mirror of
https://github.com/codex-storage/deluge.git
synced 2025-01-12 12:34:43 +00:00
b9a9e06c1d
This applies the following for both WebUI and Daemon: 1. Raised minimal TLS version to TLSv1.2 2. Added specific cipher suite list 3. Added support for ECDSA auth keys 4. Added support for ECDHE key exchange algorithm We disabled the ability to perform TLS/SSL renegotiation and therefore will prevent the clients from renegotiating, which can be exploit for DoS attacks. New security tests now will be skipped when running `pydef` and `trial` testenvs. To run the test, use the testenv `security` or add the environment variable `SECURITY_TESTS` before running the tests. Also should only run when adding to the commit message the string `SECURITY_TEST`.
54 lines
2.7 KiB
Plaintext
54 lines
2.7 KiB
Plaintext
=== Deluge 2.0 (In Development) ===
|
|
|
|
* Improved Logging
|
|
* Removed the AutoAdd feature on the core. It's now handled with the AutoAdd
|
|
plugin, which is also shipped with Deluge, and it does a better job and
|
|
now, it even supports multiple users perfectly.
|
|
* Authentication/Permission exceptions are now sent to clients and recreated
|
|
there to allow acting upon them.
|
|
* Enforced the use of the "deluge.plugins" namespace to reduce package
|
|
names clashing beetween regular packages and deluge plugins.
|
|
* Fix potential for host_id collision when creating hostlist entries.
|
|
* Add Option To Specify Outgoing Connection Interface.
|
|
* Updated SSL/TLS Protocol parameters for better security.
|
|
|
|
==== Core ====
|
|
* Make the distinction between adding to the session new unmanaged torrents
|
|
and torrents loaded from state. This will break backwards compatability.
|
|
* Pass a copy of an event instead of passing the event arguments to the
|
|
event handlers. This will break backwards compatability.
|
|
* Allow changing ownership of torrents.
|
|
* File modifications on the auth file are now detected and when they happen,
|
|
the file is reloaded. Upon finding an old auth file with an old format, an
|
|
upgrade to the new format is made, file saved, and reloaded.
|
|
* Authentication no longer requires a username/password. If one or both of
|
|
these is missing, an authentication error will be sent to the client
|
|
which sould then ask the username/password to the user.
|
|
* Implemented sequential downloads.
|
|
* Provide information about a torrent's pieces states
|
|
|
|
==== GtkUI ====
|
|
* Allow changing ownership of torrents.
|
|
* Host entries in the Connection Manager UI are now editable.
|
|
* Implemented sequential downloads UI handling.
|
|
* Add optional pieces bar instead of a regular progress bar in torrent status tab.
|
|
* Make torrent opening compatible with all unicode paths.
|
|
* Fix magnet association button on Windows.
|
|
* Add keyboard shortcuts for changing queue position:
|
|
- Up: Ctrl+Alt+Up
|
|
- Down: Ctrl+Alt+Down
|
|
- Top: Ctrl+Alt+Shift+Up
|
|
- Bottom: Ctrl+Alt+Shift+Down
|
|
|
|
==== WebUI ====
|
|
* Server (deluge-web) now daemonizes by default, use '-d' or '--do-not-daemonize' to disable.
|
|
* Fixed the '--base' option to work for regular use, not just with reverse proxies.
|
|
|
|
==== Blocklist Plugin ====
|
|
* Implemented whitelist support to both core and GTK UI.
|
|
* Implemented ip filter cleaning before each update. Restarting the deluge
|
|
daemon is no longer needed.
|
|
* If "check_after_days" is 0(zero), the timer is not started anymore. It
|
|
would keep updating one call after the other. If the value changed, the
|
|
timer is now stopped and restarted using the new value.
|