All Versions
42
Latest Version
Avg Release Cycle
157 days
Latest Release
1309 days ago
Changelog History
Page 2
Changelog History
Page 2
-
v5.0.1-beta.0 Changes
October 01, 2017๐ This release was a private beta due to the security fixes being slightly risky for stability.
๐ The relevant security bugs were publicly disclosed on October 1st, 2017.
๐ Security
- ๐ Fix multiple denial-of-service security vulnerabilities in indirect dependencies
-
v5.0.0 Changes
September 01, 2017๐ Improved
- ๐ Node 7 and 8 are now supported
- Documented the
bounce
andlogLevel
config options - ๐ป The web UI more clearly shows shares
- โ Worker process deaths are sent to the
error
log stream, not thewarning
stream
๐ Changed
- โ Removed 0.10/0.12-specific hacks
- ๐จ Internal refactoring to use newer ES6 features
๐ Fixed
- ๐ Fixed crash in an endpoint which prevented "login with remote account" from working (#1281)
๐ฅ Breaking
- โฌ๏ธ Dropped support for Node.js 0.10 and 0.12 (#1234)
- โ Added a period and space after the footer text; if you use
appendFooter
please adjust accordingly (#1349) - ๐ป Switched from Glyphicons to Font Awesome (affects web UI template modifications) (#1351)
- โฌ๏ธ Upgraded Backbone to 1.3.3 (ditto) (#1382)
- Switched from Underscore to Lodash (ditto) (#1326)
- ๐ Enabled many systemd security restrictions in the systemd service file (#1346, #1257)
-
v4.1.3 Changes
October 01, 2017๐ Security
- ๐ Fix multiple denial-of-service security vulnerabilities in indirect dependencies: advisory 1, advisory 2, advisory 3 (no CVEs available)
-
v4.1.2 Changes
July 14, 2017๐ Improved
- Backported some improved error messages to assist in debugging a bug
-
v4.1.1 Changes
July 14, 2017๐ Fixed
- Backported fix for crash in an endpoint which prevented "login with remote account" from working (#1281)
-
v4.1.0 Changes
July 01, 2017๐ This will be the last release to support Node.js 0.10 and 0.12.
๐ Improved
- โ Added some basic styles to the LibreJS info page (#1353)
- ๐ป Minor UX improvements to the web UI (#1355, #1354)
- ๐ป Expanded the list of disallowed nicknames and warn about them in the web UI (#1345, #1347)
- Pull our fork of connect-auth from npm instead of GitHub (#1360)
- ๐ป Use [Subresource Integrity][] for web UI resources pulled from CDNs (#1340)
- ๐จ Internal test refactoring
๐ Changed
- Switched bcrypt implementation from
bcrypt
tobcryptjs
(#1233)
๐ Fixed
- Return the correct Content-Type for OAuth endpoints (#822)
-
v4.0.3 Changes
October 01, 2017๐ Fixed
- ๐ Fix the package shipping with
.jade.js
files built from the 5.0.x releases
- ๐ Fix the package shipping with
-
v4.0.2 Changes
October 01, 2017๐ Security
- ๐ Fix multiple denial-of-service security vulnerabilities in indirect dependencies: advisory 1, advisory 2, advisory 3 (no CVEs available)
-
v4.0.1 Changes
May 23, 2017๐ Security
- ๐ Increase minimum DOMPurify version to 0.9.0: 0.8.9 security announcement, 0.9.0 security announcement
-
v4.0.0 Changes
May 02, 2017๐ Improved
- Frontend JavaScript runs in strict mode (#1221)
- Frontend Javascript passes JSHint (#1176)
- โ Remove direct Connect dependency (#1274)
- โฌ๏ธ Upgrade many minor dependencies
- โ Add a robots.txt file (#1286)
- Don't suggest or offer avatar uploads if uploads aren't available
- โ Added the ability to specify configuration via environment variables
- โ Added the ability to specify configuration via CLI flags
- โ Added
--help
and--version
CLI flags - ๐ Embed IndieWeb metadata in the web UI
๐ฅ Breaking
- โฌ๏ธ Upgrade to Express 4.x (affects plugins)
- ๐ Switch to Yargs for config and CLI option parsing (should be identical but please double-check that your config is respected in case of subtle edge cases)