diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
index 308805c..8645015 100644
--- a/.github/workflows/changelog.yml
+++ b/.github/workflows/changelog.yml
@@ -3,7 +3,7 @@ name: Update changelog
 on:
   push:
     tags:
-      - "*"
+      - "[0-9]+.[0-9]+.[0-9]+"
   workflow_dispatch:
     inputs:
       release_version:
@@ -18,13 +18,26 @@ jobs:
     steps:
       - name: Checkout Code
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Find previous stable tag
+        id: prev_tag
+        run: |
+          CURRENT_TAG="${{ github.ref_name }}"
+          # List all tags matching X.Y.Z (no suffix), sorted by version descending
+          # Exclude the current tag, then take the first match as the previous stable tag
+          PREV_TAG=$(git tag -l --sort=-v:refname | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | grep -v "^${CURRENT_TAG}$" | head -n 1)
+          echo "prev_tag=${PREV_TAG}" >> "$GITHUB_OUTPUT"
+          echo "Current tag: ${CURRENT_TAG}, Previous stable tag: ${PREV_TAG}"
 
       - name: Update CHANGELOG
         id: changelog
         uses: requarks/changelog-action@v1
         with:
           token: ${{ github.token }}
-          tag: ${{ github.ref_name }}
+          fromTag: ${{ github.ref_name }}
+          toTag: ${{ steps.prev_tag.outputs.prev_tag }}
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v7
@@ -34,6 +47,7 @@ jobs:
           title: "docs: update CHANGELOG.md for ${{ github.ref_name }}"
           body: |
             Auto-generated changelog update for release ${{ github.ref_name }}.
+            Comparing changes from `${{ steps.prev_tag.outputs.prev_tag }}` to `${{ github.ref_name }}`.
 
             This PR was automatically created by the changelog workflow.
           branch: changelog/${{ github.ref_name }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 327d054..71ec54c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -49,6 +49,20 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CSC_LINK: ${{ secrets.APPLE_CERTIFICATE }}
           CSC_KEY_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+
+      - name: Submit notarization (async)
+        if: matrix.platform == 'mac'
+        continue-on-error: true
+        run: |
+          for dmg in release/*.dmg; do
+            echo "Submitting $dmg for notarization..."
+            xcrun notarytool submit "$dmg" \
+              --apple-id "$APPLE_ID" \
+              --password "$APPLE_APP_SPECIFIC_PASSWORD" \
+              --team-id "$APPLE_TEAM_ID"
+          done
+        env:
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
           APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
diff --git a/package.json b/package.json
index 703e58f..d50d1bc 100644
--- a/package.json
+++ b/package.json
@@ -87,9 +87,7 @@
       "entitlements": "build/entitlements.mac.plist",
       "entitlementsInherit": "build/entitlements.mac.plist",
       "forceCodeSigning": false,
-      "notarize": {
-        "teamId": "${env.APPLE_TEAM_ID}"
-      }
+      "notarize": false
     },
     "win": {
       "target": "nsis",