v0.2.0
https://lily-is.land/kazv/kazv/-/releases/v0.2.0
This version is built upon libkazv v0.4.0, which includes an important security fix.
Security vulnerability in kazv < 0.2.0
There is a security vulnerability in kazv < 0.2.0 that can potentionally leak non-cryptographic hash values of plain text of encrypted messages to your homeserver through the transaction id of certain requests. For more information see https://iron.lily-is.land/D28 and https://iron.lily-is.land/T63.
We do not see a risk that the private part of your identity keys or one-time keys were compromised. However, your encrypted messages sent from kazv up till now might have been compromised, especially if you do not trust your homeserver.
All users should upgrade immediately and are advised to log out of current sessions that have run on kazv < 0.2.0, or rotate all session keys from kazv.
New code review workflow
We have adopted a new code review workflow in addition to the current GitLab Merge Requests. That is, by using Differential Revisions on our Phorge instance, IronLily. For more information, see https://iron.lily-is.land/T1 and https://lily-is.land/kazv/kazv/-/merge_requests/84. We believe that this new workflow will aid in improving the productivity of our core developers.
There is no plan to abandon the current GitLab Merge Request workflow. Contributors can choose between using GitLab Merge Request and using Differential Revisions, at their own wish.
Codeberg mirror
We now have a mirror of the libkazv and kazv repositories on Codeberg: https://codeberg.org/the-kazv-project.
0.2.0
Added
- Implement removing local echo. https://lily-is.land/kazv/kazv/-/merge_requests/70
- Support sending stickers. https://lily-is.land/kazv/kazv/-/merge_requests/71
- Support dragging files into send message box to upload them. https://lily-is.land/kazv/kazv/-/merge_requests/72
- Implement rich text formatting. https://lily-is.land/kazv/kazv/-/merge_requests/74
- Support mentioning user. https://lily-is.land/kazv/kazv/-/merge_requests/78
- Support filtering by room name and id. https://iron.lily-is.land/D10
- Get rid of spin-wait Promises. https://iron.lily-is.land/D12
- Support filtering unnamed rooms by heros. https://iron.lily-is.land/D11
Fixed
- Fix image overflow in event view. https://lily-is.land/kazv/kazv/-/merge_requests/73
- Fix creates wrong subdirectory when set cache directory. https://lily-is.land/kazv/kazv/-/merge_requests/75
- Use constant time cursors for MatrixRoomTimeline. https://lily-is.land/kazv/kazv/-/merge_requests/76
- Fix room name overflow in room list. https://lily-is.land/kazv/kazv/-/merge_requests/77
- Fix join room page. https://lily-is.land/kazv/kazv/-/merge_requests/79
- Fix translations display on Windows. https://lily-is.land/kazv/kazv/-/merge_requests/80
- Fix download result bar display on upload file event. https://lily-is.land/kazv/kazv/-/merge_requests/81
Internal changes
- Rework on code review process. https://lily-is.land/kazv/kazv/-/merge_requests/84