Skip to content

v2.9.0 + solved security vulnerability

Choose a tag to compare

View all tags
@the-djmaze the-djmaze released this 08 Nov 13:28
· 4108 commits to master since this release
v2.9.0
2f97d4b

Due to an important discovered security vulnerability I've quickly made this new release.

The problem resides in how to store the "remember me" data on the server.
The data is stored using the application key which allows anyone/anything, that has access to the data (server or backup), to decode the "remember me" and gain the email account credentials.
For more in-depth RainLoop#2133

Bugfixes

  • exitFullscreen was broken
  • "remember me" security issue
  • "remember me" not working #126

Improvements

  • Added resize messages list vertical (only horizontal was possible)
  • Cleanup and improve HTML/CSS/JavaScript
  • New account storage structure #151 (comment)
  • Popups are now proper <dialog> elements (Firefox/Safari poly-fill) instead of "Boostrap .modal with ko.bindingHandlers.modal"
  • Replaced my old ResizeObserver workaround for RainLoop resize bugs with proper CSS flex.
Assets 2
Loading