by hrj on

A new version of gngr is available (version 0.1.0) with an important security fix and a major improvement to CSS layout. We strongly recommend an update. The release is available from the download page.

Changes

Fix for file:// vulnerability

In v0.0.0 it was possible for a website to access the contents of the gngr user's profile directory (~/.gngr/default) through file:// URLs. No other directories/files were accessible.

Since the profile directory contains the cookie database, this is a critical vulnerability!

To mitigate, we have disabled all protocols except `http`, `https` and `data`.

Support for the `display:inline-block` CSS rule

gngr learnt to layout inline-blocks which are widely-used.