❌

Lees weergave

↗️

dillo approves

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

πŸ§ͺ new features

  • send-message-to-serverlog now also available as url-parameter ?smsg=foo 6dcb1ef
    • option smsg configures which HTTP-methods to allow; can be set to GET,POST but default is only POST because GET is dangerous (CSRF)

🩹 bugfixes

  • #1227 dillo was not able to login because dillo is more standards-compliant than every other browser (nice) b4df8fa
  • a web-scraper which got banned for making malicious requests could remain banned for one request longer than intended (wait why did I fix this) ba67b27
  • ?ls was still a bit jank 0a3a807

🌠 fun facts

  • this 6AM release was powered by void/mournfinale
  • was going to name the release "dilla pΓ₯ dillo" but somehow google-translate thinks that means "fuck on fuck" which would have been inappropriate

⚠️ not the latest version!

  •  
  • ↗️
↗️

xattrs + range-select

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #1212, #1214 range-select in the grid-view by click-and-drag (thx @icxes!) 3e3228e 72c5940
  • #134 xattrs (linux extended file attributes) can now be indexed and searchable 8240ef6
  • rightclick-menu:
  • option to override the domain in certain links, so copyparty returns an external URL even if you're accessing it by a LAN address:
  • new option vol-nospawn (volflag nospawn) to not automatically create the volume's folder on the server's HDD if it doesn't exist
  • new option vol-or-crash (volflag assert_root) to intentionally crash on startup if a volume's folder doesn't already exist on the server HDD
  • new option --flo to tweak the log-format used by the -lo option for logging to a file 826e84c
  • #1197 u2c (commandline uploader): give up and crash if server is offline for longer than 3 minutes (configurable) 67c5d8d

🩹 bugfixes

  • #1203 configured chmod/chown rules were not applied when a file was being deduped bef0772
  • the unlistc* volflags could not be specified for single-file volumes 2664891
  • the defensive renaming of uploaded readmes/logues would assume the default filenames, not considering the recently added option to customize these names c17c3be
  • #1191 the ipu option can once again be used to reject connections from certain IP-ranges caf831f
    • this was a regression in v1.19.21 causing the server to crash on startup if such a config was attempted
  • some empty folders could be created during startup in certain server-configs with nested volumes 4e67b46
  • api: trying to ?ls nested virtual folders could return an error 6675039
  • ui/ux:
    • #1179 improve errormessage if audio transcoding fails 7357d46
    • ensure a trailing slash when viewing a folder with the h permission; good for relative links in html-files

πŸ”§ other changes

  • #1193, #1194: NixOS improvements (thx @toast003!) 9d223d6 d5a8a34
  • truncate huge errormessages from ffmpeg so the log doesn't get flooded 3aebfab
  • ui/ux:
    • the dl button (to download selected files individually) now skips folders, since that never worked bc24604
    • #1200 add html classes to make custom styling easier c46cd7f
    • rephrase errormessages from see serverlog to see fileserver log
  • docs:
    • mention in the readme that uploading files from a deeply nested folder using a webbrowser on Windows can fail because browsers don't handle the max-pathlen limitation of Windows optimally (not a copyparty-specific issue, but still hits us)

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

sftp fixes

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • various SFTP fixes (i blame the single tschunk on day 3):
    • #1170 be more lenient regarding stat permissions 9030828
    • #1170 deletes could return EPERM when ENOENT was more appropriate 8c9e101
    • #1170 files would be created with an extremely restrictive chmod 2f4a30b
      • certified octal moment
    • write-only folders could return ENOENT 6c41bac
  • #1177 disk-usage quotas became incompatible with shares in v1.20.0 038af50
  • appending to existing files with ?apnd was possible in volumes with non-reflink dedup, where it could propagate to deduped copies of the file 738a419
    • (was only possible for users with write+delete perms, so at least it couldn't be used for nefarious purposes)
  • rightclick-menu: "copy link" would strip filekeys 3a16d34

πŸ”§ other changes

  • copyparty.exe: updated pillow to 12.1.0 a9ae6d5

🌠 fun facts

  • tschunk is the sound a hacker makes as they faceplant onto the table after having one too many

⚠️ not the latest version!

  •  
  • ↗️
↗️

sftp is fine too

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • sftp server 4714c2f ec7ea30
  • #1135 right-click menu (thx @stackxp and @Scotsguy!) 82c4960 05a4472
  • PUT can now append to existing files 63d8e5a
    • new option apnd-who to configure who is allowed to do that
  • #1128 added option to skip uploading a file if the filename is already taken on the server (thx @Scotsguy!) fa32e15
  • #1127 descript.ion now also works for folders 2c26aec
  • in file listings, up_by and up_ip (uploader info) can now be displayed for non-admin users by adding them to the mte option 7bfd370
  • #1120 display the disk-space quota instead of the underlying HDD size (thx @rabid-dev!) 511dc01 e0845b2
  • option to skip dotfiles/dotfolders when using download-as-zip 7d7a151
  • #1124 button to skip files with a filename collision when copying/moving files 85639ad
  • #1151 u2c (commandline uploader): option to use basic-auth instead of the PW header (thx @Le0Developer!) 120fdfb
  • the name of the pw url-param and http-header can be changed f81d80b
    • mainly to force basic-auth, but perhaps also for other purposes
    • changing these will break support for many clients, so you probably want to keep the default

🩹 bugfixes

  • image-viewer:
    • images now scale properly when rotated while the zoom feature is enabled c0e167f
    • the current image rotation will now be applied to the next image as well 485c60c c82a3cb
  • groups announced by an IdP will now also apply for native (copyparty-config) users f08cb25
  • windows: download-as-zip would flatten everything to a single folder 2d1d295
  • #1157 dirkeys did not work in grid-view d1ddcb1
  • #1123 the ui-notree option to simplify the UI would simplify a bit too much 4c73704
  • don't add the trailing slash to a volume in the controlpanel when the volume is a file 80a3749
    • the link couldn't be clicked on Windows CE 4.20 using Internet Explorer 4.01

πŸ”§ other changes

  • #1158 updated german translation (thx @Scotsguy!) 3bf80c8
  • the dotfiles button now also toggles showing unlisted files e55e5a4
  • /?h&ls (the api to list volumes) now includes the user's permissions for each volume 1f6e811
  • #1142 new option dav-port to open a dedicated port for webdav clients 4642d32
    • workaround for certain clients which pretend to be webbrowsers
  • #1147 workaround for a buggy browser-extension 8551472
  • detect (and panic) when a webbrowser has failed to load one of the javascript files af3f777
    • replaces the confusing errormessage resulting from half of the code missing

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

bad apple x2

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #1080 new translation: Vietnamese (thx @thatfrozenfrog and @khoidauminh!) b60eb3f d4a9787
  • #1110 add option xf-proto-fb to support reverseproxies which do not provide an x-forwarded-proto header 9c64788
    • and improve the rproxy config guidance message in the serverlog c8f3b4e
    • and show a warning in the controlpanel if misconfiguration is detected c8f3b4e
  • #1109 add option --ipar, reverseproxy-aware alternative to --ipa 3368421
    • its purpose is rejecting connections from unexpected/unwanted IPs/subnets
  • option idp-chsub can be used to replace spaces in IdP usernames/groupnames 5e1d9a5
  • #1029 indicate password max-length in ui 8d46cf1

🩹 bugfixes

  • #1111 apple gave us coal for xmas this year 0b6d2d2
    • workaround for a new bug in safari (iOS and Macos) where it would randomly show a login-popup
  • #1113 the @acct group was unavailable in groupless IdP setups b6c2ec1

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

merikuri

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #1068 #1089 add options to customize which textfiles (readme/prologue/epilogue) to embed above/below directory listings 14bef85
    • prologues, epilogues, readmes, preadmes (global-options and/or volflags) accept a comma-separated list of filenames to look for
  • #1092 add option th-qv to change the thumbnail quality a1cbac0
    • also found and enabled a size-optimization for libvips, so:
  • #1092 automatically delete and rebuild thumbnails if thumbnailer-config is changed ca6c4de
  • #1049 add option log-date to display dates in logs 965a4a6
  • #1047 rss-feed: title/description of each entry is now a template-string which can reference arbitrary metadata properties (thx @djjeane!) 5e85e3d
  • extend the ramdisk safeguard to also prevent moving files into ephemeral storage fa91822
    • would previously prevent creating new files, but this was another potential source for confusion (thx coworker!)
  • now possible to customize the thank you for playing ban-message ce2eeba
  • #964 option to change the default value of the Cache-Control response-header 3bc0bf1

🩹 bugfixes

  • #1010 correctly replace illegal characters in filenames according to underlying filesystem ba017f7
    • for example, uploading a folder named COMPLE:X into an exFAT flashdrive on linux is now possible
    • and, to make that possible, filesystem-detection now sees the true filesystem behind FUSE (for example ntfs-3g) 3bbed1b
  • audio-playback would skip into the next folder rather than play the rest of the current one if the folder was sufficiently massive 8e2fb05
  • #1094 fix ipu with idp users 594ec39
  • commandline uploader: fix termsize detection on windows 7d526ea
  • #1104 the rss feature now complains loudly if e2d is not enabled (because that was always necessary but not obvious) 9219540
  • ui/ux:
    • #1102 the option to cosmetically hide server info did not apply for all themes e440578
    • the metadata-property date (default-disabled) was renamed to tdate to avoid colliding with the last-modified timestamp if enabled fecc3fd
  • docs:

πŸ”§ other changes

  • add a loud warning in logs if X-Forwarded-Proto is not added by the reverseproxy ad45de9 1b222fb
    • almost did the same for X-Forwarded-Host too before realizing that's generally not a thing
  • #1038 creating a blank chpw.json before starting copyparty is now supported and no longer crashes on startup efc6a09
  • #1105 better feedback in the login ui (thx @stackxp!) 08474db
  • mtag/audio-key.py: replaced the melodic key detector since ffmpeg-8 / alpine-3.23 broke it 67ddc64
  • updated deps:
    • webdeps: dompurify-3.3.1 e0b04d9
    • copyparty.exe: python-3.13.11 9e64fe0

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

tadaimback

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • hooks now behave more usefully/predictably; 889bd32
    • hooks returning 0 will run the next hook (if any), and let the initiating action proceed if no other hooks object
    • hooks returning 100 will stop processing successive hooks, but return success, letting the initiating action proceed
    • hooks returning anything else will stop processing successive hooks (like the documentation always said) and also fail the initiating action (if hook is checked)
    • zmq hooks can now respond with json, doing relocations and all that stuff
  • new mtag plugin, geotag.py: read image geotags with exiftool (demo) 1c15c0d ac085b8
  • #972 markdown-links are rewritten to open in the markdown-viewer 278a0d8
  • #794 add json beautifier / minifier
  • #1058 ui-option and server-config to force download instead of showing files inline a9174e5
  • option stats-u to grant access to prometheus-metrics based on username, not just permissions b427d78

🩹 bugfixes

  • #1003 u2c.py (commandline uploader) did not install correctly on archlinux and/or pypi 9385dae
  • #1035 uploader could fail to initialize if: 98701b7
    • the mt button (webworkers) was enabled in the settings tab
    • and the network was severely strained during intial page load
  • possible deadlock on shutdown if thumbnailer queue was hella busy fb9f044
  • #971 windows: fix deadlock on startup if trying to use a nonexistant driveletter as a volume 945b227
  • #1022 js-panic if audio playback is set to stay-in-folder a28503e
  • links to ongoing file transfers in the controlpanel could 404 (thx @Habetdin!) 77f74dd f4d67ff
  • video scrubbing on iOS dba7c5d
  • #1054 audio volume slider could skip one percent (thx @shermanhlc!) ca6d3a5
  • detect invalid config:
    • #959 panic if ipu user doesn't exist 79e1078
    • panic if share config overlaps with a volume cedfc44
  • #943

πŸ”§ other changes

  • the "new-markdown" feature was repurposed into "new-file", accepting any file extension 7d62335
  • #1023 the option to grant delete-access when creating a share was removed due to never having been implemented in the backend 04ac7fb
  • #1012 rephrased the controlpanel login-text when logged in to avoid confusion 7a29140
  • add hints that the serverlog is a good place to look in some situations c424a55
  • all thumbnail types and combinations can now be pregenerated a359b89
  • #1030 add debug if cfssl is misbehaving ec00dc1
  • #871 grid volflag is applied during navigation if user has not set a preference a9378a8
  • cosmetic:
    • show column number in markdown editor b9aacba
    • reduced grid margins in theme2 e469bc9
    • reduced redirect delay after logging in f7e7b03
    • controlpanel greeting in some fail-early responses acde21d
    • update hooks to ignore the new upload-queue-empty message 3f4b79f
  • docs:
  • nixos:
  • copyparty.exe: update to python 3.13.10, pillow 12.0 cdffde7

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

november

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #961 the /?shares listing now shows the list of filenames for each share 2cc53ea

🩹 bugfixes

  • #967 per-volume md/lg sandbox rules are now applied during navigation db60951
    • if a volume has no-sb-lg or no-sb-md set then it'll apply when navigating into that volume, and vice-versa

⚠️ not the latest version!

  •  
  • ↗️
↗️

copyparty.eu γƒžγƒΌγ‚―II

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

🩹 bugfixes

  • fix building the archlinux package e3524d8

⚠️ not the latest version!

  •  
  • ↗️
↗️

copyparty.eu

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #949 when all uploads have finished, the client (both the browser and u2c) sends a message to the server saying it's done db87ea5
  • #941 copyparty-en.pyz, yet another copyparty variant, with enterprise-friendly tweaks:
    • does not include the smb-server, so antivirus doesn't think it's malware 7f5810f
    • english-only, because antivirus apparently hates certain translations too 7f5810f
    • renamed the webdav-config .bat to .txt because clearly only one of those are "dangerous" b624a38
  • show volumes with permssion h in the navpane fff7291
  • #937 global-option --notooltips to default-disable tooltips a325353

🩹 bugfixes

  • #948 fix the u2c --dr option when the server is running on windows d3dd345
  • fix crash on startup when using volflags unlistc* and the parent folder is not a volume cdd5e78
  • og / opengraph / discord-embed fixes:
    • using the h permission could result in unexpected 404 c9e45c1
    • a single-file volume could make filenames in its parent volume unintentionally visible 36ab77e
      • this would only happen when combined with --og
  • fix some harmless warnings from single-file volumes b1efc00
  • fix filesize-colors in selected rows 1c17b63

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️
↗️

read:cbz + re:ftp

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #916 view cbz manga/comics in the browser (thx @Scotsguy!) 8ef6dda
  • #845 users/groups can be subtracted from a broader access grant b4fda5f
    • for example *,-@acct hides a volume from everyone who's logged in
  • reflink dedup is now available in most python versions, not just 3.14 and newer f2caab6
    • much better and safer than symlink/hardlink-based dedup, but only works with a few filesystems
  • #905 option to magnify images/videos to fill the screen 66dc8b5
  • #921 #685 xm hooks can see the selected files (thx @carson-coder!) 6c024db 3364448
  • #927 textfiles can now be viewed with the ?doc= suffix with just the g permission dbb7870
  • #742 new volflag nodupem to prevent dupes from being moved into a volume; the stronger alternative to nodupe which only prevents uploads f55d834
  • audioplayer: show embedded coverart as fallback for cover.jpg in OS widgets 9746b4e
  • #928 option to hide certain ui-elements, either with volflags or url-params 98da5cc
  • #911 users can now avoid autoban according to permissions 6f02812
  • verbosity and permssion options for ?stack 677fd8e
    • default is now admin-only; previously it was "admin or read+write"

🩹 bugfixes

πŸ”§ other changes

🌠 fun facts

  • looks like i'll be in Japan november 7~26 and then at CCC for newyears!
    • wait, I never made stickers... orz

⚠️ not the latest version!

  •  
  • ↗️
↗️

FULLBURST

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • web-ui: only show generic http errors if nothing better is available 0453b7a
  • #860 epub-thumbnailer errors are less noisy now 4177c1d
  • the ui-filesz option can have a trailing hyphen now 2248705
  • hide "create share" button while inside a share c5f1229

πŸ”§ other changes

  • #460 example config for running the podman images as a systemd service (thx @danloveg!) 7fc379a
  • #886 nixos: option to specify unix-user/group to run as (thx @2Kaleb!) 31f1b53
  • #895 mention the ?v suffix to open mediafiles in the mediaplayer f8e1981
  • ignore 403s from /favicon.png (samsung-android)
  • docker: shrink the min image from 45 to 33 MiB a8f53d5
  • #887 add missing entries in --licenses 805a705
  • #887 various vendored python libraries can now be ripped out and replaced with system-libs:

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

merry christmas

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #184 add various human-readable formats for filesizes 234edde
  • search for files by their identifier ("wark"/checksum) 4e38e40
    • and those are displayed in file-listings now too 456addf
  • PUT-upload with header Replace will overwrite any existing files 397ed56
  • xbu/xau hooks can reject uploads with a custom message df0fa9d
  • #855 mDNS options to change the announced http/https port a3d9506
  • #473 #383 custom favicons per-volume (.ico/png/gif/svg) 470b504
    • doesn't seem to work in internet explorer... ah whatever, go next

🩹 bugfixes

  • #849 create IdP-db for --idp-store when necessary 80ca785
  • #859 cbz-thumbnailing had an accidental dependency on FFmpeg 983865d
  • docs: misleading markdown-expansion example e187df2

πŸ”§ other changes

  • #851 show a huge warning when copyparty accidentally detects a failing HDD and/or filesystem-corruption during indexing 6912e86 eb5d767
  • #870 improved discord video embeds (thx @tsuza!) f0ecb08
  • #858 prefer reflinks (not hardlinks) in the -ss security option 57650a2
  • improved controlpanel action-buttons layout 9f46e4d

🌠 fun facts

padoru padoru padoru

⚠️ not the latest version!

  •  
  • ↗️
↗️

Voile, the Magic Library

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #842 could not navpane into webroot if webroot is unmapped 0941fd4
  • upload-resume becomes funky when the OS/network is overloaded to the point where it starts dropping connections left and right -- the issue was reported on discord and I don't have a good way to reproduce it, but these changes may help and/or fix it:
    • b136a5b panic and drop chunk reservations if client or connection glitches out
    • 38df223 also drop reservations if subchunk logic hits an edgecase

πŸ”§ other changes

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

conlangparty

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #837 sharing an entire HDD on Windows (v1.19.9 regression) 6a24432
    • sharing your whole 【Dドラむブ】 is once again possible
      • TLNote: Dドラむブ means "D:\ drive"
      • if you can't upgrade, a workaround is global-option casechk: n
  • /?ls on an unmapped root didn't give a sensible response; now it should be okay except it won't have a cfg field 8f6194f

πŸ”§ other changes

🌠 fun facts

  • the esperanto translation was the final straw; copyparty-sfx.py is now 1 MiB large
    • copyparty-en.py is still a comfy 759 KiB

⚠️ not the latest version!

  •  
  • ↗️
↗️

ftp fix

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

🩹 bugfixes

  • #827 ftp on servers with unmapped root broke in v1.19.9 280815f

⚠️ not the latest version!

  •  
  • ↗️
↗️

ramdisk kinshi

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • prevent uploading into ramdisks by default 59a0122 538a205
    • safeguard against misconfigured docker containers, where certain parts of the vfs has not been mapped to actual storage, for example /w/music is but /w/ itself isn't
    • can be disabled with wram (global-option and/or volflag), mainly for ephemeral servers
  • #799 nixos: groups can be specified (thx @AnyTimeTraveler!) ee5f319
  • the logspam from the filesystem indexer can be reduced/disabled 478f1c7
    • new options scan-st-r, scan-pr-r, scan-pr-s

🩹 bugfixes

  • #809 medialinks (#af-badf00d) would fail on the very first pageload from a new browser 5996a58
  • #806 instructions for running on iOS was bad (thx @GhelloZ!) 35326a6

πŸ”§ other changes

  • copyparty32.exe is now english-only, to save space 669b107
  • version info on startup indicates free-threading or not 6559152
  • docs: explain the daw option better a043d7c

⚠️ not the latest version!

  •  
  • ↗️
↗️

case-sensitivity, give or take

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #781 case-sensitive behavior is now simulated on Windows/Macos/Fat32/NTFS 8b66874
    • avoids some of the scary issues associated with case-insensitive filesystems
    • unfortunately this is expensive and may be noticeably slower in large folders; disable the safeguard with casechk: n if you know you don't need it
  • #789 case-insensitive search for unicode filenames/paths (thx @km-clay!) e2aa8fc ecd18ad
    • default-disabled because it is somewhat expensive; enable with global-option srch-icase
  • CB-1 add --qr-stdout and --qr-stderr to show qr-code even with -q d7887f3

🩹 bugfixes

  • #775 the basic-uploader didn't accept empty files 25749b4
  • opt-out from index.html with ?v did not work as documented 3d09bec
  • Windows: dedup could get rejected by the filesystem if the origin file had a timestamp from the cambrian era e09f3c9
  • webdav would incorrectly return an error for Depth:0 on an unmapped root 3a2381f
  • markdown-editor would waste another http roundtrip on certain documents 14b7e51
  • --help didn't render if terminal was non-UTF8 3f45492

πŸ”§ other changes

  • #788 fixed a hotkey typo in the imageviewer (thx @tkroo!) 5c1a43c
  • #778 improved polish translation (thx @daimond113!) 52438bc
  • #798 debian: fixed an issue in the systemd script (thx @Beethoven-n, and congrats on commit number 4000!) dfd9e00
  • media-tag conductor is no longer mapped to circle (album-artist) 9c9e405
  • "download-selection-as-zip" now produces a better filename, sel-FOLDERNAME.zip instead of FIRSTFILE.zip 8f58762
  • detect and warn if IdP volumes are misconfigured in a particular way 83bd197

🌠 fun facts

  • the themesong of this release is KO3 - Give it up? because that's what the car mechanic got to enjoy when i forgot to unplug the flashdrive before handing in the shitbox for service

⚠️ not the latest version!

  •  
  • ↗️
↗️

SECURITY: fix single-file shares

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

⚠️ ATTN: this release fixes CVE-2025-58753, an issue with shares

  • when a share is created for just one or more files inside a folder, it was possible to access the other files inside that folder by guessing the filenames
  • it was not possible to descend into subdirectories in this manner; only the sibling files were accessible
  • NOTE: this does NOT affect filekeys; this is specifically regarding the shr global-option

recent important news

πŸ§ͺ new features

  • #761 IdP: option to replace the login/logout links and buttons with redirects into an IdP UI 09f2299
  • #726 disk-usage and server-version can be selectively hidden according to user permissions 19a4c45
  • option --shr-who / volflag shr_who decides who is able to create a share of that volume edafa15
  • #751 nixos: add globalExtraConfig to specify repeatable config parameters (thx @xvrqt!) 09e3018
  • some very small speedups (mainly u2c and ancient python versions) 74821a3
  • #759 #393 total folder size now decreases when files inside are deleted 96b109b
    • would previously require a reindex to get back on track

🩹 bugfixes

  • fix GHSA-pxvw-4w88-6x95 by fencing fileshares to just the shared files e0a92ba
  • #397 prevent hinting at valid passwords, even if they cannot be used to authenticate with 7a4ee4d
  • #747 disable some features if /tmp must be used for runtime config e6755aa
    • the config-folder will now also be created with chmod 700 (accessible by owner only)
  • #733 #298 fix hotkeys on non-qwerty keyboard layouts (dvorak etc.) e798a9a
  • #539 ftp-server: support clients which never does a CWD b049631
  • ignore the plaintext session-cookie on https; fixes some confusing behavior when switching from https to http c71128f
  • og-ua would prevent clients matching the pattern from accessing fullsize files
  • og-ua was only possible to set globally; the og_ua volflag was ignored 422f8f6
  • uds / unix-domain-sockets got wrong permissions when rm-sck was used e270fe6
  • #727 macos: support running from config-files 230a146
  • #539 avoid issues if someone uploads a file with a last-modified timestamp from year -9999999999999 eeb7738
  • using the spacebar to pause a video was jank on chrome bfcb6ea
  • block the next-song hotkey while a folder is loading f7e08ed
  • #748 fix rare js-panic when an action is aborted aaeec11
  • #738 bubbleparty: use /bin/bash (thx @ckastner!) 0469b5a

πŸ”§ other changes

  • partyfuse: nice speedup by caching readdir too 06d2654
  • partyfuse: explain usage with usernames 1cdb388
  • connect-page: better examples when usernames enabled 3bdef75
  • docker: fix image annotations ab56238

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

chdir

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • new option chdir to change the PWD (process working-directory) before volumes are mapped 14555d5

🩹 bugfixes

  • fix using empty folders as statefile storage (v1.19.6 made this a bit too strict) 0d96786
  • holding I/K to scroll through folders quickly now works better 914686e

πŸ”§ other changes

  • #717 docker: fix the image repo metadata (thx @EmilyxFox!) 6f08711
  • docker: change $HOME to /state 01cf20a d1f7522
    • and use the new chdir option to preserve old config-file semantics 14555d5
    • helps avoid statefiles accidentally landing in /w as a consequence of misconfiguration

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
↗️

auth-precedence

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #673 add Portuguese translation (thx anonymous!) 4b8c221
    • ...and enable the Polish translation (whoops) 8f235be
  • #689 add option to control authentication priority/precedence 543b7ea
  • url-parameter ?dl forces file download instead of displaying in-browser 48d6224
  • #533 more ways to make the QR-code always-visible in the console 2848941
  • #695 option to log invalid xml from clients 28b93d7
  • #552 configurable markdown newline behavior 0491123
    • and tweak the styling of monospace in links 6850344

🩹 bugfixes

  • #628 FTP-server now accepts connections from IPv6 link-local addresses 978801d
  • incorrect assumption that all IPv6 link-local addresses start with fe80 d39c74c
  • ftp: fix file rename d40f061
  • u2c: couldn't upload files located at the very top of the unix file hierarchy 599e82f
  • #699 markdown-editor: fix panic if the table-formatter is executed on something that isn't a table 4c042b3

πŸ”§ other changes

  • #696 a volume can be one single file, not just folders aa1c921
  • #442 strongly prefer XDG_CONFIG_HOME as config location 3547255
  • #691 album-art collected from audio-files can now become folder thumbnails 0b50fde
  • allow spaces in more of the comma-separated options d30240b
  • docs:

⚠️ not the latest version!

  •  
  • ↗️
↗️

it runs on iOS

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #328 run copyparty on iPhones; see install on iOS in the readme ca98d54
    • cannot run in the background, doesn't have full access to your files, and is slightly buggy, but it works
    • running on android gives you a much better experience
  • save the qr-code to a file (txt/svg/png) 202ddea

🩹 bugfixes

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️
↗️

take two (fix cfg vols)

βœ‡Copyparty
Door: 9001

this release is a hotfix for #624; v1.19.2 broke volumes defined in config files

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

ℹ️ this upgrade is a one-way ticket

  • your up2k database (.hist/up2k.db), used by the e2d filesystem indexing feature, will be upgraded to a new format which older copyparty versions cannot read. A backup of each database will be created automatically, named up2k.db.bak.SOMETHING.v5. If you need to downgrade to a previous version: Shutdown copyparty, delete these files: up2k.db up2k.db-shm up2k.db-wal and then copy up2k.db.bak.*.v5 to up2k.db

πŸ§ͺ new features

  • new translations:
  • #581 new theme: phi95 (thx @varphi-online!) d8662ae
  • #567 .raw image thumbnails (thx @ar-nelson!) 0177a9b
    • available in docker-images iv and dj
  • #561 epub thumbnails (thx @Scotsguy!) 9435e6b
  • #252 music thumbnails use embdded coverart if available 98d117b
    • thumbnails folder .hist/th must be deleted to take effect
  • #530 show username of uploaders in file listings; requires a (admin) permission 4df033e
  • #604 a new group @acct which automatically contains all known usernames 68907ea
  • controlpanel has a dedicated "logout all sessions" button, similar to the logout-link in the browser f4a3fba
  • #397 accounts can be restricted to certian IPs 62e072a
  • #504 automatic login through tailscale auth a4649d1
  • #533 sticky qr-code with --qr-pin 1 1ebe06f
  • #572 button to abort copy/move 715d374
  • #618 "download selected files" didn't work on firefox 52 (winxp) dcc6b1b
  • max number of cookies to allow can be configured 6303eff
    • good if you have too many selfhosted services on one domain (but will beware of the spec-mandataed max length of the cookie field!)

🩹 bugfixes

  • fix xvol/xdev edgecases:
  • #573 ftp: attempting an upload into read-only folder no longer kills the connection 3aa8b7a
  • #306 adjust navpane for --rp-loc (location-based proxying)
  • #556 more sensible config expansion order f4727f8
  • the video player now stays fullscreen between videos 782e2f1
  • heif thumbnailing with libvips

πŸ”§ other changes

  • #253 build nix-packages from source (thx @toast003, @chinponya!) 187cae2
  • #616 logfiles will have a plaintext severity column if --no-ansi d4cf42e
  • #598 separate option --ac-convt for audio transcoding timeout d562305
  • #596 users with a blank password gets a strong random-generated one 7f44875
  • copyparty.exe: upgrade to python 3.13.7

⚠️ not the latest version!

  •  
  • ↗️
↗️

archlinux fix

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #539 FTP glitches when running on windows 8ba9887
  • #555 global-config didn't load through PRTY_CONFIG (thx @icxes!) 074e106
  • macos: could take a while to establish webdav connection from finder a01870b
  • ux:
    • dropdown colors 347cf6a
    • case-sensitivity in filters e5e8229
    • iOS being too enthusiastic about using saved passwords 03acd65

⚠️ not the latest version!

  •  
  • ↗️
↗️

usernames

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

  • #511 login with username and password (not just password) can now optionally be enabled with --usernames 346515c
    • if you have enabled password hashing (ah-alg: argon2 or similar) then you will need to hash your passwords again after enabling usernames, hashing them as username:password:
  • #468 add Greek translation (thx @chamdim!) 50f4618 392abd0
  • #471 add Czech translation (thx @kubakubakuba!) c955658
  • #515 support systemd socket acivation (thx @mati1210!) 9b9d2a9
  • #523 add QR-code to the connectpage bcc3b15
  • #513 optional EOL-conversion for texteditor 8b31ed8
  • controlpanel refresh-button now toggles automatic refresh 7ae84de

🩹 bugfixes

  • fix stuck uploads when the up2k database (e2d) is not enabled 4a04356
    • if more than 60'000 files were uploaded and there were several dupes of some files, they could get stuck and never upload
    • upload performance is improved remarkably by enabling e2d so such huge uploads non-e2d had not been tested in a long time
  • #467 #470 fix ui-crash when exporting links of all uploaded files to clipboard (thx @geekalaa!) 0df1901
  • #487 fix ui-crash when the location url-part is // 0f55a1a
  • fix viewing .MD files (8a0746c)

πŸ”§ other changes

  • when a reverse-proxy is detected, force explicit configuration of --rproxy to obtain correct client IP 3f8cb7e
    • a bit inconvenient, but helps prevent potentially-dangerous misconfiguration
    • the necessary configuration changes are explained in the serverlog (you can't miss it)
    • thanks to @person4268 for pointing out that there was room for improvements!
  • failed login attempts now only log a sha512 hash of the provided password
    • to see login-attempts with incorrect passwords as plaintext like before, log-badpwd: 1
  • #502 add systemd user services and templated services (thx @icxes!) 34d98e9
  • #475 improve helptext for multivalue global-options c2ac57a
  • #475 add chungus.conf, massive extensive nonsensical demo config b664ebb
  • try to detect proxies with incorrect caching behavior 9e980bb
  • recent-uploads now support ie9 a57f7cc
  • languages and themes are now dropdowns a9ee4f2
  • copyparty.exe: upgrade python to 3.13.6 a98360f
  • introduce copyparty-en.py, english-only edition of copyparty-sfx.py to save space 33497e6

πŸ—Ώ known issues

  • the copyparty.pyz in this release is english-only, and does not include the translations -- they got lost in transit while adjusting the buildscripts to make copyparty-en.py

⚠️ not the latest version!

  •  
  • ↗️
↗️

idp speedboost

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • #412 fix PUT-uploads into volumes with nosub volflag 47fa4a9
  • #435 ignore spurious exceptions from browser extensions 39e5582
  • #449 IPv6 QR-Code didn't include port 66a5bf3
  • #295 do not force d2d in blank vfs (introduced in v1.18.3) 848315c

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️
↗️

fix Denial-of-Service

βœ‡Copyparty
Door: 9001

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes a Denial-of-Service vuln

CVE-2025-54796: an unauthenticated user could make the server grind to a halt by accessing a particular URL

recent important news

πŸ§ͺ new features

🩹 bugfixes

πŸ”§ other changes

  • ack was changed to continue 4fa7be2

🌠 fun facts

  • the translations have made the sfx size balloon from 766 to 845 KiB in under a week... nice! keep em coming πŸŽ‰

⚠️ not the latest version!

  •  
  • ↗️
❌