Skip to main content

0.6.6

ยท 1954 words

Excalibur 0.6.6 is a patch release fixing bugs on the app and server.

Appโ€‹

๐Ÿ”’๏ธ Securityโ€‹

  • ๐Ÿ”’๏ธ Overridden version minima of dependencies in pnpm-workspace.yaml to address security vulnerabilities:
    • GHSA-4x5r-pxfx-6jf8: @babel/core to 7.29.1
    • GHSA-gv7w-rqvm-qjhr, GHSA-g7r4-m6w7-qqqr: esbuild to 0.28.1
    • GHSA-hmw2-7cc7-3qxx: form-data to 4.0.6
    • GHSA-h67p-54hq-rp68: js-yaml to 4.1.2
    • GHSA-q8mj-m7cp-5q26: qs to 6.15.2
    • GHSA-vmf3-w455-68vh: tar to 7.5.16
    • GHSA-ph9p-34f9-6g65: tmp to 0.2.6
    • GHSA-w5hq-g745-h8pq: uuid to 11.1.1
    • GHSA-fx2h-pf6j-xcff, GHSA-v6wh-96g9-6wx3: vite to 7.3.5

๐Ÿ› Bug Fixesโ€‹

  • ๐Ÿ› Fixed a bug where nested directories with paths like folder/subfolder would be created as a single directory with the name folder/subfolder (with the slash)

โฌ†๏ธ Dependenciesโ€‹

  • โฌ†๏ธ Updated prettier development dependency from 3.8.3 to 3.8.4 (#54)
  • โฌ†๏ธ Updated typescript-eslint development dependency from 8.60.1 to 8.61.0 (#55)

Serverโ€‹

๐Ÿ”’๏ธ Securityโ€‹

  • ๐Ÿ”’๏ธ Overridden version minima of dependencies in uv.lock to address security vulnerabilities:
    • GHSA-65pc-fj4g-8rjx: idna to 3.15
    • GHSA-86qp-5c8j-p5mr, GHSA-x746-7m8f-x49c, GHSA-wqp7-x3pw-xc5r, GHSA-82w8-qh3p-5jfq, GHSA-jp82-jpqv-5vv3: starlette to 1.3.1

๐Ÿ› Bug Fixesโ€‹

  • ๐Ÿ› Fixed bug where the server did not properly resolve dot-slashes (./) in paths, especially for encrypted paths

โฌ†๏ธ Dependenciesโ€‹

  • โž• Added httpx2 test dependency
  • โž– Removed httpx test dependency
  • โฌ†๏ธ Updated ipython development dependency from 9.14.0 to 9.14.1 (#57)
  • โฌ†๏ธ Updated ruff development dependency from 0.15.13 to 0.15.16 (#53)

0.6.5

ยท 2112 words

Excalibur 0.6.5 is a patch release fixing a security issue on the server.

It is recommended to upgrade both the server and app to this version.

Appโ€‹

โฌ†๏ธ Dependenciesโ€‹

  • โฌ†๏ธ Updated typescript-eslint development dependency from 8.59.2 to 8.60.1 (#36, #50)

Serverโ€‹

๐Ÿ”’๏ธ Securityโ€‹

  • ๐Ÿ”’๏ธ Fixed a security issue where other authenticated users are permitted to view, access, or edit other users' stuff.

    In particular, the following endpoints were affected:

    • /api/users/vault/{username}: any authenticated user could get another user's encrypted vault key
    • /api/users/info/{username}: any authenticated user could get another user's additional info
    • /api/users/edit-info/{username}: any authenticated user could edit another user's additional info

    These endpoints now always refer to the currently authenticated user, regardless of the username parameter. For now, the username parameter is kept for backwards compatibility, but is silently ignored. It, however, still needs to be provided. This requirement will be removed in the next minor release.

โฌ†๏ธ Dependenciesโ€‹

  • โฌ†๏ธ Updated fastapi from 0.136.1 to 0.136.3 (#48)
  • โฌ†๏ธ Updated httptools from 0.7.1 to 0.8.0 (#38)
  • โฌ†๏ธ Updated pyjwt from 2.12.1 to 2.13.0 (#52)
  • โฌ†๏ธ Updated typer from 0.25.1 to 0.26.7 (#49)
  • โฌ†๏ธ Updated uvicorn from 0.47.0 to 0.49.0 (#40, #46)
  • โฌ†๏ธ Updated ipython development dependency from 9.13.0 to 9.14.0 (#39)
  • โฌ†๏ธ Updated watchfiles development dependency from 1.1.1 to 1.2.0 (#34)

0.6.4

ยท 914 words

Excalibur 0.6.4 is a patch release fixing a bug on the app and updating some dependencies.

Updating the app is recommended but not necessary. Updating the server is not required.

Appโ€‹

๐Ÿ› Bug Fixesโ€‹

  • ๐Ÿ› Fixed a bug where the name sorting was not ignoring the case (e.g., uppercase names were sorted before lowercase names of the same letter)

โฌ†๏ธ Dependenciesโ€‹

  • โฌ†๏ธ Updated lint-staged development dependency from 16.4.0 to 17.0.5 (#29)

Serverโ€‹

โฌ†๏ธ Dependenciesโ€‹

  • โฌ†๏ธ Updated uvicorn from 0.46.0 to 0.47.0 (#24)
  • โฌ†๏ธ Updated ipython development dependency from 9.10.1 to 9.13.0 (#25)
  • โฌ†๏ธ Updated ruff development dependency from 0.15.12 to 0.15.13 (#28)

0.6.3

ยท 750 words

Excalibur 0.6.3 is a hotfix release fixing several critical issues stemming from the updated dependencies introduced in this update cycle.

Appโ€‹

๐Ÿ› Bug Fixesโ€‹

  • ๐Ÿš‘๏ธ Fixed encryption/decryption of files not working on production builds
  • ๐Ÿš‘๏ธ Fixed keyboard entry making the screen uglily on Android

โฌ†๏ธ Dependenciesโ€‹

  • โฌ‡๏ธ Downgraded Vite dependencies:
    • vite from 8.0.12 to 7.3.2
    • @vitejs/plugin-react from 6.0.1 to 5.2.0
  • โฌ‡๏ธ Downgraded electron-vite from 6.0.0-beta.1 to 5.0.0
  • โฌ‡๏ธ๐Ÿ“Œ Downgraded and pinned Capacitor dependencies:
    • @capacitor/android from 8.3.3 to 8.2.0
    • @capacitor/core from 8.3.3 to 8.2.0
    • @capacitor/cli from 8.3.3 to 8.2.0

Serverโ€‹

No significant changes.

0.6.2

ยท 615 words

Excalibur 0.6.2 is a hotfix release fixing several bugs.

Appโ€‹

๐Ÿ”„ Changesโ€‹

  • ๐Ÿ’„ Enhanced obfuscation dialog with more information about the initial retrieval of items on the server

๐Ÿ› Bug Fixesโ€‹

  • ๐Ÿ› Fixed obfuscation process including an extra .exef in file names

Serverโ€‹

๐Ÿ› Bug Fixesโ€‹

  • ๐Ÿ› Fixed an inconsistency where uploaded files must end in .exef but renaming files does not enforce this

    • Now, failure to provide an .exef extension when renaming a file will return a 417 Expectation Failed error

  • ๐Ÿ› Fixed backup command (excalibur backup) not including folders' contents