Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,28 @@ All notable changes to the FIVUCSAS client apps (Android, iOS, Desktop).

## [Unreleased]

## [5.3.1] - 2026-06-06

> Production-signed release over 5.3.0 (versionCode 13). Headline: the cross-device
> **MFA reliability fix that 5.3.0 shipped without**; also formalises the post-5.3.0
> mobile fixes (#82/#83/#86) into a tagged, signed APK. Prod cert `CN=FIVUCSAS`
> (SHA-256 `5e403eca…`); upgrades in place over 5.3.0. Built via CI
> `android-build.yml` (`build_type=release`).

### Fixed

- **MFA/auth requests now retry on transport/IO aborts (#87).** The identity
`HttpClient` installs Ktor `HttpRequestRetry` (maxRetries=2, exponential backoff)
that retries **only** on transport/IO exceptions (`IOException` / `SocketTimeout` /
`ConnectTimeout` / `ClosedReceiveChannelException`) — never on 4xx/5xx, so a consumed
MFA code is never resubmitted and the serialized request body is fully replayable.
Fixes the OkHttp HTTP/2 stale-connection abort the server logged as *"Malformed
request body: I/O error while reading input message"* (previously misdiagnosed as a
slow-uplink truncation). `shared/src/commonMain/kotlin/com/fivucsas/shared/di/NetworkModule.kt`.
- **Cross-device login & session robustness (#86).** QR / approve-login no longer
swallows a non-2xx response (the error surfaces instead of failing silently),
plus session-expiry handling, NFC fixes, and hiding the preview-only "Add card" action.

- **"My Invitations" no longer crashes.** The screen called `GET /api/v1/invites/received`,
which has no backend endpoint; the 404 error body was decoded as a
`List<ReceivedInviteDto>` and threw a raw kotlinx-serialization error
Expand Down
19 changes: 17 additions & 2 deletions CLAUDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,23 @@ real flow.
## Releases

Signed APK published per `docs/RELEASE.md` + `docs/SIGNING.md`. Keystore in `keystore/`.
**Latest: v5.2.3** (cert SHA-256 `5e403eca…`, versionCode 10). v5.2.x installs in place over
prior signed releases (same cert).
**Latest: v5.3.1** (cert SHA-256 `5e403eca…`, versionCode 13) — adds the MFA
stale-connection retry fix over v5.3.0. Same signing cert since v5.2.x, so releases
install in place over prior signed builds.
**Build a signed release** (host has no keystore password → build via CI, not locally):
`gh workflow run android-build.yml -R Rollingcat-Software/client-apps --ref main -f build_type=release`
→ downloadable `fivucsas-release-apk` artifact, prod-signed with the GitHub keystore secrets.

## v5.3.1 — MFA stale-connection retry (PR #87, 2026-06-06)

`NetworkModule.kt`'s identity `HttpClient` installs Ktor `HttpRequestRetry`
(maxRetries=2, `exponentialDelay()`) that retries **only** on transport/IO exceptions
(IOException / SocketTimeout / ConnectTimeout / ClosedReceiveChannelException) — never on
4xx/5xx, so a consumed MFA code is never resubmitted and the serialized body is fully
replayable. Fixes the OkHttp HTTP/2 stale-connection abort the server logged as
"Malformed request body: I/O error while reading input message" (previously misdiagnosed
as slow-uplink truncation). The fix had been stranded on an unmerged branch (absent from
v5.3.0); recovered → merged → shipped as v5.3.1 (versionCode 13).

## Login fixes (2026-05-30, v5.2.2 / v5.2.3)

Expand Down