v1.18.2

Release Notes

This is a security-focussed release that also comes with some bugfixes.

• We've added QOI image support and dropped some image support plugins that we haven't properly vetted.
• We have added fuzzing tests for all the image plugins we do use (and filed some bugs for the ones we don't yet use).
• We've fixed a heap buffer overflow in exif handling. This overflow was not a vulnerability (it was an out of bounds read that would mess up image rotations when receiving broken exif data).
• We've added a setting to disable automatic image previews in chat. If you're very security-conscious and you have friends you don't trust, you may want to disable image previews. In the future, we'll add a per-friend setting for this.
• We've fixed some bugs that caused multi-line messages to be received as a single line. This was caused by our defense-in-depth security measures that were a little too strict.

Features

• Add an option to disable image previews. @iphydf (#416)
• Add spelling check and QOI support to Windows builds. @iphydf (#400)
• Add QOI image format support. @iphydf (#393)

Bug Fixes

• cmake AUTORCC_OPTIONS global setting @hizani (#431)
• cmake POSITION_INDEPENDENT_CODE global setting @hizani (#423)
• Use tag strings in release tarballs. @Chiitoo (#417)
• Fix heap buffer overflow in receiving pictures. @iphydf (#415)
• No longer turn regular ASCII into emoticons. @iphydf (#389)
• Message edit context menu now changes colour to hover/selection @iphydf (#388)
• Correctly display newlines in incoming chat messages. @iphydf (#390)

Documentation

• Add nightly built screenshot to readme. @iphydf (#395)

Maintenance (Grunt tasks)

• Release v1.18.2 @iphydf (#434)
• Point the contributor-list link at the one GitHub generates @robinlinden (#433)
• Add opt-in REPR_RCC cmake option. @hizani (#432)
• Release v1.18.2-rc.1 @iphydf (#429)
• Also clang-tidy check header files. @iphydf (#430)
• Speed up clang-tidy run using clangd. @iphydf (#422)
• Fix AppImage build. @iphydf (#402)
• Speed up clang-tidy by not compiling code. @iphydf (#397)
• Fix macOS screenshot taking. @iphydf (#398)
• Reuse macOS local deps scripts for Linux. @iphydf (#391)

Maintenance (Code cleanup)

• Add some logging for reasons why notifications might fail. @iphydf (#428)
• Fix some more clang-tidy warnings. @iphydf (#425)
• Add missing test deps. @iphydf (#421)
• Use make_unique and make_shared instead of new. @iphydf (#76)
• Remove useless translation strings. @iphydf (#420)
• Use lambdas instead of std::bind. @iphydf (#75)
• Give AI more context for translations. @iphydf (#380)
• We don't compile C sources in qTox. @iphydf (#409)
• Reduce nesting of else clauses after return. @iphydf (#86)
• Use fewer image formats on Windows. @iphydf (#405)
• Return braced initialiser list where possible. @iphydf (#82)
• Use range-for in more places. @iphydf (#89)
• Use .empty() instead of .size() == 0. @iphydf (#78)
• Make it harder to forget to close settings groups. @iphydf (#396)
• Use = default instead of {} for default ctors. @iphydf (#81)
• ToxId needs to be copyable for Qt to pass it through signals. @iphydf (#392)
• Make ToxId move-only. @iphydf (#175)

Maintenance (Refactoring)

• Make database query objects move-only. @iphydf (#263)
• Hide database implementation behind an interface. @iphydf (#413)

Maintenance (Tests)

• Add a login screen test for profile creation. @iphydf (#418)
• Add fuzzer for kimageformats. @iphydf (#401)
• Add a CI test that runs qTox and takes a screenshot. @iphydf (#394)