Skip to content

v2.5.0

Latest
Latest
Compare
Choose a tag to compare
@Gnuxie Gnuxie released this 08 Jul 11:55
· 2 commits to main since this release
v2.5.0
0618eee
This commit was signed with the committer’s verified signature.
Gnuxie
SSH Key Fingerprint: 2YQLRqncXPWmkRxR0P4Pm2V0JdwSGfj5p1qcUCK1ilk
Verified
Learn about vigilant mode.

Added

  • There is a new protection enabled by default called the
    InvalidEventProtection. This protection redacts events that contain
    malformed
    mixins
    that are likely to trip up other Matrix clients, or potentially represent an
    attempt to bypass Draupnir protections. For Matrix developers, what qualifies
    as a malformed mixin is very conservative, and we only focus on the core
    properties of a given mixin.

  • The WordListProtection, and MentionLimitProtection are updated to use a
    new method of parsing Matrix events by extracting
    mixins
    that is provided by the matrix-protection-suite. This will allow these
    protections to continue to function should extensible events ever make it into
    a release of the Matrix specification. And generally this is a more robust way
    of parsing Matrix events.

Fixed

  • Draupnir deployed in appservice mode were not being disposed of correctly when
    being placed into or restarting from safe mode. This could be a root cause a
    variety of issues.

Changed

  • The JSON reviver used by Draupnir for handling http requests and responses has
    been modified to cover more property names found on the Object.prototype, in
    addition to the existing restrictions preventing prototype pollution. This
    adds redundancy to code handling objects parsed from untrusted sources.
Assets 2
Loading