mirror of
https://github.com/restic/rest-server.git
synced 2025-10-19 15:43:21 +00:00
Generate CHANGELOG.md for 0.11.0
This commit is contained in:
Alexander Neumann
parent
057ef39525
commit
4741eec619
1 changed files with 142 additions and 0 deletions
142
CHANGELOG.md
142
CHANGELOG.md
|
|
@ -1,3 +1,145 @@
|
|||
Changelog for rest-server 0.11.0 (2022-02-10)
|
||||
============================================
|
||||
|
||||
The following sections list the changes in rest-server 0.11.0 relevant
|
||||
to users. The changes are ordered by importance.
|
||||
|
||||
Summary
|
||||
-------
|
||||
|
||||
* Sec #131: Prevent loading of usernames containing a slash
|
||||
* Fix #119: Fix Docker configuration for `DISABLE_AUTHENTICATION`
|
||||
* Fix #142: Fix possible data loss due to interrupted network connections
|
||||
* Fix #157: Use platform-specific temporary directory as default data directory
|
||||
* Fix #155: Reply "insufficient storage" on disk full or over-quota
|
||||
* Chg #146: Build rest-server at docker container build time
|
||||
* Chg #112: Add subrepo support and refactor server code
|
||||
* Enh #122: Verify uploaded files
|
||||
* Enh #126: Allow running rest-server via systemd socket activation
|
||||
* Enh #148: Expand use of security features in example systemd unit file
|
||||
|
||||
Details
|
||||
-------
|
||||
|
||||
* Security #131: Prevent loading of usernames containing a slash
|
||||
|
||||
"/" is valid char in HTTP authorization headers, but is also used in rest-server to map
|
||||
usernames to private repos.
|
||||
|
||||
This commit prevents loading maliciously composed usernames like "/foo/config" by
|
||||
restricting the allowed characters to the unicode character class, numbers, "-", "." and "@".
|
||||
|
||||
This prevents requests to other users files like:
|
||||
|
||||
Curl -v -X DELETE -u foo/config:attack http://localhost:8000/foo/config
|
||||
|
||||
https://github.com/restic/rest-server/issues/131
|
||||
https://github.com/restic/rest-server/pull/132
|
||||
https://github.com/restic/rest-server/pull/137
|
||||
|
||||
* Bugfix #119: Fix Docker configuration for `DISABLE_AUTHENTICATION`
|
||||
|
||||
Rest-server 0.10.0 introduced a regression which caused the `DISABLE_AUTHENTICATION`
|
||||
environment variable to stop working for the Docker container. This has been fixed by
|
||||
automatically setting the option `--no-auth` to disable authentication.
|
||||
|
||||
https://github.com/restic/rest-server/issues/119
|
||||
https://github.com/restic/rest-server/pull/124
|
||||
|
||||
* Bugfix #142: Fix possible data loss due to interrupted network connections
|
||||
|
||||
When rest-server was run without `--append-only` it was possible to lose uploaded files in a
|
||||
specific scenario in which a network connection was interrupted.
|
||||
|
||||
For the data loss to occur a file upload by restic would have to be interrupted such that restic
|
||||
notices the interrupted network connection before the rest-server. Then restic would have to
|
||||
retry the file upload and finish it before the rest-server notices that the initial upload has
|
||||
failed. Then the uploaded file would be accidentally removed by rest-server when trying to
|
||||
cleanup the failed upload.
|
||||
|
||||
This has been fixed by always uploading to a temporary file first which is moved in position only
|
||||
once it was uploaded completely.
|
||||
|
||||
https://github.com/restic/rest-server/pull/142
|
||||
|
||||
* Bugfix #157: Use platform-specific temporary directory as default data directory
|
||||
|
||||
If no data directory is specificed, then rest-server now uses the Go standard library
|
||||
functions to retrieve the standard temporary directory path for the current platform.
|
||||
|
||||
https://github.com/restic/rest-server/issues/157
|
||||
https://github.com/restic/rest-server/pull/158
|
||||
|
||||
* Bugfix #155: Reply "insufficient storage" on disk full or over-quota
|
||||
|
||||
When there was no space left on disk, or any other write-related error occurred, rest-server
|
||||
replied with HTTP status code 400 (Bad request). This is misleading (restic client will dump
|
||||
the status code to the user).
|
||||
|
||||
Rest-server now replies with two different status codes in these situations: * HTTP 507
|
||||
"Insufficient storage" is the status on disk full or repository over-quota * HTTP 500
|
||||
"Internal server error" is used for other disk-related errors
|
||||
|
||||
https://github.com/restic/rest-server/issues/155
|
||||
https://github.com/restic/rest-server/pull/160
|
||||
|
||||
* Change #146: Build rest-server at docker container build time
|
||||
|
||||
The Dockerfile now includes a build stage such that the latest rest-server is always built and
|
||||
packaged. This is done in a standard golang container to ensure a clean build environment and
|
||||
only the final binary is shipped rather than the whole build environment.
|
||||
|
||||
https://github.com/restic/rest-server/issues/146
|
||||
https://github.com/restic/rest-server/pull/145
|
||||
|
||||
* Change #112: Add subrepo support and refactor server code
|
||||
|
||||
Support for multi-level repositories has been added, so now each user can have its own
|
||||
subrepositories. This feature is always enabled.
|
||||
|
||||
Authentication for the Prometheus /metrics endpoint can now be disabled with the new
|
||||
`--prometheus-no-auth` flag.
|
||||
|
||||
We have split out all HTTP handling to a separate `repo` subpackage to cleanly separate the
|
||||
server code from the code that handles a single repository. The new RepoHandler also makes it
|
||||
easier to reuse rest-server as a Go component in any other HTTP server.
|
||||
|
||||
The refactoring makes the code significantly easier to follow and understand, which in turn
|
||||
makes it easier to add new features, audit for security and debug issues.
|
||||
|
||||
https://github.com/restic/rest-server/issues/109
|
||||
https://github.com/restic/rest-server/issues/107
|
||||
https://github.com/restic/rest-server/pull/112
|
||||
|
||||
* Enhancement #122: Verify uploaded files
|
||||
|
||||
The rest-server now by default verifies that the hash of content of uploaded files matches
|
||||
their filename. This ensures that transmission errors are detected and forces restic to retry
|
||||
the upload. On low-power devices it can make sense to disable this check by passing the
|
||||
`--no-verify-upload` flag.
|
||||
|
||||
https://github.com/restic/rest-server/issues/122
|
||||
https://github.com/restic/rest-server/pull/130
|
||||
|
||||
* Enhancement #126: Allow running rest-server via systemd socket activation
|
||||
|
||||
We've added the option to have systemd create the listening socket and start the rest-server on
|
||||
demand.
|
||||
|
||||
https://github.com/restic/rest-server/issues/126
|
||||
https://github.com/restic/rest-server/pull/151
|
||||
https://github.com/restic/rest-server/pull/127
|
||||
|
||||
* Enhancement #148: Expand use of security features in example systemd unit file
|
||||
|
||||
The example systemd unit file now enables additional systemd features to mitigate potential
|
||||
security vulnerabilities in rest-server and the various packages and operating system
|
||||
components which it relies upon.
|
||||
|
||||
https://github.com/restic/rest-server/issues/148
|
||||
https://github.com/restic/rest-server/pull/149
|
||||
|
||||
|
||||
Changelog for rest-server 0.10.0 (2020-09-13)
|
||||
============================================
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue