From d808a3e22cf457c9ef3de9186727c769a74ea1a1 Mon Sep 17 00:00:00 2001 From: ildyria Date: Thu, 1 May 2025 20:05:29 +0200 Subject: [PATCH 1/5] version 6.6.0 --- docs/releases.md | 40 +++++++++++++++++++++-- src/components/widgets/Announcement.astro | 4 +-- src/pages/get-supporter-edition.astro | 25 +++++++++++--- 3 files changed, 61 insertions(+), 8 deletions(-) diff --git a/docs/releases.md b/docs/releases.md index d5b63a1..db652c5 100644 --- a/docs/releases.md +++ b/docs/releases.md @@ -30,6 +30,44 @@ ## Version 6 +### v6.6.0 + +Released on May 1, 2025 + +#### Legacy is gone and improved image security + +To put it simply, we are getting rid of the legacy v4 code. +This change is significant for two reasons. First of all, it means that the API v1 is now completely gone. +But more importantly, this is a big change for us, as we have been using the v4 codebase as a safety net for a long time. +If something breaks, there will no longer be an easy flag that disables the complete vue-js front-end and fallbacks to the v4 codebase. + +This fallback process has been extremely useful to us when we deployed the version 5, and in early version 6. However we are now satisfied with the current state of the front-end and we no longer think that the fallback to v4 is needed. + +One may wonder why we decided to do this change, and to that there are two big reasons: + +- We no longer will need to maintain a legacy compatibility. Cleaning old code bases is part of the life cycle of a project, and we are now at the point where we can do this. The second reason is that we are planning to refactor the way images are attached to albums. +- We decided to go in the direction of a many-to-many relationship. In layman terms, this means that a photo can be in multiple albums at the same time. This behaviour is not compatible with the API v1 definitions. This relationship change is going to have significant impact on the way photos access rights are handled, but we are confident this will also enable to provide more interesting features in the future. + +Now moving on from this 45 000 lines of code removal, we also simplified the way photos are shared. In the past in order to avoid hot-links we had to create symbolic links that expired. This was a bit of a hack. We now provide the option to use signed urls. This ensures that the photo is only available for a limited amount of time. Our SE users will also be happy to know that the url of the photo can also be encrypted, making sure that nobody can access the photo by guessworks. + +`klo` refers to *Keep the Light On*. In other words, basic software updates. + +* `new` #3296 : Propose revising the footer text as it could be misunderstood by @Novapixel1010. + > Small change aimed to clarify that Lychee org is not hosting the pictures but that Lychee is a software that allows user + > to have their own self-hosted gallery. +* `klo` #3291 : Remove legacy v4 by @ildyria. + > There is no coming back... +* `new` #3211 : Drop random symlinks functionality for a more streamlined system by @ildyria. + > Remove the symbolic link functionality, this features provide a more modern and secure way to share photos links. +* `fixes` #3289 : Fixes sharing access rights. by @ildyria. + > When trying to share multiple albums with multiple users, all the accessible albums could be selected even though the user + > we not allowed to edit them. We now only list the albums that are owned by the user. + +#### New Contributors + +* @Novapixel1010 made their first contribution in https://github.com/LycheeOrg/Lychee/pull/3296 + + ### v6.5.3 Released on Apr 27, 2025 @@ -40,8 +78,6 @@ This small release is mostly targeted at fixing a few bugs. Though if you are a you will want to upgrade to this version as soon as possible as it solves the error 500 when the metrics module is enabled and trying to open album with recently uploaded photos. -`klo` refers to *Keep the Light On*. In other words, basic software updates. - * `new` #3263 : Allow description to be used in photo thumb (expert setting) by @ildyria > A small request from one of our user. This allows to display the description of the photo instead of > its title and date of capture in the thumbnail album view. This text is formatted with markdown and the display diff --git a/src/components/widgets/Announcement.astro b/src/components/widgets/Announcement.astro index 56eed93..36581e4 100644 --- a/src/components/widgets/Announcement.astro +++ b/src/components/widgets/Announcement.astro @@ -10,8 +10,8 @@ >NEW Lychee 6.5.3 is now available! »Lychee 6.6.0 is now available! » SE']} - extra="*A lot of default values are still in English. Any pull requests with translation to your own language would help.
** This option is not available on SE as they are already hidden." + extra="* This table is summary of Lychee's functionalities and does not represent the large amount of configurations available.
\ + ** A lot of default values are still in English. Any pull requests with translation to your own language would help.
\ + *** This option is not available on SE as they are already hidden." specs={[ { feature: 'Global', @@ -147,11 +154,11 @@ const metadata = { available: [true, true], }, { - feature: 'Multiple languages supported*', + feature: 'Multiple languages supported**', available: [true, true], }, { - feature: 'Hide Lychee SE call for actions **', + feature: 'Hide Lychee SE call for actions ***', available: [true, false], isV6: true, }, @@ -191,6 +198,16 @@ const metadata = { available: [true, true], isV6: true, }, + { + feature: 'Hotlink protection', + available: [true, true], + isV6: true, + }, + { + feature: 'AES-Secured links', + available: [false, true], + isV6: true, + }, { feature: 'Statistics (download,share, etc.)', available: [false, true], From 0667d4bb94ade5db821b36d74b7b05b070f46e9a Mon Sep 17 00:00:00 2001 From: ildyria Date: Thu, 1 May 2025 20:08:45 +0200 Subject: [PATCH 2/5] typo --- docs/releases.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/releases.md b/docs/releases.md index db652c5..c8d604d 100644 --- a/docs/releases.md +++ b/docs/releases.md @@ -61,7 +61,7 @@ Now moving on from this 45 000 lines of code removal, we also simplified the way > Remove the symbolic link functionality, this features provide a more modern and secure way to share photos links. * `fixes` #3289 : Fixes sharing access rights. by @ildyria. > When trying to share multiple albums with multiple users, all the accessible albums could be selected even though the user - > we not allowed to edit them. We now only list the albums that are owned by the user. + > was not allowed to edit them. We now only list the albums that are owned by the user. #### New Contributors From 1f67ec49237abe25b4d8723653b390b62b9d5ba3 Mon Sep 17 00:00:00 2001 From: ildyria Date: Thu, 1 May 2025 20:15:12 +0200 Subject: [PATCH 3/5] typo --- docs/releases.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/releases.md b/docs/releases.md index c8d604d..68dab99 100644 --- a/docs/releases.md +++ b/docs/releases.md @@ -46,19 +46,19 @@ This fallback process has been extremely useful to us when we deployed the versi One may wonder why we decided to do this change, and to that there are two big reasons: - We no longer will need to maintain a legacy compatibility. Cleaning old code bases is part of the life cycle of a project, and we are now at the point where we can do this. The second reason is that we are planning to refactor the way images are attached to albums. -- We decided to go in the direction of a many-to-many relationship. In layman terms, this means that a photo can be in multiple albums at the same time. This behaviour is not compatible with the API v1 definitions. This relationship change is going to have significant impact on the way photos access rights are handled, but we are confident this will also enable to provide more interesting features in the future. +- We decided to go in the direction of a many-to-many relationship. In layman terms, this means that a photo can be in multiple albums at the same time. This behaviour is not compatible with the API v1 definitions. This relationship change is going to have significant impact on the way photos access rights are handled, but we are confident this will also enable us to provide more interesting features in the future. Now moving on from this 45 000 lines of code removal, we also simplified the way photos are shared. In the past in order to avoid hot-links we had to create symbolic links that expired. This was a bit of a hack. We now provide the option to use signed urls. This ensures that the photo is only available for a limited amount of time. Our SE users will also be happy to know that the url of the photo can also be encrypted, making sure that nobody can access the photo by guessworks. `klo` refers to *Keep the Light On*. In other words, basic software updates. * `new` #3296 : Propose revising the footer text as it could be misunderstood by @Novapixel1010. - > Small change aimed to clarify that Lychee org is not hosting the pictures but that Lychee is a software that allows user + > Small change aimed to clarify that Lychee org is not hosting the pictures but that Lychee is a software that allows users > to have their own self-hosted gallery. * `klo` #3291 : Remove legacy v4 by @ildyria. > There is no coming back... * `new` #3211 : Drop random symlinks functionality for a more streamlined system by @ildyria. - > Remove the symbolic link functionality, this features provide a more modern and secure way to share photos links. + > Remove the symbolic link functionality, this feature provides a more modern and secure way to share photos links. * `fixes` #3289 : Fixes sharing access rights. by @ildyria. > When trying to share multiple albums with multiple users, all the accessible albums could be selected even though the user > was not allowed to edit them. We now only list the albums that are owned by the user. From f510e7a84a0e869822ae5898d2a5f07efcb32889 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20Viguier?= Date: Thu, 1 May 2025 22:33:11 +0200 Subject: [PATCH 4/5] Update docs/releases.md Co-authored-by: Martin Stone <1611702+d7415@users.noreply.github.com> --- docs/releases.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/releases.md b/docs/releases.md index 68dab99..acd635a 100644 --- a/docs/releases.md +++ b/docs/releases.md @@ -45,8 +45,8 @@ This fallback process has been extremely useful to us when we deployed the versi One may wonder why we decided to do this change, and to that there are two big reasons: -- We no longer will need to maintain a legacy compatibility. Cleaning old code bases is part of the life cycle of a project, and we are now at the point where we can do this. The second reason is that we are planning to refactor the way images are attached to albums. -- We decided to go in the direction of a many-to-many relationship. In layman terms, this means that a photo can be in multiple albums at the same time. This behaviour is not compatible with the API v1 definitions. This relationship change is going to have significant impact on the way photos access rights are handled, but we are confident this will also enable us to provide more interesting features in the future. +- We no longer will need to maintain a legacy compatibility. Cleaning old code bases is part of the life cycle of a project, and we are now at the point where we can do this. +- We are planning to refactor the way images are attached to albums. We decided to go in the direction of a many-to-many relationship. In layman terms, this means that a photo can be in multiple albums at the same time. This behaviour is not compatible with the API v1 definitions. This relationship change is going to have significant impact on the way photos access rights are handled, but we are confident this will also enable us to provide more interesting features in the future. Now moving on from this 45 000 lines of code removal, we also simplified the way photos are shared. In the past in order to avoid hot-links we had to create symbolic links that expired. This was a bit of a hack. We now provide the option to use signed urls. This ensures that the photo is only available for a limited amount of time. Our SE users will also be happy to know that the url of the photo can also be encrypted, making sure that nobody can access the photo by guessworks. From 738d997d7e7988c19718eb7d2b71bc251a993cec Mon Sep 17 00:00:00 2001 From: ildyria Date: Thu, 1 May 2025 22:37:48 +0200 Subject: [PATCH 5/5] fix --- src/pages/get-supporter-edition.astro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/get-supporter-edition.astro b/src/pages/get-supporter-edition.astro index 5dae037..6ed9526 100644 --- a/src/pages/get-supporter-edition.astro +++ b/src/pages/get-supporter-edition.astro @@ -427,7 +427,7 @@ const metadata = {