A maintenance-focused release
Version 1.29.0 of tarteaucitron is a maintenance release. It does not change the overall behavior of the script, but fixes several issues identified over the past weeks, including a security fix.
This kind of release is less visible, but just as important for the long-term stability of the project.
A security fix
The main point of this release is a security issue identified on January. It involved a potential ReDoS (Regular Expression Denial of Service).
The issue was reported by an ethical hacker (Yassine Damiri) who took the time to analyze the code, document the risky behavior, and help propose a fix. This made it possible to apply the correction quickly.
These kinds of reports are extremely valuable. They help improve the project in a calm and constructive way.
Impact for users
For users of the pro version, no action is required. Since the script is loaded from my CDN, the update has already been applied.
For the open-source version, updating the library is recommended to benefit from the fix. There is no immediate urgency, but staying up to date is always a good practice.
Service fixes
This release also includes fixes for some services, following user feedback. These changes address specific cases and aim to keep behavior aligned with third-party services.
As is often the case, these fixes are driven by real-world usage rather than theoretical considerations.
A shared open-source and pro codebase
The open-source and pro versions share the same codebase. Fixes therefore benefit both, with different deployment mechanisms.
This approach helps maintain consistency while simplifying maintenance for professional users.
Thanks
A special thanks to people who take the time to analyze open-source projects and report issues responsibly. This often invisible work is essential to the ecosystem 🙂
