Merge branch 'release/0.18.1'
This commit is contained in:
Eliot Berriot
commit
56eca7b46e
115
CHANGELOG
115
CHANGELOG
|
|
@ -10,6 +10,121 @@ This changelog is viewable on the web at https://docs.funkwhale.audio/changelog.
|
|||
|
||||
.. towncrier
|
||||
|
||||
0.18.1 (2019-01-29)
|
||||
-------------------
|
||||
|
||||
Upgrade instructions are available at
|
||||
https://docs.funkwhale.audio/index.html
|
||||
|
||||
|
||||
Fix Gzip compression to avoid BREACH exploit [security] [manual action required]
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
In the 0.18 release, we've enabled Gzip compression by default for various
|
||||
content types, including HTML and JSON. Unfortunately, enabling Gzip compression
|
||||
on such content types could make BREACH-type exploits possible.
|
||||
|
||||
We've removed the risky content-types from our nginx template files, to ensure new
|
||||
instances are safe, however, if you already have an instance, you need
|
||||
to double check that your host nginx virtualhost do not include the following
|
||||
values for the ``gzip_types`` settings::
|
||||
|
||||
application/atom+xml
|
||||
application/json
|
||||
application/ld+json
|
||||
application/activity+json
|
||||
application/manifest+json
|
||||
application/rss+xml
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
|
||||
For convenience, you can also replace the whole setting with the following snippet::
|
||||
|
||||
gzip_types
|
||||
application/javascript
|
||||
application/vnd.geo+json
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/x-web-app-manifest+json
|
||||
font/opentype
|
||||
image/bmp
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/cache-manifest
|
||||
text/css
|
||||
text/plain
|
||||
text/vcard
|
||||
text/vnd.rim.location.xloc
|
||||
text/vtt
|
||||
text/x-component
|
||||
text/x-cross-domain-policy;
|
||||
|
||||
Many thanks to @jibec for the report!
|
||||
|
||||
Fix Apache configuration file for 0.18 [manual action required]
|
||||
----------------------------------------------------------
|
||||
|
||||
The way front is served has changed since 0.18. The Apache configuration can't serve 0.18 properly, leading to blank screens.
|
||||
|
||||
If you are on an Apache setup, you will have to replace the `<Location "/api">` block with the following::
|
||||
|
||||
<Location "/">
|
||||
# similar to nginx 'client_max_body_size 100M;'
|
||||
LimitRequestBody 104857600
|
||||
|
||||
ProxyPass ${funkwhale-api}/
|
||||
ProxyPassReverse ${funkwhale-api}/
|
||||
</Location>
|
||||
|
||||
And add some more `ProxyPass` directives so that the `Alias` part of your configuration file looks this way::
|
||||
|
||||
ProxyPass "/front" "!"
|
||||
Alias /front /srv/funkwhale/front/dist
|
||||
|
||||
ProxyPass "/media" "!"
|
||||
Alias /media /srv/funkwhale/data/media
|
||||
|
||||
ProxyPass "/staticfiles" "!"
|
||||
Alias /staticfiles /srv/funkwhale/data/static
|
||||
|
||||
In case you are using custom css and theming, you also need to match this block::
|
||||
|
||||
ProxyPass "/settings.json" "!"
|
||||
Alias /settings.json /srv/funkwhale/custom/settings.json
|
||||
|
||||
ProxyPass "/custom" "!"
|
||||
Alias /custom /srv/funkwhale/custom
|
||||
|
||||
|
||||
Enhancements:
|
||||
|
||||
- Added name attributes on all inputs to improve UX, especially with password managers (#686)
|
||||
- Disable makemigrations in production and misleading message when running migrate (#685)
|
||||
- Display progress during file upload
|
||||
- Hide pagination when there is only one page of results (#681)
|
||||
- Include shared/public playlists in Subsonic API responses (#684)
|
||||
- Use proper locale for date-related/duration strings (#670)
|
||||
|
||||
|
||||
Bugfixes:
|
||||
|
||||
- Fix transcoding of in-place imported tracks (#688)
|
||||
- Fixed celery worker defaulting to development settings instead of production
|
||||
- Fixed crashing Django admin when loading track detail page (#666)
|
||||
- Fixed list icon alignement on landing page (#668)
|
||||
- Fixed overescaping issue in notifications and album page (#676)
|
||||
- Fixed wrong number of affected elements in bulk action modal (#683)
|
||||
- Fixed wrong URL in documentation for funkwhale_proxy.conf file when deploying using Docker
|
||||
- Make Apache configuration file work with 0.18 changes (#667)
|
||||
- Removed potential BREACH exploit because of Gzip compression (#678)
|
||||
- Upgraded kombu to fix an incompatibility with redis>=3
|
||||
|
||||
|
||||
Documentation:
|
||||
|
||||
- Added user upload documentation at https://docs.funkwhale.audio/users/upload.html
|
||||
|
||||
|
||||
0.18 "Naomi" (2019-01-22)
|
||||
-------------------------
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
__version__ = "0.18"
|
||||
__version__ = "0.18.1"
|
||||
__version_info__ = tuple(
|
||||
[
|
||||
int(num) if num.isdigit() else num
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
Fixed crashing Django admin when loading track detail page (#666)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Make Apache configuration file work with 0.18 changes (#667)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fixed list icon alignement on landing page (#668)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Use proper locale for date-related/duration strings (#670)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fixed overescaping issue in notifications and album page (#676)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Removed potential BREACH exploit because of Gzip compression (#678)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Hide pagination when there is only one page of results (#681)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fixed wrong number of affected elements in bulk action modal (#683)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Include shared/public playlists in Subsonic API responses (#684)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Disable makemigrations in production and misleading message when running migrate (#685)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Added name attributes on all inputs to improve UX, especially with password managers (#686)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fix transcoding of in-place imported tracks (#688)
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fixed celery worker defaulting to development settings instead of production
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fixed wrong URL in documentation for funkwhale_proxy.conf file when deploying using Docker
|
||||
|
|
@ -1 +0,0 @@
|
|||
Upgraded kombu to fix an incompatibility with redis>=3
|
||||
|
|
@ -1 +0,0 @@
|
|||
Display progress during file upload
|
||||
|
|
@ -1 +0,0 @@
|
|||
Added user upload documentation
|
||||
|
|
@ -5,80 +5,3 @@ Next release notes
|
|||
|
||||
Those release notes refer to the current development branch and are reset
|
||||
after each release.
|
||||
|
||||
Fix Gzip compression to avoid BREACH exploit [security] [manual action required]
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
In the 0.18 release, we've enabled Gzip compression by default for various
|
||||
content types, including HTML and JSON. Unfortunately, enabling Gzip compression
|
||||
on such content types could make BREACH-type exploits possible.
|
||||
|
||||
We've removed the risky content-types from our nginx template files, to ensure new
|
||||
instances are safe, however, if you already have an instance, you need
|
||||
to double check that your host nginx virtualhost do not include the following
|
||||
values for the ``gzip_types`` settings::
|
||||
|
||||
application/atom+xml
|
||||
application/json
|
||||
application/ld+json
|
||||
application/activity+json
|
||||
application/manifest+json
|
||||
application/rss+xml
|
||||
application/xhtml+xml
|
||||
application/xml
|
||||
|
||||
For convenience, you can also replace the whole setting with the following snippet::
|
||||
|
||||
gzip_types
|
||||
application/javascript
|
||||
application/vnd.geo+json
|
||||
application/vnd.ms-fontobject
|
||||
application/x-font-ttf
|
||||
application/x-web-app-manifest+json
|
||||
font/opentype
|
||||
image/bmp
|
||||
image/svg+xml
|
||||
image/x-icon
|
||||
text/cache-manifest
|
||||
text/css
|
||||
text/plain
|
||||
text/vcard
|
||||
text/vnd.rim.location.xloc
|
||||
text/vtt
|
||||
text/x-component
|
||||
text/x-cross-domain-policy;
|
||||
|
||||
|
||||
Fix Apache configuration file for 0.18 [manual action required]
|
||||
----------------------------------------------------------
|
||||
|
||||
The way front is served has changed since 0.18. The Apache configuration can't serve 0.18 properly, leading to blank screens.
|
||||
|
||||
If you are on an Apache setup, you will have to replace the `<Location "/api">` block with the following::
|
||||
|
||||
<Location "/">
|
||||
# similar to nginx 'client_max_body_size 100M;'
|
||||
LimitRequestBody 104857600
|
||||
|
||||
ProxyPass ${funkwhale-api}/
|
||||
ProxyPassReverse ${funkwhale-api}/
|
||||
</Location>
|
||||
|
||||
And add some more `ProxyPass` directives so that the `Alias` part of your configuration file looks this way::
|
||||
|
||||
ProxyPass "/front" "!"
|
||||
Alias /front /srv/funkwhale/front/dist
|
||||
|
||||
ProxyPass "/media" "!"
|
||||
Alias /media /srv/funkwhale/data/media
|
||||
|
||||
ProxyPass "/staticfiles" "!"
|
||||
Alias /staticfiles /srv/funkwhale/data/static
|
||||
|
||||
In case you are using custom css and theming, you also need to match this block::
|
||||
|
||||
ProxyPass "/settings.json" "!"
|
||||
Alias /settings.json /srv/funkwhale/custom/settings.json
|
||||
|
||||
ProxyPass "/custom" "!"
|
||||
Alias /custom /srv/funkwhale/custom
|
||||
|
|
|
|||
Loading…
Reference in New Issue