Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Releases: dimkr/tootik

v0.19.7

11 Oct 09:31
@github-actions github-actions
v0.19.7
5c67f9a

Choose a tag to compare

View all tags
v0.19.7 Latest
Latest

Added

Nothing!

Bug Fixes, Performance and Maintenance

  • An activity with two portable recipients on the same server is delivered only once
  • tootik now responds with 403 Forbidden and doesn't save when it receives an activity from a blocked server
  • RSA keys are now represented as PUBLIC KEY PEM blocks, for compatibility with servers that don't support PKCS#1
  • The application actor is discoverable through /actor and /.well-known/nodeinfo, to improve compatibility with servers that won't federate if they can't fetch the application actor
  • When fetching actors, tootik now validates the origin of inbox and sharedInbox: host must match actor ID's host
  • The maximum size of a Gopher request is doubled, to account for the longer IDs of posts by portable actors
  • Go and dependency updates
Assets 6
Loading

v0.19.6

27 Sep 13:26
@github-actions github-actions
v0.19.6
29b2999

Choose a tag to compare

View all tags
v0.19.6

Added

Nothing!

Bug Fixes, Performance and Maintenance

  • Activities are delivered to other servers once per host:port combination rather than once per inbox (sharedInbox or inbox), because some servers don't specify a sharedInbox endpoint shared by all users
Loading

v0.19.5

25 Sep 11:02
@github-actions github-actions
v0.19.5
d1fd9a2

Choose a tag to compare

View all tags
v0.19.5

Added

Nothing!

Bug Fixes, Performance and Maintenance

  • https://$domain now returns the nobody actor instead of redirecting to gemini://$domain if client specifies Accept: application/activity+json, because this is how PieFed fetches the instance actor
  • https://$domain/inbox now points to nobody's inbox, to match PieFed's fallback when it can't fetch the instance actor, because other implementations make the same assumption
Loading

v0.19.4

22 Sep 12:16
@github-actions github-actions
v0.19.4
d5d3669

Choose a tag to compare

View all tags
v0.19.4

Added

Nothing!

Bug Fixes, Performance and Maintenance

  • Fix for panic when a request to inbox is not signed
  • Fix for integrity proof validation failure when actor is not portable
  • Fix for parsing failure of activities when actor is an object and not a string
  • Fixes for typos in signature verification errors
Loading

v0.19.3

20 Sep 11:00
@github-actions github-actions
v0.19.3
77e4ef4

Choose a tag to compare

View all tags
v0.19.3

Added

Nothing!

Bug Fixes, Performance and Maintenance

  • Successful bio or avatar upload over Titan now redirects to gemini:// instead of redirecting relatively
Loading

v0.19.2

13 Sep 14:31
@github-actions github-actions
v0.19.2
39f8143

Choose a tag to compare

View all tags
v0.19.2

Added

Nothing!

Bug Fixes, Performance and Maintenance

  • Fix for invalid integrity proofs in posts and activities signed during the 0.19.0 migration
  • Integrity proofs on fetched posts are no longer invalid: @context is set before signing
  • @context is now consistent across actors, objects and activities, to reduce the risk of interoperability issues with servers that care about @context
Loading

v0.19.1

13 Sep 09:18
@github-actions github-actions
v0.19.1
d88a356

Choose a tag to compare

View all tags
v0.19.1

Added

  • An example activity import script, in FEDERATION.md

Bug Fixes, Performance and Maintenance

  • Fix for missing verification of key ownership when validating integrity proofs on non-portable activities
  • More efficient key vs. actor origin verification
  • More efficient removal of signatures when a post is forwarded by a community
Loading

v0.19.0

12 Sep 10:44
@github-actions github-actions
v0.19.0
7e19e9d

Choose a tag to compare

View all tags
v0.19.0

(v0.19.0-rc1)
(v0.19.0-rc2)

Added

Nothing!

Bug Fixes, Performance and Maintenance

  • Actors and posts are now signed once during insertion or update, instead of signing them every time another server tries to fetch them
  • Capability discovery is disabled when POST /.well-known/apgateway succeeds because it may ignore the HTTP signature when the delivered activity carries a valid integrity proof
  • When a portable activity is forwarded and gets fetched from its origin because it doesn't carry a proof, the activity is ignored unless the origin returns it with a valid proof
  • Dependency updates
Loading

v0.19.0-rc2

06 Sep 14:41
@github-actions github-actions
v0.19.0-rc2
e4cceca

Choose a tag to compare

View all tags
v0.19.0-rc2

Added

Nothing!

Bug Fixes, Performance and Maintenance

  • Fix for missing rollback on error which leaves DB in locked state, in two places
Loading

v0.19.0-rc1

05 Sep 12:37
@github-actions github-actions
v0.19.0-rc1
0cbd76b

Choose a tag to compare

View all tags
v0.19.0-rc1

Added

  • Support for FEP-8b32 integrity proofs
    • When tootik on a.com receives an activity from b.com but the request is signed by a user of c.com, tootik no longer fetches the activity from b.com and doesn't validate the HTTP signature if it carries a valid integrity proof that uses a key from b.com
  • Basic support for FEP-ef61
    • Users can generate a key or supply a pre-generated key during registration
    • The settings page allows users to configure a list of "gateways"
    • Outgoing activities are replicated to all defined gateways
    • Activity export includes activities by all actors that share the same key

Bug Fixes, Performance and Maintenance

  • Unification of processing of locally-created activities and incoming activities from other servers; this fixes multiple bugs and increases test coverage
  • Release names and tags now have a leading v
  • Dependency and Go updates
Loading