Release: v2023.12.9

This commit is contained in:
Laura Hausmann 2024-07-29 00:16:48 +02:00
parent 630d6bdbe5
commit 1d8b274ae8
No known key found for this signature in database
GPG Key ID: D044E84C5BE01605
2 changed files with 22 additions and 1 deletions

View File

@ -1,3 +1,24 @@
## v2023.12.9
This release contains a security patch, as well as minor fixes and improvements. Upgrading is strongly recommended for all server operators.
### Highlights
- Several DoS vulnerabilities - allowing remote attackers to allocate arbitrary amounts of memory - were patched
- Corrupt jobs now get discarded instead of clogging up the failed queues
### Backend
- Fetched JSON-LD contexts are now limited to 1MiB, resolving a DoS attack vector
- Fetched node-fetch responses are now limited to 1MiB/10MiB, resolving a DoS attack vector
### Miscellaneous
- The docker images now use the bundled libvips version shipping with sharp instead of the system-wide one, reducing the image size by ~60MB
- The example docker-compose.yml file was updated
- The iceshrimp-js package was renamed to iceshrimp-sdk in order to prevent confusion should this repository be renamed to iceshrimp-js in the future (to distinguish it from Iceshrimp.NET)
- Various dependency updates
- Various translation updates
### Attribution
This release was made possible by project contributors: AntoineÐ & Laura Hausmann
## v2023.12.8 ## v2023.12.8
This release contains minor fixes and improvements. Upgrading is recommended for all server operators. This release contains minor fixes and improvements. Upgrading is recommended for all server operators.

View File

@ -1,6 +1,6 @@
{ {
"name": "iceshrimp", "name": "iceshrimp",
"version": "2023.12.8", "version": "2023.12.9",
"repository": { "repository": {
"type": "git", "type": "git",
"url": "https://iceshrimp.dev/iceshrimp/iceshrimp.git" "url": "https://iceshrimp.dev/iceshrimp/iceshrimp.git"