rustypaste-pretty/CHANGELOG.md

3.9 KiB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.6.3] - 2022-02-24

Added

  • Support setting the authentication token in the configuration file.
    • This is an alternative (but not recommended) way of setting up authentication when the use of AUTH_TOKEN environment variable is not applicable.
[server]
auth_token="hunter2"

[0.6.2] - 2021-12-05

Updated

  • Improve the concurrency

[0.6.1] - 2021-11-16

Fixed

  • Gracefully handle the hot-reloading errors.
    • Errors that may occur while locking the Mutex are handled properly hence a single configuration change cannot take down the whole service due to poisoning.

[0.6.0] - 2021-11-07

Added

  • Support pasting files from remote URLs (via remote= form field)

  • Hot reload configuration file to apply configuration changes instantly without restarting the server

Changed

  • Library: Switch to Rust 2021 edition

Security

  • Prevent serving an already expired file

In the previous versions, it was possible to view an expired file by using the correct extension (timestamp). e.g. paste.com/expired_file.txt.1630094518049 will serve the file normally although paste.com/expired_file.txt says that it is expired. This version fixes this vulnerability by regex-checking the requested file's extension.

reference: f078a9afa74f8608ee3f2a6e705159df15915c78

[0.5.0] - 2021-10-12

Added

  • Added an entry in the configuration file to disable "duplicate uploads":
[paste]
# default: true
duplicate_files = false

Under the hood, it checks the SHA256 digest of the uploaded files.

[0.4.1] - 2021-09-19

Changed

[0.4.0] - 2021-08-27

Added

  • Support expiring links (via expire: header)
    • Timestamps are used as extension for expiring files
    • Expired files can be cleaned up with this command
  • Support one shot links (via oneshot= form field)
    • {server.upload_path}/oneshot is used for storage

[0.3.1] - 2021-08-10

Fixed

[0.3.0] - 2021-08-09

Added

  • Support overriding MIME types (config: mime_override)
  • Support blacklisting MIME types (config: mime_blacklist)

[0.2.0] - 2021-08-04

Added

  • Support shortening URLs (via url= form field)
    • {server.upload_path}/url is used for storage

[0.1.3] - 2021-07-28

Fixed

  • Prevent sending empty file name and zero bytes
  • Prevent path traversal on upload directory (#2)
  • Check the content length while reading bytes for preventing OOM (#1)

[0.1.2] - 2021-07-27

Changed

  • Update Continuous Deployment workflow to publish Docker images

[0.1.1] - 2021-07-27

Initial release.