#1276 option rw-edit is the list of file-extensions that can be edited as textfiles with only permissions read+write (default is md like before); all other files still require read+write+delete 312f48ed692838
#1288 option to customize the links copied when selecting files and pressing ctrl-c (thx @icxes!) e5d0a05
docker: add env-var DI_PREPARTY to run an arbitrary script during startup, for customizations and such bf01ca4
UpSnap is, and always will be, free and open source software.
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
Fixed metric list labels to no longer be cut off by bar value labels (#26527 by @Prasad7007)
@directus/api
Fixed asset transformation error when using withoutEnlargement with focal point and dimensions larger than the original image. Target dimensions are now clamped to the original image dimensions. (#26608 by @wotan-allfather)
Preserved SQL parameterization in relational count subquery and used content-disposition library for folder zip download header (#26592 by @dstockton)
@directus/extensions-sdk
Fixed linking scoped extensions created nested folders (#25957 by @Nitwel)
If you like Part-DB, consider donating to support the development. Press the sponsor button on the main github page, for more info.
Important
If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8
New features
Experimental update manager, to update Part-DB from the web interface (thanks to @Sebbeben, PR #1217)
Added Conrad info provider
Added a generic info provider, to retrieve basic part infos from many shop URLs
Attached prompts, content items, and visual editor elements to AI Assistant Context (#26512 by @bryantgillespie)
To use this feature, update @directus/visual-editing to v1.2.0+ on your website.
Disabled interfaces are not interactive anymore, which includes opening disabled read-only fields in a drawer (#26470 by @formfcw)
β¨ New Features & Improvements
@directus/app
Added deployment module for triggering deployments from Directus with Vercel as first supported provider (#26473 by @gaetansenn)
Attached prompts, content items, and visual editor elements to AI Assistant Context (#26512 by @bryantgillespie)
Added multi-provider AI support with Google and OpenAI-compatible providers. Extracted shared AI types into new @directus/ai package. (#26481 by @bryantgillespie)
Added toggle to allow comparing revision to previous revision (#26480 by @robluton)
Added relational field support on x-axis of bar chart (#26489 by @JamesW1)
Added visual editing support to the live preview split pane, including display options menu, full-width mode with drag-to-expand, and quick access to the Visual Editor module. (#26463 by @bryantgillespie)
Changed permission-blocked fields from disabled to non-editable appearance (#26572 by @HZooly)
@directus/api
Added deployment module for triggering deployments from Directus with Vercel as first supported provider (#26473 by @gaetansenn)
Attached prompts, content items, and visual editor elements to AI Assistant Context (#26512 by @bryantgillespie)
Added multi-provider AI support with Google and OpenAI-compatible providers. Extracted shared AI types into new @directus/ai package. (#26481 by @bryantgillespie)
@directus/sdk
Fixed race condition and allow accessing the connected state (#26511 by @Nitwel)
Added deployment module for triggering deployments from Directus with Vercel as first supported provider (#26473 by @gaetansenn)
@directus/system-data
Added deployment module for triggering deployments from Directus with Vercel as first supported provider (#26473 by @gaetansenn)
@directus/types
Added deployment module for triggering deployments from Directus with Vercel as first supported provider (#26473 by @gaetansenn)
Added multi-provider AI support with Google and OpenAI-compatible providers. Extracted shared AI types into new @directus/ai package. (#26481 by @bryantgillespie)
@directus/errors
Added deployment module for triggering deployments from Directus with Vercel as first supported provider (#26473 by @gaetansenn)
@directus/env
Added deployment module for triggering deployments from Directus with Vercel as first supported provider (#26473 by @gaetansenn)
Attached prompts, content items, and visual editor elements to AI Assistant Context (#26512 by @bryantgillespie)
Added multi-provider AI support with Google and OpenAI-compatible providers. Extracted shared AI types into new @directus/ai package. (#26481 by @bryantgillespie)
Added multi-provider AI support with Google and OpenAI-compatible providers. Extracted shared AI types into new @directus/ai package. (#26481 by @bryantgillespie)
Changed users.last_access display mode to absolute (#26548 by @JamesW1)
The Windows agent's updated version of LibreHardwareMonitorLib now uses PawnIO instead of WinRing0. If you lose temperature sensors, make sure PawnIO is installed. (See #1657 and #1697.)
Container NetworkSent and NetworkRecv fields have been deprecated in favor of Bandwidth. Agents will stop populating those fields in 0.19.0, so please update any integrations to prefer Bandwidth. It's available for all containers on hubs >= 0.18.3.
a safeguard (24141b4) added in v1.20.5 was too strict and would block requests from certain reverseproxies, specifically anything that adds X-Forwarded-HTTP-Version72224d2
replaced the connection:close band-aid added in v1.20.4 with a proper fix that doesn't make things slower behind reverseproxies
I've tried everything I can think of (with nginx as reverseproxy) and can't notice any difference in behavior, but please let me know if this breaks anything for you π
This is a security release to address a vulnerability where form elements in page content could be used to trick more privileged users into making API requests.
We strongly advise that you update your instance if you allow untrusted users to create or edit pages.
Thanks to Joud Zakharia of zentrust partners GmbH for the discovery of this vulnerability, and thanks to Sven FaΓbender of zentrust partners GmbH for their responsible disclosure and great communication of this issue.
Additional Update Notices
Page Content - As of this release, most types of form content are now removed from page content on render. If you applied customizations which made use of in-page form content, you may now need to find alternative methods.
Full List of Changes
Updated application PHP dependencies.
Updated session-based API authentication to only be active for GET requests.
Updated page content filtering to remove many common form elements & attributes.
Updated translations with latest Crowdin changes. (#5997)
If you like Part-DB, consider donating to support the development. Press the sponsor button on the main github page, for more info.
Important
If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8
Improvements
When using the "upload files" button automatically determine a fitting attachment type based on extension
Support SPN columns for all suppliers as columns in BOM imports, not only LCSC (PR#1208, thanks @MayNiklas)
Bug fixes
Disable the ID search by default, like intended in PR #1184
Use correct language for sidebar trees, even if no user is logged in
Prevent ordering of extra column in log tables, as this errors on Postgres and has no real use
Show an error popup instead of a 500 page when info provider retrieval fails
Added clear button for part select input in BOMs (#1156)
#1231 fix http desync if the urlform global-option was changed to get
this initial fix only applies when reverse-proxied, in which case copyparty will now always connection:close (don't reuse tcp/uds connections), as giving each client a fresh socket helps avoid all such issues e1eff21b4fddbc
the expected performance impact from this change is near-zero for real use, even if benchmarks show a 40% reduction in requests/sec in the absolute-worst-case (burst of cheap requests)
a future version will also fix this issue for non-proxied clients
#1227dillo was not able to login because dillo is more standards-compliant than every other browser (nice) b4df8fa
a web-scraper which got banned for making malicious requests could remain banned for one request longer than intended (wait why did I fix this) ba67b27
#1203 configured chmod/chown rules were not applied when a file was being deduped bef0772
the unlistc* volflags could not be specified for single-file volumes 2664891
the defensive renaming of uploaded readmes/logues would assume the default filenames, not considering the recently added option to customize these names c17c3be
#1191 the ipu option can once again be used to reject connections from certain IP-ranges caf831f
this was a regression in v1.19.21 causing the server to crash on startup if such a config was attempted
some empty folders could be created during startup in certain server-configs with nested volumes 4e67b46
api: trying to ?ls nested virtual folders could return an error 6675039
ui/ux:
#1179 improve errormessage if audio transcoding fails 7357d46
ensure a trailing slash when viewing a folder with the h permission; good for relative links in html-files
truncate huge errormessages from ffmpeg so the log doesn't get flooded 3aebfab
ui/ux:
the dl button (to download selected files individually) now skips folders, since that never worked bc24604
#1200 add html classes to make custom styling easier c46cd7f
rephrase errormessages from see serverlog to see fileserver log
docs:
mention in the readme that uploading files from a deeply nested folder using a webbrowser on Windows can fail because browsers don't handle the max-pathlen limitation of Windows optimally (not a copyparty-specific issue, but still hits us)
If you like Part-DB, consider donating to support the development. Press the sponsor button on the main github page, for more info.
Important
If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8
New features
Added console command to change database platform (e.g. from sqlite to mysql, or mysql to postgresql)
Added a ability to search for part IDs from searchfields (thanks @kernchen-brc, #1184)
Improvements
Do not mark new categories excluded from simulation in KiCAD, to avoid annoying symbols in KiCad (thanks @lukas-runge , #1192)
Added multi-domain support for OAuth/OpenID (#26312)
SSO callback URL generation and redirect validation now includes port matching to ensure redirects target the correct server.
Fixed getAsset returning all file fields instead of only those allowed by the users permissions (#25905) getAsset / GET /assets/:id now respects directus_files permissions when returning file based fields.
@directus/app
Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
has now been fully removed.
Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
has now been fully removed.
Fixed getAsset returning all file fields instead of only those allowed by the users permissions (#25905 by @gaetansenn)
Added a new AI_ENABLED environment variable to allow opting out of our AI chat feature (#26458 by @bryantgillespie)
@directus/system-data
Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
has now been fully removed.
@directus/specs
Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
has now been fully removed.
@directus/types
Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
has now been fully removed.
@directus/sdk
Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
has now been fully removed.
β¨ New Features & Improvements
@directus/app
Added a new AI_ENABLED environment variable to allow opting out of our AI chat feature (#26458 by @bryantgillespie)
Added concurrency control for file uploads via a new FILES_MAX_UPLOAD_CONCURRENCY env variable (#26424 by @thomas-svrts)
Added nested validation rules to validation error notice (#26389 by @robluton)
Added Comparison modal wysiwyg diff highlighting (#26301 by @robluton)
Fixed an issue that would cause some drawer header icons from being displayed too large (#26442 by @kekekuli)
@directus/api
Added concurrency control for file uploads via a new FILES_MAX_UPLOAD_CONCURRENCY env variable (#26424 by @thomas-svrts)
This release fixes a regression that resulted in the agent binary being dynamically linked, causing it to fail on musl-based Linux distributions like Alpine and OpenWrt. If you were affected by this, see below for instructions to fix.
What's Changed
Add separate dynamically linked glibc build for Linux. (#1618)
Fix GPU ID collision between Intel and NVIDIA collectors. (#1522)
Agent update command now detects your system's C library and downloads the optimal binary (static or glibc) on Linux.
Fixes bug in 0.18.0 release where all containers were cleared from the "All Containers" page when any system returned no containers.
Additionally, there was a temporary problem with the :latest Docker image which may have caused your agents to report as down. This is fixed now and you can re-pull the image if necessary: #1618 (comment)
UpSnap is, and always will be, free and open source software.
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
UpSnap is, and always will be, free and open source software.
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
Changelog
Features
61da5f5: feat: UPSNAP_HTTP_LISTEN: check for custom addr in go (@seriousm4x)
If you like Part-DB, consider donating to support the development. Press the sponsor button on the main github page, for more info.
Important
If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8
New features
Added info provider for Buerklin (thanks to @mkne, #1151)
Show part IDs in project BOMs
Improvements
Use more performant hash algorithms for cache keys
Increase label generator PDF preview height to show PDF toolbar (@mkne , #1171)
Show info provider capabilities in fixed order
Bug fixes
Fixed exception if DigiKey has no media for a part (#1154)
This is a security release which adds limits to search operations, and adds size checks to ZIP import files before they are extracted.
These changes help prevent potential abuse to host disk space usage and/or service availability.
We recommended to update your instance if untrusted users have ZIP import permissions, or if untrusted users can perform searches.
Thanks to Jeong Woo Lee (@eclipse07077-ljw) and Gabriel Rodrigues (aka TEXUGO) for reporting these vulnerabilities.
Full List of Changes
Updated application PHP dependencies.
Add some additional resource-based limits. (#5968)
Updated translations with latest Crowdin changes. (#5962)
UpSnap is, and always will be, free and open source software.
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
Log in
