❌

Lees weergave

↗️

bad apple x2

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #1080 new translation: Vietnamese (thx @thatfrozenfrog and @khoidauminh!) b60eb3f d4a9787
  • #1110 add option xf-proto-fb to support reverseproxies which do not provide an x-forwarded-proto header 9c64788
    • and improve the rproxy config guidance message in the serverlog c8f3b4e
    • and show a warning in the controlpanel if misconfiguration is detected c8f3b4e
  • #1109 add option --ipar, reverseproxy-aware alternative to --ipa 3368421
    • its purpose is rejecting connections from unexpected/unwanted IPs/subnets
  • option idp-chsub can be used to replace spaces in IdP usernames/groupnames 5e1d9a5
  • #1029 indicate password max-length in ui 8d46cf1

🩹 bugfixes

  • #1111 apple gave us coal for xmas this year 0b6d2d2
    • workaround for a new bug in safari (iOS and Macos) where it would randomly show a login-popup
  • #1113 the @acct group was unavailable in groupless IdP setups b6c2ec1

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

merikuri

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #1068 #1089 add options to customize which textfiles (readme/prologue/epilogue) to embed above/below directory listings 14bef85
    • prologues, epilogues, readmes, preadmes (global-options and/or volflags) accept a comma-separated list of filenames to look for
  • #1092 add option th-qv to change the thumbnail quality a1cbac0
    • also found and enabled a size-optimization for libvips, so:
  • #1092 automatically delete and rebuild thumbnails if thumbnailer-config is changed ca6c4de
  • #1049 add option log-date to display dates in logs 965a4a6
  • #1047 rss-feed: title/description of each entry is now a template-string which can reference arbitrary metadata properties (thx @djjeane!) 5e85e3d
  • extend the ramdisk safeguard to also prevent moving files into ephemeral storage fa91822
    • would previously prevent creating new files, but this was another potential source for confusion (thx coworker!)
  • now possible to customize the thank you for playing ban-message ce2eeba
  • #964 option to change the default value of the Cache-Control response-header 3bc0bf1

🩹 bugfixes

  • #1010 correctly replace illegal characters in filenames according to underlying filesystem ba017f7
    • for example, uploading a folder named COMPLE:X into an exFAT flashdrive on linux is now possible
    • and, to make that possible, filesystem-detection now sees the true filesystem behind FUSE (for example ntfs-3g) 3bbed1b
  • audio-playback would skip into the next folder rather than play the rest of the current one if the folder was sufficiently massive 8e2fb05
  • #1094 fix ipu with idp users 594ec39
  • commandline uploader: fix termsize detection on windows 7d526ea
  • #1104 the rss feature now complains loudly if e2d is not enabled (because that was always necessary but not obvious) 9219540
  • ui/ux:
    • #1102 the option to cosmetically hide server info did not apply for all themes e440578
    • the metadata-property date (default-disabled) was renamed to tdate to avoid colliding with the last-modified timestamp if enabled fecc3fd
  • docs:

πŸ”§ other changes

  • add a loud warning in logs if X-Forwarded-Proto is not added by the reverseproxy ad45de9 1b222fb
    • almost did the same for X-Forwarded-Host too before realizing that's generally not a thing
  • #1038 creating a blank chpw.json before starting copyparty is now supported and no longer crashes on startup efc6a09
  • #1105 better feedback in the login ui (thx @stackxp!) 08474db
  • mtag/audio-key.py: replaced the melodic key detector since ffmpeg-8 / alpine-3.23 broke it 67ddc64
  • updated deps:
    • webdeps: dompurify-3.3.1 e0b04d9
    • copyparty.exe: python-3.13.11 9e64fe0

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

tadaimback

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • hooks now behave more usefully/predictably; 889bd32
    • hooks returning 0 will run the next hook (if any), and let the initiating action proceed if no other hooks object
    • hooks returning 100 will stop processing successive hooks, but return success, letting the initiating action proceed
    • hooks returning anything else will stop processing successive hooks (like the documentation always said) and also fail the initiating action (if hook is checked)
    • zmq hooks can now respond with json, doing relocations and all that stuff
  • new mtag plugin, geotag.py: read image geotags with exiftool (demo) 1c15c0d ac085b8
  • #972 markdown-links are rewritten to open in the markdown-viewer 278a0d8
  • #794 add json beautifier / minifier
  • #1058 ui-option and server-config to force download instead of showing files inline a9174e5
  • option stats-u to grant access to prometheus-metrics based on username, not just permissions b427d78

🩹 bugfixes

  • #1003 u2c.py (commandline uploader) did not install correctly on archlinux and/or pypi 9385dae
  • #1035 uploader could fail to initialize if: 98701b7
    • the mt button (webworkers) was enabled in the settings tab
    • and the network was severely strained during intial page load
  • possible deadlock on shutdown if thumbnailer queue was hella busy fb9f044
  • #971 windows: fix deadlock on startup if trying to use a nonexistant driveletter as a volume 945b227
  • #1022 js-panic if audio playback is set to stay-in-folder a28503e
  • links to ongoing file transfers in the controlpanel could 404 (thx @Habetdin!) 77f74dd f4d67ff
  • video scrubbing on iOS dba7c5d
  • #1054 audio volume slider could skip one percent (thx @shermanhlc!) ca6d3a5
  • detect invalid config:
    • #959 panic if ipu user doesn't exist 79e1078
    • panic if share config overlaps with a volume cedfc44
  • #943

πŸ”§ other changes

  • the "new-markdown" feature was repurposed into "new-file", accepting any file extension 7d62335
  • #1023 the option to grant delete-access when creating a share was removed due to never having been implemented in the backend 04ac7fb
  • #1012 rephrased the controlpanel login-text when logged in to avoid confusion 7a29140
  • add hints that the serverlog is a good place to look in some situations c424a55
  • all thumbnail types and combinations can now be pregenerated a359b89
  • #1030 add debug if cfssl is misbehaving ec00dc1
  • #871 grid volflag is applied during navigation if user has not set a preference a9378a8
  • cosmetic:
    • show column number in markdown editor b9aacba
    • reduced grid margins in theme2 e469bc9
    • reduced redirect delay after logging in f7e7b03
    • controlpanel greeting in some fail-early responses acde21d
    • update hooks to ignore the new upload-queue-empty message 3f4b79f
  • docs:
  • nixos:
  • copyparty.exe: update to python 3.13.10, pillow 12.0 cdffde7

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

november

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #961 the /?shares listing now shows the list of filenames for each share 2cc53ea

🩹 bugfixes

  • #967 per-volume md/lg sandbox rules are now applied during navigation db60951
    • if a volume has no-sb-lg or no-sb-md set then it'll apply when navigating into that volume, and vice-versa

⚠️ not the latest version!

  •  
  • ↗️
↗️

copyparty.eu γƒžγƒΌγ‚―II

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

🩹 bugfixes

  • fix building the archlinux package e3524d8

⚠️ not the latest version!

  •  
  • ↗️
↗️

copyparty.eu

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #949 when all uploads have finished, the client (both the browser and u2c) sends a message to the server saying it's done db87ea5
  • #941 copyparty-en.pyz, yet another copyparty variant, with enterprise-friendly tweaks:
    • does not include the smb-server, so antivirus doesn't think it's malware 7f5810f
    • english-only, because antivirus apparently hates certain translations too 7f5810f
    • renamed the webdav-config .bat to .txt because clearly only one of those are "dangerous" b624a38
  • show volumes with permssion h in the navpane fff7291
  • #937 global-option --notooltips to default-disable tooltips a325353

🩹 bugfixes

  • #948 fix the u2c --dr option when the server is running on windows d3dd345
  • fix crash on startup when using volflags unlistc* and the parent folder is not a volume cdd5e78
  • og / opengraph / discord-embed fixes:
    • using the h permission could result in unexpected 404 c9e45c1
    • a single-file volume could make filenames in its parent volume unintentionally visible 36ab77e
      • this would only happen when combined with --og
  • fix some harmless warnings from single-file volumes b1efc00
  • fix filesize-colors in selected rows 1c17b63

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️
↗️

read:cbz + re:ftp

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #916 view cbz manga/comics in the browser (thx @Scotsguy!) 8ef6dda
  • #845 users/groups can be subtracted from a broader access grant b4fda5f
    • for example *,-@acct hides a volume from everyone who's logged in
  • reflink dedup is now available in most python versions, not just 3.14 and newer f2caab6
    • much better and safer than symlink/hardlink-based dedup, but only works with a few filesystems
  • #905 option to magnify images/videos to fill the screen 66dc8b5
  • #921 #685 xm hooks can see the selected files (thx @carson-coder!) 6c024db 3364448
  • #927 textfiles can now be viewed with the ?doc= suffix with just the g permission dbb7870
  • #742 new volflag nodupem to prevent dupes from being moved into a volume; the stronger alternative to nodupe which only prevents uploads f55d834
  • audioplayer: show embedded coverart as fallback for cover.jpg in OS widgets 9746b4e
  • #928 option to hide certain ui-elements, either with volflags or url-params 98da5cc
  • #911 users can now avoid autoban according to permissions 6f02812
  • verbosity and permssion options for ?stack 677fd8e
    • default is now admin-only; previously it was "admin or read+write"

🩹 bugfixes

πŸ”§ other changes

🌠 fun facts

  • looks like i'll be in Japan november 7~26 and then at CCC for newyears!
    • wait, I never made stickers... orz

⚠️ not the latest version!

  •  
  • ↗️
↗️

FULLBURST

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • web-ui: only show generic http errors if nothing better is available 0453b7a
  • #860 epub-thumbnailer errors are less noisy now 4177c1d
  • the ui-filesz option can have a trailing hyphen now 2248705
  • hide "create share" button while inside a share c5f1229

πŸ”§ other changes

  • #460 example config for running the podman images as a systemd service (thx @danloveg!) 7fc379a
  • #886 nixos: option to specify unix-user/group to run as (thx @2Kaleb!) 31f1b53
  • #895 mention the ?v suffix to open mediafiles in the mediaplayer f8e1981
  • ignore 403s from /favicon.png (samsung-android)
  • docker: shrink the min image from 45 to 33 MiB a8f53d5
  • #887 add missing entries in --licenses 805a705
  • #887 various vendored python libraries can now be ripped out and replaced with system-libs:

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

merry christmas

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #184 add various human-readable formats for filesizes 234edde
  • search for files by their identifier ("wark"/checksum) 4e38e40
    • and those are displayed in file-listings now too 456addf
  • PUT-upload with header Replace will overwrite any existing files 397ed56
  • xbu/xau hooks can reject uploads with a custom message df0fa9d
  • #855 mDNS options to change the announced http/https port a3d9506
  • #473 #383 custom favicons per-volume (.ico/png/gif/svg) 470b504
    • doesn't seem to work in internet explorer... ah whatever, go next

🩹 bugfixes

  • #849 create IdP-db for --idp-store when necessary 80ca785
  • #859 cbz-thumbnailing had an accidental dependency on FFmpeg 983865d
  • docs: misleading markdown-expansion example e187df2

πŸ”§ other changes

  • #851 show a huge warning when copyparty accidentally detects a failing HDD and/or filesystem-corruption during indexing 6912e86 eb5d767
  • #870 improved discord video embeds (thx @tsuza!) f0ecb08
  • #858 prefer reflinks (not hardlinks) in the -ss security option 57650a2
  • improved controlpanel action-buttons layout 9f46e4d

🌠 fun facts

padoru padoru padoru

⚠️ not the latest version!

  •  
  • ↗️
↗️

Voile, the Magic Library

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #842 could not navpane into webroot if webroot is unmapped 0941fd4
  • upload-resume becomes funky when the OS/network is overloaded to the point where it starts dropping connections left and right -- the issue was reported on discord and I don't have a good way to reproduce it, but these changes may help and/or fix it:
    • b136a5b panic and drop chunk reservations if client or connection glitches out
    • 38df223 also drop reservations if subchunk logic hits an edgecase

πŸ”§ other changes

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

conlangparty

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #837 sharing an entire HDD on Windows (v1.19.9 regression) 6a24432
    • sharing your whole 【Dドラむブ】 is once again possible
      • TLNote: Dドラむブ means "D:\ drive"
      • if you can't upgrade, a workaround is global-option casechk: n
  • /?ls on an unmapped root didn't give a sensible response; now it should be okay except it won't have a cfg field 8f6194f

πŸ”§ other changes

🌠 fun facts

  • the esperanto translation was the final straw; copyparty-sfx.py is now 1 MiB large
    • copyparty-en.py is still a comfy 759 KiB

⚠️ not the latest version!

  •  
  • ↗️
↗️

ftp fix

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

🩹 bugfixes

  • #827 ftp on servers with unmapped root broke in v1.19.9 280815f

⚠️ not the latest version!

  •  
  • ↗️
↗️

ramdisk kinshi

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • prevent uploading into ramdisks by default 59a0122 538a205
    • safeguard against misconfigured docker containers, where certain parts of the vfs has not been mapped to actual storage, for example /w/music is but /w/ itself isn't
    • can be disabled with wram (global-option and/or volflag), mainly for ephemeral servers
  • #799 nixos: groups can be specified (thx @AnyTimeTraveler!) ee5f319
  • the logspam from the filesystem indexer can be reduced/disabled 478f1c7
    • new options scan-st-r, scan-pr-r, scan-pr-s

🩹 bugfixes

  • #809 medialinks (#af-badf00d) would fail on the very first pageload from a new browser 5996a58
  • #806 instructions for running on iOS was bad (thx @GhelloZ!) 35326a6

πŸ”§ other changes

  • copyparty32.exe is now english-only, to save space 669b107
  • version info on startup indicates free-threading or not 6559152
  • docs: explain the daw option better a043d7c

⚠️ not the latest version!

  •  
  • ↗️
↗️

case-sensitivity, give or take

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #781 case-sensitive behavior is now simulated on Windows/Macos/Fat32/NTFS 8b66874
    • avoids some of the scary issues associated with case-insensitive filesystems
    • unfortunately this is expensive and may be noticeably slower in large folders; disable the safeguard with casechk: n if you know you don't need it
  • #789 case-insensitive search for unicode filenames/paths (thx @km-clay!) e2aa8fc ecd18ad
    • default-disabled because it is somewhat expensive; enable with global-option srch-icase
  • CB-1 add --qr-stdout and --qr-stderr to show qr-code even with -q d7887f3

🩹 bugfixes

  • #775 the basic-uploader didn't accept empty files 25749b4
  • opt-out from index.html with ?v did not work as documented 3d09bec
  • Windows: dedup could get rejected by the filesystem if the origin file had a timestamp from the cambrian era e09f3c9
  • webdav would incorrectly return an error for Depth:0 on an unmapped root 3a2381f
  • markdown-editor would waste another http roundtrip on certain documents 14b7e51
  • --help didn't render if terminal was non-UTF8 3f45492

πŸ”§ other changes

  • #788 fixed a hotkey typo in the imageviewer (thx @tkroo!) 5c1a43c
  • #778 improved polish translation (thx @daimond113!) 52438bc
  • #798 debian: fixed an issue in the systemd script (thx @Beethoven-n, and congrats on commit number 4000!) dfd9e00
  • media-tag conductor is no longer mapped to circle (album-artist) 9c9e405
  • "download-selection-as-zip" now produces a better filename, sel-FOLDERNAME.zip instead of FIRSTFILE.zip 8f58762
  • detect and warn if IdP volumes are misconfigured in a particular way 83bd197

🌠 fun facts

  • the themesong of this release is KO3 - Give it up? because that's what the car mechanic got to enjoy when i forgot to unplug the flashdrive before handing in the shitbox for service

⚠️ not the latest version!

  •  
  • ↗️
↗️

SECURITY: fix single-file shares

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

⚠️ ATTN: this release fixes CVE-2025-58753, an issue with shares

  • when a share is created for just one or more files inside a folder, it was possible to access the other files inside that folder by guessing the filenames
  • it was not possible to descend into subdirectories in this manner; only the sibling files were accessible
  • NOTE: this does NOT affect filekeys; this is specifically regarding the shr global-option

recent important news

πŸ§ͺ new features

  • #761 IdP: option to replace the login/logout links and buttons with redirects into an IdP UI 09f2299
  • #726 disk-usage and server-version can be selectively hidden according to user permissions 19a4c45
  • option --shr-who / volflag shr_who decides who is able to create a share of that volume edafa15
  • #751 nixos: add globalExtraConfig to specify repeatable config parameters (thx @xvrqt!) 09e3018
  • some very small speedups (mainly u2c and ancient python versions) 74821a3
  • #759 #393 total folder size now decreases when files inside are deleted 96b109b
    • would previously require a reindex to get back on track

🩹 bugfixes

  • fix GHSA-pxvw-4w88-6x95 by fencing fileshares to just the shared files e0a92ba
  • #397 prevent hinting at valid passwords, even if they cannot be used to authenticate with 7a4ee4d
  • #747 disable some features if /tmp must be used for runtime config e6755aa
    • the config-folder will now also be created with chmod 700 (accessible by owner only)
  • #733 #298 fix hotkeys on non-qwerty keyboard layouts (dvorak etc.) e798a9a
  • #539 ftp-server: support clients which never does a CWD b049631
  • ignore the plaintext session-cookie on https; fixes some confusing behavior when switching from https to http c71128f
  • og-ua would prevent clients matching the pattern from accessing fullsize files
  • og-ua was only possible to set globally; the og_ua volflag was ignored 422f8f6
  • uds / unix-domain-sockets got wrong permissions when rm-sck was used e270fe6
  • #727 macos: support running from config-files 230a146
  • #539 avoid issues if someone uploads a file with a last-modified timestamp from year -9999999999999 eeb7738
  • using the spacebar to pause a video was jank on chrome bfcb6ea
  • block the next-song hotkey while a folder is loading f7e08ed
  • #748 fix rare js-panic when an action is aborted aaeec11
  • #738 bubbleparty: use /bin/bash (thx @ckastner!) 0469b5a

πŸ”§ other changes

  • partyfuse: nice speedup by caching readdir too 06d2654
  • partyfuse: explain usage with usernames 1cdb388
  • connect-page: better examples when usernames enabled 3bdef75
  • docker: fix image annotations ab56238

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

chdir

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • new option chdir to change the PWD (process working-directory) before volumes are mapped 14555d5

🩹 bugfixes

  • fix using empty folders as statefile storage (v1.19.6 made this a bit too strict) 0d96786
  • holding I/K to scroll through folders quickly now works better 914686e

πŸ”§ other changes

  • #717 docker: fix the image repo metadata (thx @EmilyxFox!) 6f08711
  • docker: change $HOME to /state 01cf20a d1f7522
    • and use the new chdir option to preserve old config-file semantics 14555d5
    • helps avoid statefiles accidentally landing in /w as a consequence of misconfiguration

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

auth-precedence

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #673 add Portuguese translation (thx anonymous!) 4b8c221
    • ...and enable the Polish translation (whoops) 8f235be
  • #689 add option to control authentication priority/precedence 543b7ea
  • url-parameter ?dl forces file download instead of displaying in-browser 48d6224
  • #533 more ways to make the QR-code always-visible in the console 2848941
  • #695 option to log invalid xml from clients 28b93d7
  • #552 configurable markdown newline behavior 0491123
    • and tweak the styling of monospace in links 6850344

🩹 bugfixes

  • #628 FTP-server now accepts connections from IPv6 link-local addresses 978801d
  • incorrect assumption that all IPv6 link-local addresses start with fe80 d39c74c
  • ftp: fix file rename d40f061
  • u2c: couldn't upload files located at the very top of the unix file hierarchy 599e82f
  • #699 markdown-editor: fix panic if the table-formatter is executed on something that isn't a table 4c042b3

πŸ”§ other changes

  • #696 a volume can be one single file, not just folders aa1c921
  • #442 strongly prefer XDG_CONFIG_HOME as config location 3547255
  • #691 album-art collected from audio-files can now become folder thumbnails 0b50fde
  • allow spaces in more of the comma-separated options d30240b
  • docs:

⚠️ not the latest version!

  •  
  • ↗️
↗️

it runs on iOS

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #328 run copyparty on iPhones; see install on iOS in the readme ca98d54
    • cannot run in the background, doesn't have full access to your files, and is slightly buggy, but it works
    • running on android gives you a much better experience
  • save the qr-code to a file (txt/svg/png) 202ddea

🩹 bugfixes

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️
↗️

take two (fix cfg vols)

βœ‡Copyparty
Door: 9001

this release is a hotfix for #624; v1.19.2 broke volumes defined in config files

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

ℹ️ this upgrade is a one-way ticket

  • your up2k database (.hist/up2k.db), used by the e2d filesystem indexing feature, will be upgraded to a new format which older copyparty versions cannot read. A backup of each database will be created automatically, named up2k.db.bak.SOMETHING.v5. If you need to downgrade to a previous version: Shutdown copyparty, delete these files: up2k.db up2k.db-shm up2k.db-wal and then copy up2k.db.bak.*.v5 to up2k.db

πŸ§ͺ new features

  • new translations:
  • #581 new theme: phi95 (thx @varphi-online!) d8662ae
  • #567 .raw image thumbnails (thx @ar-nelson!) 0177a9b
    • available in docker-images iv and dj
  • #561 epub thumbnails (thx @Scotsguy!) 9435e6b
  • #252 music thumbnails use embdded coverart if available 98d117b
    • thumbnails folder .hist/th must be deleted to take effect
  • #530 show username of uploaders in file listings; requires a (admin) permission 4df033e
  • #604 a new group @acct which automatically contains all known usernames 68907ea
  • controlpanel has a dedicated "logout all sessions" button, similar to the logout-link in the browser f4a3fba
  • #397 accounts can be restricted to certian IPs 62e072a
  • #504 automatic login through tailscale auth a4649d1
  • #533 sticky qr-code with --qr-pin 1 1ebe06f
  • #572 button to abort copy/move 715d374
  • #618 "download selected files" didn't work on firefox 52 (winxp) dcc6b1b
  • max number of cookies to allow can be configured 6303eff
    • good if you have too many selfhosted services on one domain (but will beware of the spec-mandataed max length of the cookie field!)

🩹 bugfixes

  • fix xvol/xdev edgecases:
  • #573 ftp: attempting an upload into read-only folder no longer kills the connection 3aa8b7a
  • #306 adjust navpane for --rp-loc (location-based proxying)
  • #556 more sensible config expansion order f4727f8
  • the video player now stays fullscreen between videos 782e2f1
  • heif thumbnailing with libvips

πŸ”§ other changes

  • #253 build nix-packages from source (thx @toast003, @chinponya!) 187cae2
  • #616 logfiles will have a plaintext severity column if --no-ansi d4cf42e
  • #598 separate option --ac-convt for audio transcoding timeout d562305
  • #596 users with a blank password gets a strong random-generated one 7f44875
  • copyparty.exe: upgrade to python 3.13.7

⚠️ not the latest version!

  •  
  • ↗️
↗️

archlinux fix

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #539 FTP glitches when running on windows 8ba9887
  • #555 global-config didn't load through PRTY_CONFIG (thx @icxes!) 074e106
  • macos: could take a while to establish webdav connection from finder a01870b
  • ux:
    • dropdown colors 347cf6a
    • case-sensitivity in filters e5e8229
    • iOS being too enthusiastic about using saved passwords 03acd65

⚠️ not the latest version!

  •  
  • ↗️
↗️

usernames

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #511 login with username and password (not just password) can now optionally be enabled with --usernames 346515c
    • if you have enabled password hashing (ah-alg: argon2 or similar) then you will need to hash your passwords again after enabling usernames, hashing them as username:password:
  • #468 add Greek translation (thx @chamdim!) 50f4618 392abd0
  • #471 add Czech translation (thx @kubakubakuba!) c955658
  • #515 support systemd socket acivation (thx @mati1210!) 9b9d2a9
  • #523 add QR-code to the connectpage bcc3b15
  • #513 optional EOL-conversion for texteditor 8b31ed8
  • controlpanel refresh-button now toggles automatic refresh 7ae84de

🩹 bugfixes

  • fix stuck uploads when the up2k database (e2d) is not enabled 4a04356
    • if more than 60'000 files were uploaded and there were several dupes of some files, they could get stuck and never upload
    • upload performance is improved remarkably by enabling e2d so such huge uploads non-e2d had not been tested in a long time
  • #467 #470 fix ui-crash when exporting links of all uploaded files to clipboard (thx @geekalaa!) 0df1901
  • #487 fix ui-crash when the location url-part is // 0f55a1a
  • fix viewing .MD files (8a0746c)

πŸ”§ other changes

  • when a reverse-proxy is detected, force explicit configuration of --rproxy to obtain correct client IP 3f8cb7e
    • a bit inconvenient, but helps prevent potentially-dangerous misconfiguration
    • the necessary configuration changes are explained in the serverlog (you can't miss it)
    • thanks to @person4268 for pointing out that there was room for improvements!
  • failed login attempts now only log a sha512 hash of the provided password
    • to see login-attempts with incorrect passwords as plaintext like before, log-badpwd: 1
  • #502 add systemd user services and templated services (thx @icxes!) 34d98e9
  • #475 improve helptext for multivalue global-options c2ac57a
  • #475 add chungus.conf, massive extensive nonsensical demo config b664ebb
  • try to detect proxies with incorrect caching behavior 9e980bb
  • recent-uploads now support ie9 a57f7cc
  • languages and themes are now dropdowns a9ee4f2
  • copyparty.exe: upgrade python to 3.13.6 a98360f
  • introduce copyparty-en.py, english-only edition of copyparty-sfx.py to save space 33497e6

πŸ—Ώ known issues

  • the copyparty.pyz in this release is english-only, and does not include the translations -- they got lost in transit while adjusting the buildscripts to make copyparty-en.py

⚠️ not the latest version!

  •  
  • ↗️
↗️

idp speedboost

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #412 fix PUT-uploads into volumes with nosub volflag 47fa4a9
  • #435 ignore spurious exceptions from browser extensions 39e5582
  • #449 IPv6 QR-Code didn't include port 66a5bf3
  • #295 do not force d2d in blank vfs (introduced in v1.18.3) 848315c

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️
↗️

fix Denial-of-Service

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes a Denial-of-Service vuln

CVE-2025-54796: an unauthenticated user could make the server grind to a halt by accessing a particular URL

recent important news

πŸ§ͺ new features

🩹 bugfixes

πŸ”§ other changes

  • ack was changed to continue 4fa7be2

🌠 fun facts

  • the translations have made the sfx size balloon from 766 to 845 KiB in under a week... nice! keep em coming πŸŽ‰

⚠️ not the latest version!

  •  
  • ↗️
↗️

sfx hotfix

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

  • v1.18.7 (2025-07-30) (PREVIOUS RELEASE) fixed XSS in the recent-uploads page
  • v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
  • v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🩹 bugfixes

  • #354 fix copyparty-sfx.py failing to start on certain versions of python c17ce48

⚠️ not the latest version!

  •  
  • ↗️
↗️

SECURITY: fix another XSS

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-8mx2-rjh8-q3jq, could let an attacker execute arbitrary JS by tricking you into clicking a malicious URL

Soon there won't be many of these left, surely. Huge thanks to @Ju0x for finding and reporting this.

recent important news

πŸ§ͺ new features

🩹 bugfixes

πŸ”§ other changes

  • shares: the config POST-target is now always the webroot (for ease of IdP configuration) fb7cbc4
  • unlist: now applies to the navpane too fbf17be
  • windows: show disk-usage as well, not just disk-free 5c6341e
  • #228 nix-pkg improvements (thx @dtomvan!) 4915b14
  • docker-compose: ensure logs appear in realtime 3cde1f3
  • mention that IdP-volumes and users can now be persisted 6069bc9
  • #316 explain a scary-looking thing in the code 053de61

⚠️ not the latest version!

  •  
  • ↗️
↗️

reflink-dedup

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

  • v1.18.5 (2025-07-28) (PREVIOUS RELEASE) fixed XSS in display of media tags
  • v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
  • v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

πŸ§ͺ new features

  • #201 add support for reflink-based dedup on cow filesystems df9feab
    • combine --dedup with --reflink to enable, or volflags with same name
    • a better and safer alternative to the other dedup approaches (symlink/hardlink), but only possible to use in some cases:
      • needs linux 5.3 or newer, python 3.14 or newer, btrfs/xfs/zfs
      • not available in the docker images yet; needs a new version of python, so maybe next alpine release (november/december 2025)
  • ratelimit password changes to impede bruteforcing a2601fd
    • limit is set by --ban-pwc (default is 5 changes in 60min)

🩹 bugfixes

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️
↗️

SECURITY: fix XSS in media tags

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-9q4r-x2hj-jmvr, exploitable in two different ways, could let an attacker execute arbitrary javascript on other users:

  • either: tricking someone into clicking a malicious URL to load and execute javascript
  • or: uploading a malicious audio file to the server, affecting any successive visitors

so, with new and curious eyes on the project, we are starting off with a bang. Huge thanks to @altperfect for finding and reporting this earlier today.

recent important news

πŸ§ͺ new features

  • #214 option to stop playback after one song, and/or at end of folder 6bb27e6

🩹 bugfixes

πŸ”§ other changes

  • #189 the SameSite cookie parameter now defaults to Strict, increasing CSRF protection ca6d0b8
    • new option --cookie-lax reverts to previous value Lax
  • docker: add FTPS support b419984

⚠️ not the latest version!

  •  
  • ↗️
❌