Skip to content

v1.0.12

Choose a tag to compare

@github-actions github-actions released this 10 Jun 23:47

Security Fixes

  • Upgraded the Firelink app connection protocol to use HMAC-SHA256 signatures, preventing unauthenticated access to the local extension server.
  • The extension now correctly signs the payload and a timestamp using the pairing token instead of passing it as a simple HTTP header.

Fixes

  • Prevented the extension from falling back to deep linking if the pairing token hasn't been set, fully closing a token bypass vulnerability.
  • Added a silent flag to the payload when capturing background downloads to explicitly differentiate auto-captures from manual context-menu clicks, restoring the intended "Add Downloads" bypass behavior.
  • Updated the connection status check in the popup to correctly sign the /ping request, resolving an issue where it incorrectly displayed "App is closed".