v0.8.0 - moonset - Gitea: Git with a cup of tea

nevaforget/moonset

v0.8.0 8aca2bf331
fix: audit fixes — symlink-safe avatars, blur downscale + padding, config validation (v0.8.0)

All checks were successful

Update PKGBUILD version / update-pkgver (push) Successful in 2s

Details

nevaforget released this 2026-03-30 16:08:50 +02:00 | 10 commits to main since this release
- Replace canonicalize() with symlink_metadata + is_file + !is_symlink for avatar
  lookup (prevents symlink traversal to arbitrary files)
- Fix blur padding offset from (0,0) to (-pad,-pad) to prevent edge darkening
- Add MAX_BLUR_DIMENSION (1920px) downscale before GPU blur
- Validate blur per config source (invalid user value preserves system default)
- Wallpaper: use symlink_metadata + is_file + !is_symlink in resolve_background_path
Downloads
- Source Code (ZIP)
- Source Code (TAR.GZ)