v1.22.0-pre2 See CHANGELOG for changes.

v1.21.3: Minfilia Warde - Echo 3 Fixes GHSA-jhjj-2g64-px7c This could allow an attacker to craft an Anubis pass-challenge URL that forces a redirect to nonstandard URLs, such as the `javascript:` scheme which executes arbitrary JavaScript code in a browser context when the user clicks the "Try again" button. This has been fixed by disallowing any URLs without the scheme `http` or `https`. Additionally, the "Try again" button has been fixed to completely ignore the user-supplied redirect location. It now redirects to the home page (`/`).

v1.21.2: Minfilia Warde - Echo 2 -- Fixes a problem with nonstandard URLs and redirects -- This could allow an attacker to craft an Anubis pass-challenge URL that forces a redirect to nonstandard URLs, such as the `javascript:` scheme which executes arbitrary JavaScript code in a browser context when the user clicks the "Try again" button. This has been fixed by disallowing any URLs without the scheme `http` or `https`.

v1.21.1: Minfilia Warde - Echo 1 - Expired records are now properly removed from bbolt databases ([TecharoHQ#848](TecharoHQ#848)). - Fix hanging on service restart [TecharoHQ#853](TecharoHQ#853)) -- Added -- Anubis now supports the [`missingHeader`](./admin/configuration/expressions.mdx#missingHeader) function to assert the absence of headers in requests. --- New locales --- Anubis now supports these new languages: - [Czech](TecharoHQ#849) - [Finnish](TecharoHQ#863) - [Norwegian Bokmål](TecharoHQ#855) - [Norwegian Nynorsk](TecharoHQ#855) - [Russian](TecharoHQ#882) -- Fixes -- --- Fix ["error: can't get challenge"](TecharoHQ#869) when details about a challenge can't be found in the server side state --- v1.21.0 changed the core challenge flow to maintain information about challenges on the server side instead of only doing them via stateless idempotent generation functions and relying on details to not change. There was a subtle bug introduced in this change: if a client has an unknown challenge ID set in its test cookie, Anubis will clear that cookie and then throw an HTTP 500 error. This has been fixed by making Anubis throw a new challenge page instead. --- Fix event loop thrashing when solving a proof of work challenge --- Previously the "fast" proof of work solver had a fragment of JavaScript that attempted to only post an update about proof of work progress to the main browser window every 1024 iterations. This fragment of JavaScript was subtly incorrect in a way that passed review but actually made the workers send an update back to the main thread every iteration. This caused a pileup of unhandled async calls (similar to a socket accept() backlog pileup in Unix) that caused stack space exhaustion. This has been fixed in the following ways: 1. The complicated boolean logic has been totally removed in favour of a worker-local iteration counter. 2. The progress bar is updated by worker `0` instead of all workers. Hopefully this should limit the event loop thrashing and let ia32 browsers (as well as any environment with a smaller stack size than amd64 and aarch64 seem to have) function normally when processing Anubis proof of work challenges. --- Fix potential memory leak when discovering a solution --- In some cases, the parallel solution finder in Anubis could cause all of the worker promises to leak due to the fact the promises were being improperly terminated. This was fixed by having Anubis debounce worker termination instead of allowing it to potentially recurse infinitely.

v1.21.0: Minfilia Warde See https://anubis.techaro.lol/docs/CHANGELOG#v1210-minfilia-warde for more information.

v1.21.0-pre3: Minfila Warde Please report any issues with this prerelease so the full release can be the best it can possibly be. Now with fixed RPM signatures.

v1.21.0-pre2: Minfila Warde Please report any issues with this prerelease so the full release can be the best it can possibly be.

v1.21.0-pre1: Minfila Warde Please report any issues with this prerelease so the full release can be the best it can possibly be.