ZeroNet v0.7.1 Release Notes
Release Date: 2019-09-06 // over 4 years ago-
- Pull down top-right 0 button to show console
- 🆕 New UiPluginManager plugin: Manage and install third-party plugins.
- 👍 Full support of OpenSSL 1.1 (Thanks to radfish & imachug)
- 🛠 Fix a bug that did not load merged site data for 5 sec after the site got added
- ➕ Add fake SNI and ALPN to peer connections to make it more like standard https connections
⚡️ Important security update:
Wrapper template HTML injection vulnerability [Reported by ivanq]
In ZeroNet before rev4188 the wrapper template variables was rendered incorrectly.
Result: The opened site was able to gain WebSocket connection with unrestricted ADMIN/NOSANDBOX access, change configuration values and possible RCE on the client's machine.
🛠 Fix: Fixed the template rendering code, disallowed WebSocket connections from unknown locations,
🔧 restricted open_browser configuration values to avoid possible RCE in case of sandbox escape.
Previous changes from v0.6.5
-
- 👍 IPv6 support in peer exchange, bigfiles, optional file finding, tracker sharing, socket listening and connecting (based on tangdou1 modifications)
- 🆕 New tracker database format with IPv6 support
- 🔨 Refactored port open checking with IPv6 support
- Display notification if there is an unpublished modification for your site
- 👍 Consider non-local IPs as external even is the open port check fails (for CJDNS and Yggdrasil support)
- Listen and shut down normally for SIGTERM (Thanks to blurHY)
- 👀 Check the length of master seed when executing cryptGetPrivatekey CLI command
- Only reload source code on file modification / creation
- ➕ Add IPv6 tracker and change unstable tracker
- 👌 Support tilde
~
in filenames (by d14na) - ✅ Detection and issue warning for latest no-script plugin
- Don't correct sent local time with the calculated time correction
- 👌 Support map for Namecoin subdomain names (Thanks to lola)
- ➕ Add log level to config page
- 👍 Don't show meek proxy option if the tor client does not supports it
- Quick check content.db on startup and rebuild if necessary
- 👍 Only support CREATE commands in dbschema indexes node and SELECT from storage.query
- 👌 Support
{data}
for data dir variable in trackers_file value - Disable CSP for Edge
- 🛠 Fix site cloning before site downloaded (Reported by unsystemizer)
- 🛠 Fix queryJson for non-list nodes (Reported by MingchenZhang)
- 🛠 Fix multi-line parsing of zeronet.conf (Reported by xx)
- 🛠 Fix site deletion from users.json
- 🛠 Fix sql queries with lots of variables and sites with lots of content.json (Reported by xx)
- 🛠 Fix atomic write of a non-existent file