v0.13.5-cryptowarning.2

Prepare changelog for v0.13.5-cryptowarning.2
2018-03-26 15:48:45 +01:00 · 2018-03-26 15:48:45 +01:00 · 2018-03-26 15:47:39 +01:00 · 2018-03-26 15:44:45 +01:00 · 2018-03-26 14:30:41 +01:00 · 2018-03-26 14:30:41 +01:00
5 changed files with 47 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,36 @@
+Changes in [0.13.5-cryptowarning.2](https://github.com/vector-im/riot-web/releases/tag/v0.13.5-cryptowarning.2) (2018-03-26)
+============================================================================================================================
+[Full Changelog](https://github.com/vector-im/riot-web/compare/v0.13.5-cryptowarning.1...v0.13.5-cryptowarning.2)
+
+ * Fix strings file
+
+Changes in [0.13.5-cryptowarning.1](https://github.com/vector-im/riot-web/releases/tag/v0.13.5-cryptowarning.1) (2018-03-26)
+============================================================================================================================
+[Full Changelog](https://github.com/vector-im/riot-web/compare/v0.13.5...v0.13.5-cryptowarning.1)
+
+ * Disable e2e crypto with a big warning if the database schema is newer than we expect.
+
+Changes in [0.13.5](https://github.com/vector-im/riot-web/releases/tag/v0.13.5) (2018-02-09)
+============================================================================================
+[Full Changelog](https://github.com/vector-im/riot-web/compare/v0.13.4...v0.13.5)
+
+ * SECURITY UPDATE: Sanitise URLs from 'external_url'. Thanks to walle303 for contacting
+   us about this vulnerability.
+
+Changes in [0.13.4](https://github.com/vector-im/riot-web/releases/tag/v0.13.4) (2018-01-03)
+============================================================================================
+[Full Changelog](https://github.com/vector-im/riot-web/compare/v0.13.3...v0.13.4)
+
+ * Change config of riot.im electron build to fix some widgets not working. This only affects
+   electron builds using the riot.im config - for all other builds, this is identical to
+   v0.13.3.
+
+Changes in [0.13.3](https://github.com/vector-im/riot-web/releases/tag/v0.13.3) (2017-12-04)
+============================================================================================
+[Full Changelog](https://github.com/vector-im/riot-web/compare/v0.13.2...v0.13.3)
+
+ * Bump js-sdk, react-sdk version to pull in fix for [setting room publicity in a group](https://github.com/matrix-org/matrix-js-sdk/commit/aa3201ebb0fff5af2fb733080aa65ed1f7213de6).
+
 Changes in [0.13.2](https://github.com/vector-im/riot-web/releases/tag/v0.13.2) (2017-11-28)
 ============================================================================================
 [Full Changelog](https://github.com/vector-im/riot-web/compare/v0.13.1...v0.13.2)
--- a/electron_app/package.json
+++ b/electron_app/package.json
@@ -2,7 +2,7 @@
  "name": "riot-web",
  "productName": "Riot",
  "main": "src/electron-main.js",
-  "version": "0.13.2",
+  "version": "0.13.5-cryptowarning.2",
  "description": "A feature-rich client for Matrix.org",
  "author": "Vector Creations Ltd.",
  "dependencies": {
--- a/electron_app/riot.im/config.json
+++ b/electron_app/riot.im/config.json
@@ -5,6 +5,10 @@
    "brand": "Riot",
    "integrations_ui_url": "https://scalar.vector.im/",
    "integrations_rest_url": "https://scalar.vector.im/api",
+    "integrations_widgets_urls": [
+        "https://scalar-staging.riot.im/scalar/api",
+        "https://scalar.vector.im/api"
+    ],
    "bug_report_endpoint_url": "https://riot.im/bugreports/submit",
    "welcomeUserId": "@riot-bot:matrix.org",
    "roomDirectory": {
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
  "name": "riot-web",
  "productName": "Riot",
  "main": "electron_app/src/electron-main.js",
-  "version": "0.13.2",
+  "version": "0.13.5-cryptowarning.2",
  "description": "A feature-rich client for Matrix.org",
  "author": "Vector Creations Ltd.",
  "repository": {
@@ -68,8 +68,8 @@
    "gfm.css": "^1.1.1",
    "highlight.js": "^9.0.0",
    "linkifyjs": "^2.1.3",
-    "matrix-js-sdk": "0.9.1",
-    "matrix-react-sdk": "0.11.2",
+    "matrix-js-sdk": "0.9.2-cryptowraning.1",
+    "matrix-react-sdk": "0.11.4-cryptowarning.2",
    "modernizr": "^3.1.0",
    "pako": "^1.0.5",
    "prop-types": "^15.5.10",
--- a/src/components/views/context_menus/MessageContextMenu.js
+++ b/src/components/views/context_menus/MessageContextMenu.js
@@ -1,5 +1,6 @@
 /*
 Copyright 2015, 2016 OpenMarket Ltd
+Copyright 2018 New Vector Ltd

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -25,6 +26,7 @@ import { _t } from 'matrix-react-sdk/lib/languageHandler';
 const Modal = require('matrix-react-sdk/lib/Modal');
 const Resend = require("matrix-react-sdk/lib/Resend");
 import * as UserSettingsStore from 'matrix-react-sdk/lib/UserSettingsStore';
+import { isUrlPermitted } from 'matrix-react-sdk/lib/HtmlUtils';

 module.exports = React.createClass({
    displayName: 'MessageContextMenu',
@@ -275,7 +277,10 @@ module.exports = React.createClass({
        }

        // Bridges can provide a 'external_url' to link back to the source.
-        if( typeof(this.props.mxEvent.event.content.external_url) === "string") {
+        if(
+            typeof(this.props.mxEvent.event.content.external_url) === "string" &&
+            isUrlPermitted(this.props.mxEvent.event.content.external_url)
+        ) {
          externalURLButton = (
              <div className="mx_MessageContextMenu_field">
                  <a href={ this.props.mxEvent.event.content.external_url }
Author	SHA1	Message	Date
David Baker	fc5a43814e	v0.13.5-cryptowarning.2	2018-03-26 15:48:45 +01:00
David Baker	6e3c7937ee	Prepare changelog for v0.13.5-cryptowarning.2	2018-03-26 15:48:45 +01:00
David Baker	1c214b3791	v0.13.5-cryptowarning.2	2018-03-26 15:47:39 +01:00
David Baker	9e4ca9353f	Bump react-sdk version	2018-03-26 15:44:45 +01:00
David Baker	ac39a2bc40	v0.13.5-cryptowarning.1	2018-03-26 14:30:41 +01:00
David Baker	231b9e91a7	Prepare changelog for v0.13.5-cryptowarning.1	2018-03-26 14:30:41 +01:00
David Baker	c33a22e71b	v0.13.5-cryptowarning.1	2018-03-26 14:28:28 +01:00
David Baker	0701d9a204	Bump react-sdk & js-sdk versions	2018-03-26 14:25:22 +01:00
David Baker	9e614a54da	v0.13.5	2018-02-09 12:43:45 +00:00
David Baker	30087e5c73	Prepare changelog for v0.13.5	2018-02-09 12:43:45 +00:00
David Baker	1d222e3507	v0.13.5	2018-02-09 12:38:23 +00:00
David Baker	b20dea58c6	Bump react-sdk version	2018-02-09 12:36:19 +00:00
David Baker	62e90ceb0d	Sanity check URLs with isUrlPermitted Thanks to walle303 for letting us know these weren't being checked.	2018-02-09 12:20:31 +00:00
David Baker	5635614549	v0.13.4	2018-01-03 16:13:24 +00:00
David Baker	1bb861f6cf	Prepare changelog for v0.13.4	2018-01-03 16:13:24 +00:00
David Baker	2eb433157a	v0.13.4	2018-01-03 16:08:38 +00:00
Michael Telatynski	d71af40967	add missing config.json entry such that scalar-staging widgets work Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>	2018-01-03 16:06:58 +00:00
Luke Barnard	b73f0c7b90	v0.13.3	2017-12-04 12:31:50 +00:00
Luke Barnard	8ec48db86c	Prepare changelog for v0.13.3	2017-12-04 12:31:50 +00:00
Luke Barnard	5fba5b30e9	v0.13.3	2017-12-04 12:29:32 +00:00
Luke Barnard	c685546e9a	Bump js-sdk to 0.9.2, react-sdk to 0.11.3	2017-12-04 12:27:49 +00:00