sharkord

v0.0.20 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 21d Communication & Email

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

bun chat data-ownership mediasoup messaging privacy

+4 more

realtime screen-sharing self-hosted webrtc

Affected surfaces

auth

ReleasePort's take

Light signal

editorial:auto 13d

Version v0.0.20 fixes a potential token leak in the getSettings route.

Why it matters: Patch to v0.0.20 immediately if your service exposes the getSettings endpoint; it resolves a security‑critical token leakage issue.

Summary

AI summary

Fixed a potential token leak in the getSettings route.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	Added contextual chat input placeholders. Added contextual chat input placeholders. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added native image optimization. Added native image optimization. Source: llm_adapter@2026-05-21 Confidence: high	—
Performance	Medium	Added more rate limiters for various routes. Added more rate limiters for various routes. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix
Bugfix	Medium	Fixed avatar background on popover. Fixed avatar background on popover. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixed sanitization on message routes. Fixed sanitization on message routes. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixed getSettings route possible token leak. Fixed getSettings route possible token leak. Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

[!IMPORTANT]
Sharkord is still in alpha. Updates might break things. It's HIGHLY RECOMMENDED to backup your data before updating so you can roll back if something goes wrong. If you encounter any issues, please report them on GitHub.

Features

Added contextual chat input placeholders (#531)
Added native image optimization (#726)

Fixes

Fixed avatar background on popover (#711)
Fixed sanitization on message routes (#720)
Fixed getSettings route possible token leak (#726)

Others

Added more rate limiters for various routes (#723)

Special thanks to @Melonendk, @jagobainda, and @dchester for their contributions <3

Docker Image

docker pull sharkord/sharkord:v0.0.20

Security Fixes

Fixed getSettings route possible token leak (#726)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track sharkord

Get notified when new releases ship.

About sharkord

Lightweight, self-hosted, open-source chat server with voice, video, text, and screen sharing. Built for small groups who want privacy, simplicity, and full control over their data.

All releases →