[Stable Beta] 0.22.0

[fccview]

Join our discord community

---

Attention

This version makes having a password for settings mandatory.
It's not gonna change anything to you, on startup degoog will give you a temp password until you decide to either set your own or PURPOSELY not set a password by using DEGOOG_DANGEROUSLY_NO_PASSWORD=true.

There has been an incident #197 , a user didn't know hardening was necessary when exposing degoog to the internet, so we're making sure things are a little safer from the get go :)

Changelog

features

• People also search for sidebar item has now been refactored to use the installed autocomplete extensions instead of hardcoding it to google as it used to be
• Added grid utilities for extension/theme devs - Thank you @dev-inside
• lang is now injected dynamically on engines so localisation works better, this is still up to the individual engines, but should be more consistent
• Theme assets are now heavily cached, so custom themes should load much faster
• Wikipedia slot now ALWAYS shows images
• Allow transports to store values in Valkey/internal cache, this makes it so the 4play plugin uses valkey to store cookies/sessions rather than the /tmp folder
• Add "shortcuts" as an extension type, allowing users to create/install custom shortcuts in their degoog instances [Feature]: Keyboard-Shortcuts #183
• Add mandatory password, degoog will suggest a temp one on startup, each startup will have a randomly generated new password
• Add setting presets on the server settings page, this will allow you to quickly set your instance for a pre-set usage type
• Add a new settings schema type for plugin list which will a repeatable set of fields for extensions (p.s. apps drawer will use it from now on). This will also allow to build stuff like [Feature]: Custom Bangs #199

bugfixes

• Test connection now doesn't need to save the modal, it'll test the value of the inputs
• Auto-save now shows success/failure, reverts on errors, and emits save events for the indexer toggle.
• Fonts moved to WOFF2
• Fix inconsistent search scoring system
• Fixed character unicode issue in google rich suggestion autocomplete (and all autocompletes going forward Suggestions language #194)

security

• Due to an incident (Read pr description in Security Patches #197 ) we decided to add some comments to all docker compose files, docs and add a few warnings on the start up logs and at the end of the wizard reminding users that an env variable with password/public instance flag is required in the moment your instance reaches the internet, or you WILL be exposed to all sort of nasties - Thank you @Panonim

---

This discussion was created from the release [Stable Beta] 0.22.0.

[Panonim]

Happy someone broke into my VM, so Degoog can be better for the future 🙂

[RJ-Make]

I'm sure I missed something.

Just updated to .22 and it appears Settings password authentication for my instance no longer works. In addition DEGOOG_PUBLIC_INSTANCE doesn't seem to work either.

I had these set and working in .21. I tried setting DEGOOG_PUBLIC_INSTANCE=true which didn't work.

  - DEGOOG_SETTINGS_PASSWORDS=${DEGOOG_SETTINGS_PASSWORDS}
  - DEGOOG_PUBLIC_INSTANCE=false

with .22 my instance Setting page is available without any restriction.

[fccview]

I'm sure I missed something.

Just updated to .22 and it appears Settings password authentication for my instance no longer works. In addition DEGOOG_PUBLIC_INSTANCE doesn't seem to work either.

I had these set and working in .21. I tried setting DEGOOG_PUBLIC_INSTANCE=true which didn't work.

  - DEGOOG_SETTINGS_PASSWORDS=${DEGOOG_SETTINGS_PASSWORDS}
  - DEGOOG_PUBLIC_INSTANCE=false

with .22 my instance Setting page is available without any restriction.

Hey,
Can you double check in incognito? Just to make sure you don't have a working session, the password wouldn't show up

Worth mentioning that in public instances the /settings page becomes the public client only settings and the default admin area becomes /admin (which should be gated)

Lastly you can also update the admin path in case.

I'm gonna triple check it all in a minute, but I did test it all before release, so I'm hoping this is just a configuration situation rather than an actual bug

[RJ-Make]

I'm sure I missed something.
Just updated to .22 and it appears Settings password authentication for my instance no longer works. In addition DEGOOG_PUBLIC_INSTANCE doesn't seem to work either.
I had these set and working in .21. I tried setting DEGOOG_PUBLIC_INSTANCE=true which didn't work.

  - DEGOOG_SETTINGS_PASSWORDS=${DEGOOG_SETTINGS_PASSWORDS}
  - DEGOOG_PUBLIC_INSTANCE=false

with .22 my instance Setting page is available without any restriction.

Hey, Can you double check in incognito? Just to make sure you don't have a working session, the password wouldn't show up

Worth mentioning that in public instances the /settings page becomes the public client only settings and the default admin area becomes /admin (which should be gated)

Lastly you can also update the admin path in case.

I'm gonna triple check it all in a minute, but I did test it all before release, so I'm hoping this is just a configuration situation rather than an actual bug

It was a working session that somehow survived a few ctr+F5 that caused an issue. Once I cleared cookies .22 requested password for settings.

Thanks for the help.