Skip to content

v0.12.0

Compare
Choose a tag to compare
@fd0 fd0 released this 24 Apr 19:05
· 114 commits to master since this release
v0.12.0

Changelog for rest-server 0.12.0 (2023-04-24)

The following sections list the changes in rest-server 0.12.0 relevant to users. The changes are ordered by importance.

Summary

  • Fix #183: Allow usernames containing underscore and more
  • Fix #219: Ignore unexpected files in the data/ folder
  • Fix #1871: Return 500 "Internal server error" if files cannot be read
  • Chg #207: Return error if command-line arguments are specified
  • Chg #208: Update dependencies and require Go 1.17 or newer
  • Enh #133: Cache basic authentication credentials
  • Enh #187: Allow configurable location for .htpasswd file

Details

  • Bugfix #183: Allow usernames containing underscore and more

    The security fix in rest-server 0.11.0 (#131) disallowed usernames containing and underscore "". The list of allowed characters has now been changed to include Unicode characters, numbers, "", "-", "." and "@".

    #183 #184

  • Bugfix #219: Ignore unexpected files in the data/ folder

    If the data folder of a repository contained files, this would prevent restic from retrieving a list of file data files. This has been fixed. As a workaround remove the files that are directly contained in the data folder (e.g., .DS_Store files).

    #219 #221

  • Bugfix #1871: Return 500 "Internal server error" if files cannot be read

    When files in a repository cannot be read by rest-server, for example after running restic prune directly on the server hosting the repositories in a way that causes filesystem permissions to be wrong, rest-server previously returned 404 "Not Found" as status code. This was causing confusing for users.

    The error handling has now been fixed to only return 404 "Not Found" if the file actually does not exist. Otherwise a 500 "Internal server error" is reported to the client and the underlying error is logged at the server side.

    #1871 #195

  • Change #207: Return error if command-line arguments are specified

    Command line arguments are ignored by rest-server, but there was previously no indication of this when they were supplied anyway.

    To prevent usage errors an error is now printed when command line arguments are supplied, instead of them being silently ignored.

    #207

  • Change #208: Update dependencies and require Go 1.17 or newer

    Most dependencies have been updated. Since some libraries require newer language features, support for Go 1.15-1.16 has been dropped, which means that rest-server now requires at least Go 1.17 to build.

    #208

  • Enhancement #133: Cache basic authentication credentials

    To speed up the verification of basic auth credentials, rest-server now caches passwords for a minute in memory. That way the expensive verification of basic auth credentials can be skipped for most requests issued by a single restic run. The password is kept in memory in a hashed form and not as plaintext.

    #133 #138

  • Enhancement #187: Allow configurable location for .htpasswd file

    It is now possible to specify the location of the .htpasswd file using the --htpasswd-file option.

    #187 #188