Administrator
released this
2026-03-28 16:28:20 +01:00
| 151 commits to main since this release
Changelog (v1.7.123)
Download Integrity and Resume Safety
- Added strict Content-Range parsing for resumed downloads and now validate that returned byte ranges exactly continue from the existing local file size.
- Added hard resume guardrails to stop writing when servers return mismatched resume ranges, forcing a safe re-acquire path instead of risking silent corruption.
- Improved edge-case handling for already-complete responses during resume validation.
- Removed unsafe HTTP 416 completion heuristics that could previously mark incomplete files as finished under ambiguous conditions.
Archive Reliability and CRC/Checksum Robustness
- Switched archive/binary completion checks to strict byte validation to avoid accepting undersized multipart archives that later fail with checksum/CRC errors.
- Applied strict completion tolerance logic across startup recovery, disk fallback, and finalize/revalidation paths to reduce one broken episode outcomes in large batches.
- Tightened completion validation internals to use explicit expected minimum byte checks in more recovery/fallback scenarios.
Extraction Security and Privacy
- Removed plaintext archive password candidates from extractor logs.
- Replaced sensitive extraction password logging with redacted metadata-only diagnostics.
Updater and Supply-Chain Hardening
- Updated installer verification to fail closed when no valid digest can be resolved.
- Added explicit emergency override (
RD_ALLOW_UNSIGNED_UPDATE=1) for exceptional recovery-only cases.
- Ensured unsigned update assets are blocked by default to prevent accidental unverified installs.
Storage and Session Safety
- Hardened backup/session import sanitization with strict session-id validation.
- Restricted restored
targetPath values to absolute paths inside the package output directory.
- Added startup recovery protection so unsafe out-of-package target paths are rejected and reset safely.
Log Path Traversal Protection
- Sanitized package/item log filenames with safe prefixes plus deterministic hash suffixes to keep all log writes inside intended log directories.
- Refactored internal log-path normalization to avoid double-normalization side effects.
Support Bundle Data Minimization
- Removed raw runtime state/config/history file inclusion from support bundles.
- Kept diagnostic visibility through redacted overview outputs without bundling raw sensitive content.
Tests and Validation
- Added/expanded regression coverage for:
- unsafe session IDs and out-of-scope target paths,
- log path traversal-like IDs,
- updater behavior when digests are missing,
- download-manager resume/completion hardening paths.
- Stabilized startup extraction recovery test synchronization to avoid timing race flakes while preserving behavior checks.
- Full test and build validation passed before release (including complete Vitest suite and production build).
Downloads