Skip to content

v0.3.4
Compare
Choose a tag to compare
@girlbossceo girlbossceo released this 17 May 08:04
· 1376 commits to main since this release
v0.3.4
6ef4781

conduwuit

Release 0.3.4

Hi everyone! conduwuit 0.3.4 has been released. This is a small maintenance release in preparation for the upcoming v0.4.0 release later this week. No new features were added.

conduwuit was officially added to Complement, and support for running the Content-Disposition safety tests was added there too. (matrix-org/complement#723)

Through those Complement tests, we found one more edge-case Content-Type being allowed as inline (image/svg+xml) and currently we now pass all 3 Content-Disposition Complement tests after fixing that.

In addition, we now fully distrust the client or remote server's Content-Type for all media (uploads, thumbnails, and downloads) and return what we detected the file is (with a valid fallback to application/octet-stream).

Both of these further improve client security by making sure we detect the true file fully, and we send the correct behaviour to web browsers.

The Debian packaging has been fixed as it's been broken for a while and partially in upstream, some CI improvements were made, and cleaned up some documentation and example configs in our repo.

Commit history: v0.3.3...v0.3.4

GitHub Releases | Docker Hub | NixOS

Liberapay | GitHub Sponsors | Ko-fi

Chat with us in #conduwuit:puppygock.gay

Assets 14
Loading