From 27cfa6aca3f4bf53cd7f9b8b99cc00c723e00f46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Orhun=20Parmaks=C4=B1z?= <orhunparmaksiz@gmail.com>
Date: Sun, 7 Nov 2021 17:44:10 +0300
Subject: [PATCH] chore(release): prepare for v0.6.0

---
 CHANGELOG.md | 18 ++++++++++++++++++
 Cargo.lock   |  2 +-
 Cargo.toml   |  2 +-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 489b002..407eb7b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,24 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.6.0] - 2021-11-07
+### Added
+- Support pasting files from remote URLs (via `remote=` form field)
+  - `{server.max_content_length}` is used for download limit
+  - See [README.md#paste-file-from-remote-url](https://github.com/orhun/rustypaste#paste-file-from-remote-url)
+
+- Hot reload configuration file to apply configuration changes instantly without restarting the server
+
+### Changed
+- Library: Switch to Rust 2021 edition
+
+### Security
+- Prevent serving an already expired file
+
+In the previous versions, it was possible to view an expired file by using the correct extension (timestamp). e.g. `paste.com/expired_file.txt.1630094518049` will serve the file normally although `paste.com/expired_file.txt` says that it is expired. This version fixes this vulnerability by regex-checking the requested file's extension.
+
+reference: [f078a9afa74f8608ee3f2a6e705159df15915c78](https://github.com/orhun/rustypaste/commit/f078a9afa74f8608ee3f2a6e705159df15915c78)
+
 ## [0.5.0] - 2021-10-12
 ### Added
 - Added an entry in the configuration file to disable "duplicate uploads":
diff --git a/Cargo.lock b/Cargo.lock
index a9e9362..b2b1f7b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1658,7 +1658,7 @@ dependencies = [
 
 [[package]]
 name = "rustypaste"
-version = "0.5.0"
+version = "0.6.0"
 dependencies = [
  "actix-files",
  "actix-multipart",
diff --git a/Cargo.toml b/Cargo.toml
index 48cd965..5933a0d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rustypaste"
-version = "0.5.0"
+version = "0.6.0"
 edition = "2021"
 description = "A minimal file upload/pastebin service"
 authors = ["Orhun Parmaksız <orhunparmaksiz@gmail.com>"]