• Stable 2.2.2 7d91b699bf


    neil released this 6 months ago | 0 commits to master since this release


    • #9 Incorrect link cache behavior (thanks @KMK !)
  • Stable 2.2.1 f4b3753e27


    neil released this 6 months ago | 3 commits to master since this release


    • f4b3753e27 : Fixing XSS vulnerability on the link administration page due to bad URL sanitization. NB: The main instance (s.42l.fr) is not affected by this issue thanks to the CSP header, which forbids JavaScript execution on the page.

    Thanks to polyedre for reporting the issue.


    • a5028ec515 : Links are now trimmed before being saved in database.
    • f4d2edb4ad : The hoster logo now displays correctly on phishing page.
  • Stable 2.2.0 3b0c339f3c


    neil released this 8 months ago | 7 commits to master since this release


    • Added protocol restrictions. Notably, file:// is no longer allowed.

    The allowed protocols list is hardcoded in src/init.rs.

    To my knowledge, there has been no abuse of this security vulnerability in production on the main instance.


    • Soft blacklist to prevent users from shortening certain URLs without banning them
    • Now catching 404 (invalid routes)
    • Implemented link caching.
      • The link cache works as a failover when the SQLite database is locked, making it way more resilient in production.
      • The cache size can be configured using the new config option max_cache_size. The default recommended value is 250.
      • It doesn't change the fact that SQLite in production sucks, though. I'll add postgres/mysql support later.


    • Instance hostname is now prefixing the custom link name (UX improvement)
  • Stable 2.1.2 955d78b0bd


    neil released this 1 year ago | 18 commits to master since this release


    • 500 Internal Server Errors due to database locks, mitigated with #1
  • Stable 2.1.1 a91a4bed5f


    neil released this 1 year ago | 20 commits to master since this release


    • Template error in templates/phishing.html introduced in version 2.1.0.
  • Stable 2.1.0 9200ace716


    neil released this 1 year ago | 21 commits to master since this release

    Version 2.1.0


    • hoster_name option in configuration
    • Configuration file versioning
    • CSS versioning


    • Now uses Rust stable branch instead of nightly.
    • Replaced try blocks in templates.rs to compile in stable.
    • Increased default duration for suspicious link detection


    • Removing env_logger dependency
    • Last octet of the remote host's IP being cut
    • Lowercasing the page language attribute in the <html> tag
    • Code quality improvements (fixed clippy warnings)
  • Stable 2.0.0 b98ed7454c


    neil released this 1 year ago | 32 commits to master since this release

    Version 2.0.0

    The code base has been almost fully rewritten.

    The next version, which will be published very soon, will include further code quality improvements and the ability to compile on Rust stable.


    Database migrations feature has been introduced, but you need to your the database first to make it work.
    Please execute the following query:

    UPDATE __diesel_schema_migrations SET version="20190125012345" WHERE version="create";

    Now it should work. Feel free to tell me if it doesn't.

    • You must now edit the new configuration file config.toml. Please follow the README for more information.
    • If you had custom templates until now, they don't work anymore. But I don't believe anyone is concerned.


    • Automatic database migrations
    • Light theme improvements
    • New dark theme
    • Option to specify a link to the hoster's ToS and contact address
    • Ability to mark a link as phishing, that causes the phishing victim to be redirected to an information page.
    • Customizable captcha difficulty
    • Support for shortcut name blacklists
    • Phishing detection system, based on the number of clicks on a link for a specified duration.
    • Options to increase software verbosity


    • Migrated from Rocket to Actix.
    • Migrated from Handlebars to Askama.
    • Lots of internal changes. Take care while migrating.
    • URL blacklists has been renamed. Please check the repository to know the new names and rename your blacklists accordingly.


    • Admin link route /{shortcut}/{admin_key} now redirects to the new route /{shortcut}/admin/{admin_key} and might be removed in the future.


    • You can remove the Rocket.toml file at the repository root.


    • Redirected URLs containing a hash # and some other characters were not redirected.


    • Reserved characters and some symbols (such as .) are now forbidden in shortcut names.
  • Stable 1.1.0 730be29377


    neil released this 2 years ago | 40 commits to master since this release


    • Keyword blacklisting support for shortened URLs (attempts returns 403)


    • Deleted links now returns a 404 status code instead of 200
    • Inputs are now trimmed correctly
    • Links can't be created if the URL to be shortened contains the instance hostname
  • Stable 1.0.0 64135ea63a

    1.0.0 - Initial release

    Ghost released this 2 years ago | 46 commits to master since this release

    The first release. There's still a lot to do, but the software is usable as-is.