Skip to content

v0.3.0

Choose a tag to compare

@gianlucamazza gianlucamazza released this 10 Jun 09:33

Hardening + modern best practices release. Highlights from the changelog:

Added

  • SECURITY.md (security model + private vulnerability reporting), CONTRIBUTING.md, PR template
  • Format configs (.prettierrc, .editorconfig, Chromium .clang-format) enforced in CI
  • Dependabot; all workflow actions pinned by commit SHA
  • Input validation at trust boundaries (daemon: poster URL / device IP; extension: castability shape)

Fixed

  • Daemon: async replies addressed by stable connection ids (no fd-reuse misdelivery); mirror stop thread tracked and joined; socket path overflow guard; Lounge ids URL-encoded
  • Extension: reply-timer cleanup, session persistence across MV3 suspension, takeover confirm expiry
  • web-ext 10 + patched shell-quote: npm audit clean

Changed

  • daemon.cc request handling split into per-action handlers
  • CI: native-sanity job, id-sync/format checks, regen-patch --verify-only
  • Shared nm-host wrapper template (install + PKGBUILD)

Full details in CHANGELOG.md. The signed .xpi will be attached by the release workflow once the AMO signing secrets are configured.