Merge branch 'develop' into feature/new-hub-keyloading

# Conflicts:
#	src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java

.github/dependabot.yml

@@ -0,0 +1,24 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "UTC"
+    groups:
+      all: # one PR for all dependencies
+        patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/" # even for `.github/workflows`
+    schedule:
+      interval: "monthly"
+    groups:
+      all: # one PR for all actions
+        patterns:
+          - "*"
+    labels:
+      - "misc:ci"

.github/workflows/mac-dmg.yml

@@ -8,6 +8,11 @@ on:
       version:
         description: 'Version'
         required: false
+      notarize:
+        description: 'Notarize'
+        required: true
+        default: false
+        type: boolean
 
 env:
   JAVA_VERSION: 20
@@ -222,7 +227,7 @@ jobs:
         env:
           VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
       - name: Notarize .dmg
-        if: startsWith(github.ref, 'refs/tags/')
+        if: startsWith(github.ref, 'refs/tags/') || inputs.notarize
         uses: cocoalibs/xcode-notarization-action@v1
         with:
           app-path: 'Cryptomator-*.dmg'

.github/workflows/release-check.yml

@@ -18,7 +18,7 @@ jobs:
     name: Validate commits pushed to release/hotfix branch to fulfill release requirements
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - id: validate-pom-version
         name: Validate POM version
         run: |

.github/workflows/win-exe.yml

@@ -359,7 +359,7 @@ jobs:
           cp msi/*.msi files
           cp exe/*.exe files
       - name: Upload to Kaspersky
-        uses: SamKirkland/FTP-Deploy-Action@4.3.3
+        uses: SamKirkland/FTP-Deploy-Action@v4.3.4
         with:
           protocol: ftps
           server: allowlist.kaspersky-labs.com
@@ -368,7 +368,7 @@ jobs:
           password: ${{ secrets.ALLOWLIST_KASPERSKY_PASSWORD }}
           local-dir: files/
       - name: Upload to Avast
-        uses: SamKirkland/FTP-Deploy-Action@4.3.0
+        uses: SamKirkland/FTP-Deploy-Action@v4.3.4
         with:
           protocol: ftp
           server: whitelisting.avast.com

dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml

@@ -66,6 +66,7 @@
 	</content_rating>
 
 	<releases>
+		<release date="2023-08-07" version="1.9.3"/>
 		<release date="2023-07-24" version="1.9.2"/>
 		<release date="2023-06-07" version="1.9.1"/>
 		<release date="2023-05-30" version="1.9.0"/>

dist/win/build.bat

@@ -11,7 +11,7 @@ SET HELP_URL="https://cryptomator.org/contact/"
 SET MODULE_AND_MAIN_CLASS="org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator"
 SET LOOPBACK_ALIAS="cryptomator-vault"
 
-powershell -NoLogo -ExecutionPolicy Unrestricted -Command .\build.ps1^
+powershell -NoLogo -NoProfile -ExecutionPolicy Unrestricted -Command .\build.ps1^
  -AppName %APPNAME%^
  -MainJarGlob "%MAIN_JAR_GLOB%"^
  -ModuleAndMainClass "%MODULE_AND_MAIN_CLASS%"^

dist/win/contrib/patchWebDAV.bat

@@ -3,5 +3,5 @@
 ::REPLACE ME
 
 cd %~dp0
-powershell -NoLogo -NonInteractive -ExecutionPolicy Unrestricted -Command .\patchWebDAV.ps1^
+powershell -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command .\patchWebDAV.ps1^
  -LoopbackAlias %LOOPBACK_ALIAS%

dist/win/contrib/version170-migrate-settings.bat

@@ -2,4 +2,4 @@
 :: see comments in file ./version170-migrate-settings.ps1
 
 cd %~dp0
-powershell -NoLogo -NonInteractive -ExecutionPolicy Unrestricted -Command .\version170-migrate-settings.ps1
+powershell -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command .\version170-migrate-settings.ps1

pom.xml

@@ -35,9 +35,9 @@
 		<!-- cryptomator dependencies -->
 		<cryptomator.cryptofs.version>2.6.6</cryptomator.cryptofs.version>
 		<cryptomator.integrations.version>1.3.0</cryptomator.integrations.version>
-		<cryptomator.integrations.win.version>1.2.0</cryptomator.integrations.win.version>
+		<cryptomator.integrations.win.version>1.2.2</cryptomator.integrations.win.version>
 		<cryptomator.integrations.mac.version>1.2.0</cryptomator.integrations.mac.version>
-		<cryptomator.integrations.linux.version>1.3.0-beta5</cryptomator.integrations.linux.version>
+		<cryptomator.integrations.linux.version>1.3.0-beta6</cryptomator.integrations.linux.version>
 		<cryptomator.fuse.version>3.0.0</cryptomator.fuse.version>
 		<cryptomator.dokany.version>2.0.0</cryptomator.dokany.version>
 		<cryptomator.webdav.version>2.0.3</cryptomator.webdav.version>

src/main/java/org/cryptomator/common/locationpresets/OneDriveWindowsLocationPresetsProvider.java

@@ -83,8 +83,8 @@ public final class OneDriveWindowsLocationPresetsProvider implements LocationPre
 			throw new TimeoutException(cmdDescription + " timed out after " + timeoutSeconds + "s");
 		}
 		if (process.exitValue() != 0) {
-			@SuppressWarnings("resource") var stdout = process.inputReader(StandardCharsets.UTF_8).lines().collect(Collectors.joining("\n"));
-			@SuppressWarnings("resource") var stderr = process.errorReader(StandardCharsets.UTF_8).lines().collect(Collectors.joining("\n"));
+			@SuppressWarnings("resource") var stdout = process.inputReader(StandardCharsets.ISO_8859_1).lines().collect(Collectors.joining("\n"));
+			@SuppressWarnings("resource") var stderr = process.errorReader(StandardCharsets.ISO_8859_1).lines().collect(Collectors.joining("\n"));
 			throw new CommandFailedException(cmdDescription, process.exitValue(), stdout, stderr);
 		}
 	}

src/main/java/org/cryptomator/ui/error/ErrorController.java

@@ -42,7 +42,7 @@ public class ErrorController implements FxController {
 
 	private static final ObjectMapper JSON = new ObjectMapper();
 	private static final Logger LOG = LoggerFactory.getLogger(ErrorController.class);
-	private static final String ERROR_CODES_URL = "https://gist.githubusercontent.com/cryptobot/accba9fb9555e7192271b85606f97230/raw/errorcodes.json";
+	private static final String ERROR_CODES_URL = "https://api.cryptomator.org/desktop/error-codes.json";
 	private static final String SEARCH_URL_FORMAT = "https://github.com/cryptomator/cryptomator/discussions/categories/errors?discussions_q=category:Errors+%s";
 	private static final String REPORT_URL_FORMAT = "https://github.com/cryptomator/cryptomator/discussions/new?category=Errors&title=Error+%s&body=%s";
 	private static final String SEARCH_ERRORCODE_DELIM = " OR ";
@@ -65,11 +65,13 @@ public class ErrorController implements FxController {
 	private final Scene previousScene;
 	private final Stage window;
 	private final Environment environment;
+	private final ExecutorService executorService;
 
 	private final BooleanProperty copiedDetails = new SimpleBooleanProperty();
 	private final ObjectProperty<ErrorDiscussion> matchingErrorDiscussion = new SimpleObjectProperty<>();
 	private final BooleanExpression errorSolutionFound = matchingErrorDiscussion.isNotNull();
 	private final BooleanProperty isLoadingHttpResponse = new SimpleBooleanProperty();
+	private final BooleanProperty askedForLookupDatabasePermission = new SimpleBooleanProperty();
 
 	@Inject
 	ErrorController(Application application, @Named("stackTrace") String stackTrace, ErrorCode errorCode, @Nullable Scene previousScene, Stage window, Environment environment, ExecutorService executorService) {
@@ -79,15 +81,7 @@ public class ErrorController implements FxController {
 		this.previousScene = previousScene;
 		this.window = window;
 		this.environment = environment;
-
-		isLoadingHttpResponse.set(true);
-		HttpClient httpClient = HttpClient.newBuilder().version(HttpClient.Version.HTTP_1_1).build();
-		HttpRequest httpRequest = HttpRequest.newBuilder()//
-				.uri(URI.create(ERROR_CODES_URL))//
-				.build();
-		httpClient.sendAsync(httpRequest, HttpResponse.BodyHandlers.ofInputStream())//
-				.thenAcceptAsync(this::loadHttpResponse, executorService)//
-				.whenCompleteAsync((r, e) -> isLoadingHttpResponse.set(false), Platform::runLater);
+		this.executorService = executorService;
 	}
 
 	@FXML
@@ -140,6 +134,24 @@ public class ErrorController implements FxController {
 		CompletableFuture.delayedExecutor(2, TimeUnit.SECONDS, Platform::runLater).execute(() -> copiedDetails.set(false));
 	}
 
+	@FXML
+	public void dismiss() {
+		askedForLookupDatabasePermission.set(true);
+	}
+
+	@FXML
+	public void lookUpSolution() {
+		isLoadingHttpResponse.set(true);
+		askedForLookupDatabasePermission.set(true);
+		HttpClient httpClient = HttpClient.newBuilder().version(HttpClient.Version.HTTP_1_1).build();
+		HttpRequest httpRequest = HttpRequest.newBuilder()//
+				.uri(URI.create(ERROR_CODES_URL))//
+				.build();
+		httpClient.sendAsync(httpRequest, HttpResponse.BodyHandlers.ofInputStream())//
+				.thenAcceptAsync(this::loadHttpResponse, executorService)//
+				.whenCompleteAsync((r, e) -> isLoadingHttpResponse.set(false), Platform::runLater);
+	}
+
 	private void loadHttpResponse(HttpResponse<InputStream> response) {
 		if (response.statusCode() != 200) {
 			LOG.error("Status code {} when trying to load {} ", response.statusCode(), response.uri());
@@ -293,4 +305,12 @@ public class ErrorController implements FxController {
 		return isLoadingHttpResponse.get();
 	}
 
+	public BooleanProperty askedForLookupDatabasePermissionProperty() {
+		return askedForLookupDatabasePermission;
+	}
+
+	public boolean getAskedForLookupDatabasePermission() {
+		return askedForLookupDatabasePermission.get();
+	}
+
 }

src/main/java/org/cryptomator/ui/fxapp/UpdateCheckerModule.java

@@ -28,7 +28,7 @@ public abstract class UpdateCheckerModule {
 
 	private static final Logger LOG = LoggerFactory.getLogger(UpdateCheckerModule.class);
 
-	private static final URI LATEST_VERSION_URI = URI.create("https://api.cryptomator.org/updates/latestVersion.json");
+	private static final URI LATEST_VERSION_URI = URI.create("https://api.cryptomator.org/desktop/latest-version.json");
 	private static final Duration UPDATE_CHECK_INTERVAL = Duration.hours(3);
 	private static final Duration DISABLED_UPDATE_CHECK_INTERVAL = Duration.hours(100000); // Duration.INDEFINITE leads to overflows...
 

src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java

@@ -102,9 +102,8 @@ public class ReceiveKeyController implements FxController {
 			switch (response.statusCode()) {
 				case 200 -> requestUserKey(response.body());
 				case 402 -> licenseExceeded();
-				case 403 -> accessNotGranted();
+				case 403, 410 -> accessNotGranted(); // or vault has been archived, effectively disallowing access - TODO: add specific dialog?
 				case 404 -> requestLegacyAccessToken();
-				case 410 -> throw new IOException("Vault has been archived."); // TODO add dialog
 				default -> throw new IOException("Unexpected response " + response.statusCode());
 			}
 		} catch (IOException e) {
@@ -188,9 +187,8 @@ public class ReceiveKeyController implements FxController {
 			switch (response.statusCode()) {
 				case 200 -> receivedLegacyAccessTokenSuccess(response.body());
 				case 402 -> licenseExceeded();
-				case 403 -> accessNotGranted();
+				case 403, 410 -> accessNotGranted(); // or vault has been archived, effectively disallowing access
 				case 404 -> needsLegacyDeviceRegistration();
-				case 410 -> throw new IOException("Vault has been archived."); // TODO add dialog
 				default -> throw new IOException("Unexpected response " + response.statusCode());
 			}
 		} catch (IOException e) {

src/main/resources/fxml/error.fxml

@@ -32,25 +32,37 @@
 			</StackPane>
 			<VBox spacing="6" HBox.hgrow="ALWAYS">
 				<FormattedLabel styleClass="label-extra-large" format="%error.message" arg1="${controller.errorCode}"/>
-				<FontAwesome5Spinner glyphSize="24" visible="${controller.isLoadingHttpResponse}" managed="${controller.isLoadingHttpResponse}"/>
-				<VBox visible="${!controller.isLoadingHttpResponse}" managed="${!controller.isLoadingHttpResponse}">
-					<Label text="%error.existingSolutionDescription" wrapText="true" visible="${controller.errorSolutionFound}" managed="${controller.errorSolutionFound}"/>
-					<Hyperlink styleClass="hyperlink-underline" text="%error.hyperlink.solution" onAction="#showSolution" contentDisplay="LEFT" visible="${controller.errorSolutionFound}" managed="${controller.errorSolutionFound}">
-						<graphic>
-							<FontAwesome5IconView glyph="LINK" glyphSize="12"/>
-						</graphic>
-					</Hyperlink>
-					<Label text="%error.description" wrapText="true" visible="${!controller.errorSolutionFound}" managed="${!controller.errorSolutionFound}"/>
-					<Hyperlink styleClass="hyperlink-underline" text="%error.hyperlink.lookup" onAction="#searchError" contentDisplay="LEFT" visible="${!controller.errorSolutionFound}" managed="${!controller.errorSolutionFound}">
-						<graphic>
-							<FontAwesome5IconView glyph="LINK" glyphSize="12"/>
-						</graphic>
-					</Hyperlink>
-					<Hyperlink styleClass="hyperlink-underline" text="%error.hyperlink.report" onAction="#reportError" contentDisplay="LEFT" visible="${!controller.errorSolutionFound}" managed="${!controller.errorSolutionFound}">
-						<graphic>
-							<FontAwesome5IconView glyph="LINK" glyphSize="12"/>
-						</graphic>
-					</Hyperlink>
+				<VBox visible="${!controller.askedForLookupDatabasePermission}" managed="${!controller.askedForLookupDatabasePermission}">
+					<Label text="%error.lookupPermissionMessage" wrapText="true"/>
+					<Region VBox.vgrow="ALWAYS" minHeight="18"/>
+					<ButtonBar buttonMinWidth="120" buttonOrder="+NY">
+						<buttons>
+							<Button text="%error.dismiss" ButtonBar.buttonData="NO" onAction="#dismiss"/>
+							<Button text="%error.lookUpSolution" ButtonBar.buttonData="YES" defaultButton="true" onAction="#lookUpSolution"/>
+						</buttons>
+					</ButtonBar>
+				</VBox>
+				<VBox visible="${controller.askedForLookupDatabasePermission}" managed="${controller.askedForLookupDatabasePermission}">
+					<FontAwesome5Spinner glyphSize="24" visible="${controller.isLoadingHttpResponse}" managed="${controller.isLoadingHttpResponse}"/>
+					<VBox visible="${!controller.isLoadingHttpResponse}" managed="${!controller.isLoadingHttpResponse}">
+						<Label text="%error.existingSolutionDescription" wrapText="true" visible="${controller.errorSolutionFound}" managed="${controller.errorSolutionFound}"/>
+						<Hyperlink styleClass="hyperlink-underline" text="%error.hyperlink.solution" onAction="#showSolution" contentDisplay="LEFT" visible="${controller.errorSolutionFound}" managed="${controller.errorSolutionFound}">
+							<graphic>
+								<FontAwesome5IconView glyph="LINK" glyphSize="12"/>
+							</graphic>
+						</Hyperlink>
+						<Label text="%error.description" wrapText="true" visible="${!controller.errorSolutionFound}" managed="${!controller.errorSolutionFound}"/>
+						<Hyperlink styleClass="hyperlink-underline" text="%error.hyperlink.lookup" onAction="#searchError" contentDisplay="LEFT" visible="${!controller.errorSolutionFound}" managed="${!controller.errorSolutionFound}">
+							<graphic>
+								<FontAwesome5IconView glyph="LINK" glyphSize="12"/>
+							</graphic>
+						</Hyperlink>
+						<Hyperlink styleClass="hyperlink-underline" text="%error.hyperlink.report" onAction="#reportError" contentDisplay="LEFT" visible="${!controller.errorSolutionFound}" managed="${!controller.errorSolutionFound}">
+							<graphic>
+								<FontAwesome5IconView glyph="LINK" glyphSize="12"/>
+							</graphic>
+						</Hyperlink>
+					</VBox>
 				</VBox>
 			</VBox>
 		</HBox>

src/main/resources/i18n/strings.properties

@@ -23,7 +23,9 @@ error.hyperlink.report=Report this error
 error.technicalDetails=Details:
 error.existingSolutionDescription=Cryptomator didn't expect this to happen. But we found an existing solution for this error. Please take a look at the following link.
 error.hyperlink.solution=Look up the solution
-
+error.lookupPermissionMessage=Cryptomator can look up a solution for this problem online. This will send a request to our problem database from your IP address.
+error.dismiss=Dismiss
+error.lookUpSolution=Look up Solution
 
 # Defaults
 defaults.vault.vaultName=Vault

suppression.xml

@@ -63,4 +63,11 @@
 		<cve>CVE-2023-35116</cve>
 	</suppress>
 
+	<suppress>
+		<notes><![CDATA[
+		False positive for jackrabbit-webdav-2.21.15.jar. This component is not affected, see https://lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw
+   ]]></notes>
+		<packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/jackrabbit\-webdav@.*$</packageUrl>
+		<cve>CVE-2023-37895</cve>
+	</suppress>
 </suppressions>