Administrator/real-debrid-downloader
1
0
Fork 0
Code Issues Pull Requests Actions 132 Packages Projects Releases 238 Wiki Activity

238 Releases 238 Tags

RSS Feed
  • v1.6.45 9ddc7d31bb
    Compare

    v1.6.45 Stable

    Administrator released this 2026-03-05 04:12:47 +01:00 | 20 commits to main since this release

    Comprehensive bugfix release addressing ~70 issues across the entire codebase.

    Security & Stability (Critical)

    • Fix TLS certificate bypass race condition: replaced save/restore pattern with reference-counted acquire/release to prevent concurrent download interference
    • Bind debug server to 127.0.0.1 instead of 0.0.0.0 to prevent LAN exposure
    • Add 180-second overall timeout to MegaWebFallback to prevent indefinite hangs
    • Stream update installer to disk instead of buffering entire file in RAM
    • Add path traversal protection and symlink rejection in JVM extractor
    • Sanitize Windows special characters in extracted filenames

    DDownload Provider

    • Cache DdownloadClient instances on DebridService with credential-based invalidation to preserve session cookies
    • Add ddownload provider to normalizeSessionStatuses provider check
    • Include ddownloadLogin/ddownloadPassword in backup sensitive keys list
    • Add ddownload.com and ddl.to to Content Security Policy connect-src

    Error Handling & Resilience

    • Add .catch() to all fire-and-forget IPC calls in renderer (togglePause, startPackages, startItems, togglePackage, resetPackage, resetItems, skipItems, clearHistory, removeHistoryEntry, clipboard operations)
    • Wrap app.whenReady() chain with .catch() to handle startup failures gracefully
    • Wrap clipboard.readText() in try/catch to handle Wayland/permission errors
    • Wrap session log directory creation in try/catch to prevent crash on permission errors
    • Add AbortSignal.timeout(30000) to all container.ts fetch calls (DLC decrypt, dcrypt.it upload/paste)
    • Add actionBusy guard to backup import/export to prevent concurrent operations

    UI Fixes

    • Fix toast notification z-index to appear above all overlays
    • Fix emptySnapshot() missing ddownloadLogin/ddownloadPassword fields
    • Add CSP connect-src entries for git.24-music.de, ddownload.com, ddl.to

    Code Quality

    • Fix fs variable shadowing in download-manager.ts (fs -> fullSt)
    • Fix tsconfig.json include path (vite.config.ts -> vite.config.mts)
    • Fix storage.ts line ending normalization to handle bare CR
    • Delete obsolete _upload_release.mjs (replaced by release_gitea.mjs)

    Installer

    • Change PrivilegesRequired from admin to lowest (no longer requires elevation)
    • Remove ignoreversion flag from file installation
    • Fix output filename to use spaces instead of hyphens

    Scripts

    • release_gitea.mjs: add dry-run safety, streaming uploads, version collision handling, credential timeout
    • provider_smoke_check.mjs: fix cookie parsing with getSetCookie(), add login verification
    • mega_web_generate_download_test.mjs: fix cookie parsing, add login check
    • debrid_service_smoke.ts: add .catch() and try/finally for dispose
    • afterPack.cjs: add null check for productFilename, wrap rcedit in try/catch

    Tests

    • Fix extractor-jvm.test.ts: use describe.skipIf instead of silent return
    • Fix extractor.test.ts: use it.skipIf, add afterEach cleanup for statfs/env mocks
    • Fix session-log.test.ts: add shutdownSessionLog in afterEach, increase timing tolerance
    • Fix mega-web-fallback.test.ts: increase abort timeout from 30ms to 200ms
    • Fix debrid.test.ts: increase abort timeout from 25ms to 200ms
    • Fix auto-rename.test.ts: add positive assertions to all test cases
    • Fix self-check.ts: add missing await to manager2.start()

    Java Extractor (JBindExtractorMain.java)

    • Fix resource leaks: close InputStream, RandomAccessFile, and volume handles in finally blocks
    • Remove path traversal vulnerability in resolveVolumeFile
    • Add symlink rejection before extraction
    • Precompile regex pattern for performance
    • Fix safeSize() to return 0 for empty files

    Additional fixes (post-release)

    • Fix setPackagePriority type safety: use PackagePriority type instead of string/any in preload and app-controller
    • Add .catch() to remaining uncaught IPC calls: start(), extractNow(), setPackagePriority(), updateSettings(columnOrder), openLog(), openSessionLog()

    Additional fixes (post-release update 2)

    • Add ddownload to VALID_PRIMARY_PROVIDERS and VALID_FALLBACK_PROVIDERS (was missing, preventing DDownload from being set as primary or fallback provider)

    Additional fixes (post-release update 3)

    • Fix btn-danger CSS class mismatch: history tab danger buttons now get correct red styling (.btn.danger instead of .btn-danger)

    Additional fixes (post-release update 4)

    • Make update changelog collapsible: long changelogs no longer block the install button, changelog is in a collapsed details element
    • Modal dialog is now scrollable with max-height constraint
    Downloads