diff --git a/CHANGELOG.md b/CHANGELOG.md index a422b249..c5e995ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,47 @@ # Changelog +## [4.1.0] (November 11, 2020) + +⚠️ Changes that may require manual attention: ⚠️ + +- Configuration is now schema validated before the start of Flood server + - No action required if you use (preferred and default) CLI configuration interface + - This ensures that when the config.js needs to be updated, the failure happens loud and early + - Check [shared/schema/Config.ts](https://github.com/jesec/flood/blob/master/shared/schema/Config.ts) for more details +- Enforces that the length of secret must be larger than 30 + - Secret can be brute forced locally without interaction with the server + - However, an attacker must get a valid token (generated by proper authentication) first + - If all users are trusted, attackers have no way to get a valid token + - Secret is used to sign authentication tokens but it is NOT linked to the password + - Attacker may log into Flood as any user if they have the secret + - However, they are still constrained by capabilities and settings (such as `--allowedpath`) of Flood + +Other changes: + +- Tag selector preference: + - Single selection + - Multi selection +- UX enhancements to tag selector +- Suggest destination based on selected tag +- `add-urls` and `add-files` API endpoints no longer fail if `destination` property is not provided + - Download destination fallback has been implemented: + - Tag-specific preferred download destination + - Last used download destination + - Default download destination of connected torrent client + - This makes things easier for API users + - No direct impact on Flood itself +- Remember last used "Add Torrents" tab +- Remove center alignment of certain modals to align with global styles +- Disallow browser's input suggestion when tag selector or folder browser is open +- Don't pop up the browser menu on right click while context menu is open +- Experimental standalone (single-executable) builds +- New translations + - German, thanks to @chint95 + - Romanian, thanks to @T-z3P +- Bump dependencies +- Bug fixes: + - Properly handle "error" alerts (display "❗" icon instead of "✅" icon) + ## [4.0.2] (November 11, 2020) - New translations @@ -149,7 +191,6 @@ - Basic torrent list filtering (by status, tag, and tracker) - Auto-download torrents from RSS feeds -[unreleased]: https://github.com/Flood-UI/flood/compare/v1.0.0...HEAD [1.0.0]: https://github.com/Flood-UI/flood/compare/ae520c0a33ffb4ae6f21e47bc6f7e6007dd1e6dc...v1.0.0 [2.0.0]: https://github.com/jesec/flood/compare/v1.0.0...v2.0.0 [3.0.0]: https://github.com/jesec/flood/compare/v2.0.0...v3.0.0 @@ -157,3 +198,4 @@ [4.0.0]: https://github.com/jesec/flood/compare/v3.1.0...v4.0.0 [4.0.1]: https://github.com/jesec/flood/compare/v4.0.0...v4.0.1 [4.0.2]: https://github.com/jesec/flood/compare/v4.0.1...v4.0.2 +[4.1.0]: https://github.com/jesec/flood/compare/v4.0.2...v4.1.0 diff --git a/package-lock.json b/package-lock.json index 6824d70e..4ec531e9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,11 +1,11 @@ { "name": "flood", - "version": "4.0.2", + "version": "4.1.0", "lockfileVersion": 2, "requires": true, "packages": { "": { - "version": "4.0.2", + "version": "4.1.0", "license": "GPL-3.0-only", "dependencies": { "geoip-country": "^4.0.42" diff --git a/package.json b/package.json index 2202a22c..942f13d4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "flood", - "version": "4.0.2", + "version": "4.1.0", "description": "A modern Web UI for various torrent clients with multi-user and multi-client support", "keywords": [ "typescript",