TheCloud/anubis
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2025-09-08 20:29:48 -04:00
Code Issues Packages Projects Releases Wiki Activity
anubis/docs/docs/CHANGELOG.md
Fijxu 4bc00e5a65
web/js: Add LibreJS banner to Anubis JavaScript to allow LibreJS users to run the challenge (#161) 
* web/js: add project license in the JavaScript used by Anubis

This will allow LibreJS users to pass the captcha without problems
without having to whitelist anubis manually.

* Update docs/docs/CHANGELOG.md

Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Fijxu <fijxu@nadeko.net>

---------

Signed-off-by: Fijxu <fijxu@nadeko.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-03-29 23:48:12 -04:00

5.9 KiB
Raw Blame History

sidebar_position
999

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

  • Added a periodic cleanup routine for the decaymap that removes expired entries, ensuring stale data is properly pruned.
  • Added a no-store Cache-Control header to the challenge page
  • Hide the directory listings for Anubis' internal static content
  • Changed --debug-x-real-ip-default to --use-remote-address, getting the IP address from the request's socket address instead.
  • DroneBL lookups have been disabled by default
  • Static asset builds are now done on demand instead of the results being committed to source control
  • The Dockerfile has been removed as it is no longer in use
  • Developer documentation has been added to the docs site
  • Show more errors when some predictable challenge page errors happen (#150)
  • Verification page now shows hash rate and a progress bar for completion probability.
  • Added the --debug-benchmark-js flag for testing proof-of-work performance during development.
  • Use TrimSuffix instead of TrimRight on containerbuild
  • Add LibreJS banner to Anubis JavaScript to allow LibreJS users to run the challenge

v1.15.0

Zenos yae Galvus

Yes...the coming days promise to be most interesting. Most interesting.

Headline changes:

  • ed25519 signing keys for Anubis can be stored in the flag --ed25519-private-key-hex or envvar ED25519_PRIVATE_KEY_HEX; if one is not provided when Anubis starts, a new one is generated and logged
  • Add the ability to set the cookie domain with the envvar COOKIE_DOMAIN=techaro.lol for all domains under techaro.lol
  • Add the ability to set the cookie partitioned flag with the envvar COOKIE_PARTITIONED=true

Many other small changes were made, including but not limited to:

  • Fixed and clarified installation instructions
  • Introduced integration tests using Playwright
  • Refactor & Split up Anubis into cmd and lib.go
  • Fixed bot check to only apply if address range matches
  • Fix default difficulty setting that was broken in a refactor
  • Linting fixes
  • Make dark mode diff lines readable in the documentation
  • Fix CI based browser smoke test

Users running Anubis' test suite may run into issues with the integration tests on Windows hosts. This is a known issue and will be fixed at some point in the future. In the meantime, use the Windows Subsystem for Linux (WSL).

v1.14.2

Livia sas Junius: Echo 2

  • Remove default RSS reader rule as it may allow for a targeted attack against rails apps #67
  • Whitelist MojeekBot in botPolicies #47
  • botPolicies regex has been cleaned up #66

v1.14.1

Livia sas Junius: Echo 1

  • Set the X-Real-Ip header based on the contents of X-Forwarded-For #62

v1.14.0

Livia sas Junius

Fail to do as my lord commands...and I will spare him the trouble of blocking you.

  • Add explanation of what Anubis is doing to the challenge page #25

  • Administrators can now define artificially hard challenges using the "slow" algorithm:

    {
  "name": "generic-bot-catchall",
  "user_agent_regex": "(?i:bot|crawler)",
  "action": "CHALLENGE",
  "challenge": {
    "difficulty": 16,
    "report_as": 4,
    "algorithm": "slow"
  }
}

    This allows administrators to cause particularly malicious clients to use unreasonable amounts of CPU. The UI will also lie to the client about the difficulty.

  • Docker images now explicitly call docker.io/library/<thing> to increase compatibility with Podman et. al #21

  • Don't overflow the image when browser windows are small (eg. on phones) #27

  • Lower the default difficulty to 4 from 5

  • Don't duplicate work across multiple threads #36

  • Documentation has been moved to https://anubis.techaro.lol/ with sources in docs/

  • Removed several visible AI artifacts (e.g., 6 fingers) #37

  • KagiBot is allowed through the filter #44

  • Fixed hang when navigator.hardwareConcurrency is undefined

  • Support Unix domain sockets #45

  • Allow filtering by remote addresses:

    {
  "name": "qwantbot",
  "user_agent_regex": "\\+https\\:\\/\\/help\\.qwant\\.com/bot/",
  "action": "ALLOW",
  "remote_addresses": ["91.242.162.0/24"]
}

    This also works at an IP range level:

    {
  "name": "internal-network",
  "action": "ALLOW",
  "remote_addresses": ["100.64.0.0/10"]
}

1.13.0

  • Proof-of-work challenges are drastically sped up #19
  • Docker images are now built with the timestamp set to the commit timestamp
  • The README now points to TecharoHQ/anubis instead of Xe/x
  • Images are built using ko instead of docker buildx build #13

1.12.1

  • Phrasing in the <noscript> warning was replaced from its original placeholder text to something more suitable for general consumption (fd6903a).
  • Footer links on the check page now point to Techaro's brand (4ebccb1)
  • Anubis was imported from Xe/x.