What's new in v4.1.0
Security fix: Electron image path traversal
The app:// image protocol handler and the save-image IPC handler were not validating filenames, which could allow reads or writes outside the intended images/ folder via crafted paths (e.g. ../../). Both handlers now reject any filename containing path separators or .. sequences.
Bug fixes
- Silent data loss on corrupted storage: if localStorage held data that was neither valid compressed nor plain JSON, the app would silently reset to an empty wardrobe. It now logs a clear error to the console instead of failing invisibly.
- Import rejects invalid categories:
importJSONpreviously accepted any string forcategory. It now validates against the allowed values (top,bottom,outerwear,shoes,accessory) and throws a descriptive error on mismatch. - Case-insensitive category matching in suggestions: items with uppercase category values in existing data were silently excluded from outfit suggestions. Matching is now case-insensitive.
- Calendar outfit save errors are now surfaced: if saving an outfit failed (e.g. storage quota exceeded), the UI gave no feedback. The error message is now shown to the user.
- API errors no longer shown raw: the suggest page was forwarding raw geocoding and weather API error text to users. Errors now show a clean message while the raw error is logged to the console.
Downloads
| Platform | File | SHA256 |
|---|---|---|
| Linux (AppImage) | Attyre-4.1.0.AppImage |
842b288ad500fe93492ba73d28b003004c53f2c335286c3625bfa752ae195648 |
| Linux (deb) | attyre_4.1.0_amd64.deb |
95097a0922cc2a56140a1bdb8c31b5f9ae9f0bbffbe0aa24b0d7876ce98abea7 |
| Linux (rpm) | attyre-4.1.0.x86_64.rpm |
575920f8af036739687a26a262e180d4b1fec20300d83ca7c82e85a14575acc3 |
| Windows | Attyre.Setup.4.1.0.exe |
df1dc37044e33e327eb149d5f9b6bbe9ea7605114d1dc8aeaee9c039cef9deb9 |
| macOS | Attyre-4.1.0-arm64.dmg |
79e311a7910bdd0b20a18334cee8424d76c8588ec5006a6048c95bd5e16cdfec |
Changelog
Full Changelog: v4.0.2...v4.1.0