42l
/
rs-short
3
3
Fork 1
Code Issues 6 Pull Requests Releases 9 Wiki Activity

Releases Tags

  • Stable 2.2.2 7d91b699bf

    2.2.2

    neil released this 2 months ago | 0 commits to master since this release

    Fixes

    • #9 Incorrect link cache behavior (thanks @KMK !)

    Downloads

     
  • Stable 2.2.1 f4b3753e27

    2.2.1

    neil released this 2 months ago | 3 commits to master since this release

    Security

    • f4b3753e27 : Fixing XSS vulnerability on the link administration page due to bad URL sanitization. NB: The main instance (s.42l.fr) is not affected by this issue thanks to the CSP header, which forbids JavaScript execution on the page.

    Thanks to polyedre for reporting the issue.

    Fixes

    • a5028ec515 : Links are now trimmed before being saved in database.
    • f4d2edb4ad : The hoster logo now displays correctly on phishing page.

    Downloads

     
  • Stable 2.2.0 3b0c339f3c

    2.2.0

    neil released this 4 months ago | 7 commits to master since this release

    Security

    • Added protocol restrictions. Notably, file:// is no longer allowed.

    The allowed protocols list is hardcoded in src/init.rs.

    To my knowledge, there has been no abuse of this security vulnerability in production on the main instance.

    Added

    • Soft blacklist to prevent users from shortening certain URLs without banning them
    • Now catching 404 (invalid routes)
    • Implemented link caching.
      • The link cache works as a failover when the SQLite database is locked, making it way more resilient in production.
      • The cache size can be configured using the new config option max_cache_size. The default recommended value is 250.
      • It doesn't change the fact that SQLite in production sucks, though. I'll add postgres/mysql support later.

    Fixed

    • Instance hostname is now prefixing the custom link name (UX improvement)

    Downloads

     
  • Stable 2.1.2 955d78b0bd

    2.1.2

    neil released this 1 year ago | 18 commits to master since this release

    Fixes

    • 500 Internal Server Errors due to database locks, mitigated with #1

    Downloads

     
  • Stable 2.1.1 a91a4bed5f

    2.1.1

    neil released this 1 year ago | 20 commits to master since this release

    Fixed

    • Template error in templates/phishing.html introduced in version 2.1.0.

    Downloads

     
  • Stable 2.1.0 9200ace716

    2.1.0

    neil released this 1 year ago | 21 commits to master since this release

    Version 2.1.0

    Added

    • hoster_name option in configuration
    • Configuration file versioning
    • CSS versioning

    Changed

    • Now uses Rust stable branch instead of nightly.
    • Replaced try blocks in templates.rs to compile in stable.
    • Increased default duration for suspicious link detection

    Fixes

    • Removing env_logger dependency
    • Last octet of the remote host's IP being cut
    • Lowercasing the page language attribute in the <html> tag
    • Code quality improvements (fixed clippy warnings)

    Downloads

     
  • Stable 2.0.0 b98ed7454c

    2.0.0

    neil released this 1 year ago | 32 commits to master since this release

    Version 2.0.0

    The code base has been almost fully rewritten.

    The next version, which will be published very soon, will include further code quality improvements and the ability to compile on Rust stable.

    BREAKING

    Database migrations feature has been introduced, but you need to your the database first to make it work.
    Please execute the following query:

    UPDATE __diesel_schema_migrations SET version="20190125012345" WHERE version="create";

    Now it should work. Feel free to tell me if it doesn't.

    • You must now edit the new configuration file config.toml. Please follow the README for more information.
    • If you had custom templates until now, they don't work anymore. But I don't believe anyone is concerned.

    Added

    • Automatic database migrations
    • Light theme improvements
    • New dark theme
    • Option to specify a link to the hoster's ToS and contact address
    • Ability to mark a link as phishing, that causes the phishing victim to be redirected to an information page.
    • Customizable captcha difficulty
    • Support for shortcut name blacklists
    • Phishing detection system, based on the number of clicks on a link for a specified duration.
    • Options to increase software verbosity

    Changed

    • Migrated from Rocket to Actix.
    • Migrated from Handlebars to Askama.
    • Lots of internal changes. Take care while migrating.
    • URL blacklists has been renamed. Please check the repository to know the new names and rename your blacklists accordingly.

    Deprecated

    • Admin link route /{shortcut}/{admin_key} now redirects to the new route /{shortcut}/admin/{admin_key} and might be removed in the future.

    Removed

    • You can remove the Rocket.toml file at the repository root.

    Fixes

    • Redirected URLs containing a hash # and some other characters were not redirected.

    Security

    • Reserved characters and some symbols (such as .) are now forbidden in shortcut names.

    Downloads

     
  • Stable 1.1.0 730be29377

    1.1.0

    neil released this 2 years ago | 40 commits to master since this release

    Added

    • Keyword blacklisting support for shortened URLs (attempts returns 403)

    Fixed

    • Deleted links now returns a 404 status code instead of 200
    • Inputs are now trimmed correctly
    • Links can't be created if the URL to be shortened contains the instance hostname

    Downloads

     
  • Stable 1.0.0 64135ea63a

    1.0.0 - Initial release

    Ghost released this 2 years ago | 46 commits to master since this release

    The first release. There's still a lot to do, but the software is usable as-is.

    Downloads