ZeroNet v0.7.1 Release Notes

Release Date: 2019-09-06 // about 3 years ago
    • Pull down top-right 0 button to show console
    • 🆕 New UiPluginManager plugin: Manage and install third-party plugins.
    • 👍 Full support of OpenSSL 1.1 (Thanks to radfish & imachug)
    • 🛠 Fix a bug that did not load merged site data for 5 sec after the site got added
    • ➕ Add fake SNI and ALPN to peer connections to make it more like standard https connections

    ⚡️ Important security update:

    Wrapper template HTML injection vulnerability [Reported by ivanq]

    In ZeroNet before rev4188 the wrapper template variables was rendered incorrectly.

    Result: The opened site was able to gain WebSocket connection with unrestricted ADMIN/NOSANDBOX access, change configuration values and possible RCE on the client's machine.

    🛠 Fix: Fixed the template rendering code, disallowed WebSocket connections from unknown locations,
    🔧 restricted open_browser configuration values to avoid possible RCE in case of sandbox escape.


Previous changes from v0.6.5

    • 👍 IPv6 support in peer exchange, bigfiles, optional file finding, tracker sharing, socket listening and connecting (based on tangdou1 modifications)
    • 🆕 New tracker database format with IPv6 support
    • 🔨 Refactored port open checking with IPv6 support
    • Display notification if there is an unpublished modification for your site
    • 👍 Consider non-local IPs as external even is the open port check fails (for CJDNS and Yggdrasil support)
    • Listen and shut down normally for SIGTERM (Thanks to blurHY)
    • 👀 Check the length of master seed when executing cryptGetPrivatekey CLI command
    • Only reload source code on file modification / creation
    • ➕ Add IPv6 tracker and change unstable tracker
    • 👌 Support tilde ~ in filenames (by d14na)
    • ✅ Detection and issue warning for latest no-script plugin
    • Don't correct sent local time with the calculated time correction
    • 👌 Support map for Namecoin subdomain names (Thanks to lola)
    • ➕ Add log level to config page
    • 👍 Don't show meek proxy option if the tor client does not supports it
    • Quick check content.db on startup and rebuild if necessary
    • 👍 Only support CREATE commands in dbschema indexes node and SELECT from storage.query
    • 👌 Support {data} for data dir variable in trackers_file value
    • Disable CSP for Edge
    • 🛠 Fix site cloning before site downloaded (Reported by unsystemizer)
    • 🛠 Fix queryJson for non-list nodes (Reported by MingchenZhang)
    • 🛠 Fix multi-line parsing of zeronet.conf (Reported by xx)
    • 🛠 Fix site deletion from users.json
    • 🛠 Fix sql queries with lots of variables and sites with lots of content.json (Reported by xx)
    • 🛠 Fix atomic write of a non-existent file