v1.0.291

Patch Released June 17, 2026

DKIM signing auto-activated on domain creation; refresh token cookie SameSite fixed for private browsing

Startup self-heal (SH-004) retroactively activates DKIM signing for existing domains at backend start without regenerating keys; DNS TXT record stays unchanged, only signing is re-wired
Email Authentication status now exposes a dkim_signing_active field reflecting actual OpenDKIM signing state, not just DNS record presence

DKIM signing was not connected during domain provisioning — new domains had a DNS record but OpenDKIM was not actually signing outgoing mail. Domain creation now uses the unified opendkim wiring path so the DNS key and signing key are the same
External API DKIM enable and status endpoints now correctly activate real signing and return the actual signing state
refresh_token cookie SameSite changed from None to Lax; prevents session not clearing on logout in Brave and Edge InPrivate windows (same-origin panel+API do not require SameSite=None)

All Releases