chore(release): prepare for v0.6.0

CHANGELOG.md

@@ -4,6 +4,24 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.6.0] - 2021-11-07
+### Added
+- Support pasting files from remote URLs (via `remote=` form field)
+  - `{server.max_content_length}` is used for download limit
+  - See [README.md#paste-file-from-remote-url](https://github.com/orhun/rustypaste#paste-file-from-remote-url)
+
+- Hot reload configuration file to apply configuration changes instantly without restarting the server
+
+### Changed
+- Library: Switch to Rust 2021 edition
+
+### Security
+- Prevent serving an already expired file
+
+In the previous versions, it was possible to view an expired file by using the correct extension (timestamp). e.g. `paste.com/expired_file.txt.1630094518049` will serve the file normally although `paste.com/expired_file.txt` says that it is expired. This version fixes this vulnerability by regex-checking the requested file's extension.
+
+reference: [f078a9afa74f8608ee3f2a6e705159df15915c78](https://github.com/orhun/rustypaste/commit/f078a9afa74f8608ee3f2a6e705159df15915c78)
+
 ## [0.5.0] - 2021-10-12
 ### Added
 - Added an entry in the configuration file to disable "duplicate uploads":

Cargo.lock

@@ -1658,7 +1658,7 @@ dependencies = [
 
 [[package]]
 name = "rustypaste"
-version = "0.5.0"
+version = "0.6.0"
 dependencies = [
  "actix-files",
  "actix-multipart",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rustypaste"
-version = "0.5.0"
+version = "0.6.0"
 edition = "2021"
 description = "A minimal file upload/pastebin service"
 authors = ["Orhun Parmaksız <orhunparmaksiz@gmail.com>"]