aboutsummaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
authorJakob Unterwurzacher2019-01-04 18:05:37 +0100
committerJakob Unterwurzacher2019-01-04 18:05:37 +0100
commitcb524b60b41bd6d5f101f13d7adda71db4e0acde (patch)
treee9501eea3e442c6b4e3ed09013ac230c4fa9cfd1 /README.md
parent6b94f5ef51c92f471919e7542a0ce45b0859282f (diff)
Update changelog
Diffstat (limited to 'README.md')
-rw-r--r--README.md8
1 files changed, 6 insertions, 2 deletions
diff --git a/README.md b/README.md
index 4552646..d4a4f4d 100644
--- a/README.md
+++ b/README.md
@@ -160,18 +160,22 @@ RM: 3.379
Changelog
---------
-v1.7-beta1, 2019-01-03
+
+v1.7, in progress (v1.7-beta1 released 2019-01-03)
* **Fix possible symlink race attacks in forward mode** when using allow_other + plaintextnames
* If you use *both* `-allow_other` *and* `-plaintextnames`, you should upgrade.
Malicious users could trick gocryptfs into modifying files outside of `CIPHERDIR`,
or reading files inside `CIPHERDIR` that they should not have access to.
* If you do not use `-plaintextnames` (disabled per default), these attacks do
not work as symlinks are encrypted.
- * Forward mode has been reworked to use the "*at" family of system calls everywhere
+ * Forward mode has been reworked to use the "\*at" family of system calls everywhere
(`Openat/Unlinkat/Symlinkat/...`).
* As a result, gocryptfs may run slightly slower, as the caching logic has been
replaced and is very simple at the moment.
* The possibility for such attacks was found during an internal code review.
+* Reverse mode: fix excluded, unaccessible files showing up in directory listings
+ ([#285](https://github.com/rfjakob/gocryptfs/issues/285),
+ [#286](https://github.com/rfjakob/gocryptfs/issues/286))
v1.6.1, 2018-12-12
* Fix "Operation not supported" chmod errors on Go 1.11