This repository has been archived by the owner on Feb 15, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 23
/
CHANGELOG
466 lines (319 loc) · 18.1 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
Version 2.3.4
- Updated for newest Discord version
Version 2.3.3
- Fixed broken message enqueue due to Discord update.
- Fixed file uploads.
- Thanks to An0/King Of Salt for this release.
Version 2.3.2
- Fixed the message loading issue present due to an API change on Discord's side.
- Switched from Riseup.net's Up1 service to https://pastebin.synalabs.hosting due to Riseup going private.
Version 2.3.1
- Fixed password changing when an empty one is entered.
Version 2.3.0
- Re-licensed the project under the GPL v3.
Version 2.2.7
- Fixed a problem causing duplicate settings injection thus lagging the client.
Version 2.2.6
- Fixed loading error with exports due to BetterDiscord update.
Version 2.2.5
- Fixed tooltips from being cutoff due to a Discord update.
Version 2.2.4
- Fixed configuration file corruption when Discord or the PC crashes.
Version 2.2.3
- Fixed broken Support Server invite link.
Version 2.2.2
- Changed the default encryption algorithm to use dual-AES for newcomers.
- Fixed a bug where improperly handling the encrypted suffix can sometimes lead to messages being cut short.
Version 2.2.1
- Fix missing toolbar due to Discord's update.
Version 2.2.0
- Changed Ed25519 update signing key as per notice. ( You may use GPG to manually verify the file. )
Version 2.1.2
- Updated to avoid using deprecated API in BBD v0.3.0.
Version 2.1.1
- Updated SecureDiscord script to use Tor's Accept-Encoding, compression parameter and remove DNT as per Tor.
- Added a few more headers to SecureDiscord for removal in the event they're ever used.
- Split the description manual into a dedicated user manual and feature introduction.
- Reverted to the old EFF diceware list due to the larger list being too cryptic.
- Increased the minimum recommended passphrase security level to 192 bits. ( 15 words. )
- Added the channel's name to the password settings menu.
Version 2.1.0
- Removed OpenPGP.js library for an overall smaller plugin size.
- Fixed uncaught errors that occurred when not responding to dialog prompts.
- Fixed a bug in the Curve25519 library that prevent private keys from being imported.
- Ignored updates now show clearer information when viewing them.
- Database unlocking no longer occurs if the password field is blank.
- Switched from updates using PGP signatures to the built in Ed25519 signatures.
Version 2.0.6
- Fixed a bug that caused an error with Debian Linux builds of Discord.
- Further optimized the Scrypt library to decrease the plugin's size.
Version 2.0.5
- Added a guild blacklist that blocks the plugin from working in BetterDiscord and Discord servers.
- Updated the passphrase generator to use options based on the user's selected security level.
- Updated the passphrase generator to use a much wider word range.
- Updated OpenPGP.js to v4.1.0. ( Release September 25th, 2018. )
- Decreased the security captcha limit when exporting databases.
- Few code optimizations to improve execution speed.
Version 2.0.4
- Fixed a bug that caused outgoing key exchanges to fail.
- Fixed a syntax error in settings in regards to X25519 exchanges.
Version 2.0.3
- Added Post-Quantum key exchange SIDH over a 751 bit prime field.
- Added an "About" page to better detail miscellaneous information.
- Added an error dialog explaining why the plugin restarts for users.
- Added detailed algorithm description to exchange status logs.
- Improved the efficiency for the SIDH and Scrypt libraries by recompiling them.
- Updated SecureDiscord to prevent a possible redirect hijack attack.
- Allowed generated passphrases to automatically be copied to the clipboard when clicking "OK".
- Fixed a bug where entering the incorrect password when unlocking the database caused a restart.
- Fixed a duplicate notification bug due to improperly adding the same event twice.
- Fixed tooltips being hidden due to Discord's update.
Version 2.0.2
- Minor improvements to the database unlocking speed.
- Reduced file size further by removing unnecessary assets in libraries.
Version 2.0.1
- Added the ability to preview Up1 encrypted links as normal attachments.
- Added a shell script installer for Windows users who try to run the plugin directly.
- Updated SecureDiscord with a bit more error handling.
Version 2.0.0
- NOTE: Export your database entry & remove the configuration file BEFORE updating to this.
- NOTE: This is a major update. All previous versions will no longer be supported.
- Improved the SecureDiscord plugin. This requires a manual reinstallation.
- Switched to event based hooks for better functionality.
- Switched to asm.js version of scrypt hashing for roughly a 3x speed boost.
- Removed the 'Cancel' button for startup due to the new event-based functionality.
- Removed the ability to send encrypted messages as embeds.
- Fixed parsing errors related to code blocks and other markdown based formatting.
- Fixed the message scrolling bug.
- Fixed the broken link to the support server.
- Added SHA-3 internally in favor of the older SHA-2 standard.
- Added the ability to edit encrypted messages.
- Added automatic key exchanges.
- Added the ability to remember encryption modes on a per-channel basis.
- Added the ability to encrypt and decrypt any attached embeds. ( Example: Quoting plugins. )
- Decreased the minimum database password requirement to 32 characters.
- Simplified the process of key exchanges.
- Various code optimizations and improvements.
Version 1.5.12
- Fixed a bug regarding Up1 embeds.
- Updated OpenPGP.js library to v4.0.
- Updated the user guide to explain how to use non-global, Nitro-only Emojis.
- Improved the SecureDiscord script to allow for easier configuration and new features.
- Added local state support. Channels will now remember if you have automatic encryption enabled.
- Added the ability to have full-emoji auto-select support if the current channel has automatic encryption enabled.
Version 1.5.11
- Fixed a bug due to URL parsing allowing possibly exploitable messages from crashing the client.
- Removed referrers from being passed to URL links.
Version 1.5.10
- Added the ability to escape inline code blocks with the backslash character. ( "\" )
- Fixed a bug where timed messages were completely broken.
- Fixed a bug where updating the timed message expiration interval wouldn't be saved on reload.
- Fixed a bug where updating the scanning interval wouldn't be saved on a reload.
Version 1.5.9
- Added an option to allow users to configure what decrypted messages should be prefixed with.
Version 1.5.8
- Fixed accidentally breaking signature due to pushing to the wrong branch.
- Prevent public key messages sent from being hidden due to user confusion.
- Allowed inline code blocks to span multiple lines.
- Minor code improvements.
Version 1.5.7
- Added support for mentioning channels in messages. ( They will appear just as tagged users. )
- Changed the character to not encrypt messages from a single hash ( # ) to double hash. ( ## )
Version 1.5.6
- Fixed a bug due to Discord update that broke code block highlighting.
- Fixed a bug in SecureDiscord module where DNT headers weren't applied.
- Added additional header tracking removal in SecureDiscord.
Version 1.5.5
- Fixed a regression with tagging users due to adding emoji support.
- Minor code optimizations.
Version 1.5.4
- Fixed a bug with sending messages where nonces would sometimes overflow.
Version 1.5.3
- Fixed Discord altering class names causing failure to encrypt messages.
- Updated nonces to span the full 64-bits supported.
Version 1.5.2
- NOTE: An addon has been implemented called SecureDiscord to compliment the features of DiscordCrypt.
- Updated OpenPGP.js to v3.1.0
- Added more methods reporting prevention.
- Added some sanity checks for update checking.
- Added a complimentary script called SecureDiscord that enhances a user's privacy.
- Fixed a bug that prevented messages from being modified instantly.
- Fixed a bug where debug versions would still apply updates if checked manually.
Version 1.5.1
- Added the GPG key fingerprint to the blacklisted updates panel for manual verification.
- Fixed a bug regarding the plugin always thinking an update was available.
Version 1.5.0
- Added an update manager with the ability to blacklist updates.
- Added the option to enable or disable automatic updates.
- Added the ability to re-open the master database unlocking prompt if it was closed.
- Added proper menu tooltips to match Discord's style.
- Added support for theme colors to style buttons if using some popular themes.
- Added delayed tooltips for emojis like Discord.
- Added more features to disable Discord's tracking..
- Fixed an issue with alert button's background when being clicked.
- Fixed an issue with settings' text being cut off if using certain fonts.
- Fixed a bug with copying emoji names to the clipboard making them have additional colons.
- Fixed a bug when exporting or importing database entries making them fail.
- Hardened signature verification by directly adding the PGP key to the plugin
- Updated the user guide.
Version 1.4.6
- Simplified warning message about using embeds.
- Update for Discord changing their class names yet again.
- Moved from SHA2 to SHA3 ( Keccak-256 & Keccak-512 ) for key exchanges.
- Updated the alerts to match the theme used internally.
- Fixed a naming regression that allowed assignments to protected variables within the plugin.
Version 1.4.5
- Added support for animated emojis.
Version 1.4.4
- Added the ability to send emojis in encrypted messages. These include standard and global ones.
- Added the ability to send Nitro-based emojis for non-nitro users in encrypted messages.
- Nitro emojis still need to have their snowflakes resolved manually.
- Updated the technical documentation and user guide.
Version 1.4.3
- Fixed a bug caused by v1.4.0 protections that restricted key generation.
Version 1.4.2
- Fixed some formatting errors in logging due to 1.4.0 update.
- Fixed yet another bug in ChannelProps resolving.
- Updated documentation to use JSDoc thanks to Zerebos's hint.
Version 1.4.1
- A minor security fix from the last version.
- Fixed yet another regression in retrieval of ChannelProps.
Version 1.4.0
- This is a major security release. You should update immediately.
- Hardened all libraries against prototype attacks.
- Perform additional hardening on some libraries against function duplication errors.
- Fixed some major vulnerabilities that exposed the plugin itself to prototype hijacking.
- Encapsulated all variables requiring security from being exposed to anything with JS execution privileges.
- Broke the plugin's documentation website due to these changes. It's a feature, we promise!
Version 1.3.1
- New master password requirements have been enforced. If your password does not meet this requirement, it will be rejected.
- Minor grammar fixes in the user manual and added additional details of Discord's tracking capabilities.
- Updated technical details information for users wondering about the internals of the plugin.
- Internal code refactoring.
Version 1.3.0
- All future updates will now be self-verified via OpenPGP.js prior to updating.
- If an update is invalidly signed, it will still be installed but users will be warned during the update notice.
Version 1.2.10
- Fixed source document generation.
Version 1.2.9
- Removed the quality feedback "feature" from Discord's voice chats.
- Fixed a bug in the test generator.
Version 1.2.8
- NOTE: This update changes the database structure. You will need to delete your database file and restart Discord.
- NOTE: Make sure you export your current entries in the Database Settings menu before applying this update.
- Updated the embed warning message.
- Bug fix in the Ed25519 signing process.
- Added additional hints for each setting in the menu.
- Fixed the text area background colors for some themes.
- The database is now compressed before encrypting it to decrease storage space.
- Future updates will only show the changes between the latest and current version.
- Added buttons to join the support server or visit the repository from within the settings menu.
Version 1.2.7
- Added the ability to directly copy keys from the Database Management menu in settings.
- Small improvement to Scrypt based function for faster execution.
- Further reduced the plugin's file size.
Version 1.2.6
- Fixed a bug regarding detecting the update version.
- Restyled the UI to use a dark theme similar to Discord's colors.
- Attempted to update the UI for users with smaller screens. ( No Promises. )
- Reduced the plugin's size.
Version 1.2.5
- NOTE: Changing the authentication algorithm will prevent any old messages from being decrypted.
- Switched the message authentication cipher to SHA3's KMAC over SHA2's HMAC for increased security.
- Removed an annoying console error when starting due to the SJCL dependency.
- Added SHA3-JS's MIT license.
Version 1.2.4
- Introduced signed releases for increased authenticity.
- Disable embedded messages by default so as to prevent possible bans.
- Added the ability to import and export the database as well as manually removing keys.
- Updated internal SJCL dependency for encrypted file uploads to the latest public version.
Version 1.2.3
- Fixed a bug introduced due to Discord's Game Tab update.
- Minor code improvements.
Version 1.2.2
- Fixed a bug when switching between key exchange algorithms.
- Switched to Curve25519 instead of secp256k1 for ECDH key exchanges when using 256 bits.
- Avoid using strong entropy for random padding byte for metadata.
- Increased Up1's file encryption key length from 128 bits to 512 bits. ( URLs are longer. )
- Embedded Up1 frames now use 100% of the message width instead of 400 pixels.
Version 1.2.1
- Fixed updating bug due to using the old update URL.
- Fixed a minor bug in the changelog display.
Version 1.2.0
- Added timed messages. Messages can now be deleted after a certain time period has passed.
- Added the ability to send encrypted messages without using embeds.
- Fixed a bug in menus in which scrolling would cut off part of the screen on smaller resolutions.
- Updated key exchange secrets to display using braille instead of symbols.
- Updated the settings menu with a warning about using embeds.
- Updated the default passwords to use new braille patterns.
- Minor performance enhancements.
Version 1.1.2
- Fixed a bug for public key parsing errors.
- Fixed menu bugs for the key and lock icons.
- Switched ECDH algorithms to their Koblitz curve equivalents over binary fields.
Version 1.1.1
- NOTE: Byte changing will prevent you from reading all old messages.
- Prevent HMAC from being disabled at all even purposely by switching a flag. ( Code can still be edited. )
- Removed Base64 encoding and now encode directly as all 256 possible Braille characters.
- Increased maximum message size from 1200 characters to 1820 characters.
- Optimized internal jQuery usage for faster execution.
- Decreased general size of messages by 33%.
Version 1.1.0
- NOTE: Character set changing will prevent you from reading all old messages.
- Switched to a Braille character set instead of Chinese for messages. ( Special thanks to An0. )
- Embed dependencies directly into the plugin for increased security.
- Optimized some crucial parts of code for faster execution.
- Fixed a Clyde sending error for broken messages.
- Fixed a bug in the UI's settings pane.
- Minor UI changes for sleeker feel.
- Host message images on Gitlab.
Version 1.0.10
- Fixed inability for ASAR files ( and potentially others ) to be uploaded.
- Fixed JPEG image uploading failures.
- Updated installation guide.
Version 1.0.9
- Fixed a major HTML injection bug thanks to An0.
- Removed native Base64 conversion methods for Node's.
- Removed deprecated Buffer calls.
Version 1.0.8
- NOTE: This version introduces a change which will require you to delete your old configuration file.
- NOTE: You will need to completely close and restart Discord after deleting your configuration.
- Fixed a React bug for module finding thanks to Discord's update.
- Fixed error throwing for ChannelProps being used when it's not defined.
- Optimized Scrypt KDF function for a speed increase by approximately 30-50%.
- Increased auto-update checking interval to 1 hour.
- Added encrypted file uploads from clipboard.
- Uploads now embed directly in messages for previews. You can also now download them from within Discord itself.
- Decreased progress bar height to 8 pixels.
- Increased the Database unlocking KDF N parameter from 1536 to 4096 for increased security.
Version 1.0.7
- Fixed a bug where links weren't clickable.
- Fixed a bug where the ANSI x9.23 padding scheme didn't work from the UI.
- Finished project documentation.
Version 1.0.6
- Fixed a bug where file uploads wouldn't be sent if an encrypted channel wasn't already set up.
- Fixed a bug where the CI pipeline test failed to properly execute.
Version 1.0.5
- Added full support for code blocks in encrypted messages. ( Inline & Block )
- Added URL identification in messages which can now be clicked to open them.
- Added encrypted file uploading via Up1 services. ( Maximum of 50 MB. )
- Added the ability to send file deletion links.
- Code optimizations for faster execution.
Version 1.0.4
- Added basic support for code blocks with highlighting. Single line code blocks are still unsupported.
- Fixed a bug where the changelog menu is automatically opened if the first button clicked is Password Settings.
- Minor stability improvements.
Version 1.0.3
- Changed update mechanism to use Node's internal "request" module which should fix issues for some users.
Version 1.0.2
- NOTE: This version introduces a change which will require you to delete your old configuration file.
- Added Scrypt and hash based tests for verified functionality.
- Added GCM ( Galois Counter Mode ) for AES-256 encryption and decryption for internal use.
- Added the ability to ignore database unlocking upon startup to avoid loading the plugin if not needed.
- Database is now encrypted using Authenticated Encryption via AES-256 in GCM mode ensuring authenticity.
- Removed the ECB ( Electronic Codebook ) block cipher mode as it's deemed insecure.
- Fixed a bug where users not using standard dark themes would not be able to see the update changelog.
Version 1.0.1
- Removed some old code from the plugin not needed since public.
Version 1.0.0
- Initial Public Release