diff --git a/CHANGELOG.md b/CHANGELOG.md index 489b002..407eb7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,24 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [0.6.0] - 2021-11-07 +### Added +- Support pasting files from remote URLs (via `remote=` form field) + - `{server.max_content_length}` is used for download limit + - See [README.md#paste-file-from-remote-url](https://github.com/orhun/rustypaste#paste-file-from-remote-url) + +- Hot reload configuration file to apply configuration changes instantly without restarting the server + +### Changed +- Library: Switch to Rust 2021 edition + +### Security +- Prevent serving an already expired file + +In the previous versions, it was possible to view an expired file by using the correct extension (timestamp). e.g. `paste.com/expired_file.txt.1630094518049` will serve the file normally although `paste.com/expired_file.txt` says that it is expired. This version fixes this vulnerability by regex-checking the requested file's extension. + +reference: [f078a9afa74f8608ee3f2a6e705159df15915c78](https://github.com/orhun/rustypaste/commit/f078a9afa74f8608ee3f2a6e705159df15915c78) + ## [0.5.0] - 2021-10-12 ### Added - Added an entry in the configuration file to disable "duplicate uploads": diff --git a/Cargo.lock b/Cargo.lock index a9e9362..b2b1f7b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1658,7 +1658,7 @@ dependencies = [ [[package]] name = "rustypaste" -version = "0.5.0" +version = "0.6.0" dependencies = [ "actix-files", "actix-multipart", diff --git a/Cargo.toml b/Cargo.toml index 48cd965..5933a0d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustypaste" -version = "0.5.0" +version = "0.6.0" edition = "2021" description = "A minimal file upload/pastebin service" authors = ["Orhun Parmaksız "]