diff --git a/CHANGELOG.md b/CHANGELOG.md index 46e78dce..3e5801e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,68 @@ +Changes in [1.6.3](https://github.com/vector-im/riot-web/releases/tag/v1.6.3) (2020-06-04) +========================================================================================== +[Full Changelog](https://github.com/vector-im/riot-web/compare/v1.6.3-rc.1...v1.6.3) + +## Security notice + +Riot Web 1.6.3 fixes a vulnerability in single sign-on (SSO) deployments where Riot Web could be confused into sending authentication details to an attacker-controlled server. Thanks to Quentin Gliech for responsibly disclosing this via Matrix's Security Disclosure Policy. + +## All changes + + * Fix login loop where the sso flow returns to `#/login` to release + [\#13915](https://github.com/vector-im/riot-web/pull/13915) + +Changes in [1.6.3-rc.1](https://github.com/vector-im/riot-web/releases/tag/v1.6.3-rc.1) (2020-06-02) +==================================================================================================== +[Full Changelog](https://github.com/vector-im/riot-web/compare/v1.6.2...v1.6.3-rc.1) + + * Upgrade to JS SDK 6.2.0-rc.1 and React SDK 2.7.0-rc.2 + * Get rid of welcome.html's Chat with Riot Bot button + [\#13842](https://github.com/vector-im/riot-web/pull/13842) + * Update from Weblate + [\#13886](https://github.com/vector-im/riot-web/pull/13886) + * Allow deferring of Update Toast until the next morning + [\#13864](https://github.com/vector-im/riot-web/pull/13864) + * Give contextual feedback for manual update check instead of banner + [\#13862](https://github.com/vector-im/riot-web/pull/13862) + * Add app-load doc + [\#13834](https://github.com/vector-im/riot-web/pull/13834) + * Update Modular hosting link + [\#13777](https://github.com/vector-im/riot-web/pull/13777) + * Replace New Version Bar with a Toast + [\#13776](https://github.com/vector-im/riot-web/pull/13776) + * Remove webpack-build-notifier from lockfile + [\#13814](https://github.com/vector-im/riot-web/pull/13814) + * Add media queries and mobile viewport (#12142) + [\#13818](https://github.com/vector-im/riot-web/pull/13818) + * Fix @types/react conflict in matrix-react-sdk + [\#13809](https://github.com/vector-im/riot-web/pull/13809) + * Fix manual update checking, super in arrow funcs doesn't work + [\#13808](https://github.com/vector-im/riot-web/pull/13808) + * Update from Weblate + [\#13806](https://github.com/vector-im/riot-web/pull/13806) + * Convert platforms to Typescript + [\#13756](https://github.com/vector-im/riot-web/pull/13756) + * Fix EventEmitter typescript signature in node typings + [\#13764](https://github.com/vector-im/riot-web/pull/13764) + * Add docs and labs flag for new room list implementation + [\#13675](https://github.com/vector-im/riot-web/pull/13675) + * Add font scaling labs setting. + [\#13352](https://github.com/vector-im/riot-web/pull/13352) + * Add labs flag for alternate message layouts + [\#13350](https://github.com/vector-im/riot-web/pull/13350) + * Move dispatcher references in support of TypeScript conversion + [\#13666](https://github.com/vector-im/riot-web/pull/13666) + * Update from Weblate + [\#13704](https://github.com/vector-im/riot-web/pull/13704) + * Replace favico.js dependency with simplified variant grown from it + [\#13649](https://github.com/vector-im/riot-web/pull/13649) + * Remove Electron packaging scripts + [\#13688](https://github.com/vector-im/riot-web/pull/13688) + * Fix postcss order to allow mixin variables to work + [\#13674](https://github.com/vector-im/riot-web/pull/13674) + * Pass screenAfterLogin through SSO in the callback url + [\#13650](https://github.com/vector-im/riot-web/pull/13650) + Changes in [1.6.2](https://github.com/vector-im/riot-web/releases/tag/v1.6.2) (2020-05-22) ========================================================================================== [Full Changelog](https://github.com/vector-im/riot-web/compare/v1.6.1...v1.6.2) diff --git a/package.json b/package.json index 86c0efa9..361045bb 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "riot-web", "productName": "Riot", - "version": "1.6.2", + "version": "1.6.3", "description": "A feature-rich client for Matrix.org", "author": "New Vector Ltd.", "repository": { @@ -60,8 +60,8 @@ "browser-request": "^0.3.3", "gfm.css": "^1.1.2", "highlight.js": "^9.13.1", - "matrix-js-sdk": "github:matrix-org/matrix-js-sdk#develop", - "matrix-react-sdk": "github:matrix-org/matrix-react-sdk#develop", + "matrix-js-sdk": "6.2.0", + "matrix-react-sdk": "2.7.0", "olm": "https://packages.matrix.org/npm/olm/olm-3.1.4.tgz", "postcss-easings": "^2.0.0", "prop-types": "^15.7.2", @@ -88,6 +88,7 @@ "@babel/preset-typescript": "^7.7.4", "@babel/register": "^7.7.4", "@babel/runtime": "^7.7.6", + "@types/flux": "^3.1.9", "@types/modernizr": "^3.5.3", "@types/node": "^12.12.41", "@types/react": "16.9", diff --git a/tsconfig.json b/tsconfig.json index b87f6407..8a01ca33 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -14,7 +14,8 @@ "jsx": "react", "types": [ "node", - "react" + "react", + "flux" ] }, "include": [ diff --git a/yarn.lock b/yarn.lock index 303e7049..fbe577e0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1190,6 +1190,19 @@ resolved "https://registry.yarnpkg.com/@types/events/-/events-3.0.0.tgz#2862f3f58a9a7f7c3e78d79f130dd4d71c25c2a7" integrity sha512-EaObqwIvayI5a8dCzhFrjKzVwKLxjoG9T6Ppd5CEo07LRKfQ8Yokw54r5+Wq7FaBQ+yXRvQAYPrHwya1/UFt9g== +"@types/fbemitter@*": + version "2.0.32" + resolved "https://registry.yarnpkg.com/@types/fbemitter/-/fbemitter-2.0.32.tgz#8ed204da0f54e9c8eaec31b1eec91e25132d082c" + integrity sha1-jtIE2g9U6cjq7DGx7skeJRMtCCw= + +"@types/flux@^3.1.9": + version "3.1.9" + resolved "https://registry.yarnpkg.com/@types/flux/-/flux-3.1.9.tgz#ddfc9641ee2e2e6cb6cd730c6a48ef82e2076711" + integrity sha512-bSbDf4tTuN9wn3LTGPnH9wnSSLtR5rV7UPWFpM00NJ1pSTBwCzeZG07XsZ9lBkxwngrqjDtM97PLt5IuIdCQUA== + dependencies: + "@types/fbemitter" "*" + "@types/react" "*" + "@types/glob@^7.1.1": version "7.1.1" resolved "https://registry.yarnpkg.com/@types/glob/-/glob-7.1.1.tgz#aa59a1c6e3fbc421e07ccd31a944c30eba521575" @@ -6948,9 +6961,10 @@ mathml-tag-names@^2.1.1: resolved "https://registry.yarnpkg.com/mathml-tag-names/-/mathml-tag-names-2.1.3.tgz#4ddadd67308e780cf16a47685878ee27b736a0a3" integrity sha512-APMBEanjybaPzUrfqU0IMU5I0AswKMH7k8OTLs0vvV4KZpExkTkY87nR/zpbuTPj+gARop7aGUbl11pnDfW6xg== -"matrix-js-sdk@github:matrix-org/matrix-js-sdk#develop": - version "6.1.0" - resolved "https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/3305f2cc72f1a299b2a82366ff4729ad8d6b0edc" +matrix-js-sdk@6.2.0: + version "6.2.0" + resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-6.2.0.tgz#b1aa6f23858ab3ee4b66be25d3e854f6e287d36b" + integrity sha512-dpx1EuJ98HtqE2YUeliTe9xjMOJlicJGRXa06Gr8RAL6WJM7buPgodOk0tRs461LzeilxmymqcGaB4og6o9RxA== dependencies: "@babel/runtime" "^7.8.3" another-json "^0.2.0" @@ -6970,9 +6984,10 @@ matrix-mock-request@^1.2.3: bluebird "^3.5.0" expect "^1.20.2" -"matrix-react-sdk@github:matrix-org/matrix-react-sdk#develop": - version "2.6.1" - resolved "https://codeload.github.com/matrix-org/matrix-react-sdk/tar.gz/0e41bde875c2996aefb3fdbeae292211b9347f36" +matrix-react-sdk@2.7.0: + version "2.7.0" + resolved "https://registry.yarnpkg.com/matrix-react-sdk/-/matrix-react-sdk-2.7.0.tgz#b5ad66f97d7b127665578d11d3e84b6f39f5fdc9" + integrity sha512-GnH7eZt+ZQjCSqqa1lB1C1/gGKGVNeF0otlNI+7X1YKm1BFdOpUDYZ7UUxF7mT683Eum4B6YHil394eW/fLkIg== dependencies: "@babel/runtime" "^7.8.3" await-lock "^2.0.1" @@ -7000,7 +7015,7 @@ matrix-mock-request@^1.2.3: is-ip "^2.0.0" linkifyjs "^2.1.6" lodash "^4.17.14" - matrix-js-sdk "github:matrix-org/matrix-js-sdk#develop" + matrix-js-sdk "6.2.0" minimist "^1.2.0" pako "^1.0.5" parse5 "^5.1.1"