Releases: pglombardo/PasswordPusher
Releases · pglombardo/PasswordPusher
v1.50.2: Fix - Make theme selection case insensitive
ee7a092
This commit was signed with the committer’s verified signature.
pglombardo
Peter Giacomo Lombardo
📝 What’s Changed
- Fix: Downcase theme selection (#2921) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump googleauth from 1.12.1 to 1.12.2 (#2920) @dependabot
- ⬆️ Bump logger from 1.6.3 to 1.6.4 (#2918) @dependabot
- ⬆️ Bump erubi from 1.13.0 to 1.13.1 (#2917) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.50.2..and go to http://localhost:5100
🔗 Useful Links
Contributors
pglombardo and dependabot
Assets 2
v1.50.1: Fix Custom theme setup on container boot
96d4996
This commit was signed with the committer’s verified signature.
pglombardo
Peter Giacomo Lombardo
📝 What’s Changed
- Fix: Custom theme setup on container boot (#2916) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump irb from 1.14.2 to 1.14.3 (#2915) @dependabot
- ⬆️ Bump debug from 1.9.2 to 1.10.0 (#2914) @dependabot
- ⬆️ Bump aws-partitions from 1.1024.0 to 1.1025.0 (#2913) @dependabot
- ⬆️ Bump minitest-rails from 7.1.1 to 7.2.0 (#2912) @dependabot
- ⬆️ Bump googleauth from 1.12.0 to 1.12.1 (#2910) @dependabot
- ⬆️ Bump json from 2.9.0 to 2.9.1 (#2911) @dependabot
- ⬆️ Bump rdoc from 6.9.1 to 6.10.0 (#2909) @dependabot
- ⬆️ Bump aws-partitions from 1.1023.0 to 1.1024.0 (#2908) @dependabot
- ⬆️ Bump psych from 5.2.1 to 5.2.2 (#2907) @dependabot
- ⬆️ Bump faraday-multipart from 1.0.4 to 1.1.0 (#2906) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.50.1..and go to http://localhost:5100
🔗 Useful Links
Contributors
pglombardo and dependabot
Assets 2
v1.50.0: Overhauled & Updated CSS Build System
c9c561f
This commit was signed with the committer’s verified signature.
pglombardo
Peter Giacomo Lombardo
📝 What’s Changed
This should be a transparent release for end users besides some bug fixes related to dark mode.
🚀 Features
- CSS/JS: Updated build system and theme selection (#2904) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump helm/kind-action from 1.10.0 to 1.11.0 (#2901) @dependabot
- ⬆️ Bump rexml from 3.3.9 to 3.4.0 (#2895) @dependabot
- ⬆️ Bump reline from 0.5.12 to 0.6.0 (#2898) @dependabot
- ⬆️ Bump timeout from 0.4.2 to 0.4.3 (#2900) @dependabot
- ⬆️ Bump net-imap from 0.5.1 to 0.5.2 (#2899) @dependabot
- ⬆️ Bump rdoc from 6.9.0 to 6.9.1 (#2897) @dependabot
- ⬆️ Bump securerandom from 0.4.0 to 0.4.1 (#2896) @dependabot
- ⬆️ Bump debase from 0.2.7 to 0.2.8 (#2894) @dependabot
- ⬆️ Bump oj from 3.16.7 to 3.16.8 (#2893) @dependabot
- ⬆️ Bump aws-partitions from 1.1022.0 to 1.1023.0 (#2892) @dependabot
- ⬆️ Bump rubocop-ast from 1.36.2 to 1.37.0 (#2891) @dependabot
- ⬆️ Bump google-apis-storage_v1 from 0.48.0 to 0.49.0 (#2890) @dependabot
- ⬆️ Bump ruby-debug-ide from 0.7.3 to 0.7.4 (#2888) @dependabot
- ⬆️ Bump rdoc from 6.8.1 to 6.9.0 (#2889) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.49.5..and go to http://localhost:5100
🔗 Useful Links
Contributors
pglombardo and dependabot
Assets 2
v1.49.4: New Cloudflare Proxy Support
7fa064a
This commit was signed with the committer’s verified signature.
pglombardo
Peter Giacomo Lombardo
📝 What’s Changed
- New Cloudflare Setting: Optionally fetch CF IPs on container boot. (#2878) @pglombardo
- Special fix for Mariadb (#2877) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump nokogiri from 1.17.1 to 1.17.2 (#2885) @dependabot
- ⬆️ Bump irb from 1.14.1 to 1.14.2 (#2882) @dependabot
- ⬆️ Bump rubocop from 1.69.1 to 1.69.2 (#2883) @dependabot
- ⬆️ Bump logger from 1.6.2 to 1.6.3 (#2881) @dependabot
- ⬆️ Bump rails-html-sanitizer from 1.6.1 to 1.6.2 (#2880) @dependabot
- ⬆️ Bump aws-partitions from 1.1021.0 to 1.1022.0 (#2879) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.49.4..and go to http://localhost:5100
🔗 Useful Links
Contributors
pglombardo and dependabot
Assets 2
v1.49.3: Dependency, Security Updates & Latest Language Strings
7728a72
This commit was signed with the committer’s verified signature.
pglombardo
Peter Giacomo Lombardo
📝 What’s Changed
- Preliminary: Set rel="no-prefetch" to block browser pre-fetch (#2854) @pglombardo
- fix database service names in docker-compose-xx.yml (#2821) @ggruening
🚀 Features
- Latest Language Strings (#2876) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump actionmailer from 7.2.2 to 7.2.2.1 (#2868) @dependabot
- ⬆️ Bump actionview from 7.2.2 to 7.2.2.1 (#2869) @dependabot
- ⬆️ Bump activesupport from 7.2.2 to 7.2.2.1 (#2870) @dependabot
- ⬆️ Bump activejob from 7.2.2 to 7.2.2.1 (#2872) @dependabot
- ⬆️ Bump activestorage from 7.2.2 to 7.2.2.1 (#2873) @dependabot
- ⬆️ Bump rails from 7.2.2 to 7.2.2.1 (#2867) @dependabot
- ⬆️ Bump aws-partitions from 1.1020.0 to 1.1021.0 (#2875) @dependabot
- ⬆️ Bump google-cloud-storage from 1.53.0 to 1.54.0 (#2874) @dependabot
- ⬆️ Bump standard from 1.42.1 to 1.43.0 (#2871) @dependabot
- ⬆️ Bump standard-performance from 1.5.0 to 1.6.0 (#2864) @dependabot
- ⬆️ Bump rubocop from 1.68.0 to 1.69.1 (#2859) @dependabot
- ⬆️ Bump nokogiri from 1.17.0 to 1.17.1 (#2858) @dependabot
- ⬆️ Bump aws-partitions from 1.1019.0 to 1.1020.0 (#2856) @dependabot
- ⬆️ Bump aws-partitions from 1.1018.0 to 1.1019.0 (#2852) @dependabot
- ⬆️ Bump sqlite3 from 2.4.0 to 2.4.1 (#2848) @dependabot
- ⬆️ Bump nokogiri from 1.16.8 to 1.17.0 (#2847) @dependabot
- ⬆️ Bump solid_queue from 1.0.2 to 1.1.0 (#2846) @dependabot
- ⬆️ Bump googleauth from 1.11.2 to 1.12.0 (#2845) @dependabot
- ⬆️ Bump aws-partitions from 1.1017.0 to 1.1018.0 (#2838) @dependabot
- ⬆️ Bump logger from 1.6.1 to 1.6.2 (#2826) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot], @ggruening and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.49.3..and go to http://localhost:5100
🔗 Useful Links
Contributors
pglombardo, dependabot, and ggruening
Assets 2
v1.49.2: Dependency & Security Updates
0084474
This commit was signed with the committer’s verified signature.
pglombardo
Peter Giacomo Lombardo
📝 What’s Changed
⬆️ Dependencies updates
- ⬆️ Bump google-cloud-storage from 1.52.0 to 1.53.0 (#2842) @dependabot
- ⬆️ Bump net-http-persistent from 4.0.4 to 4.0.5 (#2843) @dependabot
- ⬆️ Bump useragent from 0.16.10 to 0.16.11 (#2841) @dependabot
- ⬆️ Bump minitest from 5.25.3 to 5.25.4 (#2837) @dependabot
- ⬆️ Bump json from 2.8.2 to 2.9.0 (#2836) @dependabot
- ⬆️ Bump io-console from 0.7.2 to 0.8.0 (#2835) @dependabot
- ⬆️ Bump sqlite3 from 2.3.1 to 2.4.0 (#2831) @dependabot
- ⬆️ Bump aws-sdk-s3 from 1.175.0 to 1.176.0 (#2833) @dependabot
- ⬆️ Bump minitest from 5.25.2 to 5.25.3 (#2832) @dependabot
- ⬆️ Bump psych from 5.2.0 to 5.2.1 (#2829) @dependabot
- ⬆️ Bump aws-sdk-s3 from 1.174.0 to 1.175.0 (#2828) @dependabot
- ⬆️ Bump securerandom from 0.3.2 to 0.4.0 (#2827) @dependabot
- ⬆️ Bump date from 3.4.0 to 3.4.1 (#2824) @dependabot
- ⬆️ Bump aws-partitions from 1.1014.0 to 1.1015.0 (#2825) @dependabot
- ⬆️ Bump rails-html-sanitizer from 1.6.0 to 1.6.1 (#2823) @dependabot
- ⬆️ Bump regexp_parser from 2.9.2 to 2.9.3 (#2820) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.49.2..and go to http://localhost:5100
🔗 Useful Links
Contributors
pglombardo and dependabot
Assets 2
v1.49.1: Account Locking & Cookie Security
ef98d08
This commit was signed with the committer’s verified signature.
pglombardo
Peter Giacomo Lombardo
📝 What’s Changed
- Login: Lock accounts after 10 failed attempts (#2806) @pglombardo
- Passphrase: Increase cookie security (#2805) @pglombardo
🚀 Features
- Latest Language Strings (#2807) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump reline from 0.5.11 to 0.5.12 (#2818) @dependabot
- ⬆️ Bump aws-partitions from 1.1013.0 to 1.1014.0 (#2817) @dependabot
- ⬆️ Bump rubocop-ast from 1.36.1 to 1.36.2 (#2816) @dependabot
- ⬆️ Bump sqlite3 from 2.3.0 to 2.3.1 (#2812) @dependabot
- ⬆️ Bump aws-sdk-s3 from 1.173.0 to 1.174.0 (#2813) @dependabot
- ⬆️ Bump puma from 6.4.3 to 6.5.0 (#2809) @dependabot
- ⬆️ Bump aws-sdk-s3 from 1.172.0 to 1.173.0 (#2804) @dependabot
- ⬆️ Bump aws-partitions from 1.1011.0 to 1.1012.0 (#2803) @dependabot
- ⬆️ Bump minitest from 5.25.1 to 5.25.2 (#2802) @dependabot
- ⬆️ Bump sqlite3 from 2.2.0 to 2.3.0 (#2801) @dependabot
- ⬆️ Bump aws-partitions from 1.1010.0 to 1.1011.0 (#2800) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.49.1..and go to http://localhost:5100
🔗 Useful Links
Contributors
pglombardo and dependabot
Assets 2
v1.49.0: Trust Only Local Proxies Unless Overridden
97d28d3
This commit was signed with the committer’s verified signature.
pglombardo
Peter Giacomo Lombardo
This release fixes CVE-2024-52796 where an attacker could spoof the X-Forwarded-For header to bypass the rate limiter.
If you are using an external proxy that is not on the local network, see this documentation on how to authorize the IP of your remote proxy.
📝 What’s Changed
- Security: Only trust local proxies unless overidden (#2797) @pglombardo
- [Snyk] Upgrade esbuild from 0.23.1 to 0.24.0 (#2796) @pglombardo
🚀 Features
- Yarn package updates (#2782) @pglombardo
- Latest Language Strings (#2779) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump rdoc from 6.7.0 to 6.8.1 (#2795) @dependabot
- ⬆️ Bump aws-partitions from 1.1009.0 to 1.1010.0 (#2794) @dependabot
- ⬆️ Bump mutex_m from 0.2.0 to 0.3.0 (#2793) @dependabot
- ⬆️ Bump prime from 0.1.2 to 0.1.3 (#2792) @dependabot
- ⬆️ Bump standard from 1.42.0 to 1.42.1 (#2791) @dependabot
- ⬆️ Bump aws-sdk-kms from 1.95.0 to 1.96.0 (#2790) @dependabot
- ⬆️ Bump aws-sdk-s3 from 1.171.0 to 1.172.0 (#2789) @dependabot
- ⬆️ Bump kramdown from 2.4.0 to 2.5.1 (#2788) @dependabot
- ⬆️ Bump aws-partitions from 1.1007.0 to 1.1009.0 (#2786) @dependabot
- ⬆️ Bump pry from 0.14.2 to 0.15.0 (#2784) @dependabot
- ⬆️ Bump solid_queue from 1.0.1 to 1.0.2 (#2785) @dependabot
- ⬆️ Bump aws-sdk-s3 from 1.170.1 to 1.171.0 (#2775) @dependabot
- ⬆️ Bump mini_portile2 from 2.8.7 to 2.8.8 (#2776) @dependabot
- ⬆️ Bump json from 2.8.1 to 2.8.2 (#2774) @dependabot
- ⬆️ Bump aws-partitions from 1.1006.0 to 1.1007.0 (#2773) @dependabot
- ⬆️ Bump rackup from 2.2.0 to 2.2.1 (#2772) @dependabot
- ⬆️ Bump aws-partitions from 1.1005.0 to 1.1006.0 (#2771) @dependabot
- ⬆️ Bump rubocop-ast from 1.35.0 to 1.36.1 (#2770) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.49.0..and go to http://localhost:5100
🔗 Useful Links
Contributors
pglombardo and dependabot
Assets 2
v1.48.2: Language Strings, Dependency & Security Updates
d61378d
This commit was signed with the committer’s verified signature.
pglombardo
Peter Giacomo Lombardo
📝 What’s Changed
- Background Jobs: Fix environment variable check (#2768) @pglombardo
🚀 Features
- Latest Language Strings (#2767) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump standard from 1.41.1 to 1.42.0 (#2765) @dependabot
- ⬆️ Bump aws-partitions from 1.1004.0 to 1.1005.0 (#2764) @dependabot
- ⬆️ Bump debase from 0.2.6 to 0.2.7 (#2763) @dependabot
- ⬆️ Bump rubocop from 1.66.1 to 1.68.0 (#2762) @dependabot
- ⬆️ Bump aws-partitions from 1.1003.0 to 1.1004.0 (#2760) @dependabot
- ⬆️ Bump securerandom from 0.3.1 to 0.3.2 (#2759) @dependabot
- ⬆️ Bump aws-sdk-s3 from 1.170.0 to 1.170.1 (#2758) @dependabot
- ⬆️ Bump rubocop-ast from 1.34.1 to 1.35.0 (#2756) @dependabot
- ⬆️ Bump msgpack from 1.7.3 to 1.7.5 (#2757) @dependabot
- ⬆️ Bump solid_queue from 1.0.0 to 1.0.1 (#2754) @dependabot
- ⬆️ Bump aws-partitions from 1.1002.0 to 1.1003.0 (#2752) @dependabot
- ⬆️ Bump net-imap from 0.5.0 to 0.5.1 (#2750) @dependabot
- ⬆️ Bump mission_control-jobs from 0.4.0 to 0.5.0 (#2751) @dependabot
- ⬆️ Bump benchmark from 0.3.0 to 0.4.0 (#2749) @dependabot
- ⬆️ Bump singleton from 0.2.0 to 0.3.0 (#2748) @dependabot
- ⬆️ Bump ostruct from 0.6.0 to 0.6.1 (#2746) @dependabot
- ⬆️ Bump psych from 5.1.2 to 5.2.0 (#2747) @dependabot
- ⬆️ Bump aws-partitions from 1.1001.0 to 1.1002.0 (#2745) @dependabot
- ⬆️ Bump stringio from 3.1.1 to 3.1.2 (#2744) @dependabot
- ⬆️ Bump rubocop-ast from 1.34.0 to 1.34.1 (#2743) @dependabot
- ⬆️ Bump timeout from 0.4.1 to 0.4.2 (#2740) @dependabot
- ⬆️ Bump mission_control-jobs from 0.3.3 to 0.4.0 (#2741) @dependabot
- ⬆️ Bump aws-sdk-s3 from 1.169.0 to 1.170.0 (#2739) @dependabot
- ⬆️ Bump json from 2.7.6 to 2.8.1 (#2738) @dependabot
- ⬆️ Bump aws-sdk-core from 3.211.0 to 3.212.0 (#2737) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.48.2..and go to http://localhost:5100
🔗 Useful Links
Contributors
pglombardo and dependabot
Assets 2
v1.48.1: Security Update
b2b057c
This commit was signed with the committer’s verified signature.
pglombardo
Peter Giacomo Lombardo
This release fixes CVE-2024-51989 (a potential XSS vulnerability) that was introduced in v1.41.1.
All users that are self-hosting and using the login system, please update to this version to best mitigate risk. Details, description and more available in the Github Security Advisory.
Thanks to @igniter07 for reporting!
📝 What’s Changed
- Sanitize Confirmation Parameter (#2736) @pglombardo
- Allow Anonymous=false: Fix after sign up redirect path (#2735) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump parser from 3.3.5.1 to 3.3.6.0 (#2734) @dependabot
- ⬆️ Bump json from 2.7.5 to 2.7.6 (#2733) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.48.1..and go to http://localhost:5100
🔗 Useful Links
Contributors
pglombardo, dependabot, and igniter07