repartee v1.1.0
What's Changed
- Web frontend improvements: persistent web sessions, login form, clickable chat links, and server-generated image previews.
- Image preview SSRF hardening: /api/preview now blocks private, loopback, link-local, cloud metadata, and other non-public targets across direct URLs, redirects, and og:image follow-up fetches.
Pull Requests
- feat(web): persistent sessions, login form, clickable links, image previews by @kofany in #4
- fix(web): SSRF guard on /api/preview + review follow-ups by @kofany in #5
- fix(web): close SSRF redirect bypass via IP-literal Location by @kofany in #6
- fix(web): close SSRF via og:image URL in fetch_image phase 2 by @kofany in #7
Published to crates.io as repartee 1.1.0.
Full Changelog: v1.0.1...v1.1.0
Contributors
kofany