0.27.4
Pre-releaseThis patch release improves security for the desktop application by removing the 0.27 version Node.js Stencila Host.
Windows : Stencila.Setup.0.27.4.exe
Mac OSX : Stencila-0.27.4.dmg
Linux : stencila-desktop-0.27.4-x86_64.AppImage
This is an early beta release: there are likely to be missing features and bugs. As always, we ❤️ your suggestions and 🐛 reports!
The forthcoming 0.28 releases of the stencila/node
, stencila/r
and stencila/py
packages have improved security for their embedded HTTP servers (tighter restrictions on cross-origin HTTP requests and token based authorization by default).
With this release, users will still be able to run languages in external execution contexts e.g. R, Python, Node.js but will need to manually run a Stencila host from one of the language packages or by using the stencila/alpha
Docker image. Because this version of the desktop still uses the 0.27 stencila/stencila
code base, it does not send authentication cookies in requests to hosts. Thus, when using the 0.28 version language packages with this version of the desktop, users will need to turn off authorization (which is now on by default) e.g.
Rscript -e 'stencila:::run(authorization=FALSE)'