d3d6c702ed
Replace unsafe string interpolation in aria2 RPC JSON construction with jq --arg for proper escaping. Add magnet URL format validation to reject arbitrary input. Refactor detect-client.sh JSON output to use jq. Add CI security check to prevent regression. Resolves VirusTotal "Suspicious" classification caused by the shell injection vulnerability in add-torrent.sh.
31 lines
1.4 KiB
Markdown
31 lines
1.4 KiB
Markdown
# Changelog
|
||
|
||
All notable changes to this project will be documented in this file.
|
||
|
||
## [0.1.16] - 2026-02-14
|
||
|
||
### Security
|
||
|
||
- Fix shell injection vulnerability in aria2 RPC JSON construction (add-torrent.sh)
|
||
- Add magnet URL format validation before passing to torrent clients
|
||
- Replace shell string interpolation with `jq --arg` for safe JSON construction
|
||
- Refactor detect-client.sh JSON output to use `jq` instead of heredoc interpolation
|
||
- Add CI security pattern check to prevent unsafe curl payload regression
|
||
|
||
## [0.1.13] - 2026-02-13
|
||
|
||
### Features
|
||
|
||
- Search movies and TV shows across 30+ torrent sources
|
||
- Filter by quality (480p–2160p), genre, year, rating, language, season/episode
|
||
- HDR and Dolby Vision filtering (hdr10, dolby_vision, hdr10plus, hlg)
|
||
- Audio codec filtering (AAC, FLAC, Opus, Atmos)
|
||
- API key authentication with tiered rate limits (anonymous, free, pro)
|
||
- Quality scoring (0–100) based on resolution, codec, seeders, source trust
|
||
- Multi-language support (11 languages with accent-insensitive search)
|
||
- TMDB metadata enrichment: posters, backdrops, genres, cast, director credits
|
||
- Detect installed torrent clients (Transmission, aria2)
|
||
- Add magnet links directly to torrent clients
|
||
- Download .torrent files or copy magnet links
|
||
- OS-specific installation guides for torrent clients (Linux, macOS, Windows/WSL)
|
||
- MCP server alternative for Claude Desktop, Cursor, and Windsurf
|