github girlbossceo/conduwuit v0.4.1

latest releases: v0.4.7-rc, v0.4.6, v0.4.6-rc...
5 months ago

conduwuit

Release 0.4.1

Hi everyone! conduwuit 0.4.1 (and 0.4.0) has been released. The most important change were the various medium and high severity federation security fixes from inherited upstream code. It's strongly recommended users update to 0.4.1 as soon as possible.

These fixes impact the federation endpoints /send_join, /make_join, /send, /send_leave, /make_leave, /invite, and fix indirect bypass of room ACLs, and accepting inbound EDU impersonation such as read receipts, typing indicators, device messages, etc (except e2ee master key). Some Complement tests were also fixed as part of this that were loosely security related.

Due to the volume of fixes, the details and specific changes can be found here: #406

Other various changes in this release include CI/testing and Nix infrastructure improved, io_uring and jemalloc are enabled by default and in static binaries, Complement in CI is now enforcing, some misc logging improvements, and various code simplifications, improvements, removals, etc.

Commit history: v0.3.4...v0.4.1

GitHub Releases | Docker Hub | NixOS

Liberapay | GitHub Sponsors | Ko-fi

Chat with us in #conduwuit:puppygock.gay

Don't miss a new conduwuit release

NewReleases is sending notifications on new releases.