From c9d76cd71ed252fc16b3ac9c9a110e4b8abd6aab Mon Sep 17 00:00:00 2001
From: Erik Darling <2136037+erikdarlingdata@users.noreply.github.com>
Date: Wed, 22 Apr 2026 11:23:43 -0400
Subject: [PATCH] Scope v2.8.0 webhook DPAPI note to Dashboard
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Lite webhook URLs still read from plaintext settings — avoids implying
the security hardening shipped to both editions.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0fef0af..0dbc641 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,7 +22,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Query/Procedure/Query Store stats** refactored to a phased DECOMPRESS approach; removed unhelpful `WAITFOR DECOMPRESS` filters
 - **Query/Procedure/Query Store grids** capped to TOP 500 to prevent UI freezes on large datasets
 - **Server tabs lazy-load** — only the visible server tab loads on startup; remaining tabs load on first visit
-- **Webhook URLs** encrypted with DPAPI via Windows Credential Manager
+- **Webhook URLs (Dashboard)** encrypted with DPAPI via Windows Credential Manager — Lite webhook URLs remain in plaintext settings for now
 - **DuckDB queries hardened** — parameterized values, escaped paths, fixed `IsArchiving` race
 - **Lite chart axes and sub-tab styling** polished, then ported to Dashboard