v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
π§ͺ new features
#511 login with username and password (not just password) can now optionally be enabled with --usernames346515c
if you have enabled password hashing (ah-alg: argon2 or similar) then you will need to hash your passwords again after enabling usernames, hashing them as username:password:
introduce copyparty-en.py, english-only edition of copyparty-sfx.py to save space 33497e6
πΏ known issues
the copyparty.pyz in this release is english-only, and does not include the translations -- they got lost in transit while adjusting the buildscripts to make copyparty-en.py
v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
π§ͺ new features
#265 uid/gid for new files can be configured per-volume f195998
v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
π§ͺ new features
#201 add support for reflink-based dedup on cow filesystems df9feab
combine --dedup with --reflink to enable, or volflags with same name
a better and safer alternative to the other dedup approaches (symlink/hardlink), but only possible to use in some cases:
needs linux 5.3 or newer, python 3.14 or newer, btrfs/xfs/zfs
not available in the docker images yet; needs a new version of python, so maybe next alpine release (november/december 2025)
ratelimit password changes to impede bruteforcing a2601fd
limit is set by --ban-pwc (default is 5 changes in 60min)
there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)
β οΈ ATTN: this release fixes an XSS vulnerability
GHSA-9q4r-x2hj-jmvr, exploitable in two different ways, could let an attacker execute arbitrary javascript on other users:
either: tricking someone into clicking a malicious URL to load and execute javascript
or: uploading a malicious audio file to the server, affecting any successive visitors
so, with new and curious eyes on the project, we are starting off with a bang. Huge thanks to @altperfect for finding and reporting this earlier today.
v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
π§ͺ new features
#214 option to stop playback after one song, and/or at end of folder 6bb27e6
v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
π§ͺ new features
#181 the default chmod (unix-permissions) of new files and folders can now be changed 9921c43
--chmod-d or volflag chmod_d sets directory permissions; default is 755
--chmod-f or volflag chmod_f sets file permissions; default is usually 644 (OS-defined)
If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8
Tip
There is a new experimental docker image, which is much faster. See this post for more info.
Tip
You can help to translate Part-DB to other languages. See this post for more info.
Bug fixes
Fixed a potential denial of service issue related to user avatars (thanks to @NaklehZeidan21)
Added TypeScript support for services within the extension context (#25368)
The services exposed to API extensions using TypeScript are now fully typed instead of any, which may cause new type errors when building extensions.
Arguments of service methods are now strictly typed, which can result in type errors for broader types that would not error before:
The ItemsService constructor now expects the collection name to be a string and will error on string | undefined (or other unions).
Similarly, functions like service.readOne()/service.readMany() now expect string | number for their primary keys and will error for nullable types
As a workaround, casting the services back to any will result in the original behavior. However, it is recommended to resolve the type errors instead.
@directus/extensions-sdk
Added TypeScript support for services within the extension context (#25368 by @that1matt)
[PepperBridgeAbstract, DealabsBridge, HotUKDealsBridge, MydealsBridge] Adapt RSS bridge to website content update; remove country of origin due to missing data by @sysadminstory in #4634
[BlueskyBridge] Fix cases for missing reply post context and QoL fix for video loading by @mruac in #4635
[Fix] OpenWrt agent install script by @evrial in #1005
[Feature] Move name copy to Action Dialog by @svenvg93 in #1010
Note
The agent must be run as administrator to access sensors through LibreHardwareMonitorLib, just as when running LibreHardwareMonitor directly. I'll update the docs this weekend with more details and instructions for configuring this with NSSM.
Exclude database-only tables from snapshots (#25271)
Snapshots now exclude tables not tracked in directus_collections (database-only tables).
Source Version
Target Version
Behavior
Impact
< 11.10.0
β₯ 11.10.0
Database-only tables from source will be created on target
β οΈ Tables added
β₯ 11.10.0
< 11.10.0
Database-only tables will be dropped from target
π¨ Data loss risk
β₯ 11.10.0
β₯ 11.10.0
Database-only tables are ignored in snapshots
β No changes
< 11.10.0
< 11.10.0
Database-only tables may be created or dropped
β οΈ Depends on the diff between source/target
Please review your snapshot workflows to ensure these changes will not result in unexpected behaviour.
@directus/api
Fixed replacing process.env.NODE_ENV on backend extensions (#25180 by @Nitwel)
Exclude database-only tables from snapshots (#25271 by @Nitwel)
@directus/extensions-sdk
Upgraded all dependencies of @directus/extensions-sdk to the latest major versions of Rollup and Vite, and resolved several false-positive security reports. (#25486 by @rijkvanzanten) β οΈ This change also raises the minimum supported Node.js version to 20.19.0.
Fixed replacing process.env.NODE_ENV on backend extensions (#25180 by @Nitwel)
This is a beta release. Please make a hub backup before upgrading.
Version 0.12.0 adds the ability for agents to initiate an outgoing connection to the hub.
It also introduces universal tokens, which can be used to register systems without needing to add them manually in the hub. It also allows you to deploy multiple agents with the same configuration, which should make cluster deployments easier.
Please report issues or provide feedback in #951. Thanks!
Upgrading
Docker: Switch to the :edge tag.
Other: This is the first beta release so I'm not sure how the different package managers handle it. To run manually, download the new binary, replace the old one, then add the new env vars and restart the service. I'm working on updating the install scripts and will look further into the package manager situation tomorrow.
Details
The WebSocket connection works in tandem with the agent's existing SSH server. If the agent connects successfully via WebSocket it will stop the SSH server. Likewise, if the agent connects via SSH it will stop attempting to connect via WebSocket.
Note: Don't add the HUB_URL env var to an agent that connects to multiple hubs. This isn't supported yet with WebSocket. Otherwise everything should be fully backwards compatible.
The agent gets two new environment variables:
HUB_URL: The URL of the hub.
TOKEN: The token associated with the system, provided in the hub.
You can copy these values for existing systems in the hub at /settings/tokens.
WebSocket authentication
We use a mutual authentication handshake that ensures both parties are trusted before any data is exchanged. Let me know if you have ideas for improvement.
Initial connection and token verification: The agent initiates a WebSocket connection to the hub. It includes a unique registration token as an HTTP header during the upgrade request. The hub verifies that the token is associated with an existing system before upgrading the connection.
Hub challenge: To prove its identity to the agent, the hub signs the token using its private key and sends the signature back to the agent. The agent verifies the signature using its public key.
Fingerprint authentication: After verifying the hub, the agent responds by sending its fingerprint. This fingerprint is a secure hash of unique identifiers, locking the agent's registration to the machine it's running on. The hub verifies the received fingerprint against the one stored for the system. If they match, the connection is authorized.
Log in
