Releases Tags
-
3.2.0 Stable
neil released this 8 months ago | 1 commits to master since this release
Breaking changes
- A 64-bit cookie key is now required for security reasons. You may generate a new cookie key with the command
openssl rand -base64 64 | tr -d '\n'. - The phishing password must now be longer than 16 characters or rs-short won’t start.
Added
- Configuration files are now checked at start time.
Changed
- Migrated from
lazy_statictoonce_cell(#26, thanks @Monique!) - Updated
actix-webto 4.2 and disabled default features - Added checks for each configuration option
- Fixed formatting and clippy warnings
- Unsafe code is now forbidden
Downloads
- A 64-bit cookie key is now required for security reasons. You may generate a new cookie key with the command
-
3.1.0 Stable
Changed
- Updated diesel to v2.0 (#22)
- Use the RETURNING clause to divide the number of queries by two with PostgreSQL and SQLite (#10)
- Updated
lists.tomlwith new blocklisted websites and more permissive regexes.
Thanks @Monique for her major contribution to this release!
Downloads
-
3.0.1 Stable
Fixes
- Hotfix: missing content-type header
60cdff51e4
Downloads
- Hotfix: missing content-type header
-
3.0.0 Stable
Breaking changes
- Blocklists have been completely reworked. Please check the
lists.tomlfile and fill it according to your needs.- Links are now matched with regular expressions, update your old lists accordingly.
- Changes in the configuration file:
- New parameter:
verbose_levelwhich defaults tonotice. - Deleted parameter:
max_cache_size. The database cache has been deprecated.- Please do not use SQLite in production and migrate to PostgreSQL or MySQL.
- New parameter:
Added
- Support for PostgreSQL and MySQL (#4)
- Allowlists and blocklists with regex support
- Each blocked link can be sorted in different categories (
shortener,freehost,spam) with associated error messages for the end user.
- Each blocked link can be sorted in different categories (
- Bundled a default blocklist
- Log levels:
info,notice,warnandcrit. - Instructions for running rs-short with nginx or systemd (thanks @unclesamulus !)
Improved
Removed
- Internal database cache has been removed (#16)
- Dependency to
urlcrate removed.
Downloads
- Blocklists have been completely reworked. Please check the
-
2.2.4 Stable
Changed
Updated dependencies.
Downloads
-
2.2.3 Stable
Added
rs-short has been translated in Occitan by @Quentin in #13, thanks a lot!
Changed
- Updated dependencies
- Updated to Rust edition 2021
- Fixed compilation & clippy warnings
Downloads
-
2.2.1 Stable
Security
f4b3753e27: Fixing XSS vulnerability on the link administration page due to bad URL sanitization. NB: The main instance (s.42l.fr) is not affected by this issue thanks to the CSP header, which forbids JavaScript execution on the page.
Thanks to polyedre for reporting the issue.
Fixes
a5028ec515: Links are now trimmed before being saved in database.f4d2edb4ad: The hoster logo now displays correctly on phishing page.
Downloads
-
2.2.0 Stable
Security
- Added protocol restrictions. Notably,
file://is no longer allowed.
The allowed protocols list is hardcoded in
src/init.rs.To my knowledge, there has been no abuse of this security vulnerability in production on the main instance.
Added
- Soft blacklist to prevent users from shortening certain URLs without banning them
- Now catching 404 (invalid routes)
- Implemented link caching.
- The link cache works as a failover when the SQLite database is locked, making it way more resilient in production.
- The cache size can be configured using the new config option
max_cache_size. The default recommended value is 250. - It doesn't change the fact that SQLite in production sucks, though. I'll add postgres/mysql support later.
Fixed
- Instance hostname is now prefixing the custom link name (UX improvement)
Downloads
- Added protocol restrictions. Notably,