Home Explore Help
Register Sign In
RISCI_ATOM
/
ZeroNet
mirror of https://github.com/HelloZeroNet/ZeroNet.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Version 0.5.6, Changelog

shortcutme 6 years ago
parent
a89f66e8b5
commit
db8c85d249
2 changed files with 46 additions and 1 deletions
Split View Show Diff Stats
  1. 45 0
      CHANGELOG.md
  2. 1 1
      src/Config.py

+ 45 - 0
CHANGELOG.md
View File 

@@ -1,3 +1,48 @@
 
+## ZeroNet 0.5.6 (2017-06-15)
 
+### Added
 
+ - Callback for certSelect API command
 
+ - More compact list formatting in json
 
+
 
+### Changed
 
+ - Remove obsolete auth_key_sha512 and signature format
 
+ - Improved Spanish translation (Thanks to Pupiloho)
 
+
 
+### Fixed
 
+ - Opened port checking (Thanks l5h5t7 & saber28 for reporting)
 
+ - Standalone update.py argument parsing (Thanks Zalex for reporting)
 
+ - uPnP crash on startup (Thanks Vertux for reporting)
 
+ - CoffeeScript 1.12.6 compatibility (Thanks kavamaken & imachug)
 
+ - Multi value argument parsing
 
+ - Database error when running from directory that contains special characters (Thanks Pupiloho for reporting)
 
+ - Site lock violation logging
 
+
 
+
 
+#### Proxy bypass during source upgrade [Reported by ZeroMux]
 
+
 
+In ZeroNet before 0.5.6 during the client's built-in source code upgrade mechanism,
 
+ZeroNet did not respect Tor and/or proxy settings.
 
+
 
+Result: ZeroNet downloaded the update without using the Tor network and potentially leaked the connections.
 
+
 
+Fix: Removed the problematic code line from the updater that removed the proxy settings from the socket library.
 
+
 
+Affected versions: ZeroNet 0.5.5 and earlier, Fixed in: ZeroNet 0.5.6
 
+
 
+
 
+#### XSS vulnerability using DNS rebinding. [Reported by Beardog108]
 
+
 
+In ZeroNet before 0.5.6 the web interface did not validate the request's Host parameter.
 
+
 
+Result: An attacker using a specially crafted DNS entry could have bypassed the browser's cross-site-scripting protection
 
+and potentially gained access to user's private data stored on site.
 
+
 
+Fix: By default ZeroNet only accept connections from 127.0.0.1 and localhost hosts.
 
+If you bind the ui server to an external interface, then it also adds the first http request's host to the allowed host list
 
+or you can define it manually using --ui_host.
 
+
 
+Affected versions: ZeroNet 0.5.5 and earlier, Fixed in: ZeroNet 0.5.6
 
+
 
+
 
 ## ZeroNet 0.5.5 (2017-05-18)
 
 ### Added
 
 - Outgoing socket binding by --bind parameter

+ 1 - 1
src/Config.py
View File 

@@ -9,7 +9,7 @@ import ConfigParser
 
 class Config(object):
 
 
     def __init__(self, argv):
 
-        self.version = "0.5.5"
 
+        self.version = "0.5.6"
 
         self.rev = 2109
 
         self.argv = argv
 
         self.action = None