Part-DB 1.17.3

Bug fixes

• Pass the proxy related settings to the docker application (issue #1001)

Full Changelog: v1.17.3...v1.17.4

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• new option chdir to change the PWD (process working-directory) before volumes are mapped 14555d5

🩹 bugfixes

• fix using empty folders as statefile storage (v1.19.6 made this a bit too strict) 0d96786
• holding I/K to scroll through folders quickly now works better 914686e

🔧 other changes

• #717 docker: fix the image repo metadata (thx @EmilyxFox!) 6f08711
• docker: change $HOME to /state 01cf20a d1f7522
  • and use the new chdir option to preserve old config-file semantics 14555d5
  • helps avoid statefiles accidentally landing in /w as a consequence of misconfiguration

🌠 fun facts

• this release was made at RevSpace NL

⚠️ not the latest version!

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated new WYSIWYG editor with various fixes focused on collapsible block behaviour & interaction. (#5775)
• Updated translations with latest Crowdin changes. (#5759)
• Updated versions of PHP dependencies.
• Updated code to address some remaining PHP 8.4 deprecations.
• Fixed diagrams in ZIP imports not being editable post-import. (#5761)
• Fixed books detaching from shelves on shelf update where users don't have permission to view child books. (#5728)

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #673 add Portuguese translation (thx anonymous!) 4b8c221
  • ...and enable the Polish translation (whoops) 8f235be
• #689 add option to control authentication priority/precedence 543b7ea
• url-parameter ?dl forces file download instead of displaying in-browser 48d6224
• #533 more ways to make the QR-code always-visible in the console 2848941
• #695 option to log invalid xml from clients 28b93d7
• #552 configurable markdown newline behavior 0491123
  • and tweak the styling of monospace in links 6850344

🩹 bugfixes

• #628 FTP-server now accepts connections from IPv6 link-local addresses 978801d
• incorrect assumption that all IPv6 link-local addresses start with fe80 d39c74c
• ftp: fix file rename d40f061
• u2c: couldn't upload files located at the very top of the unix file hierarchy 599e82f
• #699 markdown-editor: fix panic if the table-formatter is executed on something that isn't a table 4c042b3

🔧 other changes

• #696 a volume can be one single file, not just folders aa1c921
• #442 strongly prefer XDG_CONFIG_HOME as config location 3547255
• #691 album-art collected from audio-files can now become folder thumbnails 0b50fde
• allow spaces in more of the comma-separated options d30240b
• docs:
  • mention config requirements for syncing folders with u2c 6cd0a39 59f142c

⚠️ not the latest version!

⚠️ Potential Breaking Changes

Fixed Content Versioning to correctly merge relational data and support all query parameter functionality (#25437)
The following changes should be kept in mind when updating:

1. Relational versioned data now requires explicit field expansion to be included in the response.
2. Invalid data (e.g. Fails validation rules) will error on query
3. Filter conditions now apply to the versioned data instead of the main record
4. For more information, please read the breaking change docs for a full list of changes.

Additionally there will be further breaking changes to USER_CREATED, USER_UPDATED, DATE_CREATED, DATE_UPDATED default values in a followup PR to improve this behavior further.

Check in with #25744 to see more info about the breaking changes.

✨ New Features & Improvements

• @directus/api

  • Fixed Content Versioning to correctly merge relational data and support all query parameter functionality (#25437 by @Nitwel)

• @directus/app

  • Fixed links in WYSIWYG missing underline and pointer cursor styling (#25739 by @Abdallah-Awwad)
  • Added a new field to conditions for clearing hidden fields on save (#25646 by @robluton)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed timestamp fields being incorrectly marked as changed due to timezone mismatch (#25718 by @khanahmad4527)
  • Fixed code button state not updating when exiting code mode in WYSIWYG (#25741 by @Abdallah-Awwad)
  • Added currentItem id check to prevent in-flight api call from returning stale data (#25660 by @robluton)
  • Added RTL support for popper context menu (#25697 by @AlexGaillard)
  • Fixed an issue with focus trap in TinyMCE dialogs within the WYSIWYG editor (#25746 by @formfcw)
  • Upgraded esbuild and Vite (#25737 by @ComfortablyCoding)
• @directus/api
  • Upgraded esbuild and Vite (#25737 by @ComfortablyCoding)
  • Updated nodemailer to us AWS SESv2 (#25730 by @br41nslug)
  • Fixed permissionsCacheable erroring on null operator value (#25753 by @AlexGaillard)
• @directus/types
  • Fixed Content Versioning to correctly merge relational data and support all query parameter functionality (#25437 by @Nitwel)
• @directus/sdk
  • Fixed auth being cleared before login/refresh request succeeds (#25367 by @ComfortablyCoding)

📦 Published Versions

• @directus/app@13.14.0
• @directus/api@30.0.0
• create-directus-extension@11.0.18
• @directus/extensions@3.0.10
• @directus/extensions-registry@3.0.10
• @directus/extensions-sdk@16.0.1
• @directus/schema-builder@0.0.5
• @directus/types@13.2.2
• @directus/sdk@20.0.3

Fixes a couple of FreeBSD-specific issues.

• Downgrade gopsutil to v4.25.6 to fix panic on FreeBSD (#1083)
• Exclude FreeBSD from battery charge monitoring to fix deadlock. (#1081)
• Minor hub UI improvements.

Full Changelog: v0.12.4...v0.12.5

Changelog

Bug fixes

• 0fcd048: fix: device cards not updating (@seriousm4x)

Others

• 7ab8170: remove log (@seriousm4x)

Changelog

Features

• 954c964: feat: Add i18n vi-VN (#1324) (@flashvnn)

Bug fixes

• 8afe2f1: fix: change device.link to string (@seriousm4x)
• 2aef980: fix: search not working, close #1325 (@seriousm4x)

Others

• c9e9248: add vi-VN (@seriousm4x)

Go dependencies

• d028e2d: go-dep: bump github.com/pocketbase/pocketbase in /backend (@dependabot[bot])

What's Changed

• Add battery charge monitoring.
• [Chore] Improve auto update mechanism by @svenvg93 in #1009
• Add fallback mirror to the update commands. (#1035)
• Fix blank token field in insecure contexts.
• Allow opening internal router links in new tab.
• Add /api/beszel/user-alerts endpoint. Remove use of batch API for alerts in hub.
• Update Go and JS dependencies.
• New translations by @Radotornado, @AlexVanSteenhoven, @harupong, @dymek37, @NaNomicon, Tommaso Cavazza, Caio Garcia, and others.

Full Changelog: v0.12.3...v0.12.4

Changelog

Features

• 7ef8ba6: feat: Add Bulgarian language (#1319) (@grivanov)

Npm dependencies

• 9205590: npm-dep: bump @sveltejs/kit from 2.34.0 to 2.36.1 in /frontend (@dependabot[bot])
• bb8a854: npm-dep: update (@seriousm4x)

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #328 run copyparty on iPhones; see install on iOS in the readme ca98d54
  • cannot run in the background, doesn't have full access to your files, and is slightly buggy, but it works
  • running on android gives you a much better experience
• save the qr-code to a file (txt/svg/png) 202ddea

🩹 bugfixes

• #661 fix incorrect rproxy hint in the logs 6c76614
• #649 fix js-crash when tapping in the exactly correct place (thx @hahaslav for debugging!) 0de07d8
• #628 ftpd: fix banning IPv6 clients 6d76254

🔧 other changes

• #296 nixos: support non-flake setups (thx @Sorixelle!) 20ef74c 3259367
• config-parser catches and explains a few more common mistakes cc65b1b
• docs:
  • #490, #199: readme: confirm that combining copyparty and syncthing is safe c51371c
  • #377 improved authelia docker example (thx @xFuture603!) cd8771f
  • mention the homebrew formulae f9cb2c1
  • #651 versus.md: fix hfs3 comparison (thx @rejetto!) 7a4973f

⚠️ not the latest version!

Changelog

Features

• 37b219b: feat: Add i18n Ukrainian (#1307) (@dima101097)

Others

• e8c9005: add note (@seriousm4x)
• 8b8cc96: update deps (@seriousm4x)

Go dependencies

• 9e387b9: go-dep: bump github.com/pocketbase/pocketbase in /backend (@dependabot[bot])
• f5af123: go-dep: bump golang.org/x/sys from 0.34.0 to 0.35.0 in /backend (@dependabot[bot])

Npm dependencies

• cb6e7d3: npm-dep: bump @eslint/compat from 1.3.1 to 1.3.2 in /frontend (@dependabot[bot])
• 9bd073c: npm-dep: bump @eslint/js from 9.32.0 to 9.33.0 in /frontend (@dependabot[bot])
• 4404019: npm-dep: bump @sveltejs/adapter-static from 3.0.8 to 3.0.9 in /frontend (@dependabot[bot])
• aa1e8a0: npm-dep: bump @sveltejs/kit from 2.27.0 to 2.27.1 in /frontend (@dependabot[bot])
• c3299ba: npm-dep: bump @sveltejs/kit from 2.27.1 to 2.27.3 in /frontend (@dependabot[bot])
• 28561b6: npm-dep: bump @sveltejs/kit from 2.27.3 to 2.28.0 in /frontend (@dependabot[bot])
• 97b1447: npm-dep: bump @sveltejs/kit from 2.28.0 to 2.29.1 in /frontend (@dependabot[bot])
• b4f33ea: npm-dep: bump @sveltejs/kit from 2.29.1 to 2.30.1 in /frontend (@dependabot[bot])
• 0c5d14d: npm-dep: bump @sveltejs/kit from 2.30.1 to 2.31.1 in /frontend (@dependabot[bot])
• 6d39733: npm-dep: bump @sveltejs/kit from 2.31.1 to 2.33.0 in /frontend (@dependabot[bot])
• ac1dbb6: npm-dep: bump @tailwindcss/postcss from 4.1.11 to 4.1.12 in /frontend (@dependabot[bot])
• 570d35d: npm-dep: bump eslint from 9.32.0 to 9.33.0 in /frontend (@dependabot[bot])
• 14ccf20: npm-dep: bump svelte from 5.37.3 to 5.38.0 in /frontend (@dependabot[bot])
• 0ea7815: npm-dep: bump svelte from 5.38.0 to 5.38.1 in /frontend (@dependabot[bot])
• 313a2df: npm-dep: bump svelte from 5.38.1 to 5.38.2 in /frontend (@dependabot[bot])
• e471023: npm-dep: bump tailwindcss from 4.1.11 to 4.1.12 in /frontend (@dependabot[bot])
• 0a48aaa: npm-dep: bump typescript-eslint from 8.38.0 to 8.39.0 in /frontend (@dependabot[bot])
• a5bddd1: npm-dep: bump typescript-eslint from 8.39.0 to 8.39.1 in /frontend (@dependabot[bot])
• 83fb7d3: npm-dep: bump typescript-eslint from 8.39.1 to 8.40.0 in /frontend (@dependabot[bot])

Github Actions

• 6628048: gh-action: bump actions/checkout from 4 to 5 (@dependabot[bot])

• Milestone

A few highlights ✨:

• Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After
• Add sort by category title, or by feed title
• Add search operator c: for categories like c:23,34 or !c:45,56
• Custom feed favicons
• Several security improvements, such as:
  • Implement reauthentication (sudo mode)
  • Add Content-Security-Policy: frame-ancestors
  • Ensure CSP everywhere
  • Fix access rights when creating a new user
• Several bug fixes, such as:
  • Fix redirections when scraping from HTML
  • Fix feed redirection when coming from WebSub
  • Fix support for XML feeds with HTML entities, or encoded in UTF-16LE
• Docker alternative image updated to Alpine 3.22 with PHP 8.4 (PHP 8.4 for default Debian image coming soon)
• Start supporting PHP 8.5+
• And much more…

This release has been made by @Alkarex, @Inverle, @the7thNightmare and newcomers @Deioces120, @Fraetor, @Tarow, @dotsam, @hilariousperson, @pR0Ps, @triatic, @tryallthethings

Full changelog:

• Features
  • Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After #7760
  • Add sort by category title, or by feed title #7702
  • Add search operator c: for categories like c:23,34 or !c:45,56 #7696
  • Custom feed favicons #7646, #7704, #7717,
    #7792
  • Rework fetch favicons for fewer HTTP requests #7767
  • Add more unicity criteria based on title and/or content #7789
  • Automatically restore user configuration from backup #7682
  • API add support for states in s parameter of streamId #7695
  • Improve sharing via Print #7728
  • Redirect to the login page from bookmarklet instead of 403 #7782
  • Clean local cache more often, when refreshing feeds #7827
• Security
  • Implement reauthentication (sudo mode) #7753
  • Add Content-Security-Policy: frame-ancestors #7677
  • Ensure CSP everywhere #7810
  • Show warning when unsafe CSP policy is in use #7804
  • Fix access rights when creating a new user #7783
  • Improve security of form for user details #7771, #7786
  • Disallow setting non-existent theme #7722
  • Regenerate cookie ID after logging out #7762
  • Require current password when setting new password #7763
  • Add missing access checks for feed-related actions #7768
  • Strip more unsafe attributes such as referrerpolicy, ping #7770
  • Remove unneeded execution permissions #7802
• Bug fixing
  • Fix redirections when scraping from HTML #7654, #7741
  • Fix multiple authentication HTTP headers #7703
  • Fix HTML queries with a single feed #7730
  • WebSub: only perform a redirection when coming from WebSub #7738
  • Include enclosures in entries’ hash #7719
    • Negative side-effect: users of the option to automatically mark updated articles as unread will once have some articles with enclosures re-appear as unread
  • Fix cancellation of slider exit UI #7705
  • Honor disable update on update page #7733
  • Fix no registration limit setting #7751
  • Fix XML encoding of sharing functions #7822
• SimplePie
  • Fix propagation of HTTP error codes #7670
  • Fix support for XML feeds with HTML entities #7689, simplepie#915
  • Fix feeds encoded in UTF-16LE #7691, simplepie#916
  • Various upstream contributions simplepie#917, simplepie#924,
    simplepie#926, simplepie#932, simplepie#933
  • Sync upstream #7706, FreshRSS/simplepie#45, #7775,
    FreshRSS/simplepie#50, #7824, #7825,
  • Fix regex Backtrack limit was exhausted in clean_hash() #7813, FreshRSS/simplepie#48
• Deployment
  • Docker default image (Debian 12 Bookworm) updated to PHP 8.2.29 #7805
  • Docker alternative image updated to Alpine 3.22 with PHP 8.4.11 and Apache 2.4.65 #7740, #7740,
    #7803
  • Start supporting PHP 8.5+ #7787, #7826
    • Docker Alpine dev image :newest updated to PHP 8.5-alpha and Apache 2.4.65 #7773
  • Docker: interpolate FRESHRSS_INSTALL and FRESHRSS_USER variables #7725
  • Docker: Reduce how much data needs to be chown/chmod’ed on container startup #7793
  • Test for database PDO typing support during install (relevant for MySQL / MariaDB with obsolete driver) #7651
• Extensions
  • Add API endpoint for extensions #7576
  • Expose the reading modes for extensions #7668, #7688
  • New extension hook before_login_btn #7761
• UI
  • Improve mark as read request showing popup due to onbeforeunload #7554
  • Fix lazy-loading for <video poster="..."> and <image> #7636
  • Avoid styling <code> inside of <pre> #7797
  • Improve confirmation logic with data-auto-leave-validation #7785
  • Update chart.js to 4.5.0 #7752, #7816
  • Various UI and style improvements: #7616, #7811
• I18n
  • Show translation status in README #7715
  • Improve Indonesian #7654, #7721
  • Improve Persian #7795
• Misc.
  • Improve PHP code #7642, #7665, #7761,
    #7781, #7794
  • Update dev dependencies #7708, #7709, #7710,
    #7711, #7776, #7777

this release is a hotfix for #624; v1.19.2 broke volumes defined in config files

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

ℹ️ this upgrade is a one-way ticket

• your up2k database (.hist/up2k.db), used by the e2d filesystem indexing feature, will be upgraded to a new format which older copyparty versions cannot read. A backup of each database will be created automatically, named up2k.db.bak.SOMETHING.v5. If you need to downgrade to a previous version: Shutdown copyparty, delete these files: up2k.db up2k.db-shm up2k.db-wal and then copy up2k.db.bak.*.v5 to up2k.db

🧪 new features

• new translations:
  • #551 Swedish (thx @Bevinsky!) d676a86
  • #551 Korean (thx @nyqui!) 4e878d2
• #581 new theme: phi95 (thx @varphi-online!) d8662ae
• #567 .raw image thumbnails (thx @ar-nelson!) 0177a9b
  • available in docker-images iv and dj
• #561 epub thumbnails (thx @Scotsguy!) 9435e6b
• #252 music thumbnails use embdded coverart if available 98d117b
  • thumbnails folder .hist/th must be deleted to take effect
• #530 show username of uploaders in file listings; requires a (admin) permission 4df033e
• #604 a new group @acct which automatically contains all known usernames 68907ea
• controlpanel has a dedicated "logout all sessions" button, similar to the logout-link in the browser f4a3fba
• #397 accounts can be restricted to certian IPs 62e072a
• #504 automatic login through tailscale auth a4649d1
• #533 sticky qr-code with --qr-pin 1 1ebe06f
• #572 button to abort copy/move 715d374
• #618 "download selected files" didn't work on firefox 52 (winxp) dcc6b1b
• max number of cookies to allow can be configured 6303eff
  • good if you have too many selfhosted services on one domain (but will beware of the spec-mandataed max length of the cookie field!)

🩹 bugfixes

• fix xvol/xdev edgecases:
  • #603 rootless vfs 554cc2f
  • false-positive with overlapping volumes d9046f7
• #573 ftp: attempting an upload into read-only folder no longer kills the connection 3aa8b7a
• #306 adjust navpane for --rp-loc (location-based proxying)
• #556 more sensible config expansion order f4727f8
  • #624 ...which broke things bf1fdca
• the video player now stays fullscreen between videos 782e2f1
• heif thumbnailing with libvips

🔧 other changes

• #253 build nix-packages from source (thx @toast003, @chinponya!) 187cae2
• #616 logfiles will have a plaintext severity column if --no-ansi d4cf42e
• #598 separate option --ac-convt for audio transcoding timeout d562305
• #596 users with a blank password gets a strong random-generated one 7f44875
• copyparty.exe: upgrade to python 3.13.7

⚠️ not the latest version!

v1.19.3

v1.19.2

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• new translations:
  • #486 French (thx @Tr3yWay996, @Packingdustry, @Alee14, @jakubiakfr, @Equinoxs!) e9ddfcc 7aa2148 b87f8f1
  • #463 Polish (thx @pufereq and @daimond113!) 392a4db
  • #537 Nynorsk (thx @chinatsu!) 3931bc2
• #549 custom mdns domain 3c78c6a

🩹 bugfixes

• #539 FTP glitches when running on windows 8ba9887
• #555 global-config didn't load through PRTY_CONFIG (thx @icxes!) 074e106
• macos: could take a while to establish webdav connection from finder a01870b
• ux:
  • dropdown colors 347cf6a
  • case-sensitivity in filters e5e8229
  • iOS being too enthusiastic about using saved passwords 03acd65

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #511 login with username and password (not just password) can now optionally be enabled with --usernames 346515c
  • if you have enabled password hashing (ah-alg: argon2 or similar) then you will need to hash your passwords again after enabling usernames, hashing them as username:password:
• #468 add Greek translation (thx @chamdim!) 50f4618 392abd0
• #471 add Czech translation (thx @kubakubakuba!) c955658
• #515 support systemd socket acivation (thx @mati1210!) 9b9d2a9
• #523 add QR-code to the connectpage bcc3b15
• #513 optional EOL-conversion for texteditor 8b31ed8
• controlpanel refresh-button now toggles automatic refresh 7ae84de

🩹 bugfixes

• fix stuck uploads when the up2k database (e2d) is not enabled 4a04356
  • if more than 60'000 files were uploaded and there were several dupes of some files, they could get stuck and never upload
  • upload performance is improved remarkably by enabling e2d so such huge uploads non-e2d had not been tested in a long time
• #467 #470 fix ui-crash when exporting links of all uploaded files to clipboard (thx @geekalaa!) 0df1901
• #487 fix ui-crash when the location url-part is // 0f55a1a
• fix viewing .MD files (8a0746c)

🔧 other changes

• when a reverse-proxy is detected, force explicit configuration of --rproxy to obtain correct client IP 3f8cb7e
  • a bit inconvenient, but helps prevent potentially-dangerous misconfiguration
  • the necessary configuration changes are explained in the serverlog (you can't miss it)
  • thanks to @person4268 for pointing out that there was room for improvements!
• failed login attempts now only log a sha512 hash of the provided password
  • to see login-attempts with incorrect passwords as plaintext like before, log-badpwd: 1
• #502 add systemd user services and templated services (thx @icxes!) 34d98e9
• #475 improve helptext for multivalue global-options c2ac57a
• #475 add chungus.conf, massive extensive nonsensical demo config b664ebb
• try to detect proxies with incorrect caching behavior 9e980bb
• recent-uploads now support ie9 a57f7cc
• languages and themes are now dropdowns a9ee4f2
• copyparty.exe: upgrade python to 3.13.6 a98360f
• introduce copyparty-en.py, english-only edition of copyparty-sfx.py to save space 33497e6

🗿 known issues

• the copyparty.pyz in this release is english-only, and does not include the translations -- they got lost in transit while adjusting the buildscripts to make copyparty-en.py

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) (PREVIOUS RELEASE) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #426 add Dutch translation (thx @DeStilleGast!) 3798e19
• #458 add Italian translation (thx @AOTREVAI!) a38e6e6
• #456 transcode to flac/wav (thx @missaustraliana!) b469db3 b2d48c6 0d09fb6
• #439 config-file can be provided through PRTY_CONFIG (thx @icxes!) 971360e
• #459 videos can become folder thumbnails 16bbcce
• add --idp-cookie, session-tickets for IdP auth (performance boost) f9502c3
  • useful when the IdP-server becomes a bottleneck

🩹 bugfixes

• #412 fix PUT-uploads into volumes with nosub volflag 47fa4a9
• #435 ignore spurious exceptions from browser extensions 39e5582
• #449 IPv6 QR-Code didn't include port 66a5bf3
• #295 do not force d2d in blank vfs (introduced in v1.18.3) 848315c

🔧 other changes

• #440 improved finnish translation (thx @icxes!) a68d5b0
• point to the -nc option in the "at max connections" warning 153d240
• the play-button now indicates "play-as-audio" for video-files 40d56bb
• docs:
  • #411 improve password-hashing instructions (thx @chinponya!) c69c7c8
  • #429 improve --cert helptext (thx @kzshantonu!) 7e3825f
  • #413 copyparty is Wii Internet Channel compatible! (thx @techflashYT!) 50f1629
  • #461 how to use groups without IdP e85a710
  • mention that WebDAV and OpenGraph are incompatible by default (and how to fix that) 0bc1b8f
  • #345 short explanation about the sfx in quickstart ae5eefc
• #398 pypi-package now has extra-group all 6eaf8af

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes a Denial-of-Service vuln

CVE-2025-54796: an unauthenticated user could make the server grind to a halt by accessing a particular URL

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #310 translated to Spanish (thx @herruzo99!) a1dfd0b
• #350 translated to Ukrainian (thx @MrMebelMan!) fea45e4
• #321 translated to Russian (thx @A1Asriel!) 0b05c72
• #381 translated to Finnish (thx @icxes and @Permik!) 7ecedb2
  • haha it says surf
• #312 add option to use localtime in the UI ad23b25
• #386 initial packaging for debian (thx @Beethoven-n!) 3c6f0b1

🩹 bugfixes

• CVE-2025-54796 / GHSA-5662-2rj7-f2v6 09910ba
• #347 fix upload-abort when uploading to a share 6d6d79f
• fix xiu backlog dropping on restart 3222ba3
• #375 fix crash on really old versions of python2.7 (thx @bb!) b69d590
• #388 another python2.7 fix: improve unicode support in u2c (thx @KevinXuxuxu!) 9c19753
• log creator of new/blank markdown docs d0d2f20
• #400 config didn't support indenting with tabs c160428

🔧 other changes

• ack was changed to continue 4fa7be2

🌠 fun facts

• the translations have made the sfx size balloon from 766 to 845 KiB in under a week... nice! keep em coming 🎉

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

• v1.18.7 (2025-07-30) (PREVIOUS RELEASE) fixed XSS in the recent-uploads page
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🩹 bugfixes

• #354 fix copyparty-sfx.py failing to start on certain versions of python c17ce48

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-8mx2-rjh8-q3jq, could let an attacker execute arbitrary JS by tricking you into clicking a malicious URL

Soon there won't be many of these left, surely. Huge thanks to @Ju0x for finding and reporting this.

recent important news

• v1.18.7 (2025-07-30) fixed XSS in the recent-uploads page
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #265 uid/gid for new files can be configured per-volume f195998
  • has preconditions; see readme
• #212 add German translation (thx @rGunti, @Scotsguy, @chocolateimage) 9d32564

🩹 bugfixes

• GHSA-8mx2-rjh8-q3jq a8705e6
• #276 windows: fix segfault (thx @kernel1994 for debugging!) a9d07c6
• #272 webdav: send disk-size and disk-free to clients 4988a55
• #285 use disk-free sans root-reserve on linux (thx @Arklaum!) c3cc2dd
• cors-check was funky on IPv6 e9684d4
• #325 upgrade sharex example for newer versions 6016ec9
• #300 restore support for old versions of python 2.7 b7ca6f4

🔧 other changes

• shares: the config POST-target is now always the webroot (for ease of IdP configuration) fb7cbc4
• unlist: now applies to the navpane too fbf17be
• windows: show disk-usage as well, not just disk-free 5c6341e
• #228 nix-pkg improvements (thx @dtomvan!) 4915b14
• docker-compose: ensure logs appear in realtime 3cde1f3
• mention that IdP-volumes and users can now be persisted 6069bc9
• #316 explain a scary-looking thing in the code 053de61

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

• v1.18.5 (2025-07-28) (PREVIOUS RELEASE) fixed XSS in display of media tags
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #201 add support for reflink-based dedup on cow filesystems df9feab
  • combine --dedup with --reflink to enable, or volflags with same name
  • a better and safer alternative to the other dedup approaches (symlink/hardlink), but only possible to use in some cases:
    • needs linux 5.3 or newer, python 3.14 or newer, btrfs/xfs/zfs
    • not available in the docker images yet; needs a new version of python, so maybe next alpine release (november/december 2025)
• ratelimit password changes to impede bruteforcing a2601fd
  • limit is set by --ban-pwc (default is 5 changes in 60min)

🩹 bugfixes

• #240 nixos: fix unixgroups issue (thx @chinponya!) 7c9c962
• #246 cbz: use correct page for thumbnail (thx @Scotsguy!) 542a1de

🔧 other changes

• volflag nosub now also prevents mkdir 0f2c623
• improve documentation:
  • #229 use the same example UDS path everywhere cb019af
  • example nginx config had misleading cloudflare comment (thx @jmi2k!) 674fc1f
  • more readable --help-chmod 03d23da
  • #244 fix typo in --help 4f013f6
• #242 hide "use real pw" on connectpage if no accounts (thx @toast003!) 025942a
• #211 docker: remove deprecated attribute (thx @ptweezy!) 5b98e10
• #190 add the feature-showcase video to the readme (thx @RustoMCSpit!) 43e6da3

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-9q4r-x2hj-jmvr, exploitable in two different ways, could let an attacker execute arbitrary javascript on other users:

• either: tricking someone into clicking a malicious URL to load and execute javascript
• or: uploading a malicious audio file to the server, affecting any successive visitors

so, with new and curious eyes on the project, we are starting off with a bang. Huge thanks to @altperfect for finding and reporting this earlier today.

recent important news

• v1.18.5 (2025-07-28) fixed XSS in display of media tags
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #214 option to stop playback after one song, and/or at end of folder 6bb27e6

🩹 bugfixes

• GHSA-9q4r-x2hj-jmvr 895880a
• block external m3u files 2228f81
• #202 the connect-page could show IP-address when it should have used hostnames/domains b0dec83
• scrolling locked after tailing a file and closing it creatively d197e75

🔧 other changes

• #189 the SameSite cookie parameter now defaults to Strict, increasing CSRF protection ca6d0b8
  • new option --cookie-lax reverts to previous value Lax
• docker: add FTPS support b419984

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-02-25)

recent important news

• v1.16.15 (2025-02-25) fixed low-severity xss when uploading maliciously-named files
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #182 Landmarks edba7ff
  • detects that a storage backend is glitching out and disengage the up2k-database as a precaution
• #183 quickdelete 21a96bc
  • new togglebutton qdel in the UI which reduces the number of deletion confirmations by one
  • global-option --qdel=0 which can bring it all the way to zero (good luck)

🩹 bugfixes

• fix unpost in recently created shares 2d322dd
• fix filekeys on windows df6d4df

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-02-25)

recent important news

• v1.16.15 (2025-02-25) fixed low-severity xss when uploading maliciously-named files
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #181 the default chmod (unix-permissions) of new files and folders can now be changed 9921c43
  • --chmod-d or volflag chmod_d sets directory permissions; default is 755
  • --chmod-f or volflag chmod_f sets file permissions; default is usually 644 (OS-defined)
  • see --help-chmod which explains the numbers

🩹 bugfixes

• #179 couldn't combine --shr (shares) and --xvol (symlink-guard) 0f0f8d9
• #180 gallery buttons could still be clicked when faded-out 8c32b0e
• rss-feeds were slightly busted when combined with rp-loc (location-based proxying) 56d3bcf
• music-playback within search-results no longer jumps into the next folder at end-of-list 9bc4c5d
• video-playback on iOS now behaves like on all other platforms 78605d9
  • (it would force-switch into fullscreen because that's their default)

⚠️ not the latest version!

Part-DB 1.17.3

Bug fixes

• Fixed a potential denial of service issue related to user avatars (thanks to @NaklehZeidan21)
• Fixed problem with mass creation dialog (#993)

Miscellaneous

• Updated dependencies

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed focus trap issue in TinyMCE dialogs within the WYSIWYG editor (#25678 by @formfcw)
• @directus/api
  • Fixed failed Directus startup caused by additional arguments to the start command (#25675 by @hanneskuettner)

📦 Published Versions

• @directus/app@13.13.1
• @directus/api@29.1.1

⚠️ Potential Breaking Changes

Added TypeScript support for services within the extension context (#25368)
The services exposed to API extensions using TypeScript are now fully typed instead of any, which may cause new type errors when building extensions.

Arguments of service methods are now strictly typed, which can result in type errors for broader types that would not error before:

• The ItemsService constructor now expects the collection name to be a string and will error on string | undefined (or other unions).
• Similarly, functions like service.readOne()/service.readMany() now expect string | number for their primary keys and will error for nullable types

As a workaround, casting the services back to any will result in the original behavior. However, it is recommended to resolve the type errors instead.

• @directus/extensions-sdk
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)

✨ New Features & Improvements

• @directus/app
  • Added new error operation to Flows (#25558 by @licitdev)
• @directus/api
  • Added new error operation to Flows (#25558 by @licitdev)
  • Added support for private_key_jwt auth method in OpenID driver (#25644 by @licitdev)
  • Added the ability to override the email from property (#25459 by @jekuer)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Ensured user language is set on hydrate (#25647 by @ComfortablyCoding)
  • Ensured RTL support for the transform property in certain components (#25652 by @formfcw)
  • Fixed an issue for empty states not being centered in RTL languages (#25636 by @that1matt)
  • Enabled text selection in the studio (#25510 by @gloriarodrife)
  • Fixed an issue where the theme overrides interface would be rendered RTL in RTL languages (#25633 by @rijkvanzanten)
  • Fixed an issue that would render english code as RTL in RTL language mode (#25641 by @rijkvanzanten)
  • Fixed an issue that would cause the code editor interface to fail when the language prop was set to null (#25595 by @copilot-swe-agent)
  • Fix v-resizeable dragging for RTL vs LTR (#25659 by @AlexGaillard)
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
  • Fixed an issue that would cause the table header columns to resize in the wrong direction when using rtl languages (#25631 by @rijkvanzanten)
  • Ensured that labels for data fields always display in batch mode (#25619 by @formfcw)
  • Updated dependency form-data (#25579 by @ComfortablyCoding)
  • Standardized batch mode for raw group fields (#25600 by @timio23)
• @directus/api
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
  • Updated dependency form-data (#25579 by @ComfortablyCoding)
  • Updated dependency tar-fs (#25338 by @br41nslug)
  • Fixed admin users email not trimmed on project initialization (#25465 by @ComfortablyCoding)
  • Upgraded rolldown from from 1.0.0-beta.30 to 1.0.0-beta.31 (#25607 by @dependabot)
• @directus/storage-driver-cloudinary
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/storage-driver-supabase
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/storage-driver-azure
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/storage-driver-local
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/extensions-registry
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25563 by @rijkvanzanten)
• @directus/storage-driver-gcs
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/storage-driver-s3
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/composables
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/extensions
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/constants
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
• @directus/storage
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
• @directus/errors
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Moved dependency (#25562 by @rijkvanzanten)
• @directus/themes
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/types
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/sdk
  • Added TypeScript support for services within the extension context (#25368 by @that1matt)
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/pressure
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/memory
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/stores
  • Upgraded dependencies (#25583 by @rijkvanzanten)
• @directus/utils
  • Upgraded dependencies (#25583 by @rijkvanzanten)
  • Upgraded tmp dependency from 0.2.3 to 0.2.4 (#25634 by @dependabot)
• @directus/release-notes-generator
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/update-check
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/system-data
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/validation
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• @directus/schema
  • Upgraded dependencies (#25580 by @rijkvanzanten)
  • Fixed an issue that could report indexed falsy as enabled for mysql columns with the same name in different schemas (#25650 by @rijkvanzanten)
• @directus/specs
  • Upgraded dependencies (#25580 by @rijkvanzanten)
• create-directus-project
  • Upgrade dependencies (#25559 by @rijkvanzanten)
• @directus/extensions-sdk
  • Upgraded dependencies (#25564 by @rijkvanzanten)
• @directus/env
  • Upgrade dependencies (#25561 by @rijkvanzanten)

📦 Published Versions

• @directus/app@13.13.0
• @directus/api@29.1.0
• @directus/composables@11.2.2
• @directus/constants@13.0.2
• create-directus-extension@11.0.17
• create-directus-project@12.0.2
• @directus/env@5.1.2
• @directus/errors@2.0.3
• @directus/extensions@3.0.9
• @directus/extensions-registry@3.0.9
• @directus/extensions-sdk@16.0.0
• @directus/memory@3.0.8
• @directus/pressure@3.0.8
• @directus/release-notes-generator@2.0.2
• @directus/schema@13.0.2
• @directus/schema-builder@0.0.4
• @directus/specs@11.1.1
• @directus/storage@12.0.1
• @directus/storage-driver-azure@12.0.8
• @directus/storage-driver-cloudinary@12.0.8
• @directus/storage-driver-gcs@12.0.8
• @directus/storage-driver-local@12.0.1
• @directus/storage-driver-s3@12.0.8
• @directus/storage-driver-supabase@3.0.8
• @directus/stores@1.0.3
• @directus/system-data@3.2.1
• @directus/themes@1.1.4
• @directus/types@13.2.1
• @directus/update-check@13.0.2
• @directus/utils@13.0.9
• @directus/validation@2.0.8
• @directus/sdk@20.0.2

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest Crowdin changes. (#5740)
• Updated PHP package versions.
• Fixed open redirect with stricter location checking.
• Fixed users being logged out on ZIP import errors. (#5754)
• Fixed menu accessibility tagging. (#5753, #5752)
• Fixed scenarios where MAIL_PORT could interfere with tests. (#5755)