User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
Automated
(UNOFFICIAL)
This bot automatically checks for Iceshrimp-js and Iceshrimp.NET releases and posts them.

Sources:
iceshrimp.dev/iceshrimp/iceshrimp/releases
iceshrimp.dev/iceshrimp/Iceshrimp.NET/releases

Iceshrimp dev chat: chat.iceshrimp.dev
Iceshrimp documentation: iceshrimp.net/help
Iceshrimp issues board: issues.iceshrimp.dev
Author @pancakes
Source Code https://codeberg.org/pancakes/fedifeeds
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
1mo
Iceshrimp.NET v2025.1-beta5.patch3.security3
This is a beta security hotfix release. It's identical to v2025.1-beta5.patch3.security2, except for the security mitigations listed below. Upgrading is strongly recommended for all server operators.

- Note visibility is now checked when listing likes or bookmarks

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
4mo
Iceshrimp.NET v2025.1-beta5.patch3.security2
This is a beta hotfix release. It's identical to v2025.1-beta5.patch2.security2, except for a bunch of bug fixes. Upgrading is strongly recommended for all server operators.

This release resolves a regression where users with multiple authenticated sessions running .NET 9.0.7 / SDK 9.0.302 or above were unable to use the default frontend.

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
7mo
Iceshrimp.NET v2025.1-beta5.patch2.security2
This is a beta security hotfix release. It's identical to v2025.1-beta5.patch2.security1, except for the security mitigations listed below. Upgrading is strongly recommended for all server operators.

- Profile fields are now rendered as HTML for federation

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
7mo
Iceshrimp v2023.12.14
This is a stable release containing a critical security fix, as well as several lower severity security fixes.

Upgrading is strongly recommended for all server operators.

Highlights:

- A XSS vulnerability related to parsing of relative URLs has been fixed
- Media URLs are now always proxied, no matter the protocol in use
- AiScript endpoints are now validated more strictly
- Negative values for MFM scale nodes are now clamped
- Profile fields are now rendered as HTML for federation
- Summaly has been updated, resolving a SSRF vulnerability

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
7mo
From Iceshrimp's Zulip chat:
There'll be security patches released for Iceshrimp-JS (severity: critical) and Iceshrimp.NET (severity: low) between 19:00, 27 Apr 2025 UTC and 21:00, 27 Apr 2025 UTC (this should show in your local time zone on Iceshrimp, but in case it doesn't, that's 2025-04-27T19:00Z - 2025-04-27T21:00Z. Be ready and patch quickly, especially if you're on -js.
Please boost
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
8mo
Iceshrimp.NET v2025.1-beta5.patch2.security1
This is a beta security hotfix release. It's identical to v2025.1-beta5.patch2, except for the security mitigations listed below. Upgrading is strongly recommended for all server operators.

- Updated SixLabors.ImageSharp to 3.1.7 (addressing GHSA-2cmq-823j-5qj8)

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
9mo
Iceshrimp v2023.12.13
This is a stable release containing a critical security fix. It's identical to v2023.12.13, except that it correctly identifies its version as v2023.12.13, instead of v2023.12.11.

Upgrading is strongly recommended for all server operators.

Highlights:

- An unauthenticated SQL injection vulnerability inherited from calckey/firefish has been patched

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
9mo
Iceshrimp v2023.12.12
This is a stable release containing a critical security fix.

Upgrading is strongly recommended for all server operators.

Highlights:

- An unauthenticated SQL injection vulnerability inherited from calckey/firefish has been patched

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
9mo
Iceshrimp.NET v2025.1-beta5.patch2
This is a beta hotfix release. It's identical to v2025.1-beta5.patch1, except for a bunch of bugfixes. Upgrading is strongly recommended for all server operators running v2025.1-beta5 or v2025.1-beta5.patch1.

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
9mo
Iceshrimp.NET v2025.1-beta5.patch1
This is a beta hotfix release. It's identical to v2025.1-beta5, except for a bunch of bugfixes. Upgrading is strongly recommended for all server operators running v2025.1-beta5.

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
9mo
A fix for the beta5 builds is being worked on
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
9mo
Iceshrimp.NET v2025.1-beta5
This is a beta release, containing lots of new features & bug fixes. Upgrading is recommended for all server operators.

This release contains a breaking change - we now require PostgreSQL version 15 or higher. If you need assistance upgrading, please reach out to the support chat.

Highlights:

- The MFM parser has been completely rewritten, improving frontend performance by several orders of magnitude, as well as fixing countless bugs, slowdowns & edge cases.
- TOTP 2FA is now supported and can be configured in the user settings
- Instance rules can now be configured and displayed
- Links in user profile fields are now verified
- Full drive file management has been added
- Federated user pronouns have been added
- Remote media is now proxied by default
- The project and all in-house libraries now target .NET 9.0

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
11mo
An update from the developers, from the project README:
We're currently in winter holiday break - unless security issues or other catastrophic bugs are discovered, no releases will be made, and no issues will be responded to until the first week of january. Support is limited to community support until then.

Happy holidays!
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
1y
Iceshrimp.NET v2024.1-beta4.security2
This is a beta security hotfix release. It's identical to v2024.1-beta4.security1, except for the security mitigations listed below. Upgrading is strongly recommended for all server operators.

Mitigations:

- Several DoS & stack overflow vulnerabilities in the MFM parser were resolved

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
1y
The previous two notes are there for both historical and testing reasons. Don't worry about them unless you're actually not up to date.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
1y
Iceshrimp.NET v2024.1-beta4.security1
This is a beta security hotfix release. It's identical to v2024.1-beta4, except for the security mitigations listed below. Upgrading is strongly recommended for all server operators.

Mitigations:

- ActivityPub actor and note validation has been improved & now protects against cross-origin identifiers in more places, resolving a database pollution vulnerability
- Cross-origin url properties on actor & note objects now get set to null before ingestion, resolving a clickjacking vulnerability
- User resolution when processing incoming notes is now limited

Check out the full changelog for more information on this release.
User avatar
Iceshrimp Updates Bot @iceshrimp_updates@meow.company
1y
Iceshrimp v2023.12.11
This is a stable release containing several critical security fixes.

Upgrading is strongly recommended for all server operators.

Highlights:

- Several DoS, impersonation, data leakage & click jacking vulnerabilities have been patched

Check out the full changelog for more information on this release.