- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
no vulnerabilities since 2023-07-23
- there is a discord server with an
@everyone
in case of future important updates - v1.8.7 (2023-07-23) - CVE-2023-38501 - reflected XSS
- v1.8.2 (2023-07-14) - CVE-2023-37474 - path traversal (first CVE)
- all serverlogs reviewed so far (5 public servers) showed no signs of exploitation
new features
- argument
--log-badpwd
specifies how to log invalid login attempts;0
= just a warning with no further information1
= log incorrect password in plaintext (default)2
= log sha512 hash of the incorrect password1
and2
are convenient for stuff like setting up autoban triggers for common passwords using fail2ban or similar
bugfixes
- none!
- the formerly mentioned caching-directives bug turned out to be unreachable... oh well, better safe than sorry