❌

Normale weergave

Ontvangen β€” 8 September 2025 ⏭ Selfhosted

SECURITY: fix single-file shares

βœ‡Copyparty
Door: 9001
20 September 2025 om 01:19

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

⚠️ ATTN: this release fixes CVE-2025-58753, an issue with shares

  • when a share is created for just one or more files inside a folder, it was possible to access the other files inside that folder by guessing the filenames
  • it was not possible to descend into subdirectories in this manner; only the sibling files were accessible
  • NOTE: this does NOT affect filekeys; this is specifically regarding the shr global-option

recent important news

πŸ§ͺ new features

  • #761 IdP: option to replace the login/logout links and buttons with redirects into an IdP UI 09f2299
  • #726 disk-usage and server-version can be selectively hidden according to user permissions 19a4c45
  • option --shr-who / volflag shr_who decides who is able to create a share of that volume edafa15
  • #751 nixos: add globalExtraConfig to specify repeatable config parameters (thx @xvrqt!) 09e3018
  • some very small speedups (mainly u2c and ancient python versions) 74821a3
  • #759 #393 total folder size now decreases when files inside are deleted 96b109b
    • would previously require a reindex to get back on track

🩹 bugfixes

  • fix GHSA-pxvw-4w88-6x95 by fencing fileshares to just the shared files e0a92ba
  • #397 prevent hinting at valid passwords, even if they cannot be used to authenticate with 7a4ee4d
  • #747 disable some features if /tmp must be used for runtime config e6755aa
    • the config-folder will now also be created with chmod 700 (accessible by owner only)
  • #733 #298 fix hotkeys on non-qwerty keyboard layouts (dvorak etc.) e798a9a
  • #539 ftp-server: support clients which never does a CWD b049631
  • ignore the plaintext session-cookie on https; fixes some confusing behavior when switching from https to http c71128f
  • og-ua would prevent clients matching the pattern from accessing fullsize files
  • og-ua was only possible to set globally; the og_ua volflag was ignored 422f8f6
  • uds / unix-domain-sockets got wrong permissions when rm-sck was used e270fe6
  • #727 macos: support running from config-files 230a146
  • #539 avoid issues if someone uploads a file with a last-modified timestamp from year -9999999999999 eeb7738
  • using the spacebar to pause a video was jank on chrome bfcb6ea
  • block the next-song hotkey while a folder is loading f7e08ed
  • #748 fix rare js-panic when an action is aborted aaeec11
  • #738 bubbleparty: use /bin/bash (thx @ckastner!) 0469b5a

πŸ”§ other changes

  • partyfuse: nice speedup by caching readdir too 06d2654
  • partyfuse: explain usage with usernames 1cdb388
  • connect-page: better examples when usernames enabled 3bdef75
  • docker: fix image annotations ab56238

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️

Part-DB 2.1.1

βœ‡Part-DB
Door: jbtronics
8 September 2025 om 00:04

Part-DB 2.1.1

Important

If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8

Tip

You can help to translate Part-DB to other languages. See this post for more info.

Bug fixes

  • Fixed problem that tree views were not properly highlighted anymore

  •  
  • ↗️

Part-DB 2.1.0

βœ‡Part-DB
Door: jbtronics
7 September 2025 om 23:49

Part-DB 2.1.0

Important

If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8

Tip

You can help to translate Part-DB to other languages. See this post for more info.

New features

  • Added new exchange rate provider, that allow for more foreign currencies without need for fixer.io
  • Show what permissions a user is lacking in case of an access denied message
  • Do not mark relative links in markdown as external and open in new tab (thanks @d-buchmann)
  • Added option to import BOM files from KiCAD schematic editor and generic CSV files (thanks @barisgit)
  • Added an button to update label profiles directly from the label generator.
  • Allow to customize what items get shown at homepage (#470, #894)
  • Allow to hide version number at homepage
  • Allow to disable the extraction of parameters from part notes and description (#747)
  • Allow to select default info providers for a provider search (#556)
  • Made image size in part tables configurable
  • Made part table action bar sticky and floating to make it better visible and improve UX

Bug fixes

  • Allow import of label profiles (thanks @d-buchmann)
  • Fixed problem with currency admin (#1009)
  • Fixed LCSC provider (#1018)
  • Fixed CKeditor text color in dark mode (#1016)
  • Use better tilde symbols for LCSC provider data (@d-buchmann, #989)
  • Fixed pollin info provider (#1015)
  • Prevent that label profiles with duplicate names get created (#994)
  • Readdeed option to show all entries of a table

Miscellaneous

  • Updated dependencies
  • Improved documentation
  • Updated GNU Unifont

Full Changelog: v2.0.2...v2.1.0

  •  
  • ↗️
Ontvangen β€” 5 September 2025 ⏭ Selfhosted

v0.12.7

βœ‡Beszel
Door: henrygd
5 September 2025 om 23:43

What's Changed

  • Make LibreHardwareMonitor opt-in with LHM=true environment variable. (#1130)
  • Fix bug where token was not refreshed when adding a new system. (#1141)
  • Add USER_EMAIL and USER_PASSWORD environment variables to set the email and password of the initial user. (#1137)
  • Display system counts (active, paused, down) in All Systems 'view' options. (#1078)
  • Remember All Systems sort order during session.
  • [Feature] improved support for mips and mipsle architectures by @a-mnich in #1112
  • [Bug] Update install script to use crontab on Alpine by @svenvg93 in #1136
  • [Fix] fix GitHub workflow errors in forks by @a-mnich in #1113

New Contributors

Full Changelog: v0.12.6...v0.12.7

  •  
  • ↗️

5.2.0-beta.1

βœ‡UpSnap
Door: github-actions[bot]
5 September 2025 om 03:21

Note

UpSnap is, and always will be, free and open source software.

If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.

The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.

Changelog

Features

Bug fixes

Others

Go dependencies

Npm dependencies

Github Actions

  •  
  • ↗️

5.2.0-beta.0

βœ‡UpSnap
Door: github-actions[bot]
4 September 2025 om 23:33

Note

UpSnap is, and always will be, free and open source software.

If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.

The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.

Changelog

Features

Bug fixes

Others

Npm dependencies

Github Actions

  •  
  • ↗️
Ontvangen β€” 31 Augustus 2025 ⏭ Selfhosted

Part-DB 2.0.2

βœ‡Part-DB
Door: jbtronics
31 Augustus 2025 om 15:55

Warning

Part-DB now requires PHP 8.2 or higher. It is recommended that you read the upgrade guide from v1 to v2 before upgrading.

Part-DB 2.0.2

This upgrade introduces a new web based configuration system. Existing configuration using environment variables will continue to work. If you want to configure these parameters via the WebUI in the future, an additional migration step is required. See the upgrade guide for more information.

Bug fixes

  • Properly pass environment variables to Part-DB in jbtronics/partdb1 docker image to prevent startup issues (issue #1006)

Improvements

  • Updated translations
  • Do not pollute docker error logs with deprecation notices

Full Changelog: v2.0.0...v2.0.1

  •  
  • ↗️

5.1.10-beta.1

βœ‡UpSnap
Door: github-actions[bot]
31 Augustus 2025 om 10:43

Note

UpSnap is, and always will be, free and open source software.

If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.

The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.

Changelog

Features

Others

Npm dependencies

  •  
  • ↗️

Part-DB 2.0.1

βœ‡Part-DB
Door: jbtronics
31 Augustus 2025 om 01:51

Warning

Part-DB now requires PHP 8.2 or higher. It is recommended that you read the upgrade guide from v1 to v2 before upgrading.

Part-DB 2.0.1

This upgrade introduces a new web based configuration system. Existing configuration using environment variables will continue to work. If you want to configure these parameters via the WebUI in the future, an additional migration step is required. See the upgrade guide for more information.

Bug fixes (compared to 2.0.0)

  • Fixed broken english translations
  • Fixed problem that wrong column was sorted after columns were reordered in a table

Full Changelog: v2.0.0...v2.0.1

  •  
  • ↗️
Ontvangen β€” 30 Augustus 2025 ⏭ Selfhosted

Part-DB 2.0.0

βœ‡Part-DB
Door: jbtronics
30 Augustus 2025 om 22:55

Warning

Part-DB now requires PHP 8.2 or higher. It is recommended that you read the upgrade guide from v1 to v2 before upgrading.

Part-DB 2.0.0

This upgrade introduces a new web based configuration system. Existing configuration using environment variables will continue to work. If you want to configure these parameters via the WebUI in the future, an additional migration step is required. See the upgrade guide for more information.

Breaking changes

  • Part-DB now requires at least PHP 8.2 or higher. If you are still using PHP 8.1 you need to upgrade PHP first
  • Nodejs 20 or higher is now required
  • The config/banner.md file does not exist anymore. If you wanna customize the banner, either do it via the WebUI or the BANNER env.
  • The parameters partdb.sidebar.items, partdb.sidebar.root_node_enable and partdb.sidebar.root_expanded in config/parameters.yaml,
    were removed. You can configure them now directly in the admin interface.

New features

  • Introduced capability to configure system settings and info providers via the WebUI. No need to work with environment variables anymore
  • Improved emoji dialog for rich text editor

Miscellaneous

  • Updated dependencies

Full Changelog: v1.17.4...v2.0.0

  •  
  • ↗️

v0.12.6

βœ‡Beszel
Door: henrygd
29 Augustus 2025 om 23:43

What's Changed

  • Add maximum 1 minute memory usage.
  • Add status filtering to Systems Table by @svenvg93 in #927
  • Virtualize All Systems table to improve performance with hundreds of systems. (#1100)
  • Add missing os.Chmod step to Hub update by @svenvg93 in #1093
  • Fix system table links in Safari in #1092
  • Use older cuda image in henrygd/beszel-agent-nvidia for increased compatibility by @Impact123 in #1103
  • Fix alignment for metrics by @svenvg93 in #1109
  • Truncate long system names in web UI (#1104)
  • Fix update mirror and add --china-mirrors flag. (#1035)

New Contributors

Full Changelog: v0.12.5...v0.12.6

  •  
  • ↗️
Ontvangen β€” 29 Augustus 2025 ⏭ Selfhosted

Part-DB 1.17.4

βœ‡Part-DB
Door: jbtronics
28 Augustus 2025 om 23:00

Part-DB 1.17.3

Important

If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8

Tip

There is a new experimental docker image, which is much faster. See this post for more info.

Tip

You can help to translate Part-DB to other languages. See this post for more info.

Bug fixes

  • Pass the proxy related settings to the docker application (issue #1001)

Full Changelog: v1.17.3...v1.17.4

  •  
  • ↗️
Ontvangen β€” 28 Augustus 2025 ⏭ Selfhosted

chdir

βœ‡Copyparty
Door: 9001
8 September 2025 om 02:02

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • new option chdir to change the PWD (process working-directory) before volumes are mapped 14555d5

🩹 bugfixes

  • fix using empty folders as statefile storage (v1.19.6 made this a bit too strict) 0d96786
  • holding I/K to scroll through folders quickly now works better 914686e

πŸ”§ other changes

  • #717 docker: fix the image repo metadata (thx @EmilyxFox!) 6f08711
  • docker: change $HOME to /state 01cf20a d1f7522
    • and use the new chdir option to preserve old config-file semantics 14555d5
    • helps avoid statefiles accidentally landing in /w as a consequence of misconfiguration

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️

BookStack v25.07.2

βœ‡BookStack
Door: ssddanbrown
28 Augustus 2025 om 18:46

Links

Full List of Changes

This release contains the following fixes and changes:

  • Updated new WYSIWYG editor with various fixes focused on collapsible block behaviour & interaction. (#5775)
  • Updated translations with latest Crowdin changes. (#5759)
  • Updated versions of PHP dependencies.
  • Updated code to address some remaining PHP 8.4 deprecations.
  • Fixed diagrams in ZIP imports not being editable post-import. (#5761)
  • Fixed books detaching from shelves on shelf update where users don't have permission to view child books. (#5728)

  •  
  • ↗️

auth-precedence

βœ‡Copyparty
Door: 9001
28 Augustus 2025 om 22:57

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #673 add Portuguese translation (thx anonymous!) 4b8c221
    • ...and enable the Polish translation (whoops) 8f235be
  • #689 add option to control authentication priority/precedence 543b7ea
  • url-parameter ?dl forces file download instead of displaying in-browser 48d6224
  • #533 more ways to make the QR-code always-visible in the console 2848941
  • #695 option to log invalid xml from clients 28b93d7
  • #552 configurable markdown newline behavior 0491123
    • and tweak the styling of monospace in links 6850344

🩹 bugfixes

  • #628 FTP-server now accepts connections from IPv6 link-local addresses 978801d
  • incorrect assumption that all IPv6 link-local addresses start with fe80 d39c74c
  • ftp: fix file rename d40f061
  • u2c: couldn't upload files located at the very top of the unix file hierarchy 599e82f
  • #699 markdown-editor: fix panic if the table-formatter is executed on something that isn't a table 4c042b3

πŸ”§ other changes

  • #696 a volume can be one single file, not just folders aa1c921
  • #442 strongly prefer XDG_CONFIG_HOME as config location 3547255
  • #691 album-art collected from audio-files can now become folder thumbnails 0b50fde
  • allow spaces in more of the comma-separated options d30240b
  • docs:

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 27 Augustus 2025 ⏭ Selfhosted

v11.11.0

βœ‡Directus
Door: github-actions[bot]
27 Augustus 2025 om 22:08

⚠️ Potential Breaking Changes

Fixed Content Versioning to correctly merge relational data and support all query parameter functionality (#25437)
The following changes should be kept in mind when updating:

  1. Relational versioned data now requires explicit field expansion to be included in the response.
  2. Invalid data (e.g. Fails validation rules) will error on query
  3. Filter conditions now apply to the versioned data instead of the main record
  4. For more information, please read the breaking change docs for a full list of changes.

Additionally there will be further breaking changes to USER_CREATED, USER_UPDATED, DATE_CREATED, DATE_UPDATED default values in a followup PR to improve this behavior further.

Check in with #25744 to see more info about the breaking changes.

✨ New Features & Improvements

  • @directus/api

    • Fixed Content Versioning to correctly merge relational data and support all query parameter functionality (#25437 by @Nitwel)

  • @directus/app

    • Fixed links in WYSIWYG missing underline and pointer cursor styling (#25739 by @Abdallah-Awwad)
    • Added a new field to conditions for clearing hidden fields on save (#25646 by @robluton)

πŸ› Bug Fixes & Optimizations

πŸ“¦ Published Versions

  • @directus/app@13.14.0
  • @directus/api@30.0.0
  • create-directus-extension@11.0.18
  • @directus/extensions@3.0.10
  • @directus/extensions-registry@3.0.10
  • @directus/extensions-sdk@16.0.1
  • @directus/schema-builder@0.0.5
  • @directus/types@13.2.2
  • @directus/sdk@20.0.3

  •  
  • ↗️

v0.12.5

βœ‡Beszel
Door: henrygd
27 Augustus 2025 om 03:15

Fixes a couple of FreeBSD-specific issues.

  • Downgrade gopsutil to v4.25.6 to fix panic on FreeBSD (#1083)
  • Exclude FreeBSD from battery charge monitoring to fix deadlock. (#1081)
  • Minor hub UI improvements.

Full Changelog: v0.12.4...v0.12.5

  •  
  • ↗️
Ontvangen β€” 26 Augustus 2025 ⏭ Selfhosted

5.1.9

βœ‡UpSnap
Door: github-actions[bot]
26 Augustus 2025 om 17:02

Note

UpSnap is, and always will be, free and open source software.

If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.

The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.

Changelog

Bug fixes

Others

  •  
  • ↗️

5.1.8

βœ‡UpSnap
Door: github-actions[bot]
26 Augustus 2025 om 14:18

Note

UpSnap is, and always will be, free and open source software.

If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.

The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.

Changelog

Features

Bug fixes

Others

Go dependencies

  •  
  • ↗️

v0.12.4

βœ‡Beszel
Door: henrygd
26 Augustus 2025 om 03:45

What's Changed

  • Add battery charge monitoring.
  • [Chore] Improve auto update mechanism by @svenvg93 in #1009
  • Add fallback mirror to the update commands. (#1035)
  • Fix blank token field in insecure contexts.
  • Allow opening internal router links in new tab.
  • Add /api/beszel/user-alerts endpoint. Remove use of batch API for alerts in hub.
  • Update Go and JS dependencies.
  • New translations by @Radotornado, @AlexVanSteenhoven, @harupong, @dymek37, @NaNomicon, Tommaso Cavazza, Caio Garcia, and others.

Full Changelog: v0.12.3...v0.12.4

  •  
  • ↗️
Ontvangen β€” 24 Augustus 2025 ⏭ Selfhosted

5.1.7

βœ‡UpSnap
Door: github-actions[bot]
24 Augustus 2025 om 22:41

Note

UpSnap is, and always will be, free and open source software.

If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.

The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.

Changelog

Features

Npm dependencies

  •  
  • ↗️
Ontvangen β€” 22 Augustus 2025 ⏭ Selfhosted

it runs on iOS

βœ‡Copyparty
Door: 9001
28 Augustus 2025 om 22:57

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #328 run copyparty on iPhones; see install on iOS in the readme ca98d54
    • cannot run in the background, doesn't have full access to your files, and is slightly buggy, but it works
    • running on android gives you a much better experience
  • save the qr-code to a file (txt/svg/png) 202ddea

🩹 bugfixes

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 20 Augustus 2025 ⏭ Selfhosted

5.1.6

βœ‡UpSnap
Door: github-actions[bot]
20 Augustus 2025 om 00:40

Note

UpSnap is, and always will be, free and open source software.

If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.

The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.

Changelog

Features

Others

Go dependencies

Npm dependencies

  • cb6e7d3: npm-dep: bump @eslint/compat from 1.3.1 to 1.3.2 in /frontend (@dependabot[bot])
  • 9bd073c: npm-dep: bump @eslint/js from 9.32.0 to 9.33.0 in /frontend (@dependabot[bot])
  • 4404019: npm-dep: bump @sveltejs/adapter-static from 3.0.8 to 3.0.9 in /frontend (@dependabot[bot])
  • aa1e8a0: npm-dep: bump @sveltejs/kit from 2.27.0 to 2.27.1 in /frontend (@dependabot[bot])
  • c3299ba: npm-dep: bump @sveltejs/kit from 2.27.1 to 2.27.3 in /frontend (@dependabot[bot])
  • 28561b6: npm-dep: bump @sveltejs/kit from 2.27.3 to 2.28.0 in /frontend (@dependabot[bot])
  • 97b1447: npm-dep: bump @sveltejs/kit from 2.28.0 to 2.29.1 in /frontend (@dependabot[bot])
  • b4f33ea: npm-dep: bump @sveltejs/kit from 2.29.1 to 2.30.1 in /frontend (@dependabot[bot])
  • 0c5d14d: npm-dep: bump @sveltejs/kit from 2.30.1 to 2.31.1 in /frontend (@dependabot[bot])
  • 6d39733: npm-dep: bump @sveltejs/kit from 2.31.1 to 2.33.0 in /frontend (@dependabot[bot])
  • ac1dbb6: npm-dep: bump @tailwindcss/postcss from 4.1.11 to 4.1.12 in /frontend (@dependabot[bot])
  • 570d35d: npm-dep: bump eslint from 9.32.0 to 9.33.0 in /frontend (@dependabot[bot])
  • 14ccf20: npm-dep: bump svelte from 5.37.3 to 5.38.0 in /frontend (@dependabot[bot])
  • 0ea7815: npm-dep: bump svelte from 5.38.0 to 5.38.1 in /frontend (@dependabot[bot])
  • 313a2df: npm-dep: bump svelte from 5.38.1 to 5.38.2 in /frontend (@dependabot[bot])
  • e471023: npm-dep: bump tailwindcss from 4.1.11 to 4.1.12 in /frontend (@dependabot[bot])
  • 0a48aaa: npm-dep: bump typescript-eslint from 8.38.0 to 8.39.0 in /frontend (@dependabot[bot])
  • a5bddd1: npm-dep: bump typescript-eslint from 8.39.0 to 8.39.1 in /frontend (@dependabot[bot])
  • 83fb7d3: npm-dep: bump typescript-eslint from 8.39.1 to 8.40.0 in /frontend (@dependabot[bot])

Github Actions

  •  
  • ↗️
Ontvangen β€” 18 Augustus 2025 ⏭ Selfhosted

FreshRSS 1.27.0

βœ‡FreshRSS
Door: Alkarex
18 Augustus 2025 om 18:03

A few highlights ✨:

  • Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After
  • Add sort by category title, or by feed title
  • Add search operator c: for categories like c:23,34 or !c:45,56
  • Custom feed favicons
  • Several security improvements, such as:
    • Implement reauthentication (sudo mode)
    • Add Content-Security-Policy: frame-ancestors
    • Ensure CSP everywhere
    • Fix access rights when creating a new user
  • Several bug fixes, such as:
    • Fix redirections when scraping from HTML
    • Fix feed redirection when coming from WebSub
    • Fix support for XML feeds with HTML entities, or encoded in UTF-16LE
  • Docker alternative image updated to Alpine 3.22 with PHP 8.4 (PHP 8.4 for default Debian image coming soon)
  • Start supporting PHP 8.5+
  • And much more…

This release has been made by @Alkarex, @Inverle, @the7thNightmare and newcomers @Deioces120, @Fraetor, @Tarow, @dotsam, @hilariousperson, @pR0Ps, @triatic, @tryallthethings

Full changelog:

  • Features
    • Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After #7760
    • Add sort by category title, or by feed title #7702
    • Add search operator c: for categories like c:23,34 or !c:45,56 #7696
    • Custom feed favicons #7646, #7704, #7717,
      #7792
    • Rework fetch favicons for fewer HTTP requests #7767
    • Add more unicity criteria based on title and/or content #7789
    • Automatically restore user configuration from backup #7682
    • API add support for states in s parameter of streamId #7695
    • Improve sharing via Print #7728
    • Redirect to the login page from bookmarklet instead of 403 #7782
    • Clean local cache more often, when refreshing feeds #7827
  • Security
    • Implement reauthentication (sudo mode) #7753
    • Add Content-Security-Policy: frame-ancestors #7677
    • Ensure CSP everywhere #7810
    • Show warning when unsafe CSP policy is in use #7804
    • Fix access rights when creating a new user #7783
    • Improve security of form for user details #7771, #7786
    • Disallow setting non-existent theme #7722
    • Regenerate cookie ID after logging out #7762
    • Require current password when setting new password #7763
    • Add missing access checks for feed-related actions #7768
    • Strip more unsafe attributes such as referrerpolicy, ping #7770
    • Remove unneeded execution permissions #7802
  • Bug fixing
    • Fix redirections when scraping from HTML #7654, #7741
    • Fix multiple authentication HTTP headers #7703
    • Fix HTML queries with a single feed #7730
    • WebSub: only perform a redirection when coming from WebSub #7738
    • Include enclosures in entries’ hash #7719
      • Negative side-effect: users of the option to automatically mark updated articles as unread will once have some articles with enclosures re-appear as unread
    • Fix cancellation of slider exit UI #7705
    • Honor disable update on update page #7733
    • Fix no registration limit setting #7751
    • Fix XML encoding of sharing functions #7822
  • SimplePie
  • Deployment
    • Docker default image (Debian 12 Bookworm) updated to PHP 8.2.29 #7805
    • Docker alternative image updated to Alpine 3.22 with PHP 8.4.11 and Apache 2.4.65 #7740, #7740,
      #7803
    • Start supporting PHP 8.5+ #7787, #7826
      • Docker Alpine dev image :newest updated to PHP 8.5-alpha and Apache 2.4.65 #7773
    • Docker: interpolate FRESHRSS_INSTALL and FRESHRSS_USER variables #7725
    • Docker: Reduce how much data needs to be chown/chmod’ed on container startup #7793
    • Test for database PDO typing support during install (relevant for MySQL / MariaDB with obsolete driver) #7651
  • Extensions
    • Add API endpoint for extensions #7576
    • Expose the reading modes for extensions #7668, #7688
    • New extension hook before_login_btn #7761
  • UI
    • Improve mark as read request showing popup due to onbeforeunload #7554
    • Fix lazy-loading for <video poster="..."> and <image> #7636
    • Avoid styling <code> inside of <pre> #7797
    • Improve confirmation logic with data-auto-leave-validation #7785
    • Update chart.js to 4.5.0 #7752, #7816
    • Various UI and style improvements: #7616, #7811
  • I18n
  • Misc.

  •  
  • ↗️
Ontvangen β€” 17 Augustus 2025 ⏭ Selfhosted

take two (fix cfg vols)

βœ‡Copyparty
Door: 9001
23 Augustus 2025 om 19:56

this release is a hotfix for #624; v1.19.2 broke volumes defined in config files

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

ℹ️ this upgrade is a one-way ticket

  • your up2k database (.hist/up2k.db), used by the e2d filesystem indexing feature, will be upgraded to a new format which older copyparty versions cannot read. A backup of each database will be created automatically, named up2k.db.bak.SOMETHING.v5. If you need to downgrade to a previous version: Shutdown copyparty, delete these files: up2k.db up2k.db-shm up2k.db-wal and then copy up2k.db.bak.*.v5 to up2k.db

πŸ§ͺ new features

  • new translations:
  • #581 new theme: phi95 (thx @varphi-online!) d8662ae
  • #567 .raw image thumbnails (thx @ar-nelson!) 0177a9b
    • available in docker-images iv and dj
  • #561 epub thumbnails (thx @Scotsguy!) 9435e6b
  • #252 music thumbnails use embdded coverart if available 98d117b
    • thumbnails folder .hist/th must be deleted to take effect
  • #530 show username of uploaders in file listings; requires a (admin) permission 4df033e
  • #604 a new group @acct which automatically contains all known usernames 68907ea
  • controlpanel has a dedicated "logout all sessions" button, similar to the logout-link in the browser f4a3fba
  • #397 accounts can be restricted to certian IPs 62e072a
  • #504 automatic login through tailscale auth a4649d1
  • #533 sticky qr-code with --qr-pin 1 1ebe06f
  • #572 button to abort copy/move 715d374
  • #618 "download selected files" didn't work on firefox 52 (winxp) dcc6b1b
  • max number of cookies to allow can be configured 6303eff
    • good if you have too many selfhosted services on one domain (but will beware of the spec-mandataed max length of the cookie field!)

🩹 bugfixes

  • fix xvol/xdev edgecases:
  • #573 ftp: attempting an upload into read-only folder no longer kills the connection 3aa8b7a
  • #306 adjust navpane for --rp-loc (location-based proxying)
  • #556 more sensible config expansion order f4727f8
  • the video player now stays fullscreen between videos 782e2f1
  • heif thumbnailing with libvips

πŸ”§ other changes

  • #253 build nix-packages from source (thx @toast003, @chinponya!) 187cae2
  • #616 logfiles will have a plaintext severity column if --no-ansi d4cf42e
  • #598 separate option --ac-convt for audio transcoding timeout d562305
  • #596 users with a blank password gets a strong random-generated one 7f44875
  • copyparty.exe: upgrade to python 3.13.7

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 16 Augustus 2025 ⏭ Selfhosted

archlinux fix

βœ‡Copyparty
Door: 9001
18 Augustus 2025 om 01:25

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #539 FTP glitches when running on windows 8ba9887
  • #555 global-config didn't load through PRTY_CONFIG (thx @icxes!) 074e106
  • macos: could take a while to establish webdav connection from finder a01870b
  • ux:
    • dropdown colors 347cf6a
    • case-sensitivity in filters e5e8229
    • iOS being too enthusiastic about using saved passwords 03acd65

⚠️ not the latest version!

  •  
  • ↗️

usernames

βœ‡Copyparty
Door: 9001
10 Augustus 2025 om 15:47

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #511 login with username and password (not just password) can now optionally be enabled with --usernames 346515c
    • if you have enabled password hashing (ah-alg: argon2 or similar) then you will need to hash your passwords again after enabling usernames, hashing them as username:password:
  • #468 add Greek translation (thx @chamdim!) 50f4618 392abd0
  • #471 add Czech translation (thx @kubakubakuba!) c955658
  • #515 support systemd socket acivation (thx @mati1210!) 9b9d2a9
  • #523 add QR-code to the connectpage bcc3b15
  • #513 optional EOL-conversion for texteditor 8b31ed8
  • controlpanel refresh-button now toggles automatic refresh 7ae84de

🩹 bugfixes

  • fix stuck uploads when the up2k database (e2d) is not enabled 4a04356
    • if more than 60'000 files were uploaded and there were several dupes of some files, they could get stuck and never upload
    • upload performance is improved remarkably by enabling e2d so such huge uploads non-e2d had not been tested in a long time
  • #467 #470 fix ui-crash when exporting links of all uploaded files to clipboard (thx @geekalaa!) 0df1901
  • #487 fix ui-crash when the location url-part is // 0f55a1a
  • fix viewing .MD files (8a0746c)

πŸ”§ other changes

  • when a reverse-proxy is detected, force explicit configuration of --rproxy to obtain correct client IP 3f8cb7e
    • a bit inconvenient, but helps prevent potentially-dangerous misconfiguration
    • the necessary configuration changes are explained in the serverlog (you can't miss it)
    • thanks to @person4268 for pointing out that there was room for improvements!
  • failed login attempts now only log a sha512 hash of the provided password
    • to see login-attempts with incorrect passwords as plaintext like before, log-badpwd: 1
  • #502 add systemd user services and templated services (thx @icxes!) 34d98e9
  • #475 improve helptext for multivalue global-options c2ac57a
  • #475 add chungus.conf, massive extensive nonsensical demo config b664ebb
  • try to detect proxies with incorrect caching behavior 9e980bb
  • recent-uploads now support ie9 a57f7cc
  • languages and themes are now dropdowns a9ee4f2
  • copyparty.exe: upgrade python to 3.13.6 a98360f
  • introduce copyparty-en.py, english-only edition of copyparty-sfx.py to save space 33497e6

πŸ—Ώ known issues

  • the copyparty.pyz in this release is english-only, and does not include the translations -- they got lost in transit while adjusting the buildscripts to make copyparty-en.py

⚠️ not the latest version!

  •  
  • ↗️

idp speedboost

βœ‡Copyparty
Door: 9001
8 Augustus 2025 om 14:16

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #412 fix PUT-uploads into volumes with nosub volflag 47fa4a9
  • #435 ignore spurious exceptions from browser extensions 39e5582
  • #449 IPv6 QR-Code didn't include port 66a5bf3
  • #295 do not force d2d in blank vfs (introduced in v1.18.3) 848315c

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️
❌