footer was a hardcoded "Zunario v1.0.0" string for every release. It now reads the real app.getVersion() via the update:getVersion IPC bridge and shows the actual installed version. (This is also why earlier auto-updates *looked* like they hadn't taken effect — they had, but the UI lied.)

New Features

  • Real app icon. build/icon.ico (multi-size 16 / 24 / 32 / 48 / 64 / 128 / 256) is now bundled with the NSIS installer and used as the window / taskbar / shortcut icon. Previously the default Electron diamond was shown.
  • build/icon.png (1024 px) for marketing / store fallbacks, plus a 32 px tray version.
  • public/zunario-logo.svg and zunario-webseite/website/images/zunario-logo.svg — vector source so the brand mark stays consistent between app and website.

Improvements

  • electron-builder.json win + nsis sections now reference build/icon.ico explicitly (was relying on the default lookup which failed silently in the previous builds, leaving installers without a custom icon).
v1.1.1 2026-05-05

New Features

  • Persistent log file at %APPDATA%/zunario/logs/main.log (Win) / ~/Library/Logs/zunario/main.log (mac), with 5 MB rotation. electron-updater events now flow into this log so failed updates can be diagnosed.
  • Global hotkey Ctrl+Shift+L opens the logs folder directly from the running app.
  • Manual update-check IPC (update:checkManual) returns { ok, currentVersion, latestVersion, error } so the UI can show the actual reason when a check fails (instead of silent no-op).
  • "Logs anzeigen" button surfaces in the update banner whenever an update error occurs, opening the logs folder for support.

Bug Fixes

  • Auto-update from 1.0.x to 1.1.0 silently did nothing for some users. Root cause was the missing logger configuration on electron-updater — errors (e.g. publisher-name mismatches on unsigned builds) were swallowed. Now every update step is logged and update:error carries the message + stack + code through to the renderer banner.

Notes

  • Code-signing is still off (signAndEditExecutable: false). That's the right long-term fix for silent update failures — tracked in PHASE-A-CHECKLIST.md.
v1.1.0 2026-05-05

Security

  • License gate now actually runs at startup (licenseService.canAppStart() was previously dead code).
  • Stream credentials (RTMP URL + stream key) are now encrypted on disk via safeStorage (DPAPI / Keychain / libsecret) instead of plain text in SQLite. Existing rows are auto-migrated.
  • Strict Content Security Policy enforced on the renderer in production.
  • shell.openExternal now validates URL protocol (only http, https, mailto allowed) - blocks javascript:, file:, smb:, ms-msdt: drive-by vectors.
  • setWindowOpenHandler + will-navigate block in-window navigation away from the bundle; external links open in the OS browser.
  • will-attach-webview forces secure preferences on every webview adapter.
  • APP_SECRET for license cache encryption is no longer hardcoded; uses ZUNARIO_LICENSE_KEY env or a per-install random key.
  • License-server URL switched to HTTPS (https://api.zunario.com).
  • ADMIN_KEY and JWT_SECRET rotated on the live license server.

New Features

  • New "Founding Creator" plan (Lifetime €299) - one-time payment, full Ultimate forever, locked-in price.
  • Studio plan tier for cam studios / agencies (multi-seat, white-label, SLA).
  • Bundles auto-update banner inside the app showing version, release notes and download progress (renderer UI). Previously updates were only surfaced via the native dialog.

Improvements

  • License plan typing extended: 'trial' | 'pro' | 'ultimate' | 'lifetime' | 'studio'.
  • Trial now grants the full Pro feature set for 7 days (no watermark, up to 3 platforms) instead of crippled basic features.
  • getPlatformLimit('lifetime') correctly returns 12 (was falling back to trial = 1).
  • getPlatformLimit('trial') raised to 3 to match the new "full Pro for 7 days" trial.
  • Stripe and PayPal checkout now use the same plan-naming as Mollie: pro|ultimate × monthly|yearly and lifetime as one-off. Previously Stripe/PayPal only accepted basic|pro|lifetime which broke Ultimate checkout entirely.
  • License-server webhook idempotency: duplicate Stripe/Mollie events are now ignored via a processed_webhook_events table, preventing duplicate license issuance on retries.

Bug Fixes

  • OBS connect IPC handler signature mismatch ((host, port, password) → (url, password)) - WebSocket connection silently failed when UI passed url+password.
  • 27 TypeScript errors across the renderer (Settings panels had conflicting declare global blocks against vite-env.d.ts). Window-bridge types are now centralized.
  • Discount countdown timer no longer renders "00:00:00:00" or "NaN" when the API returns no active discount.
  • Trial activation API call (api.request('/api/licenses/trial', 'POST') → { method: 'POST' }).
  • Contact form now actually sends (backend POST + mailto fallback if endpoint not yet wired).
  • Newsletter form was a placeholder that pretended to subscribe; replaced with a real link to the community / beta list.
  • Pricing toggle now matches actual Mollie pricing on the server (Pro €29/€22, Ultimate €149/€119, Lifetime €299).

Removed

  • Pre-launch lies on the marketing page: fake "10,000+ Creators" badge, fake $2.4M tip volume counter, fake 4.9/5 stars with 2,847 reviews schema, fake testimonial cards (Luna/Alex/Sophie/Jamie), the random "X creators upgraded in the last hour" counter.
  • <meta name="rating" content="adult"> removed from 21 pages - that tag was killing mainstream Google indexing.
  • Google Fonts on 43 pages replaced with fonts.bunny.net (DSGVO-konform, Switzerland).
  • Dead code: top-level chaturbate-adapter.ts / stripchat-adapter.ts / camsoda-adapter.ts (duplicates of the active subfolder adapters).

Compliance

  • Cookie banner now TTDSG-compliant: equal-weight "Accept all", "Reject all", "Settings" buttons on the first level.
  • Referral cookie (zunario_ref) is only persisted with explicit marketing consent.
  • Impressum: corrected legal reference (&sect; 18 Abs. 2 MStV instead of the obsolete &sect; 55 RStV).
  • Checkout button is now "Zahlungspflichtig bestellen" (was "Jetzt kaufen") with three required confirmation checkboxes (AGB + Datenschutz, &sect; 356 Abs. 5 BGB Widerrufs-Verzicht, 18+).
  • Auftragsverarbeiter list in datenschutz.html updated: Hetzner AVV, Stripe DPF (instead of pure SCC), Bunny Fonts, Mollie, Lovense local API.
  • AGB "Schweige-Zustimmung bei Vertragsänderung" clause removed (was unwirksam after BGH XI ZR 26/20).
  • &sect; 312k BGB Kündigungsbutton hinweis added.

Infrastructure

  • Server hardened: SSH key auth installed, root password rotated.
  • nginx config patched: HTTPS www.zunario.com &rarr; zunario.com 301-redirect (was returning 200 with duplicate content).
  • Custom 404 page replacing nginx default.
  • Sitemap now lists each German URL as its own <url> entry (was alternates only).
  • Portal pages set to noindex, nofollow and removed from sitemap.
  • OG image, Twitter card and favicon PNGs are now actually present (were 404).
v1.0.2 2026-01-02

Bug Fixes

  • License server reconnect on transient network errors.
  • OBS scene switching race condition.

New Features

  • Initial Mollie payment integration.
  • Stripchat WebSocket adapter improvements.
v1.0.1 2025-12-30

Bug Fixes

  • License activation hardware-id collision on multi-CPU systems.

New Features

  • BongaCams native WebSocket adapter (currently unused, falls back to WebView).
v1.0.0 2025-12-29

New Features

  • Initial public release.
  • 12 platform adapters: Chaturbate, Stripchat, BongaCams, CamSoda, Cam4, MyFreeCams, Flirt4Free, EPlay, VxModels, XLoveCam, SoulCams, Cams.
  • Unified chat across all connected platforms.
  • 13 overlay types: Tip Alert, Goal Bar, Top Tipper, Viewer Count, Chat, Recent Tips, Tip Menu, Spin Wheel, Dice, Timer, Leaderboard, Social Links, Go-Live Alert.
  • OBS WebSocket auto-setup with predefined scenes.
  • Lovense Connect integration with 5 default vibration patterns.
  • RTMP multi-stream via FFmpeg with automatic reconnect on transient failures.
  • Hardware-id-bound licenses with offline cache (1h TTL).
  • Auto-update via electron-updater (generic provider).