Skip to content

v0.3.2
Compare
Choose a tag to compare
@girlbossceo girlbossceo released this 05 May 20:54
· 1471 commits to main since this release
v0.3.2
cb70d51

This is a security release.

The Content-Disposition HTTP header has always been set to inline which causes untrusted content opened in browsers to be rendered, including HTML files, instead of downloading. This release forces them to all be attachment. This has no impact on Matrix clients.

Users who use a restrictive Content-Security-Policy are not affected by any XSS concerns here.

Assets 14
Loading