Every notable change to LinkQuill, in reverse chronological order. Want notifications when we ship? Create a free account — release notes land in your dashboard inbox.
Closed 60+ pre-launch audit findings: SSRF guard on outbound webhooks, OAuth state nonces for every connect flow, signed-identifier brandId resolution on Wix + Squarespace webhooks, PayPal failure-path UX (notification + retry button + per-currency allowlist), and a Sentry tag on every webhook-handler exception.
Outbound webhook URLs validated against private IP / loopback / DNS-rebinding (RFC1918 + IPv6 ULA + AWS metadata).
OAuth state nonces stored in Redis with atomic GETDEL — replay-resistant by construction.
PayPal payouts retryable from the dashboard when a single batch item fails.
CSP `style-src` nonce-gated in production.
Starter + Growth affiliate caps lifted to unlimited; revenue cap stays as the binding lever.
Fix
V4 audit — concurrency + observability
Fixed read-then-write race conditions in the Stripe webhook payout-completion handler, added partial unique constraints to surface stuck payouts as DB errors instead of silent duplicates, and rolled out per-program fraud thresholds + GDPR consent gating in the tracker.
Partial unique index `idx_payouts_brand_affiliate_currency_active` blocks duplicate in-flight payouts.
GDPR consent gating in `apps/tracker/src/linkquill.ts` — tracking suppressed until the visitor opts in.
Cron job health endpoint + per-program fraud thresholds.