@HelloZeroNet HelloZeroNet released this Oct 20, 2018 · 37 commits to master since this release

Assets 2

Added

  • New plugin: UiConfig. A web interface that allows changing ZeroNet settings.
  • New plugin: AnnounceShare. Share trackers between users, automatically announce client's ip as tracker if Bootstrapper plugin is enabled.
  • Global tracker stats on ZeroHello: Include statistics from all served sites instead of displaying request statistics only for one site.
  • Support custom proxy for trackers. (Configurable with /Config)
  • Adding peers to sites manually using zeronet_peers get parameter
  • Copy site address with peers link on the sidebar.
  • Zip file listing and streaming support for Bigfiles.
  • Tracker statistics on /Stats page
  • Peer reputation save/restore to speed up sync time after startup.
  • Full support fileGet, fileList, dirList calls on tar.gz/zip files.
  • Archived_before support to user content rules to allow deletion of all user files before the specified date
  • Show and manage "Connecting" sites on ZeroHello
  • Add theme support to ZeroNet sites
  • Dark theme for ZeroHello, ZeroBlog, ZeroTalk

Changed

  • Dynamic big file allocation: More efficient storage usage by don't pre-allocate the whole file at the beginning, but expand the size as the content downloads.
  • Reduce the request frequency to unreliable trackers.
  • Only allow 5 concurrent checkSites to run in parallel to reduce load under Tor/slow connection.
  • Stop site downloading if it reached 95% of site limit to avoid download loop for sites out of limit
  • The pinned optional files won't be removed from download queue after 30 retries and won't be deleted even if the site owner removes it.
  • Don't remove incomplete (downloading) sites on startup
  • Remove --pin_bigfile argument as big files are automatically excluded from optional files limit.

Fixed

  • Trayicon compatibility with latest gevent
  • Request number counting for zero:// trackers
  • Peer reputation boost for zero:// trackers.
  • Blocklist of peers loaded from peerdb (Thanks tangdou1 for report)
  • Sidebar map loading on foreign languages (Thx tangdou1 for report)
  • FileGet on non-existent files (Thanks mcdev for reporting)
  • Peer connecting bug for sites with low amount of peers

"The Vacation" Sandbox escape bug [Reported by GitCenter / Krixano / ZeroLSTN]

In ZeroNet 0.6.3 Rev3615 and earlier as a result of invalid file type detection, a malicious site could escape the iframe sandbox.

Result: Browser iframe sandbox escape

Applied fix: Replaced the previous, file extension based file type identification with a proper one.

Affected versions: All versions before ZeroNet Rev3616