github aldinokemal/go-whatsapp-web-multidevice v8.1.2
on GitHub

one day ago

What's New in v8.1.2

🔧 Patch Release: Security Fix & Bug Fixes

This patch release includes an important security fix and several bug fixes.

🔒 Security Fixes

Prevent Cross-Device Data Leak in Chat Message Queries (#525)

  • Issue: Device A could potentially read chat history belonging to Device B when they share the same target JID
  • Fix: Add device_id filtering to message queries with fail-fast validation
  • Impact: Ensures complete data isolation between devices at multiple layers (usecase, wrapper, and repository)
  • Changes:
    • Add DeviceID field to MessageFilter struct
    • Require device_id in GetMessages/SearchMessages
    • Add early deviceID validation in GetChatMessages usecase
    • Remove race-prone state mutations in wrapper repositories

🐛 Bug Fixes

React to Other Users' Messages (#535)

  • Issue: ReactMessage was hardcoded with FromMe=true, which only worked for reacting to your own messages
  • Fix: Look up the message in the database to get the correct IsFromMe value
  • Impact: Users can now properly react to messages sent by others

Webhook Event Whitelist Filtering (#539)

  • Issue: After setting whitelist env to just message, webhook was still receiving message.ack events from groups
  • Fix: Properly route group events through whitelist filter and fix event name mismatches
  • Impact: Webhook event filtering now works correctly for all event types
  • Changes:
    • Fixed event names to match documented names (message.ack, message.deleted, etc.)
    • Group events now properly go through whitelist filtering
    • Added comprehensive test coverage for whitelist filtering
  • Breaking Change ⚠️: The message.deleted payload structure changed from flat to nested format to align with other webhook events

🔧 Technical Improvements

Dependency Updates

  • go.mau.fi/whatsmeow: Updated to latest version
  • golang.org/x/crypto: Updated to v0.47.0
  • golang.org/x/net: Updated to v0.49.0
  • golang.org/x/image: Updated to v0.35.0
  • github.com/sirupsen/logrus: Updated to v1.9.4
  • github.com/klauspost/compress: Updated to v1.18.3
  • Other Dependencies: Various Go module updates for stability

What's Changed

  • fix(security): prevent cross-device data leak in chat message queries by @aldinokemal in #525
  • fix: react to other users' messages by looking up IsFromMe from database by @aldinokemal in #535
  • fix: webhook event whitelist filtering for groups and proper event names by @aldinokemal in #539

Full Changelog: v8.1.1...v8.1.2

Check out latest releases or
releases around aldinokemal/go-whatsapp-web-multidevice v8.1.2

Don't miss a new go-whatsapp-web-multidevice release

NewReleases is sending notifications on new releases.

Get notifications