jesec/flood v4.1.0

Release v4.1.0

on GitHub

flood.js.org/Changelog-4.1

⚠️ Changes that may require manual attention: ⚠️

• Configuration is now schema validated before the start of Flood server
  • No action required if you use (preferred and default) CLI configuration interface
  • This ensures that when the config.js needs to be updated, the failure happens loud and early
  • Check shared/schema/Config.ts for more details
• Enforces that the length of secret must be larger than 30
  • Secret can be brute forced locally without interaction with the server
    • However, an attacker must get a valid token (generated by proper authentication) first
      • If all users are trusted, attackers have no way to get a valid token
  • Secret is used to sign authentication tokens but it is NOT linked to the password
    • Attacker may log into Flood as any user if they have the secret
      • However, they are still constrained by capabilities and settings (such as --allowedpath) of Flood

Other changes:

• Tag selector preference:
  • Single selection
  • Multi selection
• UX enhancements to tag selector
• Suggest destination based on selected tag
• add-urls and add-files API endpoints no longer fail if destination property is not provided
  • Download destination fallback has been implemented:
    • Tag-specific preferred download destination
    • Last used download destination
    • Default download destination of connected torrent client
  • This makes things easier for API users
  • No direct impact on Flood itself
• Remember last used "Add Torrents" tab
• Remove center alignment of certain modals to align with global styles
• Disallow browser's input suggestion when tag selector or folder browser is open
• Don't pop up the browser menu on right click while context menu is open
• Experimental standalone (single-executable) builds
• New translations
  • German, thanks to @chint95
  • Romanian, thanks to @T-z3P
• Bump dependencies
• Bug fixes:
  • Properly handle "error" alerts (display "❗" icon instead of "✅" icon)