Release history
LinkAce releases
LinkAce is a self-hosted archive to collect links of your favorite websites.
All releases
9 shown
v2.5.6
Security relevant
Security fixes
- Prohibit users from editing other users' entities – fixes unauthorized modification vulnerability
- Properly escape user names in activity logs
- Disallow line breaks in database configuration during setup
Notable features
- TRUSTED_HOSTS .env variable to whitelist allowed hostnames
- php artisan debug command to display essential configuration parameters
Full changelog
What's Changed
- Security fixes:
- Users are now prohibited from editing other users entities.
- User names are now properly escaped in activity logs.
- Line breaks are now disallowed in database configurations during the setup process.
- LinkAce now provides a
TRUSTED_HOSTS.env configuration variable that can be used to change which hostnames are allowed for accessing your instance. - There is now a debug command (
php artisan debug) which shows essential configuration parameters. - Dependencies were updated.
Full Changelog: https://github.com/Kovah/LinkAce/compare/v2.5.5...v2.5.6
v2.5.5
Mixed
Notable features
- Broken links automatically re-checked after 2 weeks with configurable interval via BROKEN_LINK_RECHECK_INTERVAL_WEEKS
- Broken status resets when a link's URL is changed
- Build system migrated from Laravel Mix to Vite
Full changelog
- Links are now re-checked after 2 weeks if they are broken. The number of weeks can be configured using the
BROKEN_LINK_RECHECK_INTERVAL_WEEKS.env setting. (#1093) - The broken status of links is now rest if the URL is changed. (#1092)
- Migration from Laravel Mix to Vite for CSS and JS.
- Update of dependencies
v2.5.4
Breaking risk
⚠ Upgrade required
- Set APP_URL environment variable in .env or docker compose file to your LinkAce instance URL (e.g., APP_URL=https://my-linkace-domain.com)
Breaking changes
- APP_URL environment variable is now required in .env or docker compose file; password reset and other features will not work without it
Security fixes
- APP_URL configuration requirement mitigates a security vulnerability when trusted proxies are not configured
Notable features
- Private IPs and hostnames are now checked during link verification
Full changelog
Important Changes
[!CAUTION]
LinkAce now requires you to addAPP_URL=https://my-linkace-domain.comto your .env file or alternatively to your docker compose file.
Replacehttps://my-linkace-domain.comwith the actual URL of your LinkAce instance.
This is needed to mitigate a possible security issue if you don't have trusted proxies configured, which is the default for LinkAce. Not adding this setting will break some features such as password reset emails.
Other changes
- Private IPs and hostnames are now checked during the link checks.
- Updated dependencies
v2.5.3
Maintenance
- Private notes are no longer visible to internal users. - Requests to private IP ranges are blocked on IP and hostname level. - Dependencies were updated.
v2.5.2
Security relevant
Breaking changes
- Meta generation disabled by default for private IP ranges
Security fixes
- Private tags/lists access control enforcement
v2.5.1
Bugfix
Fixes an issue where the web setup for SQLite could not be completed. #1066
v2.5.0
Maintenance
**Support for PHP 8.1 was dropped. LinkAce only supports PHP 8.2 to 8.5.**