v0.8.1

Added

• Add <server_address>/version endpoint for retrieving the server version

[server]
expose_version=true

If expose_version entry is not present in the configuration file, /version is not exposed. It is recommended to use this feature with authorization enabled.

Fixed

• Replace unmaintained dotenv crate with dotenvy
  • Fixes RUSTSEC-2021-0141

v0.8.0

Added

• Support adding a landing page

You can now specify a landing page text in the configuration file as follows:

[server]
landing_page = """
boo 👻
======
welcome!
"""

If the landing page entry is not present in the configuration file, visiting the index page will redirect to the repository.

Updated

• Do not check for duplicate files by default
  • Set duplicate_files to true to the configuration file
  • It is an expensive operation to do on slower hardware and can take an unreasonable amount of time for bigger files
• Enable GitHub Sponsors for funding
  • Consider supporting me for my open-source work 💖

v0.7.1

Added

• Aggressively test everything
  • Add the missing unit tests for the server endpoints (code coverage is increased to 84%)
  • Create a custom testing framework (written in Bash) for adding test fixtures

v0.7.0

Added

• Support auto-deletion of expired files

rustypaste can now delete the expired files by itself. To enable this feature, add the following line to the [paste] section in the configuration file:

# expired files will be cleaned up hourly
delete_expired_files = { enabled = true, interval = "1h" }

For users who want to have this feature disabled, there is an alternative shell script recommended in the documentation.

• Add systemd service files
  • systemd files have been added to serve files from /var/lib/rustypaste, create rustypaste user automatically via systemd-sysusers and configure AUTH_TOKEN via rustypaste.env.
  • For the installation and usage, see the Arch Linux PKGBUILD.

Updated

• Upgrade Actix dependencies
  • actix-web is updated to 4.0.*
• Strip the binaries during automated builds
  • Size of the Docker image is reduced by ~20%

Fixed

• Prevent invalid attempts of serving directories
  • This fixes an issue where requesting a directory was possible via e.g. curl --path-as-is 0.0.0.0:8080/.
  • This issue had no security impact (path traversal wasn't possible) since internal server error was returned.

v0.6.5

Added

• Add instructions for installing rustypaste on Arch Linux
  • pacman -S rustypaste 🎉

Fixed

• Fix a bug where the use of CONFIG environment variable causes a conflict between the configuration file path and [config] section

v0.6.4

• Support setting the refresh rate for hot-reloading the configuration file.

[config]
refresh_rate="1s"

• Support setting the timeout for HTTP requests.

[server]
timeout="30s"

• Security: Bump regex crate to 1.5.5
  • Fixes CVE-2022-24713

v0.6.3

• Support setting the authentication token in the configuration file.
  • This is an alternative (but not recommended) way of setting up authentication when the use of AUTH_TOKEN environment variable is not applicable.

[server]
auth_token="hunter2"

v0.6.2

• [Internal] Improve the concurrency
  • Shrink the scope of non-suspendable types (#[must_not_suspend]) for dropping them before reaching a suspend point (.await call). This avoids possible deadlocks, delays, and situations where Futures not implementing Send.
  • Reference: https://rust-lang.github.io/rfcs/3014-must-not-suspend-lint.html
• Bump dependencies (thanks to @sassman )

v0.6.1

• [Internal] Gracefully handle the hot-reloading errors.
  • Errors that may occur while locking the Mutex are handled properly hence a single configuration change cannot take down the whole service due to poisoning.
  • Thanks to @sassman for reporting.

v0.6.0

• Support pasting files from remote URLs (via remote= form field)

  • {server.max_content_length} is used for download limit
  • See README.md#paste-file-from-remote-url

• Hot reload configuration file to apply configuration changes instantly without restarting the server

• [Internal] Switch to Rust 2021 edition

• [Security] Prevent serving an already expired file

  • In the previous versions, it was possible to view an expired file by using the correct extension (timestamp). e.g. paste.com/expired_file.txt.1630094518049 will serve the file normally although paste.com/expired_file.txt says that it is expired. This version fixes this vulnerability by regex-checking the requested file's extension. (ref: f078a9a)