v0.3.3: Rate limiting, IPv6 fix, schema versioning, video preload, engagement propagation

Security & stability:
- Incoming auth-fail rate limiting per source IP (3 attempts, then exponential backoff)
- Schema versioning via PRAGMA user_version with migration framework

Networking:
- IPv6 http_addr fix: advertise actual public IPv6 instead of 0.0.0.0
- N2/N3 TTL reduced from 7 days to 5 hours
- Full N1/N2 state re-broadcast every 4 hours
- Bootstrap isolation recovery: 24h check with sticky N1 advertising
- Bidirectional engagement propagation (upstream + downstream)
- Auto downstream registration on pull sync and push notification
- post_upstream table for CDN tree traversal

Media & UI:
- Video preload="auto" for share links and in-app blob URLs
- Following: Online/Offline split with last-seen timestamps
- DMs filtered from My Posts tab
- Image lightbox, audio player, file attachments with download prompt
- Share link unroutable address filtering

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

website/download.html

@@ -24,16 +24,16 @@
         <section>
             <h1 style="font-size: 2rem; font-weight: 800; letter-spacing: -0.03em; margin-bottom: 0.25rem;">Download ItsGoin</h1>
             <p>Available for Android and Linux. Free and open source.</p>
-            <p style="color: var(--text-muted); font-size: 0.85rem;">Version 0.3.2 &mdash; March 15, 2026</p>
+            <p style="color: var(--text-muted); font-size: 0.85rem;">Version 0.3.3 &mdash; March 15, 2026</p>
 
             <div class="downloads">
-                <a href="itsgoin-0.3.2.apk" class="download-btn btn-android">
+                <a href="itsgoin-0.3.3.apk" class="download-btn btn-android">
                     Android APK
-                    <span class="sub">v0.3.2</span>
+                    <span class="sub">v0.3.3</span>
                 </a>
-                <a href="itsgoin_0.3.2_amd64.AppImage" class="download-btn btn-linux">
+                <a href="itsgoin_0.3.3_amd64.AppImage" class="download-btn btn-linux">
                     Linux AppImage
-                    <span class="sub">v0.3.2</span>
+                    <span class="sub">v0.3.3</span>
                 </a>
             </div>
         </section>
@@ -45,7 +45,7 @@
                 <h3 style="color: var(--accent);">Android</h3>
                 <ol class="steps">
                     <li><strong>Download the APK</strong> &mdash; Tap the button above. Your browser may warn that this type of file can be harmful &mdash; tap <strong>Download anyway</strong>.</li>
-                    <li><strong>Open the file</strong> &mdash; When the download finishes, tap the notification or find <code>itsgoin-0.3.2.apk</code> in your Downloads folder and tap it.</li>
+                    <li><strong>Open the file</strong> &mdash; When the download finishes, tap the notification or find <code>itsgoin-0.3.3.apk</code> in your Downloads folder and tap it.</li>
                     <li><strong>Allow installation</strong> &mdash; Android will ask you to allow installs from this source. Tap <strong>Settings</strong>, toggle <strong>"Allow from this source"</strong>, then go back and tap <strong>Install</strong>.</li>
                     <li><strong>Launch the app</strong> &mdash; Once installed, tap <strong>Open</strong> or find ItsGoin in your app drawer.</li>
                 </ol>
@@ -58,8 +58,8 @@
                 <h3 style="color: var(--green);">Linux (AppImage)</h3>
                 <ol class="steps">
                     <li><strong>Download the AppImage</strong> &mdash; Click the button above to download.</li>
-                    <li><strong>Make it executable</strong> &mdash; Open a terminal and run:<br><code>chmod +x itsgoin_0.3.2_amd64.AppImage</code></li>
-                    <li><strong>Run it</strong> &mdash; Double-click the file, or from the terminal:<br><code>./itsgoin_0.3.2_amd64.AppImage</code></li>
+                    <li><strong>Make it executable</strong> &mdash; Open a terminal and run:<br><code>chmod +x itsgoin_0.3.3_amd64.AppImage</code></li>
+                    <li><strong>Run it</strong> &mdash; Double-click the file, or from the terminal:<br><code>./itsgoin_0.3.3_amd64.AppImage</code></li>
                 </ol>
                 <div class="note">
                     <strong>Note:</strong> If it doesn't launch, you may need to install FUSE:<br><code>sudo apt install libfuse2</code> (Debian/Ubuntu) or <code>sudo dnf install fuse</code> (Fedora).
@@ -70,8 +70,16 @@
         <section>
             <h2>Changelog</h2>
             <div class="changelog">
-                <div class="changelog-date">v0.3.2 &mdash; March 15, 2026</div>
+                <div class="changelog-date">v0.3.3 &mdash; March 16, 2026</div>
                 <ul>
+                    <li><strong>IPv6 HTTP address fix</strong> &mdash; Nodes with public IPv6 now correctly advertise their real address for direct browser access, instead of <code>0.0.0.0</code>. Fixes share link video/image serving for IPv6-reachable nodes.</li>
+                    <li><strong>Video preload fix</strong> &mdash; Share link videos and in-app videos from peers now buffer properly for playback (<code>preload="auto"</code>). Previously only the first frame loaded.</li>
+                    <li><strong>Connection rate limiting</strong> &mdash; Incoming connections that fail authentication are rate-limited per source IP (3 attempts, then exponential backoff up to ~4 minutes). Prevents CPU exhaustion from rogue or stale nodes spamming auth failures.</li>
+                    <li><strong>Schema versioning</strong> &mdash; Database tracks schema version via <code>PRAGMA user_version</code>. Future upgrades can run data migrations automatically. Databases too old to migrate are reset cleanly.</li>
+                    <li><strong>N2/N3 freshness</strong> &mdash; TTL reduced from 7 days to 5 hours. Full N1/N2 state re-broadcast every 4 hours catches missed diffs.</li>
+                    <li><strong>Bootstrap isolation recovery</strong> &mdash; 24 hours after startup, nodes verify the bootstrap anchor is within N1/N2/N3 reach. If absent, they reconnect and request referrals. Bootstrap is added to sticky N1 for 24 hours so mesh peers discover it via diffs.</li>
+                    <li><strong>Following: Online/Offline</strong> &mdash; People tab splits followed peers into Online and Offline sections with &ldquo;Last online&rdquo; timestamps.</li>
+                    <li><strong>DM filter</strong> &mdash; Direct messages no longer appear in My Posts tab.</li>
                     <li><strong>Bidirectional engagement propagation</strong> &mdash; Reactions and comments now flow both upstream (toward author) and downstream through the CDN tree. Previously only downstream propagation existed, so the post author often never received reactions.</li>
                     <li><strong>Auto downstream registration</strong> &mdash; Nodes that receive a post via pull sync or push notification automatically register as downstream peers. This ensures engagement diffs reach all holders without manual registration.</li>
                     <li><strong>Upstream tracking</strong> &mdash; New <code>post_upstream</code> table records which peer each post was received from, enabling engagement to flow back toward the author hop-by-hop through the CDN tree.</li>