Skip to content

@szTheory szTheory released this May 4, 2021

Security

  • Fix for XSS and Electron reverse shell vulnerabilities by sanitizing exiftool HTML output in the UI. To take advantage of this, an attacker would have had to write image metadata containing malicious script code to a file that you then download and run through ExifCleaner. Proofs of concept:

XSS:

exiftool -Comment='<img src=x onerror=alert("ok") /><b>OverJT</b>' -PixelUnits='meters' image.png

Electron reverse shell:

exiftool -Comment='<img src=x onerror=window.require("child_process").exec("/usr/bin/firefox") /><b>OverJT</b>' -PixelUnits='meters' image.png
Assets 14

@szTheory szTheory released this May 2, 2021

If you are running a previous version of ExifCleaner, update immediately due to a security vulnerability found in exiftool (the command-line tool that ExifCleaner uses under the hood). Thank you to all contributors for this release. As always, credits are listed in the README.

Security

Features

  • Add translations for Slovak, Russian, Ukranian, Danish, Arabic, Italian, Chinese (Mandarin)
  • Add support for the new Mac M1 ARM processors

Infrastructure

  • Upgrade to Electron 11
  • Update some NPM dependencies
  • Start maintaining a CHANGELOG file in source control

Fixes

  • Translation fixes for Portuguese (Brazil) and French
  • Update Linux AppImage category to fix exit status 1 issue
Assets 13

@szTheory szTheory released this Oct 19, 2020

Summary of changes since v3.3.1

Features

  • Huge speed increase for file processing, especially when batch processing many files with multiple CPUs (more efficient process pool algorithm, better integration with exiftool process keep-alive)
  • Multilingual support with translations for French, Polish, Japanese, Spanish (Spain), German, and Portuguese (Brazil)
  • Mac/Windows: show progress in dock when batch processing files
  • Linux: fix app icon in dock
  • Linux: dark mode works with Ubuntu

Bug Fixes

  • Linux: fix issue where icon.png was not found on startup with .deb installs

Infrastructure

  • Upgrade to Electron 10
  • Upgrade to exiftool 12.08
  • Add update_exiftool.pl Perl script to automate pulling down latest ExifTool binaries and verifying their checksums
  • Remove a bunch of NPM dependencies
Assets 13

@szTheory szTheory released this Jul 11, 2020

Summary

  • Change from JavaScript to TypeScript for improved stability of compiler static analysis.
  • Fix Windows UTF-8 filename bug.
  • Remove several NPM dependencies to simplify code.
  • Upgrade to Electron 9.
  • Minor UI polish.

Commit messages

  • Upgrade release instructions 281bd1d
  • fix yarn lint command for typescript d532b09
  • update release instructions a6d69eb
  • Merge pull request #62 from szTheory/hotfix/windows-utf8-filename-bug-take2 44b241f
  • Fix Windows UTF-8 filename bug (tested) b28f57e
  • Attempt to fix ExifTools UTF-8 Windows bug with the argfile workaround mentioned at https://exiftool.org/exiftool_pod.html\#WINDOWS-UNICODE-FILE-NAMES 3553160
  • remove xo dev dep a9cd8fb
  • remove xo dev dep c4760fa
  • remove electron-context-menu dep and do lightweight context menus directly 0ed165a
  • remove electron-util dep 1afbf38
  • re-add electron-util for now, can't get rid of it quite yet. remove unused ys-yaml dep 8f7340d
  • remove electron-util NPM dep 2b428d2
  • move source-map-support dep to depDependencies to reduce production deps 87e24bc
  • one file wasn't formatted with prettier 2ebc6d0
  • remove unused electron-log dep to reduce NPM dependencies 5e4ce6e
  • remove unused electron-debug dep to reduce NPM dependencies 5883e26
  • remove unused electron-store dep to reduce NPM dependencies 39472bb
  • electron 9 d94414c
  • electron UI polish. typescript upgrade 244d96f
  • convert remaining CommonJS modules to ES module syntax e629a54
  • Fix TypeScript errors, add return types for function declarations (done converting to TypeScript) 673cbd0
  • TypeScript Enum refactor 2299308
  • Convert project to TypeScript including type declarations for node-exiftool (first pass) 60f71e7
  • Add TypeScript and get project passing static analysis with noImplicitAny: false. Convert a couple of files to .ts dba10ce
  • electron upgrade to v8 b6a31dc
  • upgrade Electron to 7.2.3 f4feaff
  • README https link 65105b4
  • README.md lint e0005ea

v3.2.0...v3.3.1

Assets 12
Jul 11, 2020
Pre-release
Pre-release

@szTheory szTheory released this Jul 11, 2020

Summary

  • Change from JavaScript to TypeScript for improved stability of compiler static analysis.
  • Fix Windows UTF-8 filename bug.
  • Remove several NPM dependencies to simplify code.
  • Upgrade to Electron 9.
  • Minor UI polish.

Commit messages

  • fix yarn lint command for typescript d532b09
  • update release instructions a6d69eb
  • Merge pull request #62 from szTheory/hotfix/windows-utf8-filename-bug-take2 44b241f
  • Fix Windows UTF-8 filename bug (tested) b28f57e
  • Attempt to fix ExifTools UTF-8 Windows bug with the argfile workaround mentioned at https://exiftool.org/exiftool_pod.html\#WINDOWS-UNICODE-FILE-NAMES 3553160
  • remove xo dev dep a9cd8fb
  • remove xo dev dep c4760fa
  • remove electron-context-menu dep and do lightweight context menus directly 0ed165a
  • remove electron-util dep 1afbf38
  • re-add electron-util for now, can't get rid of it quite yet. remove unused ys-yaml dep 8f7340d
  • remove electron-util NPM dep 2b428d2
  • move source-map-support dep to depDependencies to reduce production deps 87e24bc
  • one file wasn't formatted with prettier 2ebc6d0
  • remove unused electron-log dep to reduce NPM dependencies 5e4ce6e
  • remove unused electron-debug dep to reduce NPM dependencies 5883e26
  • remove unused electron-store dep to reduce NPM dependencies 39472bb
  • electron 9 d94414c
  • electron UI polish. typescript upgrade 244d96f
  • convert remaining CommonJS modules to ES module syntax e629a54
  • Fix TypeScript errors, add return types for function declarations (done converting to TypeScript) 673cbd0
  • TypeScript Enum refactor 2299308
  • Convert project to TypeScript including type declarations for node-exiftool (first pass) 60f71e7
  • Add TypeScript and get project passing static analysis with noImplicitAny: false. Convert a couple of files to .ts dba10ce
  • electron upgrade to v8 b6a31dc
  • upgrade Electron to 7.2.3 f4feaff
  • README https link 65105b4
  • README.md lint e0005ea

v3.2.0...v3.3.0

Assets 2

@szTheory szTheory released this Apr 27, 2020

Main changes

  • Fix Linux version (was not using correct ExifTool binary path)
  • Add File -> Open menu item
  • Add dock icon for Linux AppImage
  • Mac quit entire app when File -> Close menu item is selected
  • Linux clean up About screen
  • Update app start text to show that ExifCleaner also supports video and PDF files.

Full change list

  • Merge pull request #23 from szTheory/dependabot/npm_and_yarn/acorn-6.4.1 6b79e0e
  • Merge pull request #29 from szTheory/feature/menu-file-open be9512c
  • Fixes #9, #27 - Add a File -> Open menu item. Mac close app on File -> Close Window menu item. aa171b5
  • Fixes #25 and #26 - Icon now shows on Linux taskbar for AppImage install and About screen 8a129a1
  • remove console.log ae599f9
  • Bump acorn from 6.4.0 to 6.4.1 64061ed
  • Fixed #15 Linux AppImage/.deb file error finding binary in .resources dir 76ebf49
  • remove unused electron-updater npm dep (was left over from when I started the project and had auto-update enabled) 1c48094
  • remove unused dist-exiftool npm dep (left over from when I first started the project) 2e0f474
  • fix .gitignore rule for exiftool binaries, a wildcard was excluding them from version control e3ae0bd
  • README clean up Publishing a New Release section 8d4fe02
  • README clean up Development section 62efdcd
  • README simplify Install section e475f71
  • Add version and total downloads badges to README b0e27ab
  • README 5fd09e6
  • update drag and drop prompt text to make it clear that ExifCleaner supports videos and PDFs as well 759a658
  • expand features list in README 930de75
  • add list of supported file types to README 0a58f5a
  • README description update 3f38ee9
  • add Contributing section to README 97b43c8
  • add video file support to README b1821f7

v3.1.0...v3.2.0

Assets 12

@szTheory szTheory released this Feb 3, 2020

  • Drop target should follow window size when you resize it to be taller f673550
  • Set a minimium window size in BrowserWindow eb0157e
  • On macOS, when you close the window, the app should quit. 0c09bcd
  • night mode better icon display opacity 0020e37
  • night mode font not so thin 17ddd9a
  • remove Automatic updates from README (feature removed) 0685329

v3.0.0...v3.1.0

Assets 12