Releases: diced/zipline
Releases · diced/zipline
v3.7.11
⚠️ Important ⚠️
- Vulnerability within oauth
- Versions affected: anything past v3.6.0
- Providers affected: Google
- The vulnerability is caused due to a backwards compatibility fallback method of trying to find a oauth user, this fallback method would not rely on the provider's ID but instead just the username + provider name. This meant that as long as the determined username was the same, two google accounts with the same username will point to the same user if linked.
- This doesn't effect discord or github, since they have unique usernames.
- If you don't use oauth, you are totally fine to continue using previous versions at your own risk.
What's Changed
- feat(ci): push to docker hub by @wdhdev in #613
- fix: code scroll overflow handling by @quantum5 in #620
- Update README.md by @Rovoska in #627
- fix(repo): update devcontainer defaults to use bundled postgres by @Hegi in #585
- feat: proper range request handling by @ari-party in #635
- fix: Check if route was set to /r, as it's reserved. by @TacticalTechJay in #643
New Contributors
- @quantum5 made their first contribution in #620
- @Rovoska made their first contribution in #627
- @Hegi made their first contribution in #585
Full Changelog: v3.7.10...v3.7.11
Contributors
quantum5, Hegi, and 4 other contributors
Assets 2
v3.7.10
What's Changed
- fixed path traversal (update if you are v3.4 and above)
- this is only exploitable if the user is logged in
- Add Catppuccin themes by @cswimr in #560
- fix: audio & video scrubbing by @ari-party in #576
- fix: hyprland is no longer wlroots-based by @polymo1 in #581
- file ordering for viewing other user files
- thumbnails for videos show up on folder file viewing
- fixed ratelimit bypass on uploading
- views are incremented on view/code routes
- files are deleted when they reach maxViews on view routes
(sorry for double release - forgot to change the version)
New Contributors
- @MateiSR made their first contribution in #575
- @ari-party made their first contribution in #576
- @polymo1 made their first contribution in #581
Full Changelog: v3.7.9...v3.7.10
Contributors
MateiSR, ari-party, and 2 other contributors
Assets 2
v3.7.9
What's changed
ampmmodifier for datesx-zipline-folderheader (the value should be a folder id)- this automatically adds the file you are uploading to the folder
Bugs fixed
- fixed
{file.size::bytes}not working on some conditions #532 - fixed image resizing in view route #527
Full Changelog: v3.7.8...v3.7.9
v3.7.8
What's changed
- new year new zipline update
- better alignment for thumbnails
- folder viewing fixed
- thumbnails show up in folder views
- max width and height on videos/images on view route
- new locale and tz options for date variables:
{file.createdAt::locale::en-US,America/Los_Angeles}
Pulls Merged
- Fixed Discord Mobile Video Embeded Res Bug by @L7NEG in #509
- fix(shorten): typo by @wdhdev in #513
- Add autohotkey file extension (.ahk) to mimes.json by @SeaswimmerTheFsh in #511
- fix: Merge create endpoint into register and prevent non admins from … by @TacticalTechJay in #517
- Improve error handling for file expiry by @Wingysam in #519
- fix: prisma deletion errors by @Vetlix in #522
New Contributors
- @L7NEG made their first contribution in #509
- @wdhdev made their first contribution in #513
- @SeaswimmerTheFsh made their first contribution in #511
- @Wingysam made their first contribution in #519
Full Changelog: v3.7.7...v3.7.8
Contributors
Wingysam, TacticalTechJay, and 4 other contributors
Assets 2
v3.7.7
What's changed
- Prisma version mismatch hotfix ([email protected] now), sorry about the issues yesterday!
- Better styling in view file card and upload file dropzone
- Password protected non-media files can be viewed now
- /r route supports
?password={password}query now!
- /r route supports
Pulls merged
New Contributors
Full Changelog: v3.7.6...v3.7.7
Contributors
TheZoker
Assets 2
v3.7.6
Contributors
kashalls and neomoth
Assets 2
v3.7.5
What's changed
- og:video type
- fixed oauth notnull
- fixed no file size on folders page
- new
UPLOADER+RANDOM_WORDS_SEPERATORfor gfycat format - fixed non english characters encoding (cyrillic, japanese, chinese, korean, and hindi were tested but anything should work)
- fixed import file script to include size of file
- warning shown when theres no public/adjectives or public/animals files for gfycat format
- fixed overwriting existing files when using NAME format
- custom redirect_uri for discord/google oauth
- new whitelisted user ids for discord oauth
Pulls merged
- fix: missing og video type by @thereis in #462
- Fix util method to check if variable is not null by @kashalls in #458
- fix: Lack of size...??? by @TacticalTechJay in #465
- Allow Redirect URI Configuration by @Digital39999 in #469
New Contributors
- @thereis made their first contribution in #462
- @kashalls made their first contribution in #458
- @Digital39999 made their first contribution in #469
Full Changelog: v3.7.4...v3.7.5
Contributors
thereis, kashalls, and 2 other contributors
Assets 2
v3.7.4
What's changed
- Domains moved to https://zipline.diced.sh/
- Fixed letters being cut off in user button #448
- Huge docker size improvements (1gb now from 2gb)
- WEBSITE_SHOW_VERSION=false works now #450
- Giphy name generator fixed #449
Pulls merged
- fix: trailing spaces by @TacticalTechJay in #449
Full Changelog: v3.7.3...v3.7.4
Contributors
TacticalTechJay
Assets 2
v3.7.3
v3.7.2
What's changed
bytesmodifier forint:{file.size::bytes}- docker caching works................................................
- Fixed bug regarding thumbnail generation (#444)
- Thumbnail workers have more debug logs for unexpected errors, etc.
- Fixed bug when
CHUNKS_ENABLED=false, dashboard still chunks based on other chunk vars. (#446) - Compression bug fixes
- Fixed bug that didn't allow user registration without invites enabled
- Date objects being created twice leading to
Invalid Datefor some locales (#410)
Pulls merged
- Fix dump by @TacticalTechJay in #441
Full Changelog: v3.7.1...v3.7.2
Contributors
TacticalTechJay