跳转到内容
kazv

v0.2.0

此内容尚不支持你的语言。

https://lily-is.land/kazv/kazv/-/releases/v0.2.0

This version is built upon libkazv v0.4.0, which includes an important security fix.

Security vulnerability in kazv < 0.2.0

There is a security vulnerability in kazv < 0.2.0 that can potentionally leak non-cryptographic hash values of plain text of encrypted messages to your homeserver through the transaction id of certain requests. For more information see https://iron.lily-is.land/D28 and https://iron.lily-is.land/T63.

We do not see a risk that the private part of your identity keys or one-time keys were compromised. However, your encrypted messages sent from kazv up till now might have been compromised, especially if you do not trust your homeserver.

All users should upgrade immediately and are advised to log out of current sessions that have run on kazv < 0.2.0, or rotate all session keys from kazv.

New code review workflow

We have adopted a new code review workflow in addition to the current GitLab Merge Requests. That is, by using Differential Revisions on our Phorge instance, IronLily. For more information, see https://iron.lily-is.land/T1 and https://lily-is.land/kazv/kazv/-/merge_requests/84. We believe that this new workflow will aid in improving the productivity of our core developers.

There is no plan to abandon the current GitLab Merge Request workflow. Contributors can choose between using GitLab Merge Request and using Differential Revisions, at their own wish.

Codeberg mirror

We now have a mirror of the libkazv and kazv repositories on Codeberg: https://codeberg.org/the-kazv-project.

0.2.0

Added

Fixed

Internal changes