Changelog

Bug fixes

• 0fcd048: fix: device cards not updating (@seriousm4x)

Others

• 7ab8170: remove log (@seriousm4x)

Changelog

Features

• 954c964: feat: Add i18n vi-VN (#1324) (@flashvnn)

Bug fixes

• 8afe2f1: fix: change device.link to string (@seriousm4x)
• 2aef980: fix: search not working, close #1325 (@seriousm4x)

Others

• c9e9248: add vi-VN (@seriousm4x)

Go dependencies

• d028e2d: go-dep: bump github.com/pocketbase/pocketbase in /backend (@dependabot[bot])

What's Changed

• Add battery charge monitoring.
• [Chore] Improve auto update mechanism by @svenvg93 in #1009
• Add fallback mirror to the update commands. (#1035)
• Fix blank token field in insecure contexts.
• Allow opening internal router links in new tab.
• Add /api/beszel/user-alerts endpoint. Remove use of batch API for alerts in hub.
• Update Go and JS dependencies.
• New translations by @Radotornado, @AlexVanSteenhoven, @harupong, @dymek37, @NaNomicon, Tommaso Cavazza, Caio Garcia, and others.

Full Changelog: v0.12.3...v0.12.4

Changelog

Features

• 7ef8ba6: feat: Add Bulgarian language (#1319) (@grivanov)

Npm dependencies

• 9205590: npm-dep: bump @sveltejs/kit from 2.34.0 to 2.36.1 in /frontend (@dependabot[bot])
• bb8a854: npm-dep: update (@seriousm4x)

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #328 run copyparty on iPhones; see install on iOS in the readme ca98d54
  • cannot run in the background, doesn't have full access to your files, and is slightly buggy, but it works
  • running on android gives you a much better experience
• save the qr-code to a file (txt/svg/png) 202ddea

🩹 bugfixes

• #661 fix incorrect rproxy hint in the logs 6c76614
• #649 fix js-crash when tapping in the exactly correct place (thx @hahaslav for debugging!) 0de07d8
• #628 ftpd: fix banning IPv6 clients 6d76254

🔧 other changes

• #296 nixos: support non-flake setups (thx @Sorixelle!) 20ef74c 3259367
• config-parser catches and explains a few more common mistakes cc65b1b
• docs:
  • #490, #199: readme: confirm that combining copyparty and syncthing is safe c51371c
  • #377 improved authelia docker example (thx @xFuture603!) cd8771f
  • mention the homebrew formulae f9cb2c1
  • #651 versus.md: fix hfs3 comparison (thx @rejetto!) 7a4973f

⚠️ not the latest version!

Changelog

Features

• 37b219b: feat: Add i18n Ukrainian (#1307) (@dima101097)

Others

• e8c9005: add note (@seriousm4x)
• 8b8cc96: update deps (@seriousm4x)

Go dependencies

• 9e387b9: go-dep: bump github.com/pocketbase/pocketbase in /backend (@dependabot[bot])
• f5af123: go-dep: bump golang.org/x/sys from 0.34.0 to 0.35.0 in /backend (@dependabot[bot])

Npm dependencies

• cb6e7d3: npm-dep: bump @eslint/compat from 1.3.1 to 1.3.2 in /frontend (@dependabot[bot])
• 9bd073c: npm-dep: bump @eslint/js from 9.32.0 to 9.33.0 in /frontend (@dependabot[bot])
• 4404019: npm-dep: bump @sveltejs/adapter-static from 3.0.8 to 3.0.9 in /frontend (@dependabot[bot])
• aa1e8a0: npm-dep: bump @sveltejs/kit from 2.27.0 to 2.27.1 in /frontend (@dependabot[bot])
• c3299ba: npm-dep: bump @sveltejs/kit from 2.27.1 to 2.27.3 in /frontend (@dependabot[bot])
• 28561b6: npm-dep: bump @sveltejs/kit from 2.27.3 to 2.28.0 in /frontend (@dependabot[bot])
• 97b1447: npm-dep: bump @sveltejs/kit from 2.28.0 to 2.29.1 in /frontend (@dependabot[bot])
• b4f33ea: npm-dep: bump @sveltejs/kit from 2.29.1 to 2.30.1 in /frontend (@dependabot[bot])
• 0c5d14d: npm-dep: bump @sveltejs/kit from 2.30.1 to 2.31.1 in /frontend (@dependabot[bot])
• 6d39733: npm-dep: bump @sveltejs/kit from 2.31.1 to 2.33.0 in /frontend (@dependabot[bot])
• ac1dbb6: npm-dep: bump @tailwindcss/postcss from 4.1.11 to 4.1.12 in /frontend (@dependabot[bot])
• 570d35d: npm-dep: bump eslint from 9.32.0 to 9.33.0 in /frontend (@dependabot[bot])
• 14ccf20: npm-dep: bump svelte from 5.37.3 to 5.38.0 in /frontend (@dependabot[bot])
• 0ea7815: npm-dep: bump svelte from 5.38.0 to 5.38.1 in /frontend (@dependabot[bot])
• 313a2df: npm-dep: bump svelte from 5.38.1 to 5.38.2 in /frontend (@dependabot[bot])
• e471023: npm-dep: bump tailwindcss from 4.1.11 to 4.1.12 in /frontend (@dependabot[bot])
• 0a48aaa: npm-dep: bump typescript-eslint from 8.38.0 to 8.39.0 in /frontend (@dependabot[bot])
• a5bddd1: npm-dep: bump typescript-eslint from 8.39.0 to 8.39.1 in /frontend (@dependabot[bot])
• 83fb7d3: npm-dep: bump typescript-eslint from 8.39.1 to 8.40.0 in /frontend (@dependabot[bot])

Github Actions

• 6628048: gh-action: bump actions/checkout from 4 to 5 (@dependabot[bot])

• Milestone

A few highlights ✨:

• Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After
• Add sort by category title, or by feed title
• Add search operator c: for categories like c:23,34 or !c:45,56
• Custom feed favicons
• Several security improvements, such as:
  • Implement reauthentication (sudo mode)
  • Add Content-Security-Policy: frame-ancestors
  • Ensure CSP everywhere
  • Fix access rights when creating a new user
• Several bug fixes, such as:
  • Fix redirections when scraping from HTML
  • Fix feed redirection when coming from WebSub
  • Fix support for XML feeds with HTML entities, or encoded in UTF-16LE
• Docker alternative image updated to Alpine 3.22 with PHP 8.4 (PHP 8.4 for default Debian image coming soon)
• Start supporting PHP 8.5+
• And much more…

This release has been made by @Alkarex, @Inverle, @the7thNightmare and newcomers @Deioces120, @Fraetor, @Tarow, @dotsam, @hilariousperson, @pR0Ps, @triatic, @tryallthethings

Full changelog:

• Features
  • Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After #7760
  • Add sort by category title, or by feed title #7702
  • Add search operator c: for categories like c:23,34 or !c:45,56 #7696
  • Custom feed favicons #7646, #7704, #7717,
    #7792
  • Rework fetch favicons for fewer HTTP requests #7767
  • Add more unicity criteria based on title and/or content #7789
  • Automatically restore user configuration from backup #7682
  • API add support for states in s parameter of streamId #7695
  • Improve sharing via Print #7728
  • Redirect to the login page from bookmarklet instead of 403 #7782
  • Clean local cache more often, when refreshing feeds #7827
• Security
  • Implement reauthentication (sudo mode) #7753
  • Add Content-Security-Policy: frame-ancestors #7677
  • Ensure CSP everywhere #7810
  • Show warning when unsafe CSP policy is in use #7804
  • Fix access rights when creating a new user #7783
  • Improve security of form for user details #7771, #7786
  • Disallow setting non-existent theme #7722
  • Regenerate cookie ID after logging out #7762
  • Require current password when setting new password #7763
  • Add missing access checks for feed-related actions #7768
  • Strip more unsafe attributes such as referrerpolicy, ping #7770
  • Remove unneeded execution permissions #7802
• Bug fixing
  • Fix redirections when scraping from HTML #7654, #7741
  • Fix multiple authentication HTTP headers #7703
  • Fix HTML queries with a single feed #7730
  • WebSub: only perform a redirection when coming from WebSub #7738
  • Include enclosures in entries’ hash #7719
    • Negative side-effect: users of the option to automatically mark updated articles as unread will once have some articles with enclosures re-appear as unread
  • Fix cancellation of slider exit UI #7705
  • Honor disable update on update page #7733
  • Fix no registration limit setting #7751
  • Fix XML encoding of sharing functions #7822
• SimplePie
  • Fix propagation of HTTP error codes #7670
  • Fix support for XML feeds with HTML entities #7689, simplepie#915
  • Fix feeds encoded in UTF-16LE #7691, simplepie#916
  • Various upstream contributions simplepie#917, simplepie#924,
    simplepie#926, simplepie#932, simplepie#933
  • Sync upstream #7706, FreshRSS/simplepie#45, #7775,
    FreshRSS/simplepie#50, #7824, #7825,
  • Fix regex Backtrack limit was exhausted in clean_hash() #7813, FreshRSS/simplepie#48
• Deployment
  • Docker default image (Debian 12 Bookworm) updated to PHP 8.2.29 #7805
  • Docker alternative image updated to Alpine 3.22 with PHP 8.4.11 and Apache 2.4.65 #7740, #7740,
    #7803
  • Start supporting PHP 8.5+ #7787, #7826
    • Docker Alpine dev image :newest updated to PHP 8.5-alpha and Apache 2.4.65 #7773
  • Docker: interpolate FRESHRSS_INSTALL and FRESHRSS_USER variables #7725
  • Docker: Reduce how much data needs to be chown/chmod’ed on container startup #7793
  • Test for database PDO typing support during install (relevant for MySQL / MariaDB with obsolete driver) #7651
• Extensions
  • Add API endpoint for extensions #7576
  • Expose the reading modes for extensions #7668, #7688
  • New extension hook before_login_btn #7761
• UI
  • Improve mark as read request showing popup due to onbeforeunload #7554
  • Fix lazy-loading for <video poster="..."> and <image> #7636
  • Avoid styling <code> inside of <pre> #7797
  • Improve confirmation logic with data-auto-leave-validation #7785
  • Update chart.js to 4.5.0 #7752, #7816
  • Various UI and style improvements: #7616, #7811
• I18n
  • Show translation status in README #7715
  • Improve Indonesian #7654, #7721
  • Improve Persian #7795
• Misc.
  • Improve PHP code #7642, #7665, #7761,
    #7781, #7794
  • Update dev dependencies #7708, #7709, #7710,
    #7711, #7776, #7777

this release is a hotfix for #624; v1.19.2 broke volumes defined in config files

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

ℹ️ this upgrade is a one-way ticket

• your up2k database (.hist/up2k.db), used by the e2d filesystem indexing feature, will be upgraded to a new format which older copyparty versions cannot read. A backup of each database will be created automatically, named up2k.db.bak.SOMETHING.v5. If you need to downgrade to a previous version: Shutdown copyparty, delete these files: up2k.db up2k.db-shm up2k.db-wal and then copy up2k.db.bak.*.v5 to up2k.db

🧪 new features

• new translations:
  • #551 Swedish (thx @Bevinsky!) d676a86
  • #551 Korean (thx @nyqui!) 4e878d2
• #581 new theme: phi95 (thx @varphi-online!) d8662ae
• #567 .raw image thumbnails (thx @ar-nelson!) 0177a9b
  • available in docker-images iv and dj
• #561 epub thumbnails (thx @Scotsguy!) 9435e6b
• #252 music thumbnails use embdded coverart if available 98d117b
  • thumbnails folder .hist/th must be deleted to take effect
• #530 show username of uploaders in file listings; requires a (admin) permission 4df033e
• #604 a new group @acct which automatically contains all known usernames 68907ea
• controlpanel has a dedicated "logout all sessions" button, similar to the logout-link in the browser f4a3fba
• #397 accounts can be restricted to certian IPs 62e072a
• #504 automatic login through tailscale auth a4649d1
• #533 sticky qr-code with --qr-pin 1 1ebe06f
• #572 button to abort copy/move 715d374
• #618 "download selected files" didn't work on firefox 52 (winxp) dcc6b1b
• max number of cookies to allow can be configured 6303eff
  • good if you have too many selfhosted services on one domain (but will beware of the spec-mandataed max length of the cookie field!)

🩹 bugfixes

• fix xvol/xdev edgecases:
  • #603 rootless vfs 554cc2f
  • false-positive with overlapping volumes d9046f7
• #573 ftp: attempting an upload into read-only folder no longer kills the connection 3aa8b7a
• #306 adjust navpane for --rp-loc (location-based proxying)
• #556 more sensible config expansion order f4727f8
  • #624 ...which broke things bf1fdca
• the video player now stays fullscreen between videos 782e2f1
• heif thumbnailing with libvips

🔧 other changes

• #253 build nix-packages from source (thx @toast003, @chinponya!) 187cae2
• #616 logfiles will have a plaintext severity column if --no-ansi d4cf42e
• #598 separate option --ac-convt for audio transcoding timeout d562305
• #596 users with a blank password gets a strong random-generated one 7f44875
• copyparty.exe: upgrade to python 3.13.7

⚠️ not the latest version!

v1.19.3

v1.19.2

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• new translations:
  • #486 French (thx @Tr3yWay996, @Packingdustry, @Alee14, @jakubiakfr, @Equinoxs!) e9ddfcc 7aa2148 b87f8f1
  • #463 Polish (thx @pufereq and @daimond113!) 392a4db
  • #537 Nynorsk (thx @chinatsu!) 3931bc2
• #549 custom mdns domain 3c78c6a

🩹 bugfixes

• #539 FTP glitches when running on windows 8ba9887
• #555 global-config didn't load through PRTY_CONFIG (thx @icxes!) 074e106
• macos: could take a while to establish webdav connection from finder a01870b
• ux:
  • dropdown colors 347cf6a
  • case-sensitivity in filters e5e8229
  • iOS being too enthusiastic about using saved passwords 03acd65

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #511 login with username and password (not just password) can now optionally be enabled with --usernames 346515c
  • if you have enabled password hashing (ah-alg: argon2 or similar) then you will need to hash your passwords again after enabling usernames, hashing them as username:password:
• #468 add Greek translation (thx @chamdim!) 50f4618 392abd0
• #471 add Czech translation (thx @kubakubakuba!) c955658
• #515 support systemd socket acivation (thx @mati1210!) 9b9d2a9
• #523 add QR-code to the connectpage bcc3b15
• #513 optional EOL-conversion for texteditor 8b31ed8
• controlpanel refresh-button now toggles automatic refresh 7ae84de

🩹 bugfixes

• fix stuck uploads when the up2k database (e2d) is not enabled 4a04356
  • if more than 60'000 files were uploaded and there were several dupes of some files, they could get stuck and never upload
  • upload performance is improved remarkably by enabling e2d so such huge uploads non-e2d had not been tested in a long time
• #467 #470 fix ui-crash when exporting links of all uploaded files to clipboard (thx @geekalaa!) 0df1901
• #487 fix ui-crash when the location url-part is // 0f55a1a
• fix viewing .MD files (8a0746c)

🔧 other changes

• when a reverse-proxy is detected, force explicit configuration of --rproxy to obtain correct client IP 3f8cb7e
  • a bit inconvenient, but helps prevent potentially-dangerous misconfiguration
  • the necessary configuration changes are explained in the serverlog (you can't miss it)
  • thanks to @person4268 for pointing out that there was room for improvements!
• failed login attempts now only log a sha512 hash of the provided password
  • to see login-attempts with incorrect passwords as plaintext like before, log-badpwd: 1
• #502 add systemd user services and templated services (thx @icxes!) 34d98e9
• #475 improve helptext for multivalue global-options c2ac57a
• #475 add chungus.conf, massive extensive nonsensical demo config b664ebb
• try to detect proxies with incorrect caching behavior 9e980bb
• recent-uploads now support ie9 a57f7cc
• languages and themes are now dropdowns a9ee4f2
• copyparty.exe: upgrade python to 3.13.6 a98360f
• introduce copyparty-en.py, english-only edition of copyparty-sfx.py to save space 33497e6

🗿 known issues

• the copyparty.pyz in this release is english-only, and does not include the translations -- they got lost in transit while adjusting the buildscripts to make copyparty-en.py

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) (PREVIOUS RELEASE) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #426 add Dutch translation (thx @DeStilleGast!) 3798e19
• #458 add Italian translation (thx @AOTREVAI!) a38e6e6
• #456 transcode to flac/wav (thx @missaustraliana!) b469db3 b2d48c6 0d09fb6
• #439 config-file can be provided through PRTY_CONFIG (thx @icxes!) 971360e
• #459 videos can become folder thumbnails 16bbcce
• add --idp-cookie, session-tickets for IdP auth (performance boost) f9502c3
  • useful when the IdP-server becomes a bottleneck

🩹 bugfixes

• #412 fix PUT-uploads into volumes with nosub volflag 47fa4a9
• #435 ignore spurious exceptions from browser extensions 39e5582
• #449 IPv6 QR-Code didn't include port 66a5bf3
• #295 do not force d2d in blank vfs (introduced in v1.18.3) 848315c

🔧 other changes

• #440 improved finnish translation (thx @icxes!) a68d5b0
• point to the -nc option in the "at max connections" warning 153d240
• the play-button now indicates "play-as-audio" for video-files 40d56bb
• docs:
  • #411 improve password-hashing instructions (thx @chinponya!) c69c7c8
  • #429 improve --cert helptext (thx @kzshantonu!) 7e3825f
  • #413 copyparty is Wii Internet Channel compatible! (thx @techflashYT!) 50f1629
  • #461 how to use groups without IdP e85a710
  • mention that WebDAV and OpenGraph are incompatible by default (and how to fix that) 0bc1b8f
  • #345 short explanation about the sfx in quickstart ae5eefc
• #398 pypi-package now has extra-group all 6eaf8af

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes a Denial-of-Service vuln

CVE-2025-54796: an unauthenticated user could make the server grind to a halt by accessing a particular URL

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #310 translated to Spanish (thx @herruzo99!) a1dfd0b
• #350 translated to Ukrainian (thx @MrMebelMan!) fea45e4
• #321 translated to Russian (thx @A1Asriel!) 0b05c72
• #381 translated to Finnish (thx @icxes and @Permik!) 7ecedb2
  • haha it says surf
• #312 add option to use localtime in the UI ad23b25
• #386 initial packaging for debian (thx @Beethoven-n!) 3c6f0b1

🩹 bugfixes

• CVE-2025-54796 / GHSA-5662-2rj7-f2v6 09910ba
• #347 fix upload-abort when uploading to a share 6d6d79f
• fix xiu backlog dropping on restart 3222ba3
• #375 fix crash on really old versions of python2.7 (thx @bb!) b69d590
• #388 another python2.7 fix: improve unicode support in u2c (thx @KevinXuxuxu!) 9c19753
• log creator of new/blank markdown docs d0d2f20
• #400 config didn't support indenting with tabs c160428

🔧 other changes

• ack was changed to continue 4fa7be2

🌠 fun facts

• the translations have made the sfx size balloon from 766 to 845 KiB in under a week... nice! keep em coming 🎉

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

• v1.18.7 (2025-07-30) (PREVIOUS RELEASE) fixed XSS in the recent-uploads page
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🩹 bugfixes

• #354 fix copyparty-sfx.py failing to start on certain versions of python c17ce48

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-8mx2-rjh8-q3jq, could let an attacker execute arbitrary JS by tricking you into clicking a malicious URL

Soon there won't be many of these left, surely. Huge thanks to @Ju0x for finding and reporting this.

recent important news

• v1.18.7 (2025-07-30) fixed XSS in the recent-uploads page
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #265 uid/gid for new files can be configured per-volume f195998
  • has preconditions; see readme
• #212 add German translation (thx @rGunti, @Scotsguy, @chocolateimage) 9d32564

🩹 bugfixes

• GHSA-8mx2-rjh8-q3jq a8705e6
• #276 windows: fix segfault (thx @kernel1994 for debugging!) a9d07c6
• #272 webdav: send disk-size and disk-free to clients 4988a55
• #285 use disk-free sans root-reserve on linux (thx @Arklaum!) c3cc2dd
• cors-check was funky on IPv6 e9684d4
• #325 upgrade sharex example for newer versions 6016ec9
• #300 restore support for old versions of python 2.7 b7ca6f4

🔧 other changes

• shares: the config POST-target is now always the webroot (for ease of IdP configuration) fb7cbc4
• unlist: now applies to the navpane too fbf17be
• windows: show disk-usage as well, not just disk-free 5c6341e
• #228 nix-pkg improvements (thx @dtomvan!) 4915b14
• docker-compose: ensure logs appear in realtime 3cde1f3
• mention that IdP-volumes and users can now be persisted 6069bc9
• #316 explain a scary-looking thing in the code 053de61

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

• v1.18.5 (2025-07-28) (PREVIOUS RELEASE) fixed XSS in display of media tags
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #201 add support for reflink-based dedup on cow filesystems df9feab
  • combine --dedup with --reflink to enable, or volflags with same name
  • a better and safer alternative to the other dedup approaches (symlink/hardlink), but only possible to use in some cases:
    • needs linux 5.3 or newer, python 3.14 or newer, btrfs/xfs/zfs
    • not available in the docker images yet; needs a new version of python, so maybe next alpine release (november/december 2025)
• ratelimit password changes to impede bruteforcing a2601fd
  • limit is set by --ban-pwc (default is 5 changes in 60min)

🩹 bugfixes

• #240 nixos: fix unixgroups issue (thx @chinponya!) 7c9c962
• #246 cbz: use correct page for thumbnail (thx @Scotsguy!) 542a1de

🔧 other changes

• volflag nosub now also prevents mkdir 0f2c623
• improve documentation:
  • #229 use the same example UDS path everywhere cb019af
  • example nginx config had misleading cloudflare comment (thx @jmi2k!) 674fc1f
  • more readable --help-chmod 03d23da
  • #244 fix typo in --help 4f013f6
• #242 hide "use real pw" on connectpage if no accounts (thx @toast003!) 025942a
• #211 docker: remove deprecated attribute (thx @ptweezy!) 5b98e10
• #190 add the feature-showcase video to the readme (thx @RustoMCSpit!) 43e6da3

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-9q4r-x2hj-jmvr, exploitable in two different ways, could let an attacker execute arbitrary javascript on other users:

• either: tricking someone into clicking a malicious URL to load and execute javascript
• or: uploading a malicious audio file to the server, affecting any successive visitors

so, with new and curious eyes on the project, we are starting off with a bang. Huge thanks to @altperfect for finding and reporting this earlier today.

recent important news

• v1.18.5 (2025-07-28) fixed XSS in display of media tags
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #214 option to stop playback after one song, and/or at end of folder 6bb27e6

🩹 bugfixes

• GHSA-9q4r-x2hj-jmvr 895880a
• block external m3u files 2228f81
• #202 the connect-page could show IP-address when it should have used hostnames/domains b0dec83
• scrolling locked after tailing a file and closing it creatively d197e75

🔧 other changes

• #189 the SameSite cookie parameter now defaults to Strict, increasing CSRF protection ca6d0b8
  • new option --cookie-lax reverts to previous value Lax
• docker: add FTPS support b419984

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-02-25)

recent important news

• v1.16.15 (2025-02-25) fixed low-severity xss when uploading maliciously-named files
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #182 Landmarks edba7ff
  • detects that a storage backend is glitching out and disengage the up2k-database as a precaution
• #183 quickdelete 21a96bc
  • new togglebutton qdel in the UI which reduces the number of deletion confirmations by one
  • global-option --qdel=0 which can bring it all the way to zero (good luck)

🩹 bugfixes

• fix unpost in recently created shares 2d322dd
• fix filekeys on windows df6d4df

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-02-25)

recent important news

• v1.16.15 (2025-02-25) fixed low-severity xss when uploading maliciously-named files
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #181 the default chmod (unix-permissions) of new files and folders can now be changed 9921c43
  • --chmod-d or volflag chmod_d sets directory permissions; default is 755
  • --chmod-f or volflag chmod_f sets file permissions; default is usually 644 (OS-defined)
  • see --help-chmod which explains the numbers

🩹 bugfixes

• #179 couldn't combine --shr (shares) and --xvol (symlink-guard) 0f0f8d9
• #180 gallery buttons could still be clicked when faded-out 8c32b0e
• rss-feeds were slightly busted when combined with rp-loc (location-based proxying) 56d3bcf
• music-playback within search-results no longer jumps into the next folder at end-of-list 9bc4c5d
• video-playback on iOS now behaves like on all other platforms 78605d9
  • (it would force-switch into fullscreen because that's their default)

⚠️ not the latest version!

Part-DB 1.17.3

Bug fixes

• Fixed a potential denial of service issue related to user avatars (thanks to @NaklehZeidan21)
• Fixed problem with mass creation dialog (#993)

Miscellaneous

• Updated dependencies

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed focus trap issue in TinyMCE dialogs within the WYSIWYG editor (#25678 by @formfcw)
• @directus/api
  • Fixed failed Directus startup caused by additional arguments to the start command (#25675 by @hanneskuettner)

📦 Published Versions

• @directus/app@13.13.1
• @directus/api@29.1.1

⚠️ Potential Breaking Changes

Added TypeScript support for services within the extension context (#25368)
The services exposed to API extensions using TypeScript are now fully typed instead of any, which may cause new type errors when building extensions.

Arguments of service methods are now strictly typed, which can result in type errors for broader types that would not error before:

• The ItemsService constructor now expects the collection name to be a string and will error on string | undefined (or other unions).
• Similarly, functions like service.readOne()/service.readMany() now expect string | number for their primary keys and will error for nullable types

As a workaround, casting the services back to any will result in the original behavior. However, it is recommended to resolve the type errors instead.

• @directus/extensions-sdk
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)

✨ New Features & Improvements

• @directus/app
  • Added new error operation to Flows (#25558 by @licitdev)
• @directus/api
  • Added new error operation to Flows (#25558 by @licitdev)
  • Added support for private_key_jwt auth method in OpenID driver (#25644 by @licitdev)
  • Added the ability to override the email from property (#25459 by @jekuer)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Ensured user language is set on hydrate (#25647 by @ComfortablyCoding)
  • Ensured RTL support for the transform property in certain components (#25652 by @formfcw)
  • Fixed an issue for empty states not being centered in RTL languages (#25636 by @that1matt)
  • Enabled text selection in the studio (#25510 by @gloriarodrife)
  • Fixed an issue where the theme overrides interface would be rendered RTL in RTL languages (#25633 by @rijkvanzanten)
  • Fixed an issue that would render english code as RTL in RTL language mode (#25641 by @rijkvanzanten)
  • Fixed an issue that would cause the code editor interface to fail when the language prop was set to null (#25595 by @copilot-swe-agent)
  • Fix v-resizeable dragging for RTL vs LTR (#25659 by @AlexGaillard)
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
  • Fixed an issue that would cause the table header columns to resize in the wrong direction when using rtl languages (#25631 by @rijkvanzanten)
  • Ensured that labels for data fields always display in batch mode (#25619 by @formfcw)
  • Updated dependency form-data (#25579 by @ComfortablyCoding)
  • Standardized batch mode for raw group fields (#25600 by @timio23)
• @directus/api
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
  • Updated dependency form-data (#25579 by @ComfortablyCoding)
  • Updated dependency tar-fs (#25338 by @br41nslug)
  • Fixed admin users email not trimmed on project initialization (#25465 by @ComfortablyCoding)
  • Upgraded rolldown from from 1.0.0-beta.30 to 1.0.0-beta.31 (#25607 by @dependabot)
• @directus/storage-driver-cloudinary
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/storage-driver-supabase
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/storage-driver-azure
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/storage-driver-local
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/extensions-registry
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25563 by @rijkvanzanten)
• @directus/storage-driver-gcs
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/storage-driver-s3
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/composables
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/extensions
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/constants
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
• @directus/storage
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
• @directus/errors
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Moved dependency (#25562 by @rijkvanzanten)
• @directus/themes
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/types
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/sdk
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/pressure
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/memory
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/stores
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/utils
  • Upgraded dependencies (#25583 by @rijkvanzanten)
  • Upgraded tmp dependency from 0.2.3 to 0.2.4 (#25634 by @dependabot)
• @directus/release-notes-generator
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/update-check
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/system-data
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/validation
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/schema
  • Upgraded dependencies (#25580 by @rijkvanzanten)
  • Fixed an issue that could report indexed falsy as enabled for mysql columns with the same name in different schemas (#25650 by @rijkvanzanten)
• @directus/specs
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• create-directus-project
  • Upgrade dependencies (#25559 by @rijkvanzanten)
• @directus/extensions-sdk
  • Upgraded dependencies (#25564 by @rijkvanzanten)
• @directus/env
  • Upgrade dependencies (#25561 by @rijkvanzanten)

📦 Published Versions

• @directus/app@13.13.0
• @directus/api@29.1.0
• @directus/composables@11.2.2
• @directus/constants@13.0.2
• create-directus-extension@11.0.17
• create-directus-project@12.0.2
• @directus/env@5.1.2
• @directus/errors@2.0.3
• @directus/extensions@3.0.9
• @directus/extensions-registry@3.0.9
• @directus/extensions-sdk@16.0.0
• @directus/memory@3.0.8
• @directus/pressure@3.0.8
• @directus/release-notes-generator@2.0.2
• @directus/schema@13.0.2
• @directus/schema-builder@0.0.4
• @directus/specs@11.1.1
• @directus/storage@12.0.1
• @directus/storage-driver-azure@12.0.8
• @directus/storage-driver-cloudinary@12.0.8
• @directus/storage-driver-gcs@12.0.8
• @directus/storage-driver-local@12.0.1
• @directus/storage-driver-s3@12.0.8
• @directus/storage-driver-supabase@3.0.8
• @directus/stores@1.0.3
• @directus/system-data@3.2.1
• @directus/themes@1.1.4
• @directus/types@13.2.1
• @directus/update-check@13.0.2
• @directus/utils@13.0.9
• @directus/validation@2.0.8
• @directus/sdk@20.0.2

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest Crowdin changes. (#5740)
• Updated PHP package versions.
• Fixed open redirect with stricter location checking.
• Fixed users being logged out on ZIP import errors. (#5754)
• Fixed menu accessibility tagging. (#5753, #5752)
• Fixed scenarios where MAIL_PORT could interfere with tests. (#5755)

Routine release.

What's Changed

• [FabBridge] Pull 100% discounted items via Fab API by @thefranke in #4584
• [GoComicsBridge] Fix for JSON being removed by @TReKiE in #4585
• [IdealoBridge] Bypass bot protection by @sysadminstory in #4588
• [GoComicsBridge] Add fallback when link to current comic is missing by @TReKiE in #4589
• [GolemBridge] Add tables to content by @Mynacol in #4613
• [ZeitBridge] Improvements by @Mynacol in #4617
• [NasestrechaBridge] Add bridge by @pprenghy in #4591
• [WaggaCouncilBridge] Add bridge by @Scrub000 in #4593
• [HeiseBridge] removes language-info-text, add archive.is link for people without subscription by @Tone866 in #4594
• [CentreFranceBridge] Fix parser following website update by @quent1-fr in #4596
• [ExplosmBridge] Error handling by @skrollme in #4600
• [EpicGamesFreeBridge] productSlug can be null; also add a universal future-proof-ish fallback by @arokettu in #4595
• [WarhammerComBridge] Bridge for Warhammer Community blog by @thefranke in #4610
• Update 06_Public_Hosts.md by @chatainsim in #4614
• [GOGBridge] Switch to GOG's REST API. I have tested this locally and it seems to work correctly by @jaydeethree in #4616
• [KemonoBridge] Add search query support by @Phantop in #4620
• [CubariProxyBridge] Replace MangaSee with WeebCentral by @Phantop in #4618
• [AnnasArchiveBridge] Fix book list CSS selector by @Phantop in #4619
• [YouTubeFeedExpanderBridge] More reliable channel icons by @Phantop in #4622
• [ComickBridge] Add new bridge by @Phantop in #4625
• [HumbleBundleBridge] Overhaul to include more information by @Phantop in #4621
• [FanaticalBridge] Create a new bridge by @Phantop in #4624
• [InstituteForTheStudyOfWarBridge] Increase caching time by @SqrtMinusOne in #4626
• [UniverseTodayBridge] Add bridge by @SqrtMinusOne in #4627
• [PepperBridgeAbstract, DealabsBridge, HotUKDealsBridge, MydealsBridge] Adapt RSS bridge to website content update; remove country of origin due to missing data by @sysadminstory in #4634
• [BlueskyBridge] Fix cases for missing reply post context and QoL fix for video loading by @mruac in #4635
• Fix deprecations by @morawskim in #4636
• [HaveIBeenPwnedBridge] Fix item URIs by @VerifiedJoseph in #4638
• [DRKBlutspendeBridge] add offers to content & add caption to images by @User123698745 in #4641
• [PR Testing] fix wrong pr check fail when refactoring code by @User123698745 in #4642
• Mention php extension filter by @SuperSandro2000 in #4608
• fix: dont cache basic auth response by @dvikan in #4644
• lint by @dvikan in #4645
• [FallGuysBridge] fix: handle new data structure by @User123698745 in #4640
• [GoComicsBridge] Cache comic page by @ajain-93 in #4646
• [FirefoxAddonsBridge] Minor change to item contents by @VerifiedJoseph in #4647
• [DailymotionBridge] Fix bridge by @VerifiedJoseph in #4648
• [YoutubeCommunityTabsBridge] Rename Community→Posts to fix broken bridge by @shaunlebron in #4606
• [AmazonPriceTracker] Fix price not shown, new default source by @bagnacauda in #4631
• [DailymotionBridge] Fetch playlist title from API by @VerifiedJoseph in #4649
• [DansTonChatBridge] Remove bridge by @VerifiedJoseph in #4650
• [AskfmBridge] Remove bridge by @VerifiedJoseph in #4652
• [FirstLookMediaTechBridge] Remove bridge by @VerifiedJoseph in #4653
• chore: prepare for aug 2025 release by @dvikan in #4654

New Contributors

• @Scrub000 made their first contribution in #4593
• @skrollme made their first contribution in #4600
• @jaydeethree made their first contribution in #4616
• @morawskim made their first contribution in #4636
• @shaunlebron made their first contribution in #4606
• @bagnacauda made their first contribution in #4631

Full Changelog: 2025-06-03...2025-08-05

New

• MySQL 8.4 Support
• Translations: Finnish

Bug Fixes

• #621 Manage link returns a 404 for .zip domains
• #638 Amazon S3 Backup Permissions Bug
• #661 File editing isn't working through File Manager in Cloudpanel UI
• #662 Hetzner Snapshot creation issues
• #669 Custom rule in Firewall adds ProFTPD rule at same time
• Translation Fixes

Security

• CloudPanel’s PHP-FPM Socket Misconfiguration (Aizat)
• Security improvements (Yell Phone Naing)

Changelog

Features

• f8a2654: feat: add auto binary update (@seriousm4x)

Others

• a4dd97a: Update README.md (#1263) (@KJPark23)
• 16b7876: update deps (@seriousm4x)

Go dependencies

• c22097c: go-dep: bump github.com/pocketbase/pocketbase in /backend (@dependabot[bot])

Npm dependencies

• 786071e: npm-dep: bump @eslint/js from 9.31.0 to 9.32.0 in /frontend (@dependabot[bot])
• 5509f57: npm-dep: bump @sveltejs/kit from 2.22.5 to 2.24.0 in /frontend (@dependabot[bot])
• a4c918b: npm-dep: bump @sveltejs/kit from 2.24.0 to 2.25.0 in /frontend (@dependabot[bot])
• 58f61b2: npm-dep: bump @sveltejs/kit from 2.25.0 to 2.25.1 in /frontend (@dependabot[bot])
• 695bd36: npm-dep: bump @sveltejs/kit from 2.25.1 to 2.25.2 in /frontend (@dependabot[bot])
• 7804a98: npm-dep: bump @sveltejs/kit from 2.25.2 to 2.26.0 in /frontend (@dependabot[bot])
• c117737: npm-dep: bump @sveltejs/kit from 2.26.0 to 2.26.1 in /frontend (@dependabot[bot])
• e8c5ec0: npm-dep: bump @sveltejs/kit from 2.26.1 to 2.27.0 in /frontend (@dependabot[bot])
• 69943af: npm-dep: bump daisyui from 5.0.46 to 5.0.50 in /frontend (@dependabot[bot])
• 12fb0db: npm-dep: bump eslint from 9.31.0 to 9.32.0 in /frontend (@dependabot[bot])
• 19c6a4f: npm-dep: bump eslint-config-prettier from 10.1.5 to 10.1.8 in /frontend (@dependabot[bot])
• 6d0e245: npm-dep: bump eslint-plugin-svelte from 3.10.1 to 3.11.0 in /frontend (@dependabot[bot])
• be5ba1f: npm-dep: bump pocketbase from 0.26.1 to 0.26.2 in /frontend (@dependabot[bot])
• fab4d0e: npm-dep: bump svelte from 5.35.6 to 5.36.2 in /frontend (@dependabot[bot])
• 46f98a9: npm-dep: bump svelte from 5.36.13 to 5.36.14 in /frontend (@dependabot[bot])
• 41c2b0c: npm-dep: bump svelte from 5.36.14 to 5.37.1 in /frontend (@dependabot[bot])
• 2eae961: npm-dep: bump svelte from 5.36.2 to 5.36.5 in /frontend (@dependabot[bot])
• d86a5bb: npm-dep: bump svelte from 5.36.5 to 5.36.13 in /frontend (@dependabot[bot])
• 0b789d6: npm-dep: bump svelte-check from 4.2.2 to 4.3.0 in /frontend (@dependabot[bot])
• 7a15fa2: npm-dep: bump typescript-eslint from 8.36.0 to 8.37.0 in /frontend (@dependabot[bot])
• 403ad7d: npm-dep: bump typescript-eslint from 8.37.0 to 8.38.0 in /frontend (@dependabot[bot])

What's Changed

• [Fix] Systems table names wrapping by @bradley-varol in #1027
• [Feature] Add custom meter percentages by @svenvg93 in #942
• Add GPU-enabled build target in dockerfile_Agent (nvidia-smi support) by @dalton-baker in #898
• New Czech translations from @NickAss512

New Contributors

• @bradley-varol made their first contribution in #1027
• @dalton-baker made their first contribution in #898

Full Changelog: v0.12.2...v0.12.3

What's Changed

• Embed LibreHardwareMonitorLib in the Windows agent for better sensor detection (#448)
• Fix Debian package installation when no Docker group exists (#1012)
• Fix agent data directory detection (#991)
• [Fix] OpenWrt agent install script by @evrial in #1005
• [Feature] Move name copy to Action Dialog by @svenvg93 in #1010

New Contributors

• @evrial made their first contribution in #1005
• @mikael-j-rich added new Swedish translations

Full Changelog: v0.12.1...v0.12.2

⚠️ Potential Breaking Changes

Exclude database-only tables from snapshots (#25271)
Snapshots now exclude tables not tracked in directus_collections (database-only tables).

Please review your snapshot workflows to ensure these changes will not result in unexpected behaviour.

• @directus/api
  • Fixed replacing process.env.NODE_ENV on backend extensions (#25180 by @Nitwel)
  • Exclude database-only tables from snapshots (#25271 by @Nitwel)
• @directus/extensions-sdk
  • Upgraded all dependencies of @directus/extensions-sdk to the latest major versions of Rollup and Vite, and resolved several false-positive security reports. (#25486 by @rijkvanzanten)
    ⚠️ This change also raises the minimum supported Node.js version to 20.19.0.
  • Fixed replacing process.env.NODE_ENV on backend extensions (#25180 by @Nitwel)

✨ New Features & Improvements

• @directus/app
  • Added support for RTL rendering in the studio (#25494 by @rijkvanzanten)
  • Added Stylelint and refactored the styles to take advantage of logical properties (#25370 by @formfcw)
  • Added the code tool to the WYSIWYG text editor by @Abdallah-Awwad & @robluton (#25399 by @Abdallah-Awwad)
  • Ensured that custom validation rules are executed in overlays (#25394 by @formfcw)
  • Improved custom validation message handling (#25413 by @formfcw)
  • Improved accessibility for anchors, iframes, labels and roles (#25531 by @formfcw)
• @directus/api
  • Added support for RTL rendering in the studio (#25494 by @rijkvanzanten)
  • Added websocket.authenticate filter hook (#25344 by @8byr0)
• @directus/system-data
  • Added support for RTL rendering in the studio (#25494 by @rijkvanzanten)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed an issue that could cause the notifications to be rendered in the wrong location (#25499 by @formfcw)
  • Added copy id to file details panel in sidebar (#25434 by @robluton)
  • Added latest material symbols font and generated the associated icons json file (#25512 by @robluton)
  • Ensured that relational interfaces could reset their saved edits in versions (#25384 by @formfcw)
  • Fixed a bug that prevented negative signs from being entered into number fields (#25548 by @formfcw)
  • Fixed a bug that caused “Save as Copy” to mutate edits before saving (#25418 by @formfcw)
  • Changed select-color interface to pass opacity value to color-presets (#25441 by @robluton)
  • Fixed issue causing color preset tooltip from triggering when clicking on color picker icon (#25451 by @robluton)
  • Fixed a bug that caused the buttons in the field template to appear unstyled after saving (#25447 by @formfcw)
  • Prevented save from being enabled by default for existing drawer items (m2o and o2m) (#25469 by @robluton)
  • Added logout flow when user removes own account. (#25424 by @robluton)
  • Added redirect to profile page when user registers and not required to verify by email. (#25425 by @robluton)
  • Fixed a bug that prevented popups from working in the WYSIWYG interface when opened in a drawer (#25432 by @DantonMariano)
  • Fixed a bug that was preventing overlay forms with junction fields from correctly applying filters in M2O fields (#25421 by @formfcw)
  • Fixed a bug that caused the M2O display to shift and cut off (#25477 by @formfcw)
  • Ensured app access permission rules are applied consistently, regardless of the selection context (#25402 by @formfcw)
  • Fixed a bug that was preventing translations from displaying in the calendar layout (#25431 by @u12206050)
  • Fixed a bug that caused the upload modal to appear behind the drawer (#25393 by @formfcw)
  • Fixed a bug that prevented the horizontal rule from appearing in the WYSIWYG editor (#25395 by @formfcw)
  • Ensured that text on a kanban card doesn’t overflow its container (#25446 by @formfcw)
  • Added tooltip that displays complete url for flow panels that have url endpoints (#25527 by @robluton)
  • Added code to update the file list ui when importing a file via url (#25429 by @robluton)
  • Ensured skip link uses correct href in production environments (#25514 by @formfcw)
• @directus/api
  • Upgrade dependencies (#25545 by @rijkvanzanten)
  • Fixed parsing functions in aliases (#25139 by @Nitwel)
  • Fixed importing CSV with nested dot notation (#25454 by @joselcvarela)
  • Removed duplicate code in fields readAll (#25184 by @amosmurmu)
  • Added support for bundling with Rolldown and improved app extensions loading by streaming from disk (#25317 by @Nitwel)
• @directus/extensions-registry
  • Upgrade dependencies (#25545 by @rijkvanzanten)
• @directus/extensions-sdk
  • Upgrade dependencies (#25545 by @rijkvanzanten)
• @directus/composables
  • Upgrade dependencies (#25545 by @rijkvanzanten)
• @directus/system-data
  • Hide accepted terms field in settings (#25391 by @licitdev)
• create-directus-extension
  • Updated dependencies (#25550 by @rijkvanzanten)
• @directus/sdk
  • Added a message property to the SDK error object (#25474 by @jclaveau)
  • Improved output types for relational fields in the SDK (#25428 by @br41nslug)
• @directus/env
  • Ensured password env options are always strings (#25248 by @Nitwel)
• @directus/themes
  • Fixed an issue that caused custom fonts to fail if multiple weights were used out of order (#25452 by @rijkvanzanten)

📦 Published Versions

• @directus/app@13.12.0
• @directus/api@29.0.0
• @directus/composables@11.2.1
• create-directus-extension@11.0.16
• @directus/env@5.1.1
• @directus/extensions@3.0.8
• @directus/extensions-registry@3.0.8
• @directus/extensions-sdk@15.0.0
• @directus/memory@3.0.7
• @directus/pressure@3.0.7
• @directus/storage-driver-azure@12.0.7
• @directus/storage-driver-cloudinary@12.0.7
• @directus/storage-driver-gcs@12.0.7
• @directus/storage-driver-s3@12.0.7
• @directus/storage-driver-supabase@3.0.7
• @directus/system-data@3.2.0
• @directus/themes@1.1.3
• @directus/utils@13.0.8
• @directus/validation@2.0.7
• @directus/sdk@20.0.1