orhun/rustypaste v0.17.0

on GitHub

Added

• Support server hardening by @y5 in #508

Two new configuration options are added:

[server]
text_mime_overrides = [
  "application/toml",
  "application/yaml",
  "application/x-yaml",
]

hardening = true

1. text_mime_overrides: Additional MIME types to render as text/plain when serving files. This is useful for preventing XSS attacks when serving files that would otherwise be rendered as HTML or JavaScript in the browser.
2. hardening: When set to true, the server will include security headers such as X-Content-Type-Options: nosniff and a basic Content-Security-Policy to mitigate XSS and other attacks.

Remote URL uploads are now also validated to reject localhost and other disallowed address ranges, while still allowing private intranet IPv4 ranges such as 10.0.0.0/8 and 192.168.0.0/16.

• Support overriding filename when paste from remote URL by @rtk0c in #504

For example:

curl -F "remote=https://example.com/file.png" -H "filename: foobar.png" "<server_address>"

file.png will be saved as foobar.png in the server.

• Support no extension for random URLs by @tessus in #439

[paste]
random_url = { type = "alphanumeric", length = 8, no_extension = true }

When no_extension is set to true, the generated random URLs will not have an extension, even if the original file has one.

For example, if you upload a file named example.txt, it might be saved as a1b2c3d4 instead of a1b2c3d4.txt.

• Add rustypaste-ui to third-party clients list by @Silvenga in #487

A new third-party client has dropped!

• Add 3rd party ShareX client by @Null-Kelvin in #448

• Add a OpenRC service file by @divideableZero in #536

Changed

• Allow to blacklist a whole class of mime-types by @mscherer in #513

This makes it possible to e.g. block all image types with a single entry in the blacklist:

[paste]
mime_blacklist = ["image/"]

• Allow HEAD method for /{file} endpoint by @tessus in #530
• Migrate from deprecated bash uploader to codecov-action v5 by @EzgiTastan in #521

New Contributors

• @y5 made their first contribution in #508
• @divideableZero made their first contribution in #536
• @mtvrsh made their first contribution in #526
• @EzgiTastan made their first contribution in #521
• @mscherer made their first contribution in #513
• @rtk0c made their first contribution in #504
• @Silvenga made their first contribution in #487
• @Null-Kelvin made their first contribution in #448