github girlbossceo/conduwuit v0.3.4
on GitHub

latest releases: v0.4.6, v0.4.6-rc, v0.4.5...
4 months ago

conduwuit

Release 0.3.4

Hi everyone! conduwuit 0.3.4 has been released. This is a small maintenance release in preparation for the upcoming v0.4.0 release later this week. No new features were added.

conduwuit was officially added to Complement, and support for running the Content-Disposition safety tests was added there too. (matrix-org/complement#723)

Through those Complement tests, we found one more edge-case Content-Type being allowed as inline (image/svg+xml) and currently we now pass all 3 Content-Disposition Complement tests after fixing that.

In addition, we now fully distrust the client or remote server's Content-Type for all media (uploads, thumbnails, and downloads) and return what we detected the file is (with a valid fallback to application/octet-stream).

Both of these further improve client security by making sure we detect the true file fully, and we send the correct behaviour to web browsers.

The Debian packaging has been fixed as it's been broken for a while and partially in upstream, some CI improvements were made, and cleaned up some documentation and example configs in our repo.

Commit history: v0.3.3...v0.3.4

GitHub Releases | Docker Hub | NixOS

Liberapay | GitHub Sponsors | Ko-fi

Chat with us in #conduwuit:puppygock.gay

Check out latest releases or
releases around girlbossceo/conduwuit v0.3.4

Don't miss a new conduwuit release

NewReleases is sending notifications on new releases.

Get notifications