github keithvassallomt/ClusterCut v0.3.0
on GitHub

7 hours ago

Release v0.3.0

Special thanks to @mdunphy for a fantastic security audit and re-architecture of ClusterCut's security!

Added

  • Image clipboard sync. Copy an image — for example with right-click → "Copy Image" in a browser, or from a screenshot tool — and it appears on your peers' clipboards, ready to paste into any app (Word, Preview, GIMP, etc.)
  • Rich-text clipboard sync. Copy formatted text — from Word, a browser, Pages, Apple Mail, etc. — and it appears on your peers' clipboards with formatting preserved. X11 rich-text is intentionally not supported

Fixed

  • Fixed issue where received files would sometimes be sent back to the sender.
  • Fixed issue where Windows was silently dropping several notifications.
  • Fixed missing scrollbars in history page.

Changed

  • The "having trouble connecting?" modal at startup now suppresses itself when at least one of your manual peers is on a directly-reachable subnet.
  • History page now supports rich item previews.

Security

  • Added a strict Content Security Policy to the Tauri WebView.
  • Pairing redesigned to run over a dedicated plaintext TCP channel rather than tunnelled inside an unauthenticated QUIC/TLS connection.
  • Strict mutual TLS for all post-pairing traffic. Both peers present their pinned cert and reject the connection at the TLS handshake if the other side's cert fingerprint doesn't match an entry in known_peers.json. Critically, the TLS handshake-signature step is now validated against the cert via rustls's WebPKI — pre-fix the verify_tls{12,13}_signature methods returned Ok(HandshakeSignatureValid::assertion()) unconditionally, so an attacker holding a copy of the legitimate (public) cert DER could stand up a TLS server presenting that cert with a different signing key and we'd accept it.
  • Application-layer ChaCha20-Poly1305 encryption is removed throughout.
  • Protocol-compatibility detection. Each device advertises its wire-protocol version in the mDNS proto TXT record. Discovered peers that don't advertise the property — or advertise a value below v0.3.0 — get a yellow warning triangle next to their hostname in both the cluster and discovery views (hover for an explanation), and the first time a clipboard send is attempted to one, a modal pops up naming the peer and asking the user to upgrade.
  • Wire-format break. Both the pairing channel (now plain TCP rather than QUIC) and the steady-state Message shape (typed payloads instead of Vec<u8> + cluster-key envelope) are incompatible with peers running 0.2.x or earlier-0.3.0-pre builds. No end users affected since 0.3.0 has not shipped. v0.3.0+ peers cannot pair with — or talk to — peers running older versions; the version check above surfaces the mismatch in the UI.

📦 Installation

Linux
If you're on a modern Linux distribution (i.e. with Wayland and Flatpak support), the recommended method of installing ClusterCut is via FriendlyHub.

Note

The latest version of the GNOME extension is v4.0. It may take a while for it to be approved on https://extensions.gnome.org. In the meantime, you can use the extension in the assets below.

Tip

If you need X11 support, or don't have Wayland/Flatpak support, use the RPM or DEB files from the assets in this release.

macOS
Download the DMG file from the assets of this release.

Windows
Download the EXE file from the assets of this release.

Full Changelog: https://github.com/keithvassallomt/ClusterCut/CHANGELOG.md

Check out latest releases or
releases around keithvassallomt/ClusterCut v0.3.0

Don't miss a new ClusterCut release

NewReleases is sending notifications on new releases.

Get notifications