diced/zipline v4.4.1

on GitHub

⚠️ Security Advisories: If you are on versions <=4.4.0, please update immediately. v4.4.1 a number of different vulns (GHSA-rw9m-7mvm-6gxp, GHSA-2wfm-prg7-x586, GHSA-8xjg-qm2p-75gm, GHSA-8g3f-425r-35rq) which were fixed thanks to the help of @nojomyth-dev.

What's changed

• fixed animated gifs becoming static (#926)
• fixed PWA and favicons not working (#938)
• fixed compression type errors and race conditions
• fixed validations with max/default expirations
• fixed meta tags being outputted when disabled
• fixed lines being clamped on /view route
• fixed 2FA setup modal on mobile (#945)
• fixed thumbnails not showing up when viewing other users (#949)
• fixed super admins not being able to edit folders/tags (#948)
• fixed hanged uploads (#950) better error handling for partial uploads
• fixed encryption standards to use gcm instead of cbc
• fixed modulo bias in random chars
• fixed domains not validating properly (#951)
• fixed domains not showing up for non admins (#954)
• fixed typos in docker-compose.yml (#962)
• fixed titles not updating in some pages
• fixed 4 vulns (see above)
• fixed user/pass fields not including name attr (#963)
• added orphaned thumbnails cleanup job (#957)
• added input validation for all API routes (body, querystring, params)
  • this is kinda WIP, but everything should work properly
  • if you notice something not working please create an issue with console logs or zipline's logs
• added max expiration setting (#934)
• added debug env DEBUG_EVENT_EMITTER=true for #907 (please take a look at the issue if u have this issue)

More about input validation:
Since input validation is now handled by fastify + zod, I'm able to generate openapi schemas for the API. If you want to get the latest schema, head over to Actions > Generate OpenAPI spec > (click the latest job) > Scroll to artifacts and click the openapi-json one. Unzip it and you will have the openapi.json file for Zipline. Note that responses are not yet ported into this, and probably never will be, the only thing that is included are user input related fields.

If you want to check out the roadmap for v4.5.0: roadmap 4.5.0

Pulls merged

• feat: add maximum expiration value by @Zarox28 in #934
• fix: typo in docker-compose.yml by @raxod502 in #962
• fix: missing input field names by @raxod502 in #963

New Contributors

• @Zarox28 made their first contribution in #934
• @raxod502 made their first contribution in #962

Full Changelog: v4.4.0...v4.4.1