Verified Commit 56eca7b4 authored by Eliot Berriot's avatar Eliot Berriot 💬

Merge branch 'release/0.18.1'

parents 640ed90b 4a197e54
Pipeline #3132 passed with stages
in 6 minutes
......@@ -10,6 +10,121 @@ This changelog is viewable on the web at https://docs.funkwhale.audio/changelog.
.. towncrier
0.18.1 (2019-01-29)
-------------------
Upgrade instructions are available at
https://docs.funkwhale.audio/index.html
Fix Gzip compression to avoid BREACH exploit [security] [manual action required]
--------------------------------------------------------------------------------
In the 0.18 release, we've enabled Gzip compression by default for various
content types, including HTML and JSON. Unfortunately, enabling Gzip compression
on such content types could make BREACH-type exploits possible.
We've removed the risky content-types from our nginx template files, to ensure new
instances are safe, however, if you already have an instance, you need
to double check that your host nginx virtualhost do not include the following
values for the ``gzip_types`` settings::
application/atom+xml
application/json
application/ld+json
application/activity+json
application/manifest+json
application/rss+xml
application/xhtml+xml
application/xml
For convenience, you can also replace the whole setting with the following snippet::
gzip_types
application/javascript
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
Many thanks to @jibec for the report!
Fix Apache configuration file for 0.18 [manual action required]
----------------------------------------------------------
The way front is served has changed since 0.18. The Apache configuration can't serve 0.18 properly, leading to blank screens.
If you are on an Apache setup, you will have to replace the `<Location "/api">` block with the following::
<Location "/">
# similar to nginx 'client_max_body_size 100M;'
LimitRequestBody 104857600
ProxyPass ${funkwhale-api}/
ProxyPassReverse ${funkwhale-api}/
</Location>
And add some more `ProxyPass` directives so that the `Alias` part of your configuration file looks this way::
ProxyPass "/front" "!"
Alias /front /srv/funkwhale/front/dist
ProxyPass "/media" "!"
Alias /media /srv/funkwhale/data/media
ProxyPass "/staticfiles" "!"
Alias /staticfiles /srv/funkwhale/data/static
In case you are using custom css and theming, you also need to match this block::
ProxyPass "/settings.json" "!"
Alias /settings.json /srv/funkwhale/custom/settings.json
ProxyPass "/custom" "!"
Alias /custom /srv/funkwhale/custom
Enhancements:
- Added name attributes on all inputs to improve UX, especially with password managers (#686)
- Disable makemigrations in production and misleading message when running migrate (#685)
- Display progress during file upload
- Hide pagination when there is only one page of results (#681)
- Include shared/public playlists in Subsonic API responses (#684)
- Use proper locale for date-related/duration strings (#670)
Bugfixes:
- Fix transcoding of in-place imported tracks (#688)
- Fixed celery worker defaulting to development settings instead of production
- Fixed crashing Django admin when loading track detail page (#666)
- Fixed list icon alignement on landing page (#668)
- Fixed overescaping issue in notifications and album page (#676)
- Fixed wrong number of affected elements in bulk action modal (#683)
- Fixed wrong URL in documentation for funkwhale_proxy.conf file when deploying using Docker
- Make Apache configuration file work with 0.18 changes (#667)
- Removed potential BREACH exploit because of Gzip compression (#678)
- Upgraded kombu to fix an incompatibility with redis>=3
Documentation:
- Added user upload documentation at https://docs.funkwhale.audio/users/upload.html
0.18 "Naomi" (2019-01-22)
-------------------------
......
# -*- coding: utf-8 -*-
__version__ = "0.18"
__version__ = "0.18.1"
__version_info__ = tuple(
[
int(num) if num.isdigit() else num
......
Fixed crashing Django admin when loading track detail page (#666)
Make Apache configuration file work with 0.18 changes (#667)
Fixed list icon alignement on landing page (#668)
Use proper locale for date-related/duration strings (#670)
Fixed overescaping issue in notifications and album page (#676)
Removed potential BREACH exploit because of Gzip compression (#678)
Hide pagination when there is only one page of results (#681)
\ No newline at end of file
Fixed wrong number of affected elements in bulk action modal (#683)
Include shared/public playlists in Subsonic API responses (#684)
Disable makemigrations in production and misleading message when running migrate (#685)
Added name attributes on all inputs to improve UX, especially with password managers (#686)
Fix transcoding of in-place imported tracks (#688)
Fixed celery worker defaulting to development settings instead of production
Fixed wrong URL in documentation for funkwhale_proxy.conf file when deploying using Docker
Upgraded kombu to fix an incompatibility with redis>=3
Display progress during file upload
Added user upload documentation
......@@ -5,80 +5,3 @@ Next release notes
Those release notes refer to the current development branch and are reset
after each release.
Fix Gzip compression to avoid BREACH exploit [security] [manual action required]
--------------------------------------------------------------------------------
In the 0.18 release, we've enabled Gzip compression by default for various
content types, including HTML and JSON. Unfortunately, enabling Gzip compression
on such content types could make BREACH-type exploits possible.
We've removed the risky content-types from our nginx template files, to ensure new
instances are safe, however, if you already have an instance, you need
to double check that your host nginx virtualhost do not include the following
values for the ``gzip_types`` settings::
application/atom+xml
application/json
application/ld+json
application/activity+json
application/manifest+json
application/rss+xml
application/xhtml+xml
application/xml
For convenience, you can also replace the whole setting with the following snippet::
gzip_types
application/javascript
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
Fix Apache configuration file for 0.18 [manual action required]
----------------------------------------------------------
The way front is served has changed since 0.18. The Apache configuration can't serve 0.18 properly, leading to blank screens.
If you are on an Apache setup, you will have to replace the `<Location "/api">` block with the following::
<Location "/">
# similar to nginx 'client_max_body_size 100M;'
LimitRequestBody 104857600
ProxyPass ${funkwhale-api}/
ProxyPassReverse ${funkwhale-api}/
</Location>
And add some more `ProxyPass` directives so that the `Alias` part of your configuration file looks this way::
ProxyPass "/front" "!"
Alias /front /srv/funkwhale/front/dist
ProxyPass "/media" "!"
Alias /media /srv/funkwhale/data/media
ProxyPass "/staticfiles" "!"
Alias /staticfiles /srv/funkwhale/data/static
In case you are using custom css and theming, you also need to match this block::
ProxyPass "/settings.json" "!"
Alias /settings.json /srv/funkwhale/custom/settings.json
ProxyPass "/custom" "!"
Alias /custom /srv/funkwhale/custom
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment