ยซ Changelog History


restic v0.8.0 Release Notes

Release Date: 2017-11-26 // over 6 years ago

  • We're very pleased to announce restic 0.8.0! restic is distributed as a standalone binary: download the correct file for your operating system and architecture, extract the file and just run it. If you run into any issues, please report them at the GitHub issue tracker or visit the forum.

    ๐Ÿš€ The binaries released with each restic version are reproducible, which means that you can easily reproduce a byte identical version from the source code for that release. Instructions on how to do that are contained in the builder repository.

    Important Changes in 0.8.0

    โฌ†๏ธ A vulnerability was found in the restic restorer, which allowed attackers in special circumstances to restore files to a location outside of the target directory. Due to the circumstances we estimate this to be a low-risk vulnerability, but urge all users to upgrade to the latest version of restic.

    ๐Ÿง Exploiting the vulnerability requires a Linux/Unix system which saves backups via restic and a Windows system which restores files from the repo. In addition, the attackers need to be able to create files with arbitrary names which are then saved to the restic repo. For example, by creating a file named "..\test.txt" (which is a perfectly legal filename on Linux) and restoring a snapshot containing this file on Windows, it would be written to the parent of the target directory.

    We'd like to thank Tyler Spivey for reporting this responsibly!
    #1445

    0๏ธโƒฃ The s3 backend used the subdir restic within a bucket if no explicit path after the bucket name was specified. Since this version, restic does not use this default path any more. If you created a repo on s3 in a bucket without specifying a path within the bucket, you need to add /restic at the end of the repository specification to access your repo: s3:s3.amazonaws.com/bucket/restic #1292 #1437

    ๐Ÿ“‡ We've added a local cache for metadata so that restic doesn't need to load all metadata (snapshots, indexes, ...) from the repo each time it starts. By default the cache is active, but there's a new global option --no-cache that can be used to disable the cache. By deafult, the cache a standard cache folder for the OS, which can be overridden with --cache-dir. The cache will automatically populate, indexes and snapshots are saved as they are loaded. #1040 #29 #738 #282 #1287

    ๐Ÿ“‡ A related change was to by default create pack files in the repo that contain either data or metadata, not both mixed together. This allows easy caching of only the metadata files. The next run of restic prune will untangle mixed files automatically. #1265

    The Google Cloud Storage backend no longer requires the service account to have the storage.buckets.get permission ("Storage Admin" role) in restic init if the bucket already exists. #1281

    โž• Added support for rate limiting through --limit-upload and --limit-download flags. #1216 #1336 #1358

    Failed backend requests are now automatically retried. #1353

    โช We've added the dump command which prints a file from a snapshot to stdout. This can e.g. be used to restore files read with backup --stdin. #510 #1346

    Small changes

    โœ… The directory structure in the fuse mount now exposes a symlink latest which points to the latest snapshot in that particular directory. #1249

    The option --compact was added to the forget command to provide the same compact view as the snapshots command. #1269

    โ†ช We've re-enabled a workaround for minio-go (the library we're using to access s3 backends), this reduces memory usage. #1256 #1267

    The sftp backend now prompts for the password if a password is necessary for login. #448 #1270

    ๐Ÿš€ The generate command has been added, which replaces the now removed commands manpage and autocomplete. This release of restic contains the most recent manpages in doc/man and the auto-completion files for bash and zsh in doc/bash-completion.sh and doc/zsh-completion.zsh #1274 #1282

    A bug was discovered in the library we're using to access Backblaze, it now reuses already established TCP connections which should be a lot faster and not cause network failures any more. #1291 #1301

    Another bug in the forget command caused prune not to be run when --prune was specified without a policy, e.g. when only snapshot IDs that should be forgotten are listed manually. This is corrected now. #1317

    ๐Ÿ–จ The check command now explicetly prints No errors were found when no errors could be found. #1319 #1303

    The fuse mount now has an ids subdirectory which contains the snapshots below their (short) IDs. #1102 #1299 #1320

    The backup command was improved, it now caches the result of excludes for a directory. #1271 #1326

    We've added the --cacert option which can be used to pass one (or more) CA certificates to restic. These are used in addition to the system CA certificates to verify HTTPS certificates (e.g. for the REST backend). #1114 #1276

    When the list of files/dirs to be saved is read from a file with --files-from, comment lines (starting with #) are now ignored. #1367 #1368