This update focuses on making key workflows more secure and reliable, especially around rendering, redirects, webhooks, and background processing.
Security and safety updates
Custom Liquid templates now fail fast when they reference missing variables, helping you catch template issues earlier and avoid unexpected output on your public pages. When rendering fails, errors are now captured with more context so problems are easier to diagnose.
Password-protected changelog pages now only redirect back to safe, same-site paths after authentication, reducing the risk of being redirected to an unsafe URL.
Webhook handling is stricter: Marketplace webhook requests are rejected when signature verification cannot be performed, which helps prevent unverified requests from being accepted.
Embedded bubble widget entry data is now output in a safer way, while still using sanitized HTML for entry summaries and content.
Reliability and fixes
Repositories with names that do not convert cleanly into slugs, for example names with emojis or non-alphanumeric characters, no longer cause crashes or invalid slugs. The app now preserves existing slugs on updates and uses stable fallbacks when creating new ones.
Large or busy GitHub comparisons are less likely to get stuck in a failed state. When GitHub returns temporary server errors, the release data fetch now retries instead of permanently marking the entry as needing review.
Exports now cap the number of entries included in a single zip, helping prevent extremely large exports from failing.
Email subscriber notifications are now sent in smaller batches with light throttling, reducing the chance of overwhelming the mail queue during large sends.
Plan downgrade flows now validate the selected repository before applying changes, preventing accidental or invalid repository selections.
Stripe webhook consistency
Stripe webhook events are now protected against duplicate concurrent processing, reducing the risk of double-handling the same event. Upgrade confirmation emails are also sent only after the related account update is committed, helping avoid mismatches between billing state and notifications.