• Stable 2.2.0 3b0c339f3c

    2.2.0

    neil released this 9 months ago | 7 commits to master since this release

    Security

    • Added protocol restrictions. Notably, file:// is no longer allowed.

    The allowed protocols list is hardcoded in src/init.rs.

    To my knowledge, there has been no abuse of this security vulnerability in production on the main instance.

    Added

    • Soft blacklist to prevent users from shortening certain URLs without banning them
    • Now catching 404 (invalid routes)
    • Implemented link caching.
      • The link cache works as a failover when the SQLite database is locked, making it way more resilient in production.
      • The cache size can be configured using the new config option max_cache_size. The default recommended value is 250.
      • It doesn't change the fact that SQLite in production sucks, though. I'll add postgres/mysql support later.

    Fixed

    • Instance hostname is now prefixing the custom link name (UX improvement)
    Downloads