mirrors/cryptomator
1
0
Fork 0
mirror of https://github.com/cryptomator/cryptomator.git synced 2026-05-14 00:31:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'hotfix/1.19.2'

Browse Source
This commit is contained in:
Armin Schrenk
2026-03-20 08:14:04 +01:00
parent 4be327608a 2284d1fcee
commit 390bdc33e0
5 changed files with 26 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
CHANGELOG.md
View File

@@ -7,19 +7,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
The changelog starts with version 1.19.0.
Changes to prior versions can be found on the [Github release page](https://github.com/cryptomator/cryptomator/releases).
## [1.19.2](https://github.com/cryptomator/cryptomator/releases/1.19.2) - 2026-03-20
### Security
* Cryptomamtor Hub Vaults: Additional patch for (#4179, [GHSA-34rf-rwr3-7g43](https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43))
## [1.19.1](https://github.com/cryptomator/cryptomator/releases/1.19.1) - 2026-03-12
### Added
* Cryptomator Hub: Trust on first use, adding new config properties `cryptomator.hub.allowedHosts` and `cryptomator.hub.enableTrustOnFirstUse` ([#4179](https://github.com/cryptomator/cryptomator/pull/4179))
### Fixed
* Fixed loading of masterkey file from arbitrary paths ([#4180](https://github.com/cryptomator/cryptomator/pull/4180))
* **[Security]** Cryptomamtor Hub: Fixed possible man-in-the-middle attack with tampered vault config ([GHSA-34rf-rwr3-7g43](https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43))
* Fixed Finder window opens twice when revealing vault on macOS ([#4177](https://github.com/cryptomator/cryptomator/pull/4177))
* Fixed app does not start due to secret service detection failure on Linux ([#4175](https://github.com/cryptomator/cryptomator/pull/4175))
### Security
* Cryptomamtor Hub Vaults: Fixed possible man-in-the-middle attack with tampered vault config (#4179, [GHSA-34rf-rwr3-7g43](https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43))
* Disallow unencrypted http connections to hub by default ([CVE-2026-32309](https://github.com/cryptomator/cryptomator/security/advisories/GHSA-vv33-h7qx-c264))
* Disallow loading of masterkey file from arbitrary paths (#4180, [CVE-2026-32310](https://github.com/cryptomator/cryptomator/security/advisories/GHSA-5phc-5pfx-hr52))
* Fixed not-configured plugin directory does not disable plugin search ([#4176](https://github.com/cryptomator/cryptomator/pull/4176))
### Added
* Trust on first use, adding new config properties `cryptomator.hub.allowedHosts` and `cryptomator.hub.enableTrustOnFirstUse` (#4179)
### Fixed
* Fixed Finder window opens twice when revealing vault on macOS ([#4177](https://github.com/cryptomator/cryptomator/pull/4177))
* Fixed app does not start due to secret service detection failure on Linux ([#4175](https://github.com/cryptomator/cryptomator/pull/4175))
### Changed
* Pin version of appimagetool([#4181](https://github.com/cryptomator/cryptomator/pull/4181))

3
dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml vendored
View File

@@ -84,6 +84,9 @@
</content_rating>
<releases>
<release date="2026-03-20" version="1.19.2">
<url type="details">https://github.com/cryptomator/cryptomator/releases/1.19.2</url>
</release>
<release date="2026-03-12" version="1.19.1">
<url type="details">https://github.com/cryptomator/cryptomator/releases/1.19.1</url>
</release>

2
pom.xml
View File

@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.cryptomator</groupId>
<artifactId>cryptomator</artifactId>
<version>1.19.1</version>
<version>1.19.2</version>
<name>Cryptomator Desktop App</name>
<organization>

11
src/main/java/org/cryptomator/ui/keyloading/hub/CheckHostTrustController.java
View File

@@ -160,12 +160,11 @@ public class CheckHostTrustController implements FxController {
}
public static String getAuthority(URI uri) {
return switch (uri.getPort()) {
case -1 -> "%s://%s".formatted(uri.getScheme(), uri.getHost());
case 80 -> "http://%s".formatted(uri.getHost());
case 443 -> "https://%s".formatted(uri.getHost());
default -> "%s://%s:%s".formatted(uri.getScheme(), uri.getHost(), uri.getPort());
};
if (uri.getPort() == -1) {
return "%s://%s".formatted(uri.getScheme(), uri.getHost());
} else {
return "%s://%s:%s".formatted(uri.getScheme(), uri.getHost(), uri.getPort());
}
}
//--- JavaFX property getter & setter

4
src/test/java/org/cryptomator/ui/keyloading/hub/CheckHostTrustControllerTest.java
View File

@@ -34,8 +34,8 @@ class CheckHostTrustControllerTest {
"https://example.com/foo/bar, https://example.com",
"https://example.com:8080, https://example.com:8080",
"https://user@example.com:8080/foo/bar, https://example.com:8080",
"https://user@example.com:443/foo/bar, https://example.com",
"http://user@example.com:80/foo/bar?foo=bar, http://example.com",
"https://user@example.com:443/foo/bar, https://example.com:443",
"http://user@example.com:80/foo/bar?foo=bar, http://example.com:80",
"http://user@example.com:8080/foo/bar?foo=bar, http://example.com:8080"
})
void testGetAuthority(String input, String expected) {