Changelog Notes - V3.0.4-beta
June 15th, 2022
Choose your favorite Node Version
With this release, we have added one of the most awaited features asked by our beta users to provide multiple node engine versions. Previously our deployer task built every dapps on node V14 engine only, breaking some of the new node libraries that need node version V16 or V12. Now users have the flexibility to choose which node version they want to build their dapp. We have given all three options - Node V12 LTS (V12.22.12), Node V14 LTS (V14.19.3) & Node V16 LTS (V16.15.1). Users are default assigned Node V14 LTS, but they can choose other versions when starting a deployment or by going to project settings. Updating the project setting will affect the CD pipeline, and the subsequent deployment will happen on the updated node version.
Users can deploy their deployment with a specific commit without going through the configuration setting process. It also checks out to that particular commit hash and deploys the changes made up to that commit. This feature again improves the experience for developers to do manual redeployment of a specific commit repeatedly. Once you redeploy a deployment, it will take the configuration of the deployment user want to redeploy and start the process.
Archive Project Success Prompt
We have done a big improvement in the upload speed of arweave deployments. Based on our benchmark of uploading the same 71 files before and after the improvement, we noticed a 1200% increase in performance. That is before it used to take 4.06mins to upload all the 71 files but with this update, we can upload the same 71 files in 20secs.
Insecure direct object references (IDOR) are access control vulnerabilities that arise when an application uses user-supplied input to access objects directly. During our beta testing program, one of the testers (Kushagra Sarathe) identified IDOR (Insecure direct object references) vulnerability in our API. With this release, we successfully fixed the IDOR vulnerability from our APIs and refactored the code for more optimized access control over other microservices.
We've shipped some bug fixes from your feedback to improve your product experience.
Here are some of the recent ones.
Bonus Concurrent Build Options - Updated the option list to 1, 2, 3, 4, …, 9, 10 from 10, 20, 30, …, 90, 100.
Invoice - We have again improved the invoice for organizations. This time we have also fixed a couple of calculation errors and shown relevant token details used for payment.
Based on one of our beta testers, we have updated the color from blue to the black of the Project site link in the dashboard to indicate that it's not a clickable link.
Fixed most of the text-overflow issues on the frontend
Fixed the background color of the deployment card for killing and canceled state.
Invite Member - Fixed the vulnerability on the Invite Member feature. Earlier, anyone with the invite link could join the organization, which could create an issue for the organization if they mistakenly exposed the invite link. But with this release, we restrict the invite link to be used by the user by checking the email address.
Concurrent Build - Fixed the bug in the calculation of concurrent build. Even if the concurrent build is 0, the system decreases the value.
Standalone Project Configuration - We found a bug in the project settings. We solved it by creating a standalone configuration for each project. Now no two different projects can reference a single configuration setting. We added a logic to set the latest deployment of the project even when the new deployment is in a Queue state.
Invite Member Rate Limiting - We have added a rate limit for each IP to 5 requests per 10 minutes on the invite member endpoint & subscribe endpoint.
Commit Comments - We have added a feature to comment on a commit with the details of deployments (link and site preview) when a user requests a deployment.
Submodule Cloning - We have added a feature to clone all the submodules inside your git repository, which can help users better manage your workspace.