Skip to content

1.7: Reaction
Compare
Choose a tag to compare
@ajdiaz ajdiaz released this 08 Apr 17:47
· 59 commits to master since this release
1.7
0b2960d
This commit was signed with the committer’s verified signature. The key has expired.
ajdiaz ajdiaz
GPG key ID: 5CE181D35CEF8C82
Expired
Learn about vigilant mode.

Changelog

0b2960d: fix: honored changes with untrusted sources
f238adc: bump: release version 1.7
c5adbfb: feat: add command timeline orphans
9e00103: feat: add command action rebuild
bea8e61: style: add spin when loading events
8387d49: doc: add protocol documentation in HACKING file
5487730: fix: optional requirements do not result in fatal
f4c6717: fix!: solve security problem related with replies and labels
b1496ce: feat: add config edit command
afab9c0: feat: allow index negative numbers
3a5ce5f: Add CONTENT.md feature

Release notes

  • This version fix an important security issue that allows an user to get engagement from post and then change the post. Due to this change, there are a new feature called unstrusted events which allows timeline to ignore events references (replies. tags, scores...) that do not match with the content. THIS IS A BREAKING CHANGE. Events created with newer versions include an hmac to avoid this problems, but older ones doesn't. There is a configuration parameter timeline.show-untrusted-items that when false do not show events with mismatched hmacs. Until version 1.9 this feaure will be disabled by default, but please enable yourself in the config file to be prepared.

  • A couple of new commands are added: timeline orphans which show the orphaned events (tipically events who refer to other event that is not in your timeline, like replies to others who you don't follow, or events with mismatch hmac), and account rebuild which recreate the account repository from config if you accidentaly remove from your ~/.local/share/tl folder.

Assets 3
Loading