All Versions
42
Latest Version
Avg Release Cycle
157 days
Latest Release
612 days ago
Changelog History
Page 2
Changelog History
Page 2
-
v5.0.1-beta.0 Changes
October 01, 2017🚀 This release was a private beta due to the security fixes being slightly risky for stability.
🔒 The relevant security bugs were publicly disclosed on October 1st, 2017.
🔒 Security
- 🛠 Fix multiple denial-of-service security vulnerabilities in indirect dependencies
-
v5.0.0 Changes
September 01, 2017👌 Improved
- 👍 Node 7 and 8 are now supported
- Documented the
bounce
andlogLevel
config options - 💻 The web UI more clearly shows shares
- ⚠ Worker process deaths are sent to the
error
log stream, not thewarning
stream
🔄 Changed
- ✂ Removed 0.10/0.12-specific hacks
- 🔨 Internal refactoring to use newer ES6 features
🛠 Fixed
- 🛠 Fixed crash in an endpoint which prevented "login with remote account" from working (#1281)
💥 Breaking
- ⬇️ Dropped support for Node.js 0.10 and 0.12 (#1234)
- ➕ Added a period and space after the footer text; if you use
appendFooter
please adjust accordingly (#1349) - 💻 Switched from Glyphicons to Font Awesome (affects web UI template modifications) (#1351)
- ⬆️ Upgraded Backbone to 1.3.3 (ditto) (#1382)
- Switched from Underscore to Lodash (ditto) (#1326)
- 🔒 Enabled many systemd security restrictions in the systemd service file (#1346, #1257)
-
v4.1.3 Changes
October 01, 2017🔒 Security
- 🛠 Fix multiple denial-of-service security vulnerabilities in indirect dependencies: advisory 1, advisory 2, advisory 3 (no CVEs available)
-
v4.1.2 Changes
July 14, 2017👌 Improved
- Backported some improved error messages to assist in debugging a bug
-
v4.1.1 Changes
July 14, 2017🛠 Fixed
- Backported fix for crash in an endpoint which prevented "login with remote account" from working (#1281)
-
v4.1.0 Changes
July 01, 2017🚀 This will be the last release to support Node.js 0.10 and 0.12.
👌 Improved
- ➕ Added some basic styles to the LibreJS info page (#1353)
- 💻 Minor UX improvements to the web UI (#1355, #1354)
- 💻 Expanded the list of disallowed nicknames and warn about them in the web UI (#1345, #1347)
- Pull our fork of connect-auth from npm instead of GitHub (#1360)
- 💻 Use [Subresource Integrity][] for web UI resources pulled from CDNs (#1340)
- 🔨 Internal test refactoring
🔄 Changed
- Switched bcrypt implementation from
bcrypt
tobcryptjs
(#1233)
🛠 Fixed
- Return the correct Content-Type for OAuth endpoints (#822)
-
v4.0.3 Changes
October 01, 2017🛠 Fixed
- 🛠 Fix the package shipping with
.jade.js
files built from the 5.0.x releases
- 🛠 Fix the package shipping with
-
v4.0.2 Changes
October 01, 2017🔒 Security
- 🛠 Fix multiple denial-of-service security vulnerabilities in indirect dependencies: advisory 1, advisory 2, advisory 3 (no CVEs available)
-
v4.0.1 Changes
May 23, 2017🔒 Security
- 🔒 Increase minimum DOMPurify version to 0.9.0: 0.8.9 security announcement, 0.9.0 security announcement
-
v4.0.0 Changes
May 02, 2017👌 Improved
- Frontend JavaScript runs in strict mode (#1221)
- Frontend Javascript passes JSHint (#1176)
- ✂ Remove direct Connect dependency (#1274)
- ⬆️ Upgrade many minor dependencies
- ➕ Add a robots.txt file (#1286)
- Don't suggest or offer avatar uploads if uploads aren't available
- ➕ Added the ability to specify configuration via environment variables
- ➕ Added the ability to specify configuration via CLI flags
- ➕ Added
--help
and--version
CLI flags - 📇 Embed IndieWeb metadata in the web UI
💥 Breaking
- ⬆️ Upgrade to Express 4.x (affects plugins)
- 📜 Switch to Yargs for config and CLI option parsing (should be identical but please double-check that your config is respected in case of subtle edge cases)