alee/stegasoo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
14fce4d3ede1efe7ad3bb01d29a210c8a8de3804
stegasoo/CHANGELOG.md
adlee-was-taken ef5a9ce9cb Add per-channel hybrid audio spread spectrum and env feature toggles 
Spread spectrum v2: independent per-channel embedding with round-robin
bit distribution, preserving spatial stereo/surround mix. Adaptive chip
tiers (256/512/1024) trade capacity for lossy codec robustness. LFE
channel skipped for 5.1+ layouts. v2 header (20B) with backward-
compatible v0 decode fallback.

Environment toggles (STEGASOO_AUDIO, STEGASOO_VIDEO) gate audio/video
features for minimal builds (e.g. Raspberry Pi image-only). Values:
auto (default, detect deps), 1/true (force on), 0/false (force off).

Web UI fixes: accordion defaults to step 1 on load, chevron arrow
styling, required attribute toggling for audio carrier type switch,
"Images & Mode" renamed to "Reference, Carrier, Mode".

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-28 11:58:40 -05:00

9.3 KiB
Raw Blame History

Changelog

All notable changes to Stegasoo will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

4.3.0 - 2026-02-27

Added

  • Audio Steganography — Hide messages in audio files (WAV, FLAC, MP3, OGG, AAC, M4A)
    • LSB mode: Direct least-significant-bit embedding in audio samples
    • Spread Spectrum mode: Noise-resistant encoding using pseudo-random spreading
    • Automatic format transcoding to WAV for embedding
    • Full CLI support: stegasoo audio-encode, audio-decode, audio-info
    • REST API endpoints: /audio/encode, /audio/decode, /audio/info
    • Web UI: Unified encode/decode pages with carrier type selector (Image/Audio)
  • New AudioCapacityInfo, AudioEmbedStats, AudioInfo model classes
  • Audio-specific exceptions: AudioError, AudioValidationError, AudioCapacityError, AudioExtractionError, AudioTranscodeError, UnsupportedAudioFormatError
  • Subprocess isolation for audio operations (crash protection)
  • debug.py module for structured logging across all steganography operations

Changed

  • Encode/Decode web pages now have a "Carrier Type" step to switch between Image and Audio
  • Version bumped to 4.3.0

4.1.5 - 2026-01-07

Added

  • Developer Documentation: Educational comments throughout core modules
    • DCT module: zig-zag diagrams, QIM explanation, Reed-Solomon deep dive
    • LSB module: visual bit embedding examples, ChaCha20 pixel selection
    • Crypto module: multi-factor KDF flow diagrams, Argon2id reasoning
    • CLI module: Click patterns (groups, JSON output, secure input)
    • Web UI module: Flask architecture, subprocess isolation, async jobs
  • Pi Test Automation: rpi/kickoff-pi-test.sh script
    • One command to flash, wait for boot, setup, and smoke test
    • Self-contained (no dotfile dependencies)
  • v4.2 Wishlist: WISHLIST-4.2.md for blue-sky ideas (GPU acceleration)

Changed

  • Pi MOTD Improvements:
    • Dynamic temperature emoji (ice/cool/fire based on temp)
    • Rocket emoji for service status, globe emoji for URL
    • Shortened Debian boilerplate message
    • Fixed escaped variable syntax in heredoc

4.1.3 - 2026-01-05

Added

  • Docker Deployment: Production-ready containerization
    • docker-compose.yml for Web UI (port 5000) and REST API (port 8000)
    • Multi-stage builds with base image for faster rebuilds
    • Health checks, resource limits (768MB), and volume persistence
    • Comprehensive DOCKER.md documentation
  • Raspberry Pi First-Boot Wizard: Interactive TUI setup experience
    • gum TUI toolkit for styled prompts and spinners
    • WiFi configuration, HTTPS setup, channel key generation
    • Overclock presets (Pi 5: 2.8/3.0 GHz with cooling recommendations)
    • Port 443 redirect option for clean HTTPS URLs
    • Styled banners with purple→blue gradient and gold logo
  • Pi Image Distribution: Scripts for SD card imaging
    • sanitize-for-image.sh removes credentials, SSH keys, user data
    • Soft reset mode for testing without clearing WiFi
    • Auto-validates sanitization before imaging
  • Unit Tests: Comprehensive pytest test suite
    • Tests for encode/decode, LSB/DCT modes, channel keys
    • Validation, generation, compression, edge cases
    • 29 tests covering core library functionality
  • Release Validation: scripts/validate-release.sh for pre-release checks
  • Custom SSL Documentation: Guide for replacing certs, Let's Encrypt setup

Changed

  • Pi MOTD shows CPU speed and temperature when overclocked
  • Mobile UI polish and responsive improvements
  • Standardized ASCII banners across all Pi scripts
  • Setup script uses pyenv for Python 3.12 (Pi OS ships 3.13)

Fixed

  • SSL certificate generation: Wizard and setup now generate certs when HTTPS enabled
  • DCT decode reliability improvements
  • Fixed gum --inline flag compatibility (not supported in all versions)
  • Wizard banner alignment and spacing issues
  • Better error handling in app.py for SSL failures

4.1.0 - 2026-01-04

Added

  • Admin Recovery System: Password reset for locked-out admins
    • Recovery key generated during setup (32-char alphanumeric)
    • Multiple backup options: text file, QR code, stego image
    • QR codes obfuscated (XOR'd with magic header hash)
    • Stego backups hide key in an image using Stegasoo itself
    • CLI: stegasoo admin recover --db path/to/db
  • EXIF Editor: Full metadata editing in Tools page
    • View all EXIF fields from uploaded image
    • Inline editing of individual fields
    • Clear all metadata with one click
    • Download cleaned image
    • CLI: stegasoo tools exif image.jpg [--clear] [--set Field=Value]
  • Multi-User Support: Admin can create up to 16 additional users
    • Role-based access control (admin/user)
    • Admin user management page
    • Temp password generation for new users
  • Saved Channel Keys: Users can save/manage channel keys in account page

Changed

  • Architecture: Consolidated resolve_channel_key() to library layer
    • Single source of truth in src/stegasoo/channel.py
    • CLI, API, WebUI now use thin wrappers
  • DCT Pre-Check: Fail fast with helpful error before expensive encoding
  • Toast Notifications: Auto-dismiss after 20 seconds with fade animation
  • RECOVERY_OBFUSCATION_KEY constant added to constants.py

Fixed

  • DCT payload size error now caught early with clear message

4.0.2 - 2026-01-02

Added

  • Web UI Authentication: Single-admin login with SQLite3 user storage
    • First-run setup wizard for admin account creation
    • Account management page for password changes
    • @login_required decorator protects encode/decode/generate routes
    • Argon2id password hashing (lighter 64MB for fast login)
  • Optional HTTPS: Auto-generated self-signed certificates for home network deployment
    • Configurable via STEGASOO_HTTPS_ENABLED environment variable
    • Certificates stored in frontends/web/certs/
  • New environment variables: STEGASOO_AUTH_ENABLED, STEGASOO_HTTPS_ENABLED, STEGASOO_HOSTNAME

Changed

  • PIN entry column widened in encode/decode forms (col-md-4 → col-md-6)
  • Channel options column narrowed (col-md-8 → col-md-6)
  • QR preview panels enlarged for better text readability
  • Consistent font sizing across all preview panel banners (0.7rem filename, 0.6rem data, 0.65rem badges)

Fixed

  • QR preview text too small to read in encode/decode templates
  • Inconsistent label sizes between reference/carrier/stego panels

4.0.1 - 2025-01-02

Fixed

  • Fixed numpy binary incompatibility on Python 3.10 (jpegio/scipy)
  • Fixed BatchCredentials test failures with missing reference_photo parameter
  • Graceful handling when DCT dependencies have version mismatches

Changed

  • Applied ruff linter fixes across entire codebase (~400 issues)
  • Applied black formatter to all Python files
  • Modernized type hints: Optional[X]X | None
  • Updated ruff config to use [tool.ruff.lint] section
  • Moved documentation files to repository root

Removed

  • Removed obsolete debug/diagnostic scripts
  • Cleaned up backup files and dev scripts

4.0.0 - 2024-12-29

Added

  • Refreshed Web UI with modern, snazzy interface
  • Improved user experience across all pages

Changed

  • Major version bump for breaking API changes
  • Simplified passphrase handling (single passphrase instead of day-based)
  • Removed date_str parameter from encoding

Fixed

  • Various bug fixes for Web UI
  • CLI updates and improvements

3.2.0 - 2024-12-28

Added

  • Big revamp of the encoding system
  • Home and about page improvements
  • UNDER_THE_HOOD.md documentation

Changed

  • Renamed phrasepassphrase in API
  • Updated Web UI styling

3.0.2 - 2024-12-27

Added

  • Full experimental DCT steganography support
  • jpegio integration for better JPEG manipulation
  • DCT/LSB mode selector in Web UI

3.0.0 - 2024-12-25

Added

  • DCT (Discrete Cosine Transform) steganography mode
  • Support for JPEG carriers without quality loss
  • Channel key feature for private messaging

Changed

  • Complete rewrite of steganography engine
  • New hybrid authentication system

2.0.0 - 2024-12-20

Added

  • Web UI frontend
  • REST API (FastAPI)
  • Batch processing support
  • RSA key authentication option

Changed

  • Migrated to hybrid photo + passphrase + PIN authentication

1.0.0 - 2024-12-15

Added

  • Initial release
  • LSB steganography
  • AES-256-GCM encryption
  • CLI interface
  • Basic PIN authentication
Reference in New Issue View Git Blame Copy Permalink