Document `/check-for-updates` endpoint #89

New issue

Closed

opened 2024-01-15 08:24:05 +00:00 by girlbossceo · 1 comment

girlbossceo commented

2024-01-15 08:24:05 +00:00

(Migrated from github.com)

This isn't complex but would be nice to document it and apart of my initiative of documenting things for those that want to do this themselves. I have done it at https://pupbrain.dev/check-for-updates/stable

I don't plan on using this.

nex added the

Inherited

label 2025-04-14 23:38:30 +00:00

nex commented

2025-04-20 13:30:24 +00:00

Owner

Body:

{
  "updates": [
    {
      "id": 1,
      "date": "2023-12-02",
      "message": "hewwo am puppy, probably wont use this but it's fun to have. you can disable these by setting allow_check_for_updates to false in your conduwuit.toml file. uwu"
    },
    {
      "id": 2,
      "date": "2024-04-26",
      "message": "hi conduwuit users! version 0.3.0 of conduwuit was just released, and it contains a TON of fixes and improvements all around. if you're still on 0.1.6 or 0.2.0 or even lower, i strongly recommend you upgrade: https://github.com/girlbossceo/conduwuit"
    },
    {
      "id": 3,
      "date": "2024-05-05",
      "message": "hi conduwuit users! version 0.3.2 was released which fixes a high severity upstream security vulnerability with media endpoints rendering untrusted content in browsers. it is strongly recommended you upgrade to 0.3.2 if you are not on it: https://github.com/girlbossceo/conduwuit/releases/tag/v0.3.2"
    },
    {
      "id": 4,
      "date": "2024-05-28",
      "message": "hi conduwuit users! version 0.4.1 was released which fixes various medium and high severity upstream federation vulnerabilities, notably including accepting impersonified/malicious EDUs and indirect ACL bypass. it is strongly recommended you upgrade to 0.4.1 if you are not on it: https://github.com/girlbossceo/conduwuit/releases/tag/v0.4.1"
    },
    {
      "id": 5,
      "date": "2024-06-12",
      "message": "hi conduwuit users! version 0.4.2 was released which fixes a high severity upstream vulnerability related to local privilege escalation, and some database fixes from long-standing bugs that do resolve a lot of jank. this vulnerability is only primarily impactful for public homeservers and requires an account on your homeserver. a mitigation in case you are unable to upgrade immediately is provided in the release notes. it is strongly recommended you upgrade to 0.4.2 if you are running a public homeserver: https://github.com/girlbossceo/conduwuit/releases/tag/v0.4.2"
    },
    {
      "id": 6,
      "date": "2024-09-02",
      "message": "hi conduwuit users! version 0.4.6 was released which is a huge feature drop update that has lots of fixes, improvements, features, and most importantly authenticated media support. the matrix.org media freeze happens on 4 September 2024, meaning only old media on matrix.org can be accessed if it was already there. it is highly recommended to upgrade to 0.4.6 to ensure full media support with all clients and homeservers is working as intended: https://github.com/girlbossceo/conduwuit/releases/tag/v0.4.6"
    }
  ]
}

OpenAPI Schema:

openapi: 3.1.0
info:
  title: Conduwuit Updates API
  description: API for retrieving Conduwuit software updates and announcements
  version: 1.0.0
paths:
  /updates:
    get:
      summary: Get all update announcements
      description: Retrieves a list of all update announcements for Conduwuit
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UpdatesResponse'
components:
  schemas:
    UpdatesResponse:
      type: object
      properties:
        updates:
          type: array
          description: List of update announcements
          items:
            $ref: '#/components/schemas/Update'
    Update:
      type: object
      required:
        - id
        - date
        - message
      properties:
        id:
          type: integer
          description: Unique identifier for the update announcement
          examples: [1, 2, 3]
        date:
          type: string
          format: date
          description: Release date of the update in YYYY-MM-DD format
          examples: ["2023-12-02"]
        message:
          type: string
          description: Update announcement message text
          examples: ["Version 0.3.0 was released with various improvements"]

Body: <details> ```json { "updates": [ { "id": 1, "date": "2023-12-02", "message": "hewwo am puppy, probably wont use this but it's fun to have. you can disable these by setting allow_check_for_updates to false in your conduwuit.toml file. uwu" }, { "id": 2, "date": "2024-04-26", "message": "hi conduwuit users! version 0.3.0 of conduwuit was just released, and it contains a TON of fixes and improvements all around. if you're still on 0.1.6 or 0.2.0 or even lower, i strongly recommend you upgrade: https://github.com/girlbossceo/conduwuit" }, { "id": 3, "date": "2024-05-05", "message": "hi conduwuit users! version 0.3.2 was released which fixes a high severity upstream security vulnerability with media endpoints rendering untrusted content in browsers. it is strongly recommended you upgrade to 0.3.2 if you are not on it: https://github.com/girlbossceo/conduwuit/releases/tag/v0.3.2" }, { "id": 4, "date": "2024-05-28", "message": "hi conduwuit users! version 0.4.1 was released which fixes various medium and high severity upstream federation vulnerabilities, notably including accepting impersonified/malicious EDUs and indirect ACL bypass. it is strongly recommended you upgrade to 0.4.1 if you are not on it: https://github.com/girlbossceo/conduwuit/releases/tag/v0.4.1" }, { "id": 5, "date": "2024-06-12", "message": "hi conduwuit users! version 0.4.2 was released which fixes a high severity upstream vulnerability related to local privilege escalation, and some database fixes from long-standing bugs that do resolve a lot of jank. this vulnerability is only primarily impactful for public homeservers and requires an account on your homeserver. a mitigation in case you are unable to upgrade immediately is provided in the release notes. it is strongly recommended you upgrade to 0.4.2 if you are running a public homeserver: https://github.com/girlbossceo/conduwuit/releases/tag/v0.4.2" }, { "id": 6, "date": "2024-09-02", "message": "hi conduwuit users! version 0.4.6 was released which is a huge feature drop update that has lots of fixes, improvements, features, and most importantly authenticated media support. the matrix.org media freeze happens on 4 September 2024, meaning only old media on matrix.org can be accessed if it was already there. it is highly recommended to upgrade to 0.4.6 to ensure full media support with all clients and homeservers is working as intended: https://github.com/girlbossceo/conduwuit/releases/tag/v0.4.6" } ] } ``` </details> OpenAPI Schema: <details> ```yaml openapi: 3.1.0 info: title: Conduwuit Updates API description: API for retrieving Conduwuit software updates and announcements version: 1.0.0 paths: /updates: get: summary: Get all update announcements description: Retrieves a list of all update announcements for Conduwuit responses: '200': description: Successful response content: application/json: schema: $ref: '#/components/schemas/UpdatesResponse' components: schemas: UpdatesResponse: type: object properties: updates: type: array description: List of update announcements items: $ref: '#/components/schemas/Update' Update: type: object required: - id - date - message properties: id: type: integer description: Unique identifier for the update announcement examples: [1, 2, 3] date: type: string format: date description: Release date of the update in YYYY-MM-DD format examples: ["2023-12-02"] message: type: string description: Update announcement message text examples: ["Version 0.3.0 was released with various improvements"] ``` </details>