• Stable 2.2.0 3b0c339f3c


    neil released this 9 months ago | 7 commits to master since this release


    • Added protocol restrictions. Notably, file:// is no longer allowed.

    The allowed protocols list is hardcoded in src/init.rs.

    To my knowledge, there has been no abuse of this security vulnerability in production on the main instance.


    • Soft blacklist to prevent users from shortening certain URLs without banning them
    • Now catching 404 (invalid routes)
    • Implemented link caching.
      • The link cache works as a failover when the SQLite database is locked, making it way more resilient in production.
      • The cache size can be configured using the new config option max_cache_size. The default recommended value is 250.
      • It doesn't change the fact that SQLite in production sucks, though. I'll add postgres/mysql support later.


    • Instance hostname is now prefixing the custom link name (UX improvement)