v4.7.1 (2026-04-29): Hardening + audit follow-through release. Export
— V3 API migration, streaming CRS plumbing, SHP pre-flight checks,
normcase UI paths, GPKG bypass of qgis:package on path-detect, CSV WKT
injection guard, SpatiaLite extension fixes, ZIP path-traversal leak
(CRITICAL), batch collision detection, validator drivers list, GPKG
path detection — 12 fixes total + 24 tests. SpatiaLite cascade — drop
GeomFromGPB wrap (use ST_* prefix), preserve ST_* spatial predicates
in sanitizer (was wiping standalone calls), fix SQLite lock + OGR
queue routing, route apply_filter through subset queue for Qt thread
safety, restore SpatialitePersistentCache f-string interpolation
(silent cache no-op for 100+ days). Sanitizer — preserve
EXISTS(...)/NOT(...)/ST_* predicates (3 cascade no-op regressions
fixed), collapse whitespace runs before top-level marker scan. REST
API — refuse insecure default api_key (S1), warn on plaintext JSON
load (S4 hardening), hash-at-rest for api_key, 503 when favorites
service unavailable, no input echo, 1 MiB body cap, marshall
qgis_accessor mutations to Qt main thread (P0-B). Security —
defense-in-depth PostgreSQL SQL guards (S2), reject non-http(s) URLs
in PortableGit downloader (B310), refuse PortableGit install without
SHA-256 digest (S6), favorites-sharing legacy auth header tripwire
(EXT6). Favorites deep audit (2026-04-29, 37 findings) —
FavoritesSpatialHandler extraction (5 stages, ~927 LOC),
FavoritesError exception family (FavoritesNotInitialized +
FavoritePersistenceError), FavoritesExtensionBridge +
FavoritesMenuBuilder + FavoriteImportHandler + LayerSignature, drop
dead second FavoritesService instance (XCUT-1), drop bridge fallback
paths in dialog (XCUT-2), pin DockwidgetSurface Protocol (XCUT-3),
drop dead-defensive hasattr guards (CORE-1a), rename
_favorites_manager → _favorites_service (CORE-1b), route global
INSERTs through add_favorite (CORE-2), drop orphan Service methods +
dead signals (CORE-3), drop orphan load/reload + count/get_by_id
aliases (CORE-4/6), drop unused TABLE_FAVORITES/TABLE_PROJECTS
constants (CORE-8), drop orphan ensure_global_project_exists
(CORE-11), drop spatial-handler delegations from controller (UI-5),
plug favoriteApplied signal leak (UI-6), pin BuilderContext Protocol
for menu builder (UI-8), factor migration_service bootstrap (UI-9),
drop _show_global_favorites_dialog placeholder (UI-13), extract
SharedFavoritesQuery + FavoritesForkService + BundlePublisher +
publish_model helpers (EXT-1/EXT-2 stages 1-4), factor worker close
lifecycle (EXT-7), validator version-tolerance contract test (EXT-9).
Domain — wire IFeedback adapter to remove iface from core (A1), drop
QgsProject.instance() fallback in LayerSignatureIndex (A2), merge
filter_parameter_builder + layer_filter_builder (A3 paire 4).
Auto-zoom — zoom on filtered layers union after filter or favorite,
subset-change token blocks stale post-task zoom. QFieldCloud — park
orphan PushWorker on terminate timeout (C1). UI — favorites manager
dialog leak fix, refresh() preserves active search and scope filters,
F11 feedback policy alignment (4 rules, 5 callsites), shared QSS +
icon registry. Config — refresh schema-owned metadata on existing
keys, mutate-in-place CONFIG_DATA, preserve EXTENSIONS panel label
across migrations. Tests — 1493 ✅ (+200 since v4.7.0): T1
FavoritesSpatialHandler.restore_spatial_config, T2 auto-zoom helpers +
e2e flows, T3 HistoryService + LayerHistory wrapper, FCB-TESTS 10 edge
cases for filter_config_builder. v4.7.0 (2026-04-27): Favorites
sharing — git-backed publish to remote repos with authcfg credentials
(QgsAuthManager), repo manager dialog, quick 1-click publish, picker
disambiguation when (name, author) collide, optional Resource Sharing
extension, JSON Schema v3, per-user scope + profile-dir local_clone.
REST API (filtermate_api) — GET /layers, POST /filters/apply,
/filters/status, /undo, /redo, /favorites with X-API-Key auth
middleware. QFieldCloud — harden PushWorker teardown (disconnect
before terminate), fix signal leaks + broken menu removal on unload,
gate favorites-sharing activation on resource_sharing plugin.
Performance — stream feature IDs instead of materializing full list,
cache parsed QgsExpression in evaluation task, collapse double
getFeatures() in buffer simplification, limit QgsProperty
buffer-distance fetch to first feature. Audit hardening — path
traversal + argv injection guards, M2 sanitizer + M7 git stderr
scrubbing, single HistoryService consolidation, deprecation registry
adoption, PostgreSQL QgsDataSourceUri table parsing. Favorites deep
audit (2026-04-23) — CRIT/HIGH/MED/LOW regressions, v3 round-trip,
capture geometric predicates from live widgets, propagate predicates
to combobox + canonical PROJECT_LAYERS keys, sanitize at
setSubsetString chokepoint, strip stale COALESCE display expressions
from subset chain, exact filtered feature_count + refresh on apply. UI
fixes — exploring sidebar visibility + HIDPI profile + QSS cascade
cleanup, custom selection layout, harmonize SINGLE/MULTIPLE groupbox
display with CUSTOM, restore groupbox mode on apply. Filter — use
pointOnSurface instead of centroid for spatial filtering. Export —
sidecar style naming, LIBKML groups, case-preserved OGR drivers. i18n
— full 34-locale coverage for favorites-sharing + datasource manager.
v4.6.6 (2026-04-08): Security fixes — use defusedxml for XML parsing
in GPKG/KML exporters, replace insecure tempfile.mktemp with mkstemp
in F5-TTS narrator. v4.6.5 (2026-04-08): Config tree restructure with
live save and auto-migration from flat to tree format. Fix live
language switching: resolve NameError, stale reentrant guard, spurious
currentIndexChanged on editor open, use item's own model for
setModelData. Defer language retranslate to next event loop tick. Add
79 missing translations + QFieldCloud i18n + cleanup obsolete entries.
v4.6.3 (2026-04-07): i18n expanded from 22 to 34 languages (+Korean,
Japanese, Arabic, Thai, Ukrainian, Czech, Romanian, Greek, Hungarian,
Bulgarian, Malay, Catalan). Fix live language switching: full UI
retranslation (retranslateUi + dynamic tooltips + indicators). Handle
QEvent.LanguageChange for QGIS locale changes. v4.6.2 (2026-03-17):
Feature picker fixes: debounce with FID storage, refresh on display
field change, next/prev browser buttons initialization, always-enabled
identify/zoom buttons. v4.6.1 (2026-03-09): QGIS 4 / Qt6
compatibility. Edit mode popup before filter/unfilter operations. i18n
22 languages at 100%. Config harmonization with single source of
truth. v4.6.0 (2026-02-18): GPKG export now embeds a full QGIS project
preserving layer group hierarchy, styles and CRS. Fix action buttons
not disabled when switching to exporting tab. v4.5.3 (2026-02-18): Fix
GPKG export crash caused by GUI calls from background thread. v4.5.2
(2026-02-12): Fix square key buttons sizing, exploring sidebar layout
alignment. v4.5.1 (2026-02-11): Website launch, org migration, 600
tests, quality score 9.0/10.