fider

Releases coming thick and fast! 🏎️

We found (or rather someone told us about) a security issue where you could bypass auth quite simply, so we wanted to get that out as soon as possible. For that reason alone, we'd encourage upgrading as soon as possible. There's also some tweaks to the post search to respect any filters you have selected, and some HTML escaping fixes - thanks to all contributors as ever!

What's Changed

• Support for an annual plan too. by @mattwoberts in https://github.com/getfider/fider/pull/1516
• Fix mass assignment auth bypass in sign-in verification by @mattwoberts in https://github.com/getfider/fider/pull/1517
• Add rate limiting to sign-in verification code by @mattwoberts in https://github.com/getfider/fider/pull/1524
• fix(email): unescape HTML entities in rendered subject by @americodias in https://github.com/getfider/fider/pull/1513
• Harden post filter against edge cases by @lol2x in https://github.com/getfider/fider/pull/1515

New Contributors

• @americodias made their first contribution in https://github.com/getfider/fider/pull/1513

Full Changelog: https://github.com/getfider/fider/compare/v0.34.0...v0.35.0

Summary

There's a few important security updates in this release, so for that reason I'd recommend you update asap.

Some other pretty big changes - the "open core licensing" model that we started to move towards was aborted, and we moved back to making everything FULLY open source 🎉 See the discussion for more about that --> https://github.com/getfider/fider/discussions/1477

As well as that, we've got some minor fixes, and @JimKnoxx has been busy contributing some good stuff (thanks again!)

What's Changed

• Batch safe dependency updates by @mattwoberts in https://github.com/getfider/fider/pull/1479
• Show voted indicator on homepage post list + complete Polish translations by @lol2x in https://github.com/getfider/fider/pull/1482
• Fix authenticated arbitrary blob overwrite vulnerability by @mattwoberts in https://github.com/getfider/fider/pull/1497
• fix: prevent XSS in markdown rendering and ATOM feed by @mattwoberts in https://github.com/getfider/fider/pull/1495
• Fix SSRF vulnerability in webhook URLs by @mattwoberts in https://github.com/getfider/fider/pull/1494
• Added import and export for tags by @JimKnoxx in https://github.com/getfider/fider/pull/1480
• Bump Go to 1.25 and update dependencies by @mattwoberts in https://github.com/getfider/fider/pull/1498
• Fix DoS via unbounded HTTP response body read by @mattwoberts in https://github.com/getfider/fider/pull/1499
• Remove open core licensing model by @mattwoberts in https://github.com/getfider/fider/pull/1483
• Added an optional OAUTH_ALLOWED_ROLES environment variable by @JimKnoxx in https://github.com/getfider/fider/pull/1463
• Add Traditional Chinese (zh-TW) language support by @HansHans135 in https://github.com/getfider/fider/pull/1488
• fix: use 'zh' MessageFormatCode for Chinese (Traditional) by @partylogo in https://github.com/getfider/fider/pull/1511
• Fixed users tab in administrative view not being highlighted when active by @JimKnoxx in https://github.com/getfider/fider/pull/1507
• Add Fider version to Powered by Fider by @JimKnoxx in https://github.com/getfider/fider/pull/1505
• Fixing quote functionality, adding quote icon to the comment editor by @JimKnoxx in https://github.com/getfider/fider/pull/1504

New Contributors

• @HansHans135 made their first contribution in https://github.com/getfider/fider/pull/1488
• @partylogo made their first contribution in https://github.com/getfider/fider/pull/1511

Full Changelog: https://github.com/getfider/fider/compare/v0.33.0...v0.34.0