This file describes changes relevant to all users that are made in each released version of restic from the perspective of the user.
The following abbreviations are used in the summary:
- Sec: Security related fix
- Bug: Non-security related fix
- Enh: New feature or other type of enhancement
- Chg: Other type of change, not related to security or adding a new feature
- Sec #1445: Fix low risk restore-outside-target-dir attack on Linux/Unix (Tyler Spivey, fd0)
- Enh #1040: Add local metadata cache, for faster operation and less bandwidth (fd0)
- Enh #1216: Add support for rate limiting (fd0)
- Enh #510: Add
dump
command for restoring a file directly to stdout (fd0) - Chg #1292: Remove default
/restic
subdir for s3 buckets (fd0) - Chg #1265: Make pack files contain either data or metadata, not both (fd0)
- Chg #1281: Make GCS backend not require
storage.buckets.get
for existing bucket (fd0) - Chg #1353: Automatically retry failed backend requests (fd0)
- Bug #1291: Make B2 backend reuse TCP connections, improving speed and reliability (mrzv, fd0)
- Bug #1317: Fix bug in
forget
command causing--prune
not to trigger without a policy (fd0) - Enh #1249: Add
latest
symlink in fuse mount, pointing to latest snapshot in dir (fd0) - Enh #1269: Add
--compact
option toforget
command, like insnapshots
command (fd0) - Enh #448: Make sftp backend prompt for password when needed (fd0)
- Enh #1102: Add
ids
subdir in fuse mount, listing short snapshots and their contents by short ID (fd0) - Enh #1114: Add
--cacert
option, supporting complementary CA certificates, e.g. for REST backend (fd0) - Enh #1367: Ignore comment lines (starting with #) when reading files using
--files-from
(fd0) - Chg #1256: Reduce memory usage by re-enabling workaround in s3 backend library (fd0)
- Chg #1274: Add
generate
command, replacingmanpage
andautocomplete
commands (fd0) - Chg #1319: Make
check
command printNo errors were found
when appropriate (antonlindstrom) - Chg #1271: Make
backup
command cache excludes, improving performance and reducing disk I/O (fd0)
-
Sec #1445: A vulnerability was found in the restic restorer, which allowed attackers in special circumstances to restore files to a location outside of the target directory. Due to the circumstances we estimate this to be a low-risk vulnerability, but urge all users to upgrade to the latest version of restic.
Exploiting the vulnerability requires a Linux/Unix system which saves backups via restic and a Windows systems which restores files from the repo. In addition, the attackers need to be able to create create files with arbitrary names which are then saved to the restic repo. For example, by creating a file named "..\test.txt" (which is a perfectly legal filename on Linux) and restoring a snapshot containing this file on Windows, it would be written to the parent of the target directory.
We'd like to thank Tyler Spivey for reporting this responsibly!
-
Enh #1040: We've added a local cache for metadata so that restic doesn't need to load all metadata (snapshots, indexes, ...) from the repo each time it starts. By default the cache is active, but there's a new global option
--no-cache
that can be used to disable the cache. By deafult, the cache a standard cache folder for the OS, which can be overridden with--cache-dir
. The cache will automatically populate, indexes and snapshots are saved as they are loaded. Cache directories for repos that haven't been used recently can automatically be removed by restic with the--cleanup-cache
option. restic/restic#1040 restic/restic#29 restic/restic#738 restic/restic#282 restic/restic#1287 restic/restic#1436 -
Enh #1216: Added support for rate limiting through
--limit-upload
and--limit-download
flags. restic/restic#1216 restic/restic#1336 restic/restic#1358 -
Enh #510: We've added the
dump
command which prints a file from a snapshot to stdout. This can e.g. be used to restore files read withbackup --stdin
. restic/restic#510 restic/restic#1346 -
Chg #1292: The s3 backend used the subdir
restic
within a bucket if no explicit path after the bucket name was specified. Since this version, restic does not use this default path any more. If you created a repo on s3 in a bucket without specifying a path within the bucket, you need to add/restic
at the end of the repository specification to access your repo:s3:s3.amazonaws.com/bucket/restic
restic/restic#1292 restic/restic#1437 -
Chg #1265: A related change was to by default create pack files in the repo that contain either data or metadata, not both mixed together. This allows easy caching of only the metadata files. The next run of
restic prune
will untangle mixed files automatically. restic/restic#1265 -
Chg #1281: The Google Cloud Storage backend no longer requires the service account to have the
storage.buckets.get
permission ("Storage Admin" role) inrestic init
if the bucket already exists. restic/restic#1281 -
Chg #1353: Failed backend requests are now automatically retried. restic/restic#1353
-
Bug #1291: A bug was discovered in the library we're using to access Backblaze, it now reuses already established TCP connections which should be a lot faster and not cause network failures any more. restic/restic#1291 restic/restic#1301
-
Bug #1317: Another bug in the
forget
command causedprune
not to be run when--prune
was specified without a policy, e.g. when only snapshot IDs that should be forgotten are listed manually. This is corrected now. restic/restic#1317 -
Enh #1249: The directory structure in the fuse mount now exposes a symlink
latest
which points to the latest snapshot in that particular directory. restic/restic#1249 -
Enh #1269: The option
--compact
was added to theforget
command to provide the same compact view as thesnapshots
command. restic/restic#1269 -
Enh #448: The sftp backend now prompts for the password if a password is necessary for login. restic/restic#448 restic/restic#1270
-
Enh #1102: The fuse mount now has an
ids
subdirectory which contains the snapshots below their (short) IDs. restic/restic#1102 restic/restic#1299 restic/restic#1320 -
Enh #1114: We've added the
--cacert
option which can be used to pass one (or more) CA certificates to restic. These are used in addition to the system CA certificates to verify HTTPS certificates (e.g. for the REST backend). restic/restic#1114 restic/restic#1276 -
Enh #1367: When the list of files/dirs to be saved is read from a file with
--files-from
, comment lines (starting with#
) are now ignored. restic/restic#1367 restic/restic#1368 -
Chg #1256: We've re-enabled a workaround for
minio-go
(the library we're using to access s3 backends), this reduces memory usage. restic/restic#1256 restic/restic#1267 -
Chg #1274: The
generate
command has been added, which replaces the now removed commandsmanpage
andautocomplete
. This release of restic contains the most recent manpages indoc/man
and the auto-completion files for bash and zsh indoc/bash-completion.sh
anddoc/zsh-completion.zsh
restic/restic#1274 restic/restic#1282 -
Chg #1319: The
check
command now explicetly printsNo errors were found
when no errors could be found. restic/restic#1319 restic/restic#1303 -
Chg #1271: The
backup
command was improved, it now caches the result of excludes for a directory. restic/restic#1271 restic/restic#1326