Gotify Server Versions Save

• Add "last used" time to clients and applications (#400 via #582 by @eternal-flame-AD)
• Update to go 1.21.1 & update dependencies

• Add default priority for applications (#312 via #578 by @chrispruitt)

• (this is only relevant if you package gotify yourself, or are a package maintainer): Change static file embedding. Gotify now uses go:embed, so you'll need to remove the make embed-static or go run hack/packr/packr.go when building gotify/server. by @eternal-flame-AD

• Add copy application/client secret button
• Suppress /health logging from 127.0.0.1 in logs
• Disallow specifying the client id when creating a new client
• Change time format in logs
• Add endpoint to delete an application image

Fix swagger-ui style

• Update swagger (Fix XSS in swagger-ui) -> GHSA-3244-8mff-w398
• Unify display of app icon

This release is an addition to the previous release, it prevents the XSS if it was already exploited. The previous release prevented uploading new malicious files, and this release will prevent opening the malicious files if they already exist.

Fix an XSS vulnerability in the application file upload. It allowed authenticated users to upload .html files. With that, an attacker could execute client side scripts if another user opened a link such as: (#534)

https://push.gotify.net/image/ViaxrjzNowdgL-xnEfVV-Ggv5.html

• Add delete all messages confirmation dialog
• Add priority colors to messages
• Add linux/riscv64 support
• Add authorization bearer token auth method
• Fix redirect to https with default http port

Re-release of version 2.1.6 with lower glibc requirements (>=2.28) for pre-built binaries.

• Update to go1.19
• Update backend dependencies
• Prevent setting id while inserting / updating applications

Running the pre-built binaries from this release requires glibc >= 2.31.