Skip to content

RSS-Bridge 2025-01-02

Latest
Latest
Compare
Choose a tag to compare
@dvikan dvikan released this 02 Jan 12:12
· 20 commits to master since this release
2025-01-02
152e96d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

EDIT: I forgot to update version number in this release, see #4382

What's Changed

No breaking changes. Mostly fixes to existing bridges, and some new bridges.

But, beware that all bridges are now enabled by default! (instead of the selected handful).

If you dont want all bridges enabled do like this in config.ini.php:

[system]

; Only these 3 bridges are enabled
enabled_bridges[] = CssSelectorBridge
enabled_bridges[] = FeedMerge
enabled_bridges[] = FeedReducerBridge

;enabled_bridges[] = *

Noteworthy changes

When debug mode is enabled, php errors are converted to exceptions! Only in debug mode, not in prod mode.

  • fix: convert php errors to exceptions when in debug mode by @dvikan in #4176

The future

These needs to be discussed:

  • Bump min php version from 7.4 to 8.0.
  • Introduce a new document root with separate data folder (e.g. /var/www/rss-bridge/public and /var/www/rss-bridge/var/)
  • rss-bridge is trivially vulnerable to XSS in the HtmlFormat page since we dont sanitize the html(mostly harmless since theres not much to exploit). Feed readers do sanitize html so no problem there.
  • rss-bridge is trivially vulnerable to SSRF (mostly harmless? hard to exfiltrate data) Also we actually want to allow to fetch resources from non-public IP addresses, so maybe introduce a config for this allowance

See also #2735

New Contributors

Thanks all!

Full Changelog: 2024-02-02...2025-01-02

Contributors

AlexanderS, Vynce, and 19 other contributors
Assets 2
Loading