ZeroNet v0.7.1 Release Notes
Release Date: 2019-09-06 // over 5 years ago-
- Pull down top-right 0 button to show console
- ๐ New UiPluginManager plugin: Manage and install third-party plugins.
- ๐ Full support of OpenSSL 1.1 (Thanks to radfish & imachug)
- ๐ Fix a bug that did not load merged site data for 5 sec after the site got added
- โ Add fake SNI and ALPN to peer connections to make it more like standard https connections
โก๏ธ Important security update:
Wrapper template HTML injection vulnerability [Reported by ivanq]
In ZeroNet before rev4188 the wrapper template variables was rendered incorrectly.
Result: The opened site was able to gain WebSocket connection with unrestricted ADMIN/NOSANDBOX access, change configuration values and possible RCE on the client's machine.
๐ Fix: Fixed the template rendering code, disallowed WebSocket connections from unknown locations,
๐ง restricted open_browser configuration values to avoid possible RCE in case of sandbox escape.
Previous changes from v0.6.5
-
- ๐ IPv6 support in peer exchange, bigfiles, optional file finding, tracker sharing, socket listening and connecting (based on tangdou1 modifications)
- ๐ New tracker database format with IPv6 support
- ๐จ Refactored port open checking with IPv6 support
- Display notification if there is an unpublished modification for your site
- ๐ Consider non-local IPs as external even is the open port check fails (for CJDNS and Yggdrasil support)
- Listen and shut down normally for SIGTERM (Thanks to blurHY)
- ๐ Check the length of master seed when executing cryptGetPrivatekey CLI command
- Only reload source code on file modification / creation
- โ Add IPv6 tracker and change unstable tracker
- ๐ Support tilde
~
in filenames (by d14na) - โ Detection and issue warning for latest no-script plugin
- Don't correct sent local time with the calculated time correction
- ๐ Support map for Namecoin subdomain names (Thanks to lola)
- โ Add log level to config page
- ๐ Don't show meek proxy option if the tor client does not supports it
- Quick check content.db on startup and rebuild if necessary
- ๐ Only support CREATE commands in dbschema indexes node and SELECT from storage.query
- ๐ Support
{data}
for data dir variable in trackers_file value - Disable CSP for Edge
- ๐ Fix site cloning before site downloaded (Reported by unsystemizer)
- ๐ Fix queryJson for non-list nodes (Reported by MingchenZhang)
- ๐ Fix multi-line parsing of zeronet.conf (Reported by xx)
- ๐ Fix site deletion from users.json
- ๐ Fix sql queries with lots of variables and sites with lots of content.json (Reported by xx)
- ๐ Fix atomic write of a non-existent file