Campfire Changelog

• Sanitize OpenGraph content to prevent XSS attacks.
• Improve system font stack on Windows.
• Improve appearance and behavior of scroll bars on Windows.
• Prevent signature verification errors with @mentions when restoring backups between different devices.
• Isolate message rendering failures to ensure a problematic message does not prevent the rest of the room from rendering.
• Fix a bug where the share button links use “example.com” instead of the application’s domain.
• Accessibility improvements.
• Ensure syntax highlighting is not lost when a message is edited.
• Validate content type of OpenGraph images before rendering.
• Disallow image tags in message body in order to guard against malicious image payloads.
• Fix an issue where the sidebar tools is blurred in Safari 17.3.

Features & changes:

• Add automatic syntax highlighting for code blocks.
• Add an up-arrow shortcut to edit your last message.
• Bot API: include room and message paths in webhook payload.
• Accessibility improvements.
• Use Thruster gem, rather than vendored version.
• Add smaller logo variant in application manifest.

Bugfixes:

• Ensure attachment filename is properly escaped when displayed during upload.
• Ensure only a single connection refresh timer runs at a time.
• Fix issue where opening the app would not reliably return to the last visited room.
• Guard against DNS rebind attacks when creating link previews.
• Use unguessable tokens in avatar URLs to prevent discovery via enumeration.
• Ensure messages scroll fully into view when editing in Chrome.
• Don’t broadcast room updates to users who aren’t members of the room.

Fix confusing iconography in flash messages.

• Add the Chat Bot API: you can now create chat bots for your Campfire instance using a simple HTTP API for sending and receiving messages and attachments.
• Add Custom CSS: you can now enter your own CSS styles to modify the appearance of your Campfire instance.
• Add a warning style to messages that fail to send due to network or server errors.
• Improve accessibility of alert messages.
• Improve appearance and handling of messages with link previews.
• Order search results by recency.
• Improve appearance of @mentions in messages.
• Ensure users who are removed from a room are disconnected from it immediately.
• Ensure starting a Ping with someone moves their avatar to the front of the list.
• Fix an issue where attempting to change a password on Safari caused the form to submit unexpectedly.
• Fix an issue where Campfire join URLs displayed incorrectly in Apple Messages.
• Add a copy permalink button to the message action menu.
• Add download and share buttons to non-image attachments.

• Improve handling and appearance of link previews in chat messages.
• Fix an issue where replying to a message may cause a “Content missing” error to be displayed.
• Restrict autocomplete responses to the rooms each user has access to.
• Refine behaviour of message actions menu.
• Upgrade Trix editor for better handling of autocorrected text.

• Improve design for message actions popup menu.
• Improve mobile chat layout.
• Improve design for link previews to display longer excerpts and larger images.
• Gracefully handle exceptions when generating embedded link previews. Fixes a crash when generating previews for links with invalid OpenGraph metadata.

Escape name in autocomplete user response. Fixes an XSS vulnerability in Campfire’s autocomplete handler.

Campfire goes live.