Releases: betapictoris/graveyard
2.0.0
Security Changes & Fixes
- Graveyard now detects zip-slip attacks. This means that Graveyard will refuse to unarchive archives that try to access files out of their scope.
- Graveyard now only uses libraries that are developed by the Golang developers.
Breaking Changes
- Commands are now provided through the Go
flag
module. This means that commands will need to be prefixed with-
or--
, this allows users to string together commands and complete more than one action at once. - Grave filenames now end in
.buried
instead of.tar.gz.buried
, you will need to rename graves before use with this version, see the release discussion for details.
New Features
- Graveyard is now fully portable! This means that you can store graves on a USB drive and access them across Windows, Linux, and macOS. The
grave.zip
file currently only supports x64 architectures, but includes binaries for Windows, Linux, and macOS. - Speaking of Windows and macOS... this is the first release to support those platforms!
- Graveyard also now provides builds for other architectures.
Changes for Developers
- Graveyard now provides a library for external applications to encrypt data within graves.
- The command line application now simply interacts with the library.
Other Changes
- Documentation has been moved into docs.
- Lot of dependencies have been removed.
- Migrate to
os
fromioutil
. - Graveyard is now a much smaller binary (7.38 MB to 3.22 MB.)
Full Changelog: 1.1.5...2.0.0
This release includes breaking changes. For a migration guide view the release discussion.
1.1.5
What's Changed
- Bump
golang.org/x/crypto
from 0.21.0 to 0.23.0 (in #16 and #18). - Bump
github.com/charmbracelet/bubbletea
from 0.25.0 to 0.26.3 (in #20 and
#21). - Bump
github.com/charmbracelet/bubbles
from 0.17.1 to 0.18.0 (in #11). - Bump
github.com/urfave/cli
from 2.27.1 to 2.27.2 (in #17).
Full Changelog: 1.1.4...1.1.5
1.1.4
What's Changed
- Bump github.com/charmbracelet/log from 0.3.1 to 0.4.0 by @dependabot in #15
- Bump golang.org/x/crypto from 0.18.0 to 0.21.0 by @dependabot in #14
Full Changelog: 1.1.3...1.1.4
1.1.3
What's Changed
Full Changelog: 1.1.2...1.1.3
1.1.2
What's Changed
Dependency upgrades:
- golang.org/x/crypto from 0.17.0 to 0.18.0
- github.com/urfave/cli/v2 from 2.25.7 to 2.27.1
- github.com/charmbracelet/bubbletea from 0.24.2 to 0.25.0
- github.com/charmbracelet/log from 0.2.3 to 0.3.1
- github.com/charmbracelet/bubbles from 0.16.1 to 0.17.1
Full Changelog: 1.1.1...1.1.2
1.1.1
What's Changed
- Bump
golang.org/x/crypto
from0.12.0
to0.17.0
. - Fixed decryption "invalid key size 0" error on installations with more than one grave.
Full Changelog: 1.1.0...1.1.1
1.1.0 - 💥 Security Improvements
💥 This is a breaking change: Your preexisting graves will not open after updating, consider copying a decrypted version before doing so and clearing the ~/.graveyard
directory.
What happened?
As Lemmy user @[email protected] pointed out, the key should not have been stored as a SHA256.
Why was this bad?
In case a hacker had physical access to the device and could get the hashed keys they could figure out which passphrases are reused.
How has it been fixed?
Keys are now stored within $XDG_DATA_HOME/graveyard/keys
or ~/.graveyard/keys
as salted Argon2 hashes.
Initial Release
This is the first public release of Graveyard.
Full Changelog: https://github.com/BetaPictoris/graveyard/commits/1.0.0