15 releases 15 tags

RSS feed

• v0.4.1 b8b93a2e86

  Compare

  v0.4.1 Stable

  girlbossceo released this 2024-05-27 22:16:23 +00:00 | 1715 commits to main since this release

  conduwuit

  Release 0.4.1

  Hi everyone! conduwuit 0.4.1 (and 0.4.0) has been released. The most important change were the various medium and high severity federation security fixes from inherited upstream code. It's strongly recommended users update to 0.4.1 as soon as possible.

  These fixes impact the federation endpoints /send_join, /make_join, /send, /send_leave, /make_leave, /invite, and fix indirect bypass of room ACLs, and accepting inbound EDU impersonation such as read receipts, typing indicators, device messages, etc (except e2ee master key). Some Complement tests were also fixed as part of this that were loosely security related.

  Due to the volume of fixes, the details and specific changes can be found here: https://github.com/girlbossceo/conduwuit/pull/406

  Other various changes in this release include CI/testing and Nix infrastructure improved, io_uring and jemalloc are enabled by default and in static binaries, Complement in CI is now enforcing, some misc logging improvements, and various code simplifications, improvements, removals, etc.

  Commit history: https://github.com/girlbossceo/conduwuit/compare/v0.3.4...v0.4.1

  GitHub Releases | Docker Hub | NixOS

  Liberapay | GitHub Sponsors | Ko-fi

  Chat with us in #conduwuit:puppygock.gay

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads

  ---

  • aarch64-unknown-linux-musl.deb
    55 downloads · 11 MiB
  • oci-image-aarch64-unknown-linux-musl.tar.gz
    8 downloads · 19 MiB
  • oci-image-x86_64-unknown-linux-musl.tar.gz
    8 downloads · 20 MiB
  • static-aarch64-unknown-linux-musl
    10 downloads · 42 MiB
  • static-x86_64-unknown-linux-musl
    25 downloads · 47 MiB
  • x86_64-unknown-linux-musl.deb
    30 downloads · 12 MiB