Pump.io changelog

Changelog History

Page 2

• v5.0.1-beta.0 Changes

  October 01, 2017

  🚀 This release was a private beta due to the security fixes being slightly risky for stability.

  🔒 The relevant security bugs were publicly disclosed on October 1st, 2017.

  🔒 Security

  • 🛠 Fix multiple denial-of-service security vulnerabilities in indirect dependencies

• v5.0.0 Changes

  September 01, 2017

  👌 Improved

  • 👍 Node 7 and 8 are now supported
  • Documented the bounce and logLevel config options
  • 💻 The web UI more clearly shows shares
  • ⚠ Worker process deaths are sent to the error log stream, not the warning stream

  🔄 Changed

  • ✂ Removed 0.10/0.12-specific hacks
  • 🔨 Internal refactoring to use newer ES6 features

  🛠 Fixed

  • 🛠 Fixed crash in an endpoint which prevented "login with remote account" from working (#1281)

  💥 Breaking

  • ⬇️ Dropped support for Node.js 0.10 and 0.12 (#1234)
  • ➕ Added a period and space after the footer text; if you use appendFooter please adjust accordingly (#1349)
  • 💻 Switched from Glyphicons to Font Awesome (affects web UI template modifications) (#1351)
  • ⬆️ Upgraded Backbone to 1.3.3 (ditto) (#1382)
  • Switched from Underscore to Lodash (ditto) (#1326)
  • 🔒 Enabled many systemd security restrictions in the systemd service file (#1346, #1257)

• v4.1.3 Changes

  October 01, 2017

  🔒 Security

  • 🛠 Fix multiple denial-of-service security vulnerabilities in indirect dependencies: advisory 1, advisory 2, advisory 3 (no CVEs available)

• v4.1.2 Changes

  July 14, 2017

  👌 Improved

  • Backported some improved error messages to assist in debugging a bug

• v4.1.1 Changes

  July 14, 2017

  🛠 Fixed

  • Backported fix for crash in an endpoint which prevented "login with remote account" from working (#1281)

• v4.1.0 Changes

  July 01, 2017

  🚀 This will be the last release to support Node.js 0.10 and 0.12.

  👌 Improved

  • ➕ Added some basic styles to the LibreJS info page (#1353)
  • 💻 Minor UX improvements to the web UI (#1355, #1354)
  • 💻 Expanded the list of disallowed nicknames and warn about them in the web UI (#1345, #1347)
  • Pull our fork of connect-auth from npm instead of GitHub (#1360)
  • 💻 Use [Subresource Integrity][] for web UI resources pulled from CDNs (#1340)
  • 🔨 Internal test refactoring

  🔄 Changed

  • Switched bcrypt implementation from bcrypt to bcryptjs (#1233)

  🛠 Fixed

  • Return the correct Content-Type for OAuth endpoints (#822)

• v4.0.3 Changes

  October 01, 2017

  🛠 Fixed

  • 🛠 Fix the package shipping with .jade.js files built from the 5.0.x releases

• v4.0.2 Changes

  October 01, 2017

  🔒 Security

  • 🛠 Fix multiple denial-of-service security vulnerabilities in indirect dependencies: advisory 1, advisory 2, advisory 3 (no CVEs available)

• v4.0.1 Changes

  May 23, 2017

  🔒 Security

  • 🔒 Increase minimum DOMPurify version to 0.9.0: 0.8.9 security announcement, 0.9.0 security announcement

• v4.0.0 Changes

  May 02, 2017

  👌 Improved

  • Frontend JavaScript runs in strict mode (#1221)
  • Frontend Javascript passes JSHint (#1176)
  • ✂ Remove direct Connect dependency (#1274)
  • ⬆️ Upgrade many minor dependencies
  • ➕ Add a robots.txt file (#1286)
  • Don't suggest or offer avatar uploads if uploads aren't available
  • ➕ Added the ability to specify configuration via environment variables
  • ➕ Added the ability to specify configuration via CLI flags
  • ➕ Added --help and --version CLI flags
  • 📇 Embed IndieWeb metadata in the web UI

  💥 Breaking

  • ⬆️ Upgrade to Express 4.x (affects plugins)
  • 📜 Switch to Yargs for config and CLI option parsing (should be identical but please double-check that your config is respected in case of subtle edge cases)

• « First
• ‹ Prev
• 1
• 2
• 3
• 4
• 5
• Next ›
• Last »