All Versions
10
Latest Version
Avg Release Cycle
90 days
Latest Release
1126 days ago

Changelog History

  • v0.7.1 Changes

    September 06, 2019
    • Pull down top-right 0 button to show console
    • ๐Ÿ†• New UiPluginManager plugin: Manage and install third-party plugins.
    • ๐Ÿ‘ Full support of OpenSSL 1.1 (Thanks to radfish & imachug)
    • ๐Ÿ›  Fix a bug that did not load merged site data for 5 sec after the site got added
    • โž• Add fake SNI and ALPN to peer connections to make it more like standard https connections

    โšก๏ธ Important security update:

    Wrapper template HTML injection vulnerability [Reported by ivanq]

    In ZeroNet before rev4188 the wrapper template variables was rendered incorrectly.

    Result: The opened site was able to gain WebSocket connection with unrestricted ADMIN/NOSANDBOX access, change configuration values and possible RCE on the client's machine.

    ๐Ÿ›  Fix: Fixed the template rendering code, disallowed WebSocket connections from unknown locations,
    ๐Ÿ”ง restricted open_browser configuration values to avoid possible RCE in case of sandbox escape.

  • v0.7.0 Changes

    September 06, 2019
    • Re-factored code to Python3 runtime (compatible with Python 3.4-3.8)
    • ๐Ÿ”€ More safe database sync mode
    • โœ‚ Removed bundled third-party libraries where it's possible
    • 5-10x faster signature verification by using libsecp256k1 (Thanks to ZeroMux)
    • Generated SSL certificate randomization to avoid protocol filters (Thanks to ValdikSS)
    • โšก๏ธ P2P source code update using ZeroNet protocol
    • Offline mode
    • ๐Ÿ›  Fix sending files with \0 characters
  • v0.6.5 Changes

    February 16, 2019
    • ๐Ÿ‘ IPv6 support in peer exchange, bigfiles, optional file finding, tracker sharing, socket listening and connecting (based on tangdou1 modifications)
    • ๐Ÿ†• New tracker database format with IPv6 support
    • ๐Ÿ”จ Refactored port open checking with IPv6 support
    • Display notification if there is an unpublished modification for your site
    • ๐Ÿ‘ Consider non-local IPs as external even is the open port check fails (for CJDNS and Yggdrasil support)
    • Listen and shut down normally for SIGTERM (Thanks to blurHY)
    • ๐Ÿ‘€ Check the length of master seed when executing cryptGetPrivatekey CLI command
    • Only reload source code on file modification / creation
    • โž• Add IPv6 tracker and change unstable tracker
    • ๐Ÿ‘Œ Support tilde ~ in filenames (by d14na)
    • โœ… Detection and issue warning for latest no-script plugin
    • Don't correct sent local time with the calculated time correction
    • ๐Ÿ‘Œ Support map for Namecoin subdomain names (Thanks to lola)
    • โž• Add log level to config page
    • ๐Ÿ‘ Don't show meek proxy option if the tor client does not supports it
    • Quick check content.db on startup and rebuild if necessary
    • ๐Ÿ‘ Only support CREATE commands in dbschema indexes node and SELECT from storage.query
    • ๐Ÿ‘Œ Support {data} for data dir variable in trackers_file value
    • Disable CSP for Edge
    • ๐Ÿ›  Fix site cloning before site downloaded (Reported by unsystemizer)
    • ๐Ÿ›  Fix queryJson for non-list nodes (Reported by MingchenZhang)
    • ๐Ÿ›  Fix multi-line parsing of zeronet.conf (Reported by xx)
    • ๐Ÿ›  Fix site deletion from users.json
    • ๐Ÿ›  Fix sql queries with lots of variables and sites with lots of content.json (Reported by xx)
    • ๐Ÿ›  Fix atomic write of a non-existent file
  • v0.6.4 Changes

    October 20, 2018

    โž• Added

    • ๐Ÿ†• New plugin: UiConfig. A web interface that allows changing ZeroNet settings.
    • ๐Ÿ†• New plugin: AnnounceShare. Share trackers between users, automatically announce client's ip as tracker if Bootstrapper plugin is enabled.
    • Global tracker stats on ZeroHello: Include statistics from all served sites instead of displaying request statistics only for one site.
    • ๐Ÿ‘Œ Support custom proxy for trackers. (Configurable with /Config)
    • โž• Adding peers to sites manually using zeronet_peers get parameter
    • Copy site address with peers link on the sidebar.
    • ๐Ÿ‘ Zip file listing and streaming support for Bigfiles.
    • Tracker statistics on /Stats page
    • ๐Ÿ”€ Peer reputation save/restore to speed up sync time after startup.
    • ๐Ÿ‘ Full support fileGet, fileList, dirList calls on tar.gz/zip files.
    • ๐Ÿ‘ Archived_before support to user content rules to allow deletion of all user files before the specified date
    • ๐Ÿ‘‰ Show and manage "Connecting" sites on ZeroHello
    • โž• Add theme support to ZeroNet sites
    • Dark theme for ZeroHello, ZeroBlog, ZeroTalk

    ๐Ÿ”„ Changed

    • Dynamic big file allocation: More efficient storage usage by don't pre-allocate the whole file at the beginning, but expand the size as the content downloads.
    • โฌ‡๏ธ Reduce the request frequency to unreliable trackers.
    • Only allow 5 concurrent checkSites to run in parallel to reduce load under Tor/slow connection.
    • Stop site downloading if it reached 95% of site limit to avoid download loop for sites out of limit
    • ๐Ÿšš The pinned optional files won't be removed from download queue after 30 retries and won't be deleted even if the site owner removes it.
    • ๐Ÿšš Don't remove incomplete (downloading) sites on startup
    • โœ‚ Remove --pin_bigfile argument as big files are automatically excluded from optional files limit.

    ๐Ÿ›  Fixed

    • โœ… Trayicon compatibility with latest gevent
    • Request number counting for zero:// trackers
    • Peer reputation boost for zero:// trackers.
    • Blocklist of peers loaded from peerdb (Thanks tangdou1 for report)
    • Sidebar map loading on foreign languages (Thx tangdou1 for report)
    • FileGet on non-existent files (Thanks mcdev for reporting)
    • Peer connecting bug for sites with low amount of peers

    "The Vacation" Sandbox escape bug [Reported by GitCenter / Krixano / ZeroLSTN]

    In ZeroNet 0.6.3 Rev3615 and earlier as a result of invalid file type detection, a malicious site could escape the iframe sandbox.

    ๐Ÿ’ป Result: Browser iframe sandbox escape

    Applied fix: Replaced the previous, file extension based file type identification with a proper one.

    Affected versions: All versions before ZeroNet Rev3616

  • v0.6.3 Changes

    October 20, 2018

    โž• Added

    • ๐Ÿ†• New plugin: ContentFilter that allows to have shared site and user block list.
    • ๐Ÿ‘Œ Support Tor meek proxies to avoid tracker blocking of GFW
    • Detect network level tracker blocking and easy setting meek proxy for tracker connections.
    • ๐Ÿ‘Œ Support downloading 2GB+ sites as .zip (Thx to Radtoo)
    • ๐Ÿ‘Œ Support ZeroNet as a transparent proxy (Thx to JeremyRand)
    • ๐Ÿ‘ Allow fileQuery as CORS command (Thx to imachug)
    • ๐Ÿ Windows distribution includes Tor and meek client by default
    • Download sites as zip link to sidebar
    • File server port randomization
    • Implicit SSL for all connection
    • fileList API command for zip files
    • Auto download bigfiles size limit on sidebar
    • Local peer number to the sidebar
    • Open site directory button in sidebar

    ๐Ÿ”„ Changed

    • Switched to Azure Tor meek proxy as Amazon one became unavailable
    • ๐Ÿ”จ Refactored/rewritten tracker connection manager
    • ๐Ÿ‘Œ Improved peer discovery for optional files without opened port
    • Also delete Bigfile's piecemap on deletion

    ๐Ÿ›  Fixed

    • ๐Ÿ”’ Important security issue: Iframe sandbox escape [Reported by Ivanq / gitcenter]
    • Local peer discovery when running multiple clients on the same machine
    • ๐Ÿ”Œ Uploading small files with Bigfile plugin
    • Ctrl-c shutdown when running CLI commands
    • ๐Ÿ”Œ High CPU/IO usage when Multiuser plugin enabled
    • Firefox back button
    • ๐Ÿง Peer discovery on older Linux kernels
    • Optional file handling when multiple files have the same hash_id (first 4 chars of the hash)
    • Msgpack 0.5.5 and 0.5.6 compatibility
  • v0.6.2 Changes

    February 18, 2018

    ZeroNet 0.6.2 (2018-02-18)

    โž• Added

    • ๐Ÿ†• New plugin: AnnounceLocal to make ZeroNet work without an internet connection on the local network.
    • ๐Ÿ‘ Allow dbQuey and userGetSettings using the as API command on different sites with Cors permission
    • ๐Ÿ†• New config option: --log_level to reduce log verbosity and IO load
    • Prefer to connect to recent peers from trackers first
    • ๐Ÿ‘ Mark peers with port 1 is also unconnectable for future fix for trackers that do not support port 0 announce

    ๐Ÿ”„ Changed

    • Don't keep connection for sites that have not been modified in the last week
    • ๐Ÿ”„ Change unreliable trackers to new ones
    • Send maximum 10 findhash request in one find optional files round (15sec)
    • ๐Ÿ”„ Change "Unique to site" to "No certificate" for default option in cert selection dialog.
    • โš  Dont print warnings if not in debug mode
    • ๐ŸŒฒ Generalized tracker logging format
    • Only recover sites from sites.json if they had peers
    • Message from local peers does not means internet connection
    • โœ‚ Removed --debug_gevent and turned on Gevent block logging by default

    ๐Ÿ›  Fixed

    • ๐Ÿ Limit connections to 512 to avoid reaching 1024 limit on windows
    • ๐ŸŒฒ Exception when logging foreign operating system socket errors
    • Don't send private (local) IPs on pex
    • Don't connect to private IPs in tor always mode
    • Properly recover data from msgpack unpacker on file stream start
    • ๐Ÿ Symlinked data directory deletion when deleting site using Windows
    • De-duplicate peers before publishing
    • Bigfile info for non-existing files
  • v0.6.1 Changes

    January 25, 2018

    โž• Added

    • ๐Ÿ†• New plugin: Chart
    • Collect and display charts about your contribution to ZeroNet network
    • ๐Ÿ‘ Allow list as argument replacement in sql queries. (Thanks to imachug)
    • ๐Ÿ†• Newsfeed query time statistics (Click on "From XX sites in X.Xs on ZeroHello)
    • ๐Ÿ†• New UiWebsocket API command: As to run commands as other site
    • Ranged ajax queries for big files
    • Filter feed by type and site address
    • ๐Ÿ”€ FileNeed, Bigfile upload command compatibility with merger sites
    • Send event on port open / tor status change
    • More description on permission request

    ๐Ÿ”„ Changed

    • โฌ‡๏ธ Reduce memory usage of sidebar geoip database cache
    • ๐Ÿ”„ Change unreliable tracker to new one
    • Don't display Cors permission ask if it already granted
    • ๐Ÿ”€ Avoid UI blocking when rebuilding a merger site
    • Skip listing ignored directories on signing
    • ๐Ÿ‘€ In Multiuser mode show the seed welcome message when adding new certificate instead of first visit
    • Faster async port opening on multiple network interfaces
    • ๐Ÿ‘ Allow javascript modals
    • Only zoom sidebar globe if mouse button is pressed down

    ๐Ÿ›  Fixed

    • Open port checking error reporting (Thanks to imachug)
    • Out-of-range big file requests
    • Don't output errors happened on gevent greenlets twice
    • ๐Ÿ†• Newsfeed skip sites with no database
    • ๐Ÿ†• Newsfeed queries with multiple params
    • ๐Ÿ†• Newsfeed queries with UNION and UNION ALL
    • ๐Ÿ›  Fix site clone with sites larger that 10MB
    • Unreliable Websocket connection when requesting files from different sites at the same time
  • v0.6.0 Changes

    October 17, 2017

    โž• Added

    • ๐Ÿ†• New plugin: Big file support
    • ๐Ÿ“Œ Automatic pinning on Big file download
    • ๐Ÿ‘ Enable TCP_NODELAY for supporting sockets
    • actionOptionalFileList API command arguments to list non-downloaded files or only big files
    • ๐Ÿ’ป serverShowdirectory API command arguments to allow to display site's directory in OS file browser
    • fileNeed API command to initialize optional file downloading
    • wrapperGetAjaxKey API command to request nonce for AJAX request
    • ๐Ÿ‘ Json.gz support for database files
    • P2P port checking (Thanks for grez911)
    • --download_optional auto argument to enable automatic optional file downloading for newly added site
    • Statistics for big files and protocol command requests on /Stats
    • ๐Ÿ‘ Allow to set user limitation based on auth_address

    ๐Ÿ”„ Changed

    • โฑ More aggressive and frequent connection timeout checking
    • ๐Ÿ‘‰ Use out of msgpack context file streaming for files larger than 512KB
    • ๐Ÿ‘ Allow optional files workers over the worker limit
    • Automatic redirection to wrapper on nonce_error
    • Send websocket event on optional file deletion
    • โšก๏ธ Optimize sites.json saving
    • 0๏ธโƒฃ Enable faster C-based msgpack packer by default
    • ๐Ÿ”Œ Major optimization on Bootstrapper plugin SQL queries
    • Don't reset bad file counter on restart, to allow easier give up on unreachable files
    • ๐Ÿ Incoming connection limit changed from 1000 to 500 to avoid reaching socket limit on Windows
    • ๐Ÿ”„ Changed tracker boot.zeronet.io domain, because zeronet.io got banned in some countries

    ๐Ÿ›  Fixed

    • Sub-directories in user directories
  • v0.5.7 Changes

    July 30, 2017

    โž• Added

    • ๐Ÿ†• New plugin: CORS to request read permission to other site's content
    • ๐Ÿ†• New API command: userSetSettings/userGetSettings to store site's settings in users.json
    • Avoid file download if the file size does not match with the requested one
    • JavaScript and wrapper less file access using /raw/ prefix (Example)
    • ๐ŸŒฒ --silent command line option to disable logging to stdout

    ๐Ÿ”„ Changed

    • ๐Ÿ‘ Better error reporting on sign/verification errors
    • โœ… More test for sign and verification process
    • โšก๏ธ Update to OpenSSL v1.0.2l
    • Limit compressed files to 6MB to avoid zip/tar.gz bomb
    • ๐Ÿ‘ Allow space, [], () characters in filenames
    • Disable cross-site resource loading to improve privacy. [Reported by Beardog108]
    • Download directly accessed Pdf/Svg/Swf files instead of displaying them to avoid wrapper escape using in JS in SVG file. [Reported by Beardog108]
    • Disallow potentially unsafe regular expressions to avoid ReDoS [Reported by MuxZeroNet]

    ๐Ÿ›  Fixed

    • ๐Ÿ Detecting data directory when running Windows distribution exe [Reported by Plasmmer]
    • OpenSSL loading under Android 6+
    • Error on exiting when no connection server started
  • v0.5.6 Changes

    June 18, 2017

    ๐Ÿ›  Fix

    • โฌ†๏ธ Proxy bypass during source upgrade
    • XSS vulnerability using DNS rebinding
    • Opened port checking
    • โšก๏ธ Standalone update.py argument parsing
    • uPnP crash on startup
    • CoffeeScript 1.12.6 compatibility
    • ๐Ÿ“œ Multi value argument parsing
    • Database error when running from directory that contains special characters
    • ๐Ÿ”’ Site lock violation logging

    โž• Added

    • Callback for certSelect API command
    • More compact list formatting in json

    ๐Ÿ”„ Changed

    • Remove obsolete auth_key_sha512 and signature format
    • ๐Ÿ‘Œ Improved Spanish translation