Sign in

Releases & the update feed

Updated Jul 3, 2026

Devani distribution is deliberately boring: a zip file, a checksum, and an XML feed.

The feed

https://devani.io/latest.xml is the single source of release truth:

<version>2.3.0</version>
<download_url>https://devani.io/releases/devani-cms-2.3.0.zip</download_url>
<checksum_sha256>…</checksum_sha256>

The feed is notify-only. Sites poll it to display an update notice; nothing installs automatically, ever. Publishing a new release is therefore always a non-breaking act — installs change only when their admin applies the update from the System Update page, which verifies the download against the published checksum first.

What's in a release zip

The complete application, as readable source — the devani/ app directory plus the scaffolding a fresh site needs. What you download is what runs; there is no compiled or minified-only component. Updates replace application files and never touch a site's content tree or storage.

Consumers of the feed

  • Every install's update notice.
  • The one-command installer (fetches URL + checksum, verifies before extracting).
  • The devani.io download button (rewrites itself to the current version client-side).

Versioning practice

Semantic-ish: patch releases for fixes, minor for features (2.2.0 commerce, 2.3.0 Stripe-only + performance), and security releases labeled explicitly in their notes — those are the ones to apply promptly.

Was this helpful?

Related articles

Powered by Subido