Open Collective
Open Collective
v0.6.1 - Security Patches + Hotfix
Published on November 8, 2022 by Joseph Milazzo

I took a one week vacation after the v0.6.0 release and it seemed there were a few issues that cropped up, so here is the hotfix. This hotfix fixes high utilization that a few users have reported. If you were one of these users, after this hotfix you should be clear to turn on folder watching again. If you're experiencing issues, please drop by support again.

In addition, there were a few security vulnerabilities exposed via Huntr. As usual, the details will be disclosed after a few days. Also a few parsing changes made release broke grouping for light novels that were not tagged correctly. This hack was added back in to help users not have to re-tag thousands of files (but I do encourage it).

Lastly a small but annoying bug where when reading in the manga reader, going backwards or moving to the next chapter could cause the screen to not update the image but the page changed. This is now squashed for good.

The full release can be found here.

Added

  • Added a jumpbar to bookmarks page 

Changed

  • Updated all non-authenticated APIs to return more generic messaging back to the user and log more detailed information to avoid any attack vectors.
  • Log level defaults to Debug as it's no longer noisy
  • Swapped out SQLite for Memory backstore for Hangfire
  • Added DisableConcurrentExecution on ProcessChange to avoid duplication when multiple threads execute at once for Library Watching
  • When parsing epubs, if there is a volume in the epub title, try to parse and group. This is beneficial for Light Novels which are generally tagged this way. Last release, we changed logic to prefer metadata, but most files are not properly tagged. 
  • When scanning files, exit earlier from parser when file is a cover image.
  • When inviting or editing a user, when Admin role is selected, all other roles are disabled as they aren't applicable.
  • When there are no collections, don't point the user to the wiki unless they are an admin

Fixed

  • Fixed the black background present when the e-reader's color theme was set to 'White' 
  • Fixed security issue (https://huntr.dev/bounties/55cd91b3-1d94-4d34-8d7f-86660b41fd65/)
  • Fixed security issue (https://huntr.dev/bounties/bebd0cd6-18ec-469c-b6ca-19ffa9db0699/)
  • Fixed a bug where promoting a reading list would fail 
  • Fixed a bug where bookmarks wouldn't load in the reader in the order they were saved
  • Fixed a bug where state variables weren't being updated correctly and pages could get stuck. This also fixes paging backwards not working
  • Fixed a bug where Hangfire could cause high CPU/RAM utilization for some users due to slower process change execution.
  • Fixed delete series sometimes not triggering on series detail page
  • Fixed some parsing logic for how we treat specials like Annual and Omnibus. This now handles more cases and fixes a few that broke last release. 
  • Fixed a bug where Log Level Information wouldn't show proper log output
  • Fixed a case in ComicInfo fallback where and invalid ComicInfo location wasn't picked up
  • Fixed a typo in the toast notification for marking multiple items as unread and made capitalization consistent (Thanks @pssandhu )

Known Issue

  • Double page renderer seems to be occasionally missing pages. I am working on addressing this for v0.7