Skip to content
This repository has been archived by the owner on Sep 14, 2020. It is now read-only.

0.27.4

Pre-release
Pre-release
Compare
Choose a tag to compare
@nokome nokome released this 06 Sep 20:33
· 64 commits to master since this release

This patch release improves security for the desktop application by removing the 0.27 version Node.js Stencila Host.

Windows : Stencila.Setup.0.27.4.exe
Mac OSX : Stencila-0.27.4.dmg
Linux : stencila-desktop-0.27.4-x86_64.AppImage

This is an early beta release: there are likely to be missing features and bugs. As always, we ❤️ your suggestions and 🐛 reports!

The forthcoming 0.28 releases of the stencila/node, stencila/r and stencila/py packages have improved security for their embedded HTTP servers (tighter restrictions on cross-origin HTTP requests and token based authorization by default).

With this release, users will still be able to run languages in external execution contexts e.g. R, Python, Node.js but will need to manually run a Stencila host from one of the language packages or by using the stencila/alpha Docker image. Because this version of the desktop still uses the 0.27 stencila/stencila code base, it does not send authentication cookies in requests to hosts. Thus, when using the 0.28 version language packages with this version of the desktop, users will need to turn off authorization (which is now on by default) e.g.

Rscript -e 'stencila:::run(authorization=FALSE)'