From d260a64c88a4949e392d76a7518e2eb1323dd625 Mon Sep 17 00:00:00 2001 From: Inex Code Date: Fri, 23 Aug 2024 14:03:01 +0300 Subject: [PATCH] chore: Bump version to 0.12.2 --- appimage.yml | 2 +- .../android/en-US/changelogs/0.12.2.txt | 52 +++++++++++++++++++ pubspec.yaml | 2 +- 3 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 fastlane/metadata/android/en-US/changelogs/0.12.2.txt diff --git a/appimage.yml b/appimage.yml index 4e62a2e1..1af51176 100644 --- a/appimage.yml +++ b/appimage.yml @@ -10,7 +10,7 @@ AppDir: id: org.selfprivacy.app name: SelfPrivacy icon: org.selfprivacy.app - version: 0.12.1 + version: 0.12.2 exec: selfprivacy exec_args: $@ apt: diff --git a/fastlane/metadata/android/en-US/changelogs/0.12.2.txt b/fastlane/metadata/android/en-US/changelogs/0.12.2.txt new file mode 100644 index 00000000..e80eb212 --- /dev/null +++ b/fastlane/metadata/android/en-US/changelogs/0.12.2.txt @@ -0,0 +1,52 @@ +# 0.12.2 Changelog + +## Vulnerability disclosure + +This release contains a fix for a security vulnerability. We recommend updating as soon as possible. + +A security researcher discovered that the application used an insecure random number generator. This could allow an attacker to predict the random numbers generated by the application, which could lead to a variety of security issues. + +While we believe the risk of exploitation is low, we recommend that you update the token on your original device: + +1. Update the app to the latest version. +2. Go to the Devices screen at the "More" section. +3. Make sure that your device is named "Initial device". If it's not, do the steps on that initial device instead. If you don't have access to that device anymore, revoke the access for that device by tapping it in the list below. +4. Tap on the "Initial device". The app will ask you if you want to refresh the token. Tap "Confirm". + +Only the token of the initial device might be vulnerable. Tokens of other devices and backups encryption key are generated by your server with a secure random number generator. + +Servers created with this version and newer will not be vulnerable to this. + +We haven't received information from the security researcher on how to credit them, and will update this changelog on our website and git forge when we do. + +## Changes + +### Features + +- Allow refreshing device token for Server API ([#565](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/565)) +- Upgrade Flutter to 3.24.0 ([#562](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/562)) + +### Bug fixes + +- **i18l**: Resolve word puzzles ([#566](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/566)) +- Use the cryptographically secure random number generator ([#565](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/565)) +- Remove hardcode for recovery support articles ([#563](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/563), resolves [#251](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/251)) +- Volume resize function didn't work due to logical error + + +### Translation contributions + + +* Estonian + + * Dmitri B. (9) + + +* German + + * Philipp Weiermann (23) + + +* Russian + + * Inex Code (24) diff --git a/pubspec.yaml b/pubspec.yaml index 1a10a2f7..0a30b693 100644 --- a/pubspec.yaml +++ b/pubspec.yaml @@ -1,7 +1,7 @@ name: selfprivacy description: selfprivacy.org publish_to: 'none' -version: 0.12.1+24 +version: 0.12.2+25 environment: sdk: '>=3.5.0 <4.0.0'