Change developer_name
Fixed flatpak metainfo
Import
I will not continue development of Lanchat after 2.10 release. Any bugs or security issues will not be fixed. Please consider using alternatives.
Lanchat is app and library for communication in P2P manner.
Initially designed for use in LAN networks also can works over internet (if you have public address and port forwarded). Main purpose of Lanchat is messaging but Lanchat.Core library is extendable.
Node.js version of Lanchat has multiple vulnerabilities according to npm audit. It also tries to download package.json (updates checking) from repository that I no longer have access to. Same goes for built-in plugins manager.
Previous versions has security bug. With a modified client is possible to send a file that will be saved outside of downloads directory. For example:
../test.test and accepts file that should go into ~/Downloads/test.~/test instead.Existing files cannot be overwritten this way. If file with specified name already exists new file with name like test(1), test(2) etc will be created.
Lanchat uses combination of RSA public key and AES encryption. Lanchat saves public key of connected users and compare them in next connections. Keys are assigned to IP address. Thanks to that the possibility of a man in the middle attack is somewhat limited.
On first connection you should compare fingerprints by yourself
If public key was changed Lanchat will give error message on each connection. If you are sure the keys are correct (for example ip address is used by more than one user) you should remove corresponding PEM file in Lanchat config directory.
Messages and transferred files are encrypted. Other data, like nicknames or status changes, is sent in plain JSON format.