SelfPrivacy/selfprivacy.org.app
1
0
Fork 0
mirror of https://git.selfprivacy.org/kherel/selfprivacy.org.app.git synced 2024-09-21 10:57:52 +00:00
Code Issues Projects Releases Wiki Activity
selfprivacy.org.app/fastlane/metadata/android/en-US/changelogs/0.12.2.txt
Inex Code d260a64c88 chore: Bump version to 0.12.2
2024-08-23 14:03:01 +03:00

53 lines
2.2 KiB
Plaintext
Raw Blame History

# 0.12.2 Changelog
## Vulnerability disclosure
This release contains a fix for a security vulnerability. We recommend updating as soon as possible.
A security researcher discovered that the application used an insecure random number generator. This could allow an attacker to predict the random numbers generated by the application, which could lead to a variety of security issues.
While we believe the risk of exploitation is low, we recommend that you update the token on your original device:
1. Update the app to the latest version.
2. Go to the Devices screen at the "More" section.
3. Make sure that your device is named "Initial device". If it's not, do the steps on that initial device instead. If you don't have access to that device anymore, revoke the access for that device by tapping it in the list below.
4. Tap on the "Initial device". The app will ask you if you want to refresh the token. Tap "Confirm".
Only the token of the initial device might be vulnerable. Tokens of other devices and backups encryption key are generated by your server with a secure random number generator.
Servers created with this version and newer will not be vulnerable to this.
We haven't received information from the security researcher on how to credit them, and will update this changelog on our website and git forge when we do.
## Changes
### Features
- Allow refreshing device token for Server API ([#565](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/565))
- Upgrade Flutter to 3.24.0 ([#562](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/562))
### Bug fixes
- **i18l**: Resolve word puzzles ([#566](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/566))
- Use the cryptographically secure random number generator ([#565](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/565))
- Remove hardcode for recovery support articles ([#563](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/563), resolves [#251](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/251))
- Volume resize function didn't work due to logical error
### Translation contributions
* Estonian
* Dmitri B. (9)
* German
* Philipp Weiermann (23)
* Russian
* Inex Code (24)
Reference in a new issue View git blame Copy permalink