1.0.0.3

Security fix:
Resolve sanitizePath not eliminating .. from paths. This affects users
of sanitizePath and sanitizePathIfNotUrl from Network.Gopher.Util.

This issue only affects the spacecookie library, not the spacecookie server
daemon since a separate check would prevent it from handling such malicious
requests (which delayed the discovery of this bug). It is probably wise to
upgrade either way.

Note that gophermap parsing behavior is unchanged, i.e. it just normalises
paths, even though makeGophermapFilePath used to call sanitizePath in
previous versions. This is due to the assumption that gophermaps come from a
trusted source and/or paths produced from gophermap parsing aren't used to
access files directly, i.e. those paths are only served to clients (whose later
requests are subject to selector sanitization) as selectors in menus. If those
assumptions don't hold for your code, you will need to further sanitize the
paths returned from gophermapToDirectoryResponse.

1.0.0.2

Fixes to ensure the test suite always works correctly.

1.0.0.1

This release fixes compilation with aeson >= 2.0.

1.0.0.0

Read the full CHANGELOG.

TL;DR:

• Server daemon: Configurable logging, full compatibility with Bucktooth gophermaps, fix networking bug related to curl, DoS migitations, …
• Library: Rework request representation, use more efficient and flexible ByteString over String, user-implementable logging, …

0.2.1.2

Fix build by adjusting dependency constraints.

0.2.1.1: Fixed Privilege Dropping

• Server
  • Make user parameter in config optional. If it is not given or set to null, spacecookie won't attempt to change its UID and GID. This is especially useful, if socket activation is used. In that case it is not necessary to start spacecookie as root since systemd sets up the socket, so spacecookie can be already started by the right user and doesn't need to change UID.
  • Example Systemd config files
    • SocketMode is now 660 instead of default 666.
    • Set User and Group for spacecookie.service as well.
    • Set "user": null in spacecookie.json
• Library
  • Fixed issue that led to runGopher* trying to change UID even if it wasn't possible (not running as root). This especially affected the spacecookie server, since cRunUserName would always be Just.
  • Made logging related to dropPrivileges clearer.

0.2.1.0: systemd Support

• Improved systemd support.
  • Support for the notify service type
  • Support for socket activation and socket (fd) storage
  • To make use of these new features you'll have to update your service files
• Added defaultConfig value to prevent future breakage in software using the
  library when the GopherConfig type is extended.
• Pretty print IPv6 addresses in logging

0.2.0.1: Hackage Release

Added version constraints for base to please hackage.

0.2.0.0: Initial Release

Release the project properly in its state of 2 years ago, since it has got some attention without me noticing.