Skip to content

v0.4.0
Compare
Choose a tag to compare
@samuelallan72 samuelallan72 released this 06 May 01:33
· 47 commits to master since this release
0.4.0
e2603ef

It's time for another release!

IMPORTANT: this release contains a security fix for an arbitrary code execution bug. See commit ecc410f for technical details.

Code execution was possible on the following conditions:

  • a note is being viewed in the internal pager
  • the user uses the keyboard shortcut to copy a line to the system clipboard
  • the line being copied was crafted in a way that would be interpreted by the shell

This can only be exploited with the user's explicit interaction, and the user's simplenote account would need to be breached for an attacked to add malicious lines. Therefore, this attack vector is probably low severity. There is a higher possibility that a user may copy a line that incidentally contains code that gets executed on copy.

Please update as soon as possible!

Changelog since 0.3.0:

  • fix for code execution bug. See commit ecc410f.
  • fixes for the following minor issues:
    • crash on invalid modification date #71
    • crash on failed login
    • crash and unhelpful debugging info on config file errors
  • tidy setup.py to not depend on sncli (can cause strange issues installing)
  • add ability to set custom config file through $SNCLIRC env var (thanks to
    @vrillusions #83)
Assets 2
Loading