This release fixes a vulnerability where Syncthing and the relay server can crash due to malformed relay protocol messages (CVE-2021-21404); see Crash due to malformed relay protocol message · Advisory · syncthing/syncthing · GitHub.
This release updates the CLI to use subcommands and adds the subcommands
cli (previously standalone
stcli utility) and
decrypt (for offline
verifying and decrypting encrypted folders).
With this release we invite everyone to test the “untrusted (encrypted) devices” feature. You should not use it yet on important production data. Thus UI controls are hidden behind a feature flag. For more information, visit:
- #7198: Removing a folder and re-adding it again (untrusted) makes it not sync until restart
- #7385: infinite filesystem recursion due to missing file id
- #7419: panic “Snapshot(): database is closed” on start after wiping database
- #7429: “Ignore Patterns” tab disappears after visiting “Folder Defaults”
- #7434: Non-DNS-like computer name fails creation of HTTPS certificate
- #7451: strelaysrv v1.14.0 failing to load
- #7466: Receive-encrypted fails after a while: file with empty block list
- #7469: .stignore should be ignored in Receive Encrypted folders
- #7474: Device tries to push ignored files to a remote device in a 3-device setup
- #7481: Versioning help strings are not displayed in the GUI
- #7509: Sharing the first folder to an untrusted device on an established connection sends plain-text
- #6566: Ship stcli in main package
- #7457: Remove sub-second precision from the REST API rest/stats/device.
- #7514: Increase default strelaysrv network buffer size