docs: update README.md and CHANGELOG.md

windvalley · Jan 10, 2024 · 4e68444 · 4e68444
1 parent 58fb293
commit 4e68444
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,33 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.15.0]
+
+### Added
+
+Add dangerous commands detection feature for subcommand `command` and `script`:
+
+- Add global flag: `-B, --run.command-blacklist` for specifying dangerous commands.
+  Default dangerous commands: `["rm", "reboot", "halt", "shutdown", "init", "mkfs", "mkfs.*", "umount", "dd"]`
+
+- Add flag `-n, --no-safe-check` for subcommands `command` and `script` to disable dangerous commands detection.
+
+- Add option `run.command-blacklist` to config file for subcommand `config`.
+
+### Changed
+
+- `gossh fetch` flags have been changed:
+  Before: `-t, --tmp-dir string directory of target hosts for storing temporary zip file (default "$HOME")`
+  After: `-T, --tmp-dir string directory for storing temporary zip file on target hosts, only useful if the -z flag is used (default "$HOME")`
+
+- Add short flag `-t` for `--timeout.command`:
+  Before: `--timeout.command int`
+  After: `-t, --timeout.command int`
+
+- Optimize help usage information for subcommands.
+
+- Optimize output messages and enrich debug log information.
+
 ## [1.14.0]
 
 ### Added

diff --git a/README.md b/README.md
@@ -96,6 +96,8 @@ Feel free to open a new issue if you have any issues, questions or suggestions a
 - Provides subcommand `vault` to encrypt/decrypt confidential information
   such as password or passphrase without compromising security.
 
+- Support the detection of dangerous commands that will be executed on target hosts, and allow users to customize a blacklist of commands.
+
 - For ease of use, it supports config file. You can write flags that are not frequently changed into the config file, so you don't need to laboriously specify these flags on the command line. If the flag in both command line and config file, flag that from command line takes precedence over the other.  
   The default config file is `$PWD/.gossh.yaml` or `$HOME/.gossh.yaml`, and `$PWD/.gossh.yaml` has a higher priority. Note that the config file is optional, that is, there can be no config file.
 
@@ -157,10 +159,12 @@ Flags:
   -L, --run.lang string                specify i18n while executing command
                                        (e.g. zh_CN.UTF-8|en_US.UTF-8)
   -c, --run.concurrency int            number of concurrent connections (default 1)
+  -B, --run.command-blacklist strings  commands that are prohibited from execution on target hosts
+                                       (default: rm,reboot,halt,shutdown,init,mkfs,mkfs.*,umount,dd)
   -o, --output.file string             file to which messages are output
   -j, --output.json                    output messages in json format
   -C, --output.condense                condense output and disable color
-  -q, --output.quiet                   do not output messages to screen (except error messages)
+  -q, --output.quiet                   do not output messages to screen
   -v, --output.verbose                 show debug messages
   -X, --proxy.server string            proxy server address
       --proxy.port int                 proxy server port (default 22)