7.6 KiB
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[0.8.2] - 2022-10-04
Updated
- Don't expose version endpoint in default config
- Set
expose_version
tofalse
in the configuration file
- Set
[0.8.1] - 2022-10-04
Added
- Add
<server_address>/version
endpoint for retrieving the server version
[server]
expose_version=true
If expose_version
entry is not present in the configuration file, /version
is not exposed. It is recommended to use this feature with authorization enabled.
Fixed
- Replace unmaintained
dotenv
crate withdotenvy
- Fixes RUSTSEC-2021-0141
[0.8.0] - 2022-10-03
Added
- Support adding a landing page
You can now specify a landing page text in the configuration file as follows:
[server]
landing_page = """
boo 👻
======
welcome!
"""
If the landing page entry is not present in the configuration file, visiting the index page will redirect to the repository.
Updated
- Do not check for duplicate files by default
- Set
duplicate_files
totrue
in the configuration file - It is an expensive operation to do on slower hardware and can take an unreasonable amount of time for bigger files
- Set
- Enable GitHub Sponsors for funding
- Consider supporting me for my open-source work 💖
[0.7.1] - 2022-05-21
Added
- Aggressively test everything
- Add the missing unit tests for the server endpoints (code coverage is increased to 84%)
- Create a custom testing framework (written in Bash) for adding test fixtures
[0.7.0] - 2022-03-26
Added
- Support auto-deletion of expired files
rustypaste
can now delete the expired files by itself. To enable this feature, add the following line to the [paste]
section in the configuration file:
# expired files will be cleaned up hourly
delete_expired_files = { enabled = true, interval = "1h" }
For users who want to have this feature disabled, there is an alternative shell script recommended in the documentation.
- Add systemd service files
- systemd files have been added to serve files from
/var/lib/rustypaste
, createrustypaste
user automatically viasystemd-sysusers
and configureAUTH_TOKEN
viarustypaste.env
. - For the installation and usage, see the Arch Linux PKGBUILD.
- systemd files have been added to serve files from
Updated
- Upgrade Actix dependencies
actix-web
is updated to4.0.*
- Strip the binaries during automated builds
- Size of the Docker image is reduced by ~20%
Fixed
- Prevent invalid attempts of serving directories
- This fixes an issue where requesting a directory was possible via e.g.
curl --path-as-is 0.0.0.0:8080/.
- This issue had no security impact (path traversal wasn't possible) since internal server error was returned.
- This fixes an issue where requesting a directory was possible via e.g.
[0.6.5] - 2022-03-13
Added
- Add instructions for installing rustypaste on Arch Linux
pacman -S rustypaste
🎉
Fixed
- Fix a bug where the use of
CONFIG
environment variable causes a conflict between the configuration file path and[config]
section
[0.6.4] - 2022-03-11
Added
- Support setting the refresh rate for hot-reloading the configuration file.
[config]
refresh_rate="1s"
- Support setting the timeout for HTTP requests.
[server]
timeout="30s"
Security
- Bump regex crate to 1.5.5
- Fixes CVE-2022-24713
[0.6.3] - 2022-02-24
Added
- Support setting the authentication token in the configuration file.
- This is an alternative (but not recommended) way of setting up authentication when the use of
AUTH_TOKEN
environment variable is not applicable.
- This is an alternative (but not recommended) way of setting up authentication when the use of
[server]
auth_token="hunter2"
[0.6.2] - 2021-12-05
Updated
- Improve the concurrency
- Shrink the scope of non-suspendable types (
#[must_not_suspend]
) for dropping them before reaching a suspend point (.await
call). This avoids possible deadlocks, delays, and situations whereFuture
s not implementingSend
. - Reference: https://rust-lang.github.io/rfcs/3014-must-not-suspend-lint.html
- Shrink the scope of non-suspendable types (
[0.6.1] - 2021-11-16
Fixed
- Gracefully handle the hot-reloading errors.
[0.6.0] - 2021-11-07
Added
-
Support pasting files from remote URLs (via
remote=
form field){server.max_content_length}
is used for download limit- See README.md#paste-file-from-remote-url
-
Hot reload configuration file to apply configuration changes instantly without restarting the server
Changed
- Library: Switch to Rust 2021 edition
Security
- Prevent serving an already expired file
In the previous versions, it was possible to view an expired file by using the correct extension (timestamp). e.g. paste.com/expired_file.txt.1630094518049
will serve the file normally although paste.com/expired_file.txt
says that it is expired. This version fixes this vulnerability by regex-checking the requested file's extension.
reference: f078a9afa74f8608ee3f2a6e705159df15915c78
[0.5.0] - 2021-10-12
Added
- Added an entry in the configuration file to disable "duplicate uploads":
[paste]
# default: true
duplicate_files = false
Under the hood, it checks the SHA256 digest of the uploaded files.
[0.4.1] - 2021-09-19
Changed
- Update README.md:
- Mention the new standalone tool: rustypaste-cli
- Add installation section.
[0.4.0] - 2021-08-27
Added
- Support expiring links (via
expire:
header)- Timestamps are used as extension for expiring files
- Expired files can be cleaned up with this command
- Support one shot links (via
oneshot=
form field){server.upload_path}/oneshot
is used for storage
[0.3.1] - 2021-08-10
Fixed
- Switch to upload-release-action for uploading releases
[0.3.0] - 2021-08-09
Added
- Support overriding MIME types (config:
mime_override
) - Support blacklisting MIME types (config:
mime_blacklist
)
[0.2.0] - 2021-08-04
Added
- Support shortening URLs (via
url=
form field){server.upload_path}/url
is used for storage
[0.1.3] - 2021-07-28
Fixed
- Prevent sending empty file name and zero bytes
- Prevent path traversal on upload directory (#2)
- Check the content length while reading bytes for preventing OOM (#1)
[0.1.2] - 2021-07-27
Changed
- Update Continuous Deployment workflow to publish Docker images
[0.1.1] - 2021-07-27
Initial release.