Super Productivity

v18.6.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 18d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

android flowmodoro flowtime habit-tracker ios issue-tracker

+13 more

linux local-first macos pomodoro pomodoro-timer privacy productivity task-manager time-tracker time-tracking to-do-list todo windows

Affected surfaces

auth

ReleasePort's take

Moderate signal

editorial:auto 9d

Version v18.6.0 introduces scheduling warnings for overlapping tasks and configurable dynamic breaks in Flowtime.

Why it matters: These new features help developers, SREs, and security engineers detect task conflicts early and manage work‑session pacing, improving workflow reliability without any measurable trigger or threshold.

Summary

AI summary

Added scheduling warnings for overlapping tasks and configurable dynamic breaks for Flowtime.

Changes in this release

Type	Severity	Summary	CVE
Security
Security	Medium	Prevent exported logs from leaking user content. Prevent exported logs from leaking user content. Source: llm_adapter@2026-05-21 Confidence: high	—
Security	Medium	Sanitized sync-related logging and hardened SuperSync error handling, quota paths, rate limits, and content-encoding handling. Sanitized sync-related logging and hardened SuperSync error handling, quota paths, rate limits, and content-encoding handling. Source: llm_adapter@2026-05-21 Confidence: high	—
Security	Medium	Avoid PWA startup stalls during network changes. Avoid PWA startup stalls during network changes. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature
Feature	Medium	Added scheduling warnings for overlapping tasks and tasks outside work hours. Added scheduling warnings for overlapping tasks and tasks outside work hours. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added repeat-after-completion for repeating tasks. Added repeat-after-completion for repeating tasks. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added configurable dynamic breaks for Flowtime. Added configurable dynamic breaks for Flowtime. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added an image picker for choosing background images. Added an image picker for choosing background images. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added per-provider include/exclude regex filters for iCal calendars. Added per-provider include/exclude regex filters for iCal calendars. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Show the Pomodoro timer in the browser tab title. Show the Pomodoro timer in the browser tab title. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added a notes panel shortcut. Added a notes panel shortcut. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Persist collapsed sections across project switches. Persist collapsed sections across project switches. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Restored ArrowRight focus into the task detail panel. Restored ArrowRight focus into the task detail panel. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Format add-task-bar times using the user's locale. Format add-task-bar times using the user's locale. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Improved UI consistency, wording capitalization, task done-toggle styling, plugin dialog backgrounds, and Velvet/liquid-glass theme details. Improved UI consistency, wording capitalization, task done-toggle styling, plugin dialog backgrounds, and Velvet/liquid-glass theme details. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Prevent Google time-block sync from hitting write rate limits. Prevent Google time-block sync from hitting write rate limits. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Request verified Google OAuth scopes. Request verified Google OAuth scopes. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Reload worklog on context changes so metrics stay per project. Reload worklog on context changes so metrics stay per project. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Preserve WebDAV credentials on transient auth errors and improve WebDAV connection tests. Preserve WebDAV credentials on transient auth errors and improve WebDAV connection tests. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Retry transient web fetch failures/rate-limited uploads and surface warnings. Retry transient web fetch failures/rate-limited uploads and surface warnings. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Handle wrapped backup encryption imports and filter stale ops after synced import. Handle wrapped backup encryption imports and filter stale ops after synced import. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added plugin automation triggers for task start/stop and a removeTag action. Added plugin automation triggers for task start/stop and a removeTag action. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added plugin onReady() API with IPC ping and fixed consent write delay. Added plugin onReady() API with IPC ping and fixed consent write delay. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Improved plugin tag ID handling and protected the virtual TODAY tag from plugin sync. Improved plugin tag ID handling and protected the virtual TODAY tag from plugin sync. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Harden iCal regex filters against ReDoS. Harden iCal regex filters against ReDoS. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Improved SuperSync server speed and correctness, faster uploads, and optimized status/conflict checks. Improved SuperSync server speed and correctness, faster uploads, and optimized status/conflict checks. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Fixed WebSocket reconnect storms caused by shared client IDs. Fixed WebSocket reconnect storms caused by shared client IDs. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Hardened SuperSync snapshot replay, storage quota accounting, retry idempotency, cleanup, and deploy/migration recovery. Hardened SuperSync snapshot replay, storage quota accounting, retry idempotency, cleanup, and deploy/migration recovery. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Use template tray icons on macOS. Use template tray icons on macOS. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Retry Wayland idle helper startup on Electron/Linux. Retry Wayland idle helper startup on Electron/Linux. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Handle Android WebView initialization and foreground service failures safely. Handle Android WebView initialization and foreground service failures safely. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Low	Prevented task creation while IME conversion is ongoing. Prevented task creation while IME conversion is ongoing. Source: granite4.1:30b@2026-05-22-audit Confidence: high	—

Full changelog

For all current downloads, package links, and platform-specific notes: check the wiki.