Releases: blueprint-freespeech/ricochet-refresh
Ricochet-Refresh 3.0.29
Built, packaged and signed with ricochet-build tag 3.0.29-build1
Changelog
All Platforms
- Updated Qt to 5.15.16
- Updated tor-expert-bundle to 14.0.3
Build System
All Platforms
- Updated rbm to f18daa3
Ricochet-Refresh 3.0.28
Built, packaged and signed with ricochet-build tag 3.0.28-build1
Changelog
All Platforms
- Updated tor to 0.4.8.13
- Updated tor-expert-bundle to 14.0
Ricochet-Refresh 3.0.27
Built, packaged and signed with ricochet-build tag 3.0.27-build1
This release fixes a security issue (#195) identified by @s-rah.
This issue would allow a malicious contact to attempt to send a file containing HTML in its filename. This HTML would be inserted directly into the file-transfer message element in the Ricochet-Refresh chat panel, and rendered as 'rich-text'. This only allowed rendering a subset of HTML4 ( https://doc.qt.io/qt-6/richtext-html-subset.html ) and would not have allowed running of arbitrary JavaScript. In principle, a clever adversary could generate convincing UI to trick the user into performing unsafe actions outside the application (e.g. direct the user to visit a malicious domain).
Filenames are now rendered as plain-text rather than allowing Qt to render as HTML (e.g. <a href="https://example.com">foobar rather than foobar):
Thanks again to @s-rah for identifying and reporting this issue! 👋
Changelog
All Platforms
- Fixed #195
Contributors
Assets 28
Ricochet-Refresh 3.0.26
Built, packaged and signed with ricochet-build tag 3.0.26-build1
This is primarily a minor security update. It features a small tweak to the release signing scripts. It also has some refactor work from @NoisyCoil getting us closer to aarch64 builds for Linux.
Changelog
All Platforms
- Updated openssl to 3.0.15
- Updated Qt to 5.15.15
- Updated tor-expert-bundle to 13.5.3
Build System
- Updated rbm to 1e0cfb68e958c1b22ac51fd32859781b8da2bc93
Windows
- Updated osslsigncode to 2.9
Contributors
Assets 28
Ricochet-Refresh 3.0.25
Built, packaged and signed with ricochet-build tag 3.0.25-build1.
As our protocol-level work on Gosling is coming to a close (which will improve Ricochet-Refresh's privacy and security properties), we are starting to focus on the design and feature-set of the next major version of Ricochet-Refresh.
To that end, we've begun by sketching out design-updates. The goal is to take all the various pieces of user-feedback we've received both in our issue tracker and from real-life users and build something with improved usability, peformance and privacy. If you are interested in contributing and/or discussing ideas on the future direction and design, please see this github issue:
Changelog
All Platforms
- Updated tor submodule to version 0.4.8.12
- Updated tor to 0.4.8.12
- Updated openssl to 3.0.14
- Updated Qt to 5.15.14
- Updated tor-expert-bundle to 13.5
- webtunnel pluggable transport has been squashed into lyrebird upstream, resulting in some installed package size savings 🎉
Ricochet-Refresh 3.0.24
Built, packaged and signed with ricochet-build tag 3.0.24-build2.
Thanks to @NoisyCoil for their ricochet-refresh and ricochet-build patches working toward build reproducibility and Linux aarch64 support! 👋
Changelog
All Platforms
- Modify connection logic when connecting to contacts and making contact requests
- Disable the bridge configuration UI when not built with pluggable-transport support
- Updated usage manual with latest info about macOS arch, pluggable-transport, and bridge support
- Added various design mock-ups for future UI
Build System
Linux
- Linux packages should be being built reproducibly now 🎉
Contributors
Assets 28
Ricochet-Refresh 3.0.23
Built, packaged and signed with ricochet-build tag 3.0.23-build1.
Thanks to @NoisyCoil for their ricochet-build patches working toward build reproducibility and Linux aarch64 support! 👋
Changelog
All Platforms
- Upated tor to 0.4.8.11
Build System
Linux
- Remove timestamps from generated icons
- Use more precise dd command to patch linuxdeploy AppImage
Contributors
Assets 28
Ricochet-Refresh 3.0.22
Built, packaged and signed with ricochet-build tag 3.0.22-build1.
Changelog
All Platforms
- Updated Qt to 5.15.13
- Updated tor-expert-bundle to 13.0.13
Build System
All Platform
- Added
sign-tag.shscript - Updated
releasebuild script to not include sha256sum.txt when calculating sha256 sums
macOS
- Updated rust to 1.74 for rcodesign dependencies
Ricochet-Refresh 3.0.21
Built, packaged and signed with ricochet-build tag 3.0.21-build1.
This is an unscheduled release which updates the tor-expert-bundle to version 13.0.11 which includes a change to the Snowflake pluggable transport configuration to fix issue where it could no longer connect to the snowflake broker which connects clients to Snowflake proxies. See this blog post on the Tor Project forums for more details:
Users depending on the Snowflake pluggable transport will now be able to connect once more.
Changelog
All Platforms
- Updated tor-expert-bundle to 13.0.11
Ricochet Refresh 3.0.20
Built, packaged and signed with ricochet-build tag 3.0.20-build1. Backported a few build system updates from tor-browser-build
Changelog
All Platforms
- Updated OpenSSL to 3.0.13
- Updated tor-expert-bundle to 13.0.10
macOS
- Explicitly set DPI of background.tiff in macOS DMG (fixes background scaling issue)
Build System
All Platforms
- Fixed bug in various
*-buildprojects which resulted in packaging everything in the dist directory instead of just the required build outputs
Windows
- Updated mingw to 11.0.0
- Added osslsigncode project
- Updated osslsigncode code-signing step
macOS
- Updated MacOS SDK to 13.3
Windows and macOS
- Updated LLVM and clang to 16.0.4
- Simplified llvm-project-source build script