Publaryn 1.1.1 Release Notes

Publaryn 1.1.1 is a maintenance patch on top of the stable 1.1.0 release. The release keeps the published 1.0 contract, mounted adapter surface, governance model, and release lifecycle unchanged while refreshing build, frontend, and operator-facing dependencies.

Highlights

• Rust workspace dependency refresh: the workspace now ships with newer tokio, tower-http, utoipa, and quick-xml versions to keep the backend toolchain current without changing the documented product surface.
• Frontend dependency refresh: the SvelteKit portal picks up newer SvelteKit, Vite plugin, Tailwind/PostCSS, Vite, dompurify, marked, and @bquery/bquery releases.
• Local search image update: docker-compose.yml now uses getmeili/meilisearch:v1.43 for the local Meilisearch service.
• Security workflow update: GitHub dependency review now runs through actions/dependency-review-action@v5.

Supported in 1.1.1

• the full 1.1.0 management API and native adapter baseline remains supported
• the 1.0 contract, visibility model, organization governance, and release lifecycle remain unchanged
• refreshed backend, frontend, and CI dependencies for the existing release surface
• the local development stack continues to ship with PostgreSQL, Redis, MinIO-compatible object storage, and Meilisearch

Explicitly not part of 1.1.1

The 1.1.1 patch release continues to defer the non-goals named in the 1.0 contract:

• proxy, mirror, and virtual repositories
• Maven snapshot repositories and generic promotion pipelines
• SSO, SAML, SCIM, billing, federation, and air-gapped synchronization
• broad attestation policy, signature UX, and Sigstore productization

Operational notes

• Operators using the local docker compose stack should pull the updated getmeili/meilisearch:v1.43 image before validating the release locally.
• The dependency review workflow change does not alter repository policy; it keeps the existing moderation gate on dependency changes while tracking the current major version of the GitHub Action.

Validation notes

This patch is limited to dependency maintenance and release metadata alignment. The existing Rust and frontend validation matrix remains the release gate before tagging a final 1.1.1 build.

Final release handoff

The release workflow syncs this document into the GitHub release description when the release is created or published. Keep the supported versus deferred sections unchanged unless the code and contract changed in the tagged revision.