From 2eedca55f0a54d84493444e42be9973459d806a2 Mon Sep 17 00:00:00 2001 From: Whispering Wind <151555003+ReturnFI@users.noreply.github.com> Date: Sat, 30 Aug 2025 23:57:59 +0330 Subject: [PATCH] Update changelog --- changelog | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/changelog b/changelog index 9135fa2..3173ad3 100644 --- a/changelog +++ b/changelog @@ -1,22 +1,31 @@ -# [1.18.0] - 2025-08-27 +### πŸ›‘οΈ **\[1.18.1] – Security Patch & Hysteria Settings Tab** -#### ⚑ Performance +*Released: 2025-08-30* -* ⚑ **Optimized bulk user URI fetching**: +#### πŸ”’ Security - * New API endpoint `/api/v1/users/uri/bulk` to fetch multiple user links in a single call - * Eliminates N separate script executions β†’ **huge speedup** πŸš€ -* ⚑ Refactored `wrapper_uri.py` for faster bulk processing & maintainability +* πŸ›‘οΈ **Open Redirect Fix**: + Removed `next_url` parameter from login flow to prevent **open redirect vulnerability**. + + Special thanks to [**@HEXER365**](https://github.com/HEXER365) for responsible disclosure πŸ™ #### ✨ Features -* πŸ“€ **Bulk user link export** directly from the **Users Page** -* 🎨 Distinct **color coding** for user statuses in Web Panel -* ⏸️ **On-Hold User Activation** logic introduced in `traffic.py` (with `creation_date=None` default) +* βš™οΈ **New Hysteria Settings tab** in Web Panel (with **geo update support**) +* 🎨 Redesigned **Login Page** for better UI/UX -#### πŸ› Fixes & Refactors +#### πŸ› οΈ Fixes -* πŸ€– **Bot**: Properly handle escaped underscores in usernames -* πŸ› οΈ **Webpanel**: Improved handling of malformed user data & more accurate status for on-hold users -* πŸ› Show Go installation correctly -* πŸ”„ Refactored on-hold user logic into `traffic.py` for central management +* πŸ“¦ Backup `extra.json` during upgrades +* πŸ“± Improved responsive design across web panel +* 🧩 Relaxed conflict check in user viewmodel +* 🧹 Removed `/dev/null` redirects for cleaner logging + +#### πŸ“¦ Chore & Dependencies + +* ⬆️ Updated dependencies: + + * `typing-extensions` β†’ 4.15.0 + * `starlette` β†’ 0.47.3 + * `requests` β†’ 2.32.5 +* 🧹 Removed **deprecated `user.sh`** script (legacy auth)