Skip to content

v13.0.0

Choose a tag to compare

View all tags
@JohnXLivingston JohnXLivingston released this 09 Jun 09:18
· 134 commits to main since this release
v13.0.0
1e7e851
This commit was signed with the committer’s verified signature. The key has expired.
JohnXLivingston John Livingston
GPG key ID: B17B5640CE66CDBC
Expired
Verified
Learn about vigilant mode.

Important note: if you got an error on updating the plugin, please try to restart Peertube and install it again. See this issue for a followup.

Security Fix

Severity: low.

Radically Open Security reported a security vulnerability: a malicious user can forge a malicious Regular Expression to cause a ReDOS on the Chat Bot.
Such attack would only make the bot unresponsive, and won't affect the Peertube server or the XMPP server.

This version mitigates the attack by using the RE2 regular expression library.

Thanks NlNet for funding the security audit.

Breaking changes

Bot timers

There was a regression some months ago in the "bot timer" functionnality.
In the channels settings, the delay between two quotes is supposed to be in minutes, but in fact we applied seconds.
We don't have any way to detect if the user meant seconds or minutes when they configured their channels (it depends if it was before or after the regression).
So we encourage all streamers to go through their channel settings, check the frequency of their bot timers (if enabled), set them to the correct value, and save the form.
Users must save the form to be sure to apply the correct value.

Bot forbidden words

When using regular expressions for the forbidden words, the chat bot now uses the RE2 regular expression library.
This library does not support all character classes, and all regular expressions that were previously possible (with the Javascript RegExp class).

For more information about the accepted regular expression, please refer to the documentation.

If you configured non-compatible regular expressions, the bot will just ignore them, and log an error.
When saving channel's preference, if non-compatible regular expression is used, an error will be shown.

Minor changes and fixes

  • Translations updates.
  • Dependencies updates.
  • Fix #329: auto focus message field after anonymous user has entered nickname (Thanks Axolotle.
  • Fix #392: add draggable items touch screen handling (Thanks Axolotle.
  • Fix #506: hide offline users by default in occupant list (Thanks Axolotle.
  • Fix #547: add button to go to the end of the chat (Thanks Axolotle.
  • Fix #503: set custom emojis max height to text height + bigger when posted alone (Thanks Axolotle.
  • Fix: Converse bottom panel messages not visible on new Peertube v7 theme (for example for muted users).
  • Fix #75: New short video urls makes it difficult to use the settings «Activate chat for these videos».
  • Fix moderation notes: fix filter button wrongly displayed on notes without associated occupant.
  • Fix tasks: checkbox state does not change when clicked.
  • Fix: bot timer can't be negative or null.
  • Fix #626: Bot timer was buggy, using seconds as delay instead of minutes.
  • Fix: message deletions were not properly anonymized when using "Anonymize moderation actions" option.
Assets 2
Loading