Releases Tags
-
3.0.1
released this 3 weeks ago | 2 commits to master since this release
Fixes
- Hotfix: missing content-type header
60cdff51e4
Downloads
- Hotfix: missing content-type header
-
3.0.0
released this 3 weeks ago | 3 commits to master since this release
Breaking changes
- Blocklists have been completely reworked. Please check the
lists.toml
file and fill it according to your needs.- Links are now matched with regular expressions, update your old lists accordingly.
- Changes in the configuration file:
- New parameter:
verbose_level
which defaults tonotice
. - Deleted parameter:
max_cache_size
. The database cache has been deprecated.- Please do not use SQLite in production and migrate to PostgreSQL or MySQL.
- New parameter:
Added
- Support for PostgreSQL and MySQL (#4)
- Allowlists and blocklists with regex support
- Each blocked link can be sorted in different categories (
shortener
,freehost
,spam
) with associated error messages for the end user.
- Each blocked link can be sorted in different categories (
- Bundled a default blocklist
- Log levels:
info
,notice
,warn
andcrit
. - Instructions for running rs-short with nginx or systemd (thanks @unclesamulus !)
Improved
Removed
- Internal database cache has been removed (#16)
- Dependency to
url
crate removed.
Downloads
- Blocklists have been completely reworked. Please check the
-
2.2.4
released this 3 months ago | 25 commits to master since this release
Changed
Updated dependencies.
Downloads
-
2.2.3
released this 6 months ago | 26 commits to master since this release
Added
rs-short has been translated in Occitan by @Quentin in #13, thanks a lot!
Changed
- Updated dependencies
- Updated to Rust edition 2021
- Fixed compilation & clippy warnings
Downloads
-
2.2.1
released this 1 year ago | 39 commits to master since this release
Security
f4b3753e27
: Fixing XSS vulnerability on the link administration page due to bad URL sanitization. NB: The main instance (s.42l.fr) is not affected by this issue thanks to the CSP header, which forbids JavaScript execution on the page.
Thanks to polyedre for reporting the issue.
Fixes
a5028ec515
: Links are now trimmed before being saved in database.f4d2edb4ad
: The hoster logo now displays correctly on phishing page.
Downloads
-
2.2.0
released this 1 year ago | 43 commits to master since this release
Security
- Added protocol restrictions. Notably,
file://
is no longer allowed.
The allowed protocols list is hardcoded in
src/init.rs
.To my knowledge, there has been no abuse of this security vulnerability in production on the main instance.
Added
- Soft blacklist to prevent users from shortening certain URLs without banning them
- Now catching 404 (invalid routes)
- Implemented link caching.
- The link cache works as a failover when the SQLite database is locked, making it way more resilient in production.
- The cache size can be configured using the new config option
max_cache_size
. The default recommended value is 250. - It doesn't change the fact that SQLite in production sucks, though. I'll add postgres/mysql support later.
Fixed
- Instance hostname is now prefixing the custom link name (UX improvement)
Downloads
- Added protocol restrictions. Notably,
-
2.1.2
released this 2 years ago | 54 commits to master since this release
Fixes
- 500 Internal Server Errors due to database locks, mitigated with #1
Downloads
-
2.1.1
released this 2 years ago | 56 commits to master since this release
Fixed
- Template error in
templates/phishing.html
introduced in version 2.1.0.
Downloads
- Template error in
-
2.1.0
released this 2 years ago | 57 commits to master since this release
Version 2.1.0
Added
hoster_name
option in configuration- Configuration file versioning
- CSS versioning
Changed
- Now uses Rust
stable
branch instead ofnightly
. - Replaced
try
blocks intemplates.rs
to compile in stable. - Increased default duration for suspicious link detection
Fixes
- Removing
env_logger
dependency - Last octet of the remote host's IP being cut
- Lowercasing the page language attribute in the
<html>
tag - Code quality improvements (fixed clippy warnings)
Downloads