❌

Normale weergave

Ontvangen β€” 18 Oktober 2025 ⏭ Copyparty

read:cbz + re:ftp

βœ‡Copyparty
Door: 9001
25 Oktober 2025 om 17:45

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #916 view cbz manga/comics in the browser (thx @Scotsguy!) 8ef6dda
  • #845 users/groups can be subtracted from a broader access grant b4fda5f
    • for example *,-@acct hides a volume from everyone who's logged in
  • reflink dedup is now available in most python versions, not just 3.14 and newer f2caab6
    • much better and safer than symlink/hardlink-based dedup, but only works with a few filesystems
  • #905 option to magnify images/videos to fill the screen 66dc8b5
  • #921 #685 xm hooks can see the selected files (thx @carson-coder!) 6c024db 3364448
  • #927 textfiles can now be viewed with the ?doc= suffix with just the g permission dbb7870
  • #742 new volflag nodupem to prevent dupes from being moved into a volume; the stronger alternative to nodupe which only prevents uploads f55d834
  • audioplayer: show embedded coverart as fallback for cover.jpg in OS widgets 9746b4e
  • #928 option to hide certain ui-elements, either with volflags or url-params 98da5cc
  • #911 users can now avoid autoban according to permissions 6f02812
  • verbosity and permssion options for ?stack 677fd8e
    • default is now admin-only; previously it was "admin or read+write"

🩹 bugfixes

πŸ”§ other changes

🌠 fun facts

  • looks like i'll be in Japan november 7~26 and then at CCC for newyears!
    • wait, I never made stickers... orz

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 6 Oktober 2025 ⏭ Copyparty

FULLBURST

βœ‡Copyparty
Door: 9001
19 Oktober 2025 om 15:24

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • web-ui: only show generic http errors if nothing better is available 0453b7a
  • #860 epub-thumbnailer errors are less noisy now 4177c1d
  • the ui-filesz option can have a trailing hyphen now 2248705
  • hide "create share" button while inside a share c5f1229

πŸ”§ other changes

  • #460 example config for running the podman images as a systemd service (thx @danloveg!) 7fc379a
  • #886 nixos: option to specify unix-user/group to run as (thx @2Kaleb!) 31f1b53
  • #895 mention the ?v suffix to open mediafiles in the mediaplayer f8e1981
  • ignore 403s from /favicon.png (samsung-android)
  • docker: shrink the min image from 45 to 33 MiB a8f53d5
  • #887 add missing entries in --licenses 805a705
  • #887 various vendored python libraries can now be ripped out and replaced with system-libs:

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 30 September 2025 ⏭ Copyparty

merry christmas

βœ‡Copyparty
Door: 9001
6 Oktober 2025 om 03:01

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #184 add various human-readable formats for filesizes 234edde
  • search for files by their identifier ("wark"/checksum) 4e38e40
    • and those are displayed in file-listings now too 456addf
  • PUT-upload with header Replace will overwrite any existing files 397ed56
  • xbu/xau hooks can reject uploads with a custom message df0fa9d
  • #855 mDNS options to change the announced http/https port a3d9506
  • #473 #383 custom favicons per-volume (.ico/png/gif/svg) 470b504
    • doesn't seem to work in internet explorer... ah whatever, go next

🩹 bugfixes

  • #849 create IdP-db for --idp-store when necessary 80ca785
  • #859 cbz-thumbnailing had an accidental dependency on FFmpeg 983865d
  • docs: misleading markdown-expansion example e187df2

πŸ”§ other changes

  • #851 show a huge warning when copyparty accidentally detects a failing HDD and/or filesystem-corruption during indexing 6912e86 eb5d767
  • #870 improved discord video embeds (thx @tsuza!) f0ecb08
  • #858 prefer reflinks (not hardlinks) in the -ss security option 57650a2
  • improved controlpanel action-buttons layout 9f46e4d

🌠 fun facts

padoru padoru padoru

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 24 September 2025 ⏭ Copyparty

Voile, the Magic Library

βœ‡Copyparty
Door: 9001
3 Oktober 2025 om 00:36

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #842 could not navpane into webroot if webroot is unmapped 0941fd4
  • upload-resume becomes funky when the OS/network is overloaded to the point where it starts dropping connections left and right -- the issue was reported on discord and I don't have a good way to reproduce it, but these changes may help and/or fix it:
    • b136a5b panic and drop chunk reservations if client or connection glitches out
    • 38df223 also drop reservations if subchunk logic hits an edgecase

πŸ”§ other changes

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 22 September 2025 ⏭ Copyparty

conlangparty

βœ‡Copyparty
Door: 9001
24 September 2025 om 14:09

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #837 sharing an entire HDD on Windows (v1.19.9 regression) 6a24432
    • sharing your whole 【Dドラむブ】 is once again possible
      • TLNote: Dドラむブ means "D:\ drive"
      • if you can't upgrade, a workaround is global-option casechk: n
  • /?ls on an unmapped root didn't give a sensible response; now it should be okay except it won't have a cfg field 8f6194f

πŸ”§ other changes

🌠 fun facts

  • the esperanto translation was the final straw; copyparty-sfx.py is now 1 MiB large
    • copyparty-en.py is still a comfy 759 KiB

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 20 September 2025 ⏭ Copyparty

ftp fix

βœ‡Copyparty
Door: 9001
22 September 2025 om 01:24

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

🩹 bugfixes

  • #827 ftp on servers with unmapped root broke in v1.19.9 280815f

⚠️ not the latest version!

  •  
  • ↗️

ramdisk kinshi

βœ‡Copyparty
Door: 9001
20 September 2025 om 12:38

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • prevent uploading into ramdisks by default 59a0122 538a205
    • safeguard against misconfigured docker containers, where certain parts of the vfs has not been mapped to actual storage, for example /w/music is but /w/ itself isn't
    • can be disabled with wram (global-option and/or volflag), mainly for ephemeral servers
  • #799 nixos: groups can be specified (thx @AnyTimeTraveler!) ee5f319
  • the logspam from the filesystem indexer can be reduced/disabled 478f1c7
    • new options scan-st-r, scan-pr-r, scan-pr-s

🩹 bugfixes

  • #809 medialinks (#af-badf00d) would fail on the very first pageload from a new browser 5996a58
  • #806 instructions for running on iOS was bad (thx @GhelloZ!) 35326a6

πŸ”§ other changes

  • copyparty32.exe is now english-only, to save space 669b107
  • version info on startup indicates free-threading or not 6559152
  • docs: explain the daw option better a043d7c

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 15 September 2025 ⏭ Copyparty

case-sensitivity, give or take

βœ‡Copyparty
Door: 9001
20 September 2025 om 01:19

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #781 case-sensitive behavior is now simulated on Windows/Macos/Fat32/NTFS 8b66874
    • avoids some of the scary issues associated with case-insensitive filesystems
    • unfortunately this is expensive and may be noticeably slower in large folders; disable the safeguard with casechk: n if you know you don't need it
  • #789 case-insensitive search for unicode filenames/paths (thx @km-clay!) e2aa8fc ecd18ad
    • default-disabled because it is somewhat expensive; enable with global-option srch-icase
  • CB-1 add --qr-stdout and --qr-stderr to show qr-code even with -q d7887f3

🩹 bugfixes

  • #775 the basic-uploader didn't accept empty files 25749b4
  • opt-out from index.html with ?v did not work as documented 3d09bec
  • Windows: dedup could get rejected by the filesystem if the origin file had a timestamp from the cambrian era e09f3c9
  • webdav would incorrectly return an error for Depth:0 on an unmapped root 3a2381f
  • markdown-editor would waste another http roundtrip on certain documents 14b7e51
  • --help didn't render if terminal was non-UTF8 3f45492

πŸ”§ other changes

  • #788 fixed a hotkey typo in the imageviewer (thx @tkroo!) 5c1a43c
  • #778 improved polish translation (thx @daimond113!) 52438bc
  • #798 debian: fixed an issue in the systemd script (thx @Beethoven-n, and congrats on commit number 4000!) dfd9e00
  • media-tag conductor is no longer mapped to circle (album-artist) 9c9e405
  • "download-selection-as-zip" now produces a better filename, sel-FOLDERNAME.zip instead of FIRSTFILE.zip 8f58762
  • detect and warn if IdP volumes are misconfigured in a particular way 83bd197

🌠 fun facts

  • the themesong of this release is KO3 - Give it up? because that's what the car mechanic got to enjoy when i forgot to unplug the flashdrive before handing in the shitbox for service

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 8 September 2025 ⏭ Copyparty

SECURITY: fix single-file shares

βœ‡Copyparty
Door: 9001
20 September 2025 om 01:19

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

⚠️ ATTN: this release fixes CVE-2025-58753, an issue with shares

  • when a share is created for just one or more files inside a folder, it was possible to access the other files inside that folder by guessing the filenames
  • it was not possible to descend into subdirectories in this manner; only the sibling files were accessible
  • NOTE: this does NOT affect filekeys; this is specifically regarding the shr global-option

recent important news

πŸ§ͺ new features

  • #761 IdP: option to replace the login/logout links and buttons with redirects into an IdP UI 09f2299
  • #726 disk-usage and server-version can be selectively hidden according to user permissions 19a4c45
  • option --shr-who / volflag shr_who decides who is able to create a share of that volume edafa15
  • #751 nixos: add globalExtraConfig to specify repeatable config parameters (thx @xvrqt!) 09e3018
  • some very small speedups (mainly u2c and ancient python versions) 74821a3
  • #759 #393 total folder size now decreases when files inside are deleted 96b109b
    • would previously require a reindex to get back on track

🩹 bugfixes

  • fix GHSA-pxvw-4w88-6x95 by fencing fileshares to just the shared files e0a92ba
  • #397 prevent hinting at valid passwords, even if they cannot be used to authenticate with 7a4ee4d
  • #747 disable some features if /tmp must be used for runtime config e6755aa
    • the config-folder will now also be created with chmod 700 (accessible by owner only)
  • #733 #298 fix hotkeys on non-qwerty keyboard layouts (dvorak etc.) e798a9a
  • #539 ftp-server: support clients which never does a CWD b049631
  • ignore the plaintext session-cookie on https; fixes some confusing behavior when switching from https to http c71128f
  • og-ua would prevent clients matching the pattern from accessing fullsize files
  • og-ua was only possible to set globally; the og_ua volflag was ignored 422f8f6
  • uds / unix-domain-sockets got wrong permissions when rm-sck was used e270fe6
  • #727 macos: support running from config-files 230a146
  • #539 avoid issues if someone uploads a file with a last-modified timestamp from year -9999999999999 eeb7738
  • using the spacebar to pause a video was jank on chrome bfcb6ea
  • block the next-song hotkey while a folder is loading f7e08ed
  • #748 fix rare js-panic when an action is aborted aaeec11
  • #738 bubbleparty: use /bin/bash (thx @ckastner!) 0469b5a

πŸ”§ other changes

  • partyfuse: nice speedup by caching readdir too 06d2654
  • partyfuse: explain usage with usernames 1cdb388
  • connect-page: better examples when usernames enabled 3bdef75
  • docker: fix image annotations ab56238

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 28 Augustus 2025 ⏭ Copyparty

chdir

βœ‡Copyparty
Door: 9001
8 September 2025 om 02:02

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • new option chdir to change the PWD (process working-directory) before volumes are mapped 14555d5

🩹 bugfixes

  • fix using empty folders as statefile storage (v1.19.6 made this a bit too strict) 0d96786
  • holding I/K to scroll through folders quickly now works better 914686e

πŸ”§ other changes

  • #717 docker: fix the image repo metadata (thx @EmilyxFox!) 6f08711
  • docker: change $HOME to /state 01cf20a d1f7522
    • and use the new chdir option to preserve old config-file semantics 14555d5
    • helps avoid statefiles accidentally landing in /w as a consequence of misconfiguration

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️

auth-precedence

βœ‡Copyparty
Door: 9001
28 Augustus 2025 om 22:57

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #673 add Portuguese translation (thx anonymous!) 4b8c221
    • ...and enable the Polish translation (whoops) 8f235be
  • #689 add option to control authentication priority/precedence 543b7ea
  • url-parameter ?dl forces file download instead of displaying in-browser 48d6224
  • #533 more ways to make the QR-code always-visible in the console 2848941
  • #695 option to log invalid xml from clients 28b93d7
  • #552 configurable markdown newline behavior 0491123
    • and tweak the styling of monospace in links 6850344

🩹 bugfixes

  • #628 FTP-server now accepts connections from IPv6 link-local addresses 978801d
  • incorrect assumption that all IPv6 link-local addresses start with fe80 d39c74c
  • ftp: fix file rename d40f061
  • u2c: couldn't upload files located at the very top of the unix file hierarchy 599e82f
  • #699 markdown-editor: fix panic if the table-formatter is executed on something that isn't a table 4c042b3

πŸ”§ other changes

  • #696 a volume can be one single file, not just folders aa1c921
  • #442 strongly prefer XDG_CONFIG_HOME as config location 3547255
  • #691 album-art collected from audio-files can now become folder thumbnails 0b50fde
  • allow spaces in more of the comma-separated options d30240b
  • docs:

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 22 Augustus 2025 ⏭ Copyparty

it runs on iOS

βœ‡Copyparty
Door: 9001
28 Augustus 2025 om 22:57

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #328 run copyparty on iPhones; see install on iOS in the readme ca98d54
    • cannot run in the background, doesn't have full access to your files, and is slightly buggy, but it works
    • running on android gives you a much better experience
  • save the qr-code to a file (txt/svg/png) 202ddea

🩹 bugfixes

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 17 Augustus 2025 ⏭ Copyparty

take two (fix cfg vols)

βœ‡Copyparty
Door: 9001
23 Augustus 2025 om 19:56

this release is a hotfix for #624; v1.19.2 broke volumes defined in config files

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

ℹ️ this upgrade is a one-way ticket

  • your up2k database (.hist/up2k.db), used by the e2d filesystem indexing feature, will be upgraded to a new format which older copyparty versions cannot read. A backup of each database will be created automatically, named up2k.db.bak.SOMETHING.v5. If you need to downgrade to a previous version: Shutdown copyparty, delete these files: up2k.db up2k.db-shm up2k.db-wal and then copy up2k.db.bak.*.v5 to up2k.db

πŸ§ͺ new features

  • new translations:
  • #581 new theme: phi95 (thx @varphi-online!) d8662ae
  • #567 .raw image thumbnails (thx @ar-nelson!) 0177a9b
    • available in docker-images iv and dj
  • #561 epub thumbnails (thx @Scotsguy!) 9435e6b
  • #252 music thumbnails use embdded coverart if available 98d117b
    • thumbnails folder .hist/th must be deleted to take effect
  • #530 show username of uploaders in file listings; requires a (admin) permission 4df033e
  • #604 a new group @acct which automatically contains all known usernames 68907ea
  • controlpanel has a dedicated "logout all sessions" button, similar to the logout-link in the browser f4a3fba
  • #397 accounts can be restricted to certian IPs 62e072a
  • #504 automatic login through tailscale auth a4649d1
  • #533 sticky qr-code with --qr-pin 1 1ebe06f
  • #572 button to abort copy/move 715d374
  • #618 "download selected files" didn't work on firefox 52 (winxp) dcc6b1b
  • max number of cookies to allow can be configured 6303eff
    • good if you have too many selfhosted services on one domain (but will beware of the spec-mandataed max length of the cookie field!)

🩹 bugfixes

  • fix xvol/xdev edgecases:
  • #573 ftp: attempting an upload into read-only folder no longer kills the connection 3aa8b7a
  • #306 adjust navpane for --rp-loc (location-based proxying)
  • #556 more sensible config expansion order f4727f8
  • the video player now stays fullscreen between videos 782e2f1
  • heif thumbnailing with libvips

πŸ”§ other changes

  • #253 build nix-packages from source (thx @toast003, @chinponya!) 187cae2
  • #616 logfiles will have a plaintext severity column if --no-ansi d4cf42e
  • #598 separate option --ac-convt for audio transcoding timeout d562305
  • #596 users with a blank password gets a strong random-generated one 7f44875
  • copyparty.exe: upgrade to python 3.13.7

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 16 Augustus 2025 ⏭ Copyparty

archlinux fix

βœ‡Copyparty
Door: 9001
18 Augustus 2025 om 01:25

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #539 FTP glitches when running on windows 8ba9887
  • #555 global-config didn't load through PRTY_CONFIG (thx @icxes!) 074e106
  • macos: could take a while to establish webdav connection from finder a01870b
  • ux:
    • dropdown colors 347cf6a
    • case-sensitivity in filters e5e8229
    • iOS being too enthusiastic about using saved passwords 03acd65

⚠️ not the latest version!

  •  
  • ↗️

usernames

βœ‡Copyparty
Door: 9001
10 Augustus 2025 om 15:47

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #511 login with username and password (not just password) can now optionally be enabled with --usernames 346515c
    • if you have enabled password hashing (ah-alg: argon2 or similar) then you will need to hash your passwords again after enabling usernames, hashing them as username:password:
  • #468 add Greek translation (thx @chamdim!) 50f4618 392abd0
  • #471 add Czech translation (thx @kubakubakuba!) c955658
  • #515 support systemd socket acivation (thx @mati1210!) 9b9d2a9
  • #523 add QR-code to the connectpage bcc3b15
  • #513 optional EOL-conversion for texteditor 8b31ed8
  • controlpanel refresh-button now toggles automatic refresh 7ae84de

🩹 bugfixes

  • fix stuck uploads when the up2k database (e2d) is not enabled 4a04356
    • if more than 60'000 files were uploaded and there were several dupes of some files, they could get stuck and never upload
    • upload performance is improved remarkably by enabling e2d so such huge uploads non-e2d had not been tested in a long time
  • #467 #470 fix ui-crash when exporting links of all uploaded files to clipboard (thx @geekalaa!) 0df1901
  • #487 fix ui-crash when the location url-part is // 0f55a1a
  • fix viewing .MD files (8a0746c)

πŸ”§ other changes

  • when a reverse-proxy is detected, force explicit configuration of --rproxy to obtain correct client IP 3f8cb7e
    • a bit inconvenient, but helps prevent potentially-dangerous misconfiguration
    • the necessary configuration changes are explained in the serverlog (you can't miss it)
    • thanks to @person4268 for pointing out that there was room for improvements!
  • failed login attempts now only log a sha512 hash of the provided password
    • to see login-attempts with incorrect passwords as plaintext like before, log-badpwd: 1
  • #502 add systemd user services and templated services (thx @icxes!) 34d98e9
  • #475 improve helptext for multivalue global-options c2ac57a
  • #475 add chungus.conf, massive extensive nonsensical demo config b664ebb
  • try to detect proxies with incorrect caching behavior 9e980bb
  • recent-uploads now support ie9 a57f7cc
  • languages and themes are now dropdowns a9ee4f2
  • copyparty.exe: upgrade python to 3.13.6 a98360f
  • introduce copyparty-en.py, english-only edition of copyparty-sfx.py to save space 33497e6

πŸ—Ώ known issues

  • the copyparty.pyz in this release is english-only, and does not include the translations -- they got lost in transit while adjusting the buildscripts to make copyparty-en.py

⚠️ not the latest version!

  •  
  • ↗️

idp speedboost

βœ‡Copyparty
Door: 9001
8 Augustus 2025 om 14:16

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #412 fix PUT-uploads into volumes with nosub volflag 47fa4a9
  • #435 ignore spurious exceptions from browser extensions 39e5582
  • #449 IPv6 QR-Code didn't include port 66a5bf3
  • #295 do not force d2d in blank vfs (introduced in v1.18.3) 848315c

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️

fix Denial-of-Service

βœ‡Copyparty
Door: 9001
8 Augustus 2025 om 14:16

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes a Denial-of-Service vuln

CVE-2025-54796: an unauthenticated user could make the server grind to a halt by accessing a particular URL

recent important news

πŸ§ͺ new features

🩹 bugfixes

πŸ”§ other changes

  • ack was changed to continue 4fa7be2

🌠 fun facts

  • the translations have made the sfx size balloon from 766 to 845 KiB in under a week... nice! keep em coming πŸŽ‰

⚠️ not the latest version!

  •  
  • ↗️

sfx hotfix

βœ‡Copyparty
Door: 9001
8 Augustus 2025 om 14:15

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

  • v1.18.7 (2025-07-30) (PREVIOUS RELEASE) fixed XSS in the recent-uploads page
  • v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
  • v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🩹 bugfixes

  • #354 fix copyparty-sfx.py failing to start on certain versions of python c17ce48

⚠️ not the latest version!

  •  
  • ↗️

SECURITY: fix another XSS

βœ‡Copyparty
Door: 9001
31 Juli 2025 om 11:20

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-8mx2-rjh8-q3jq, could let an attacker execute arbitrary JS by tricking you into clicking a malicious URL

Soon there won't be many of these left, surely. Huge thanks to @Ju0x for finding and reporting this.

recent important news

πŸ§ͺ new features

🩹 bugfixes

πŸ”§ other changes

  • shares: the config POST-target is now always the webroot (for ease of IdP configuration) fb7cbc4
  • unlist: now applies to the navpane too fbf17be
  • windows: show disk-usage as well, not just disk-free 5c6341e
  • #228 nix-pkg improvements (thx @dtomvan!) 4915b14
  • docker-compose: ensure logs appear in realtime 3cde1f3
  • mention that IdP-volumes and users can now be persisted 6069bc9
  • #316 explain a scary-looking thing in the code 053de61

⚠️ not the latest version!

  •  
  • ↗️

reflink-dedup

βœ‡Copyparty
Door: 9001
31 Juli 2025 om 11:19

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

  • v1.18.5 (2025-07-28) (PREVIOUS RELEASE) fixed XSS in display of media tags
  • v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
  • v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

πŸ§ͺ new features

  • #201 add support for reflink-based dedup on cow filesystems df9feab
    • combine --dedup with --reflink to enable, or volflags with same name
    • a better and safer alternative to the other dedup approaches (symlink/hardlink), but only possible to use in some cases:
      • needs linux 5.3 or newer, python 3.14 or newer, btrfs/xfs/zfs
      • not available in the docker images yet; needs a new version of python, so maybe next alpine release (november/december 2025)
  • ratelimit password changes to impede bruteforcing a2601fd
    • limit is set by --ban-pwc (default is 5 changes in 60min)

🩹 bugfixes

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️

SECURITY: fix XSS in media tags

βœ‡Copyparty
Door: 9001
31 Juli 2025 om 11:19

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-9q4r-x2hj-jmvr, exploitable in two different ways, could let an attacker execute arbitrary javascript on other users:

  • either: tricking someone into clicking a malicious URL to load and execute javascript
  • or: uploading a malicious audio file to the server, affecting any successive visitors

so, with new and curious eyes on the project, we are starting off with a bang. Huge thanks to @altperfect for finding and reporting this earlier today.

recent important news

πŸ§ͺ new features

  • #214 option to stop playback after one song, and/or at end of folder 6bb27e6

🩹 bugfixes

πŸ”§ other changes

  • #189 the SameSite cookie parameter now defaults to Strict, increasing CSRF protection ca6d0b8
    • new option --cookie-lax reverts to previous value Lax
  • docker: add FTPS support b419984

⚠️ not the latest version!

  •  
  • ↗️

Landmarks

βœ‡Copyparty
Door: 9001
28 Juli 2025 om 01:57

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-02-25)

recent important news

  • v1.16.15 (2025-02-25) fixed low-severity xss when uploading maliciously-named files
  • v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
  • v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

πŸ§ͺ new features

  • #182 Landmarks edba7ff
    • detects that a storage backend is glitching out and disengage the up2k-database as a precaution
  • #183 quickdelete 21a96bc
    • new togglebutton qdel in the UI which reduces the number of deletion confirmations by one
    • global-option --qdel=0 which can bring it all the way to zero (good luck)

🩹 bugfixes

  • fix unpost in recently created shares 2d322dd
  • fix filekeys on windows df6d4df

⚠️ not the latest version!

  •  
  • ↗️

drop the umask

βœ‡Copyparty
Door: 9001
25 Juli 2025 om 21:07

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-02-25)

recent important news

  • v1.16.15 (2025-02-25) fixed low-severity xss when uploading maliciously-named files
  • v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
  • v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

πŸ§ͺ new features

  • #181 the default chmod (unix-permissions) of new files and folders can now be changed 9921c43
    • --chmod-d or volflag chmod_d sets directory permissions; default is 755
    • --chmod-f or volflag chmod_f sets file permissions; default is usually 644 (OS-defined)
    • see --help-chmod which explains the numbers

🩹 bugfixes

  • #179 couldn't combine --shr (shares) and --xvol (symlink-guard) 0f0f8d9
  • #180 gallery buttons could still be clicked when faded-out 8c32b0e
  • rss-feeds were slightly busted when combined with rp-loc (location-based proxying) 56d3bcf
  • music-playback within search-results no longer jumps into the next folder at end-of-list 9bc4c5d
  • video-playback on iOS now behaves like on all other platforms 78605d9
    • (it would force-switch into fullscreen because that's their default)

⚠️ not the latest version!

  •  
  • ↗️
❌