• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

⚠️ ATTN: this release fixes CVE-2025-58753, an issue with shares

• when a share is created for just one or more files inside a folder, it was possible to access the other files inside that folder by guessing the filenames
• it was not possible to descend into subdirectories in this manner; only the sibling files were accessible
• NOTE: this does NOT affect filekeys; this is specifically regarding the shr global-option

recent important news

• v1.19.8 (2025-09-07) fixed CVE-2025-58753 (a missing permission-check inside single-file shares)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #761 IdP: option to replace the login/logout links and buttons with redirects into an IdP UI 09f2299
• #726 disk-usage and server-version can be selectively hidden according to user permissions 19a4c45
• option --shr-who / volflag shr_who decides who is able to create a share of that volume edafa15
• #751 nixos: add globalExtraConfig to specify repeatable config parameters (thx @xvrqt!) 09e3018
• some very small speedups (mainly u2c and ancient python versions) 74821a3
• #759 #393 total folder size now decreases when files inside are deleted 96b109b
  • would previously require a reindex to get back on track

🩹 bugfixes

• fix GHSA-pxvw-4w88-6x95 by fencing fileshares to just the shared files e0a92ba
• #397 prevent hinting at valid passwords, even if they cannot be used to authenticate with 7a4ee4d
• #747 disable some features if /tmp must be used for runtime config e6755aa
  • the config-folder will now also be created with chmod 700 (accessible by owner only)
• #733 #298 fix hotkeys on non-qwerty keyboard layouts (dvorak etc.) e798a9a
• #539 ftp-server: support clients which never does a CWD b049631
• ignore the plaintext session-cookie on https; fixes some confusing behavior when switching from https to http c71128f
• og-ua would prevent clients matching the pattern from accessing fullsize files
• og-ua was only possible to set globally; the og_ua volflag was ignored 422f8f6
• uds / unix-domain-sockets got wrong permissions when rm-sck was used e270fe6
• #727 macos: support running from config-files 230a146
• #539 avoid issues if someone uploads a file with a last-modified timestamp from year -9999999999999 eeb7738
• using the spacebar to pause a video was jank on chrome bfcb6ea
• block the next-song hotkey while a folder is loading f7e08ed
• #748 fix rare js-panic when an action is aborted aaeec11
• #738 bubbleparty: use /bin/bash (thx @ckastner!) 0469b5a

🔧 other changes

• partyfuse: nice speedup by caching readdir too 06d2654
• partyfuse: explain usage with usernames 1cdb388
• connect-page: better examples when usernames enabled 3bdef75
• docker: fix image annotations ab56238

🌠 fun facts

• konami's biggest legacy lives on f0caf88 bd6d1f9

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• new option chdir to change the PWD (process working-directory) before volumes are mapped 14555d5

🩹 bugfixes

• fix using empty folders as statefile storage (v1.19.6 made this a bit too strict) 0d96786
• holding I/K to scroll through folders quickly now works better 914686e

🔧 other changes

• #717 docker: fix the image repo metadata (thx @EmilyxFox!) 6f08711
• docker: change $HOME to /state 01cf20a d1f7522
  • and use the new chdir option to preserve old config-file semantics 14555d5
  • helps avoid statefiles accidentally landing in /w as a consequence of misconfiguration

🌠 fun facts

• this release was made at RevSpace NL

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #673 add Portuguese translation (thx anonymous!) 4b8c221
  • ...and enable the Polish translation (whoops) 8f235be
• #689 add option to control authentication priority/precedence 543b7ea
• url-parameter ?dl forces file download instead of displaying in-browser 48d6224
• #533 more ways to make the QR-code always-visible in the console 2848941
• #695 option to log invalid xml from clients 28b93d7
• #552 configurable markdown newline behavior 0491123
  • and tweak the styling of monospace in links 6850344

🩹 bugfixes

• #628 FTP-server now accepts connections from IPv6 link-local addresses 978801d
• incorrect assumption that all IPv6 link-local addresses start with fe80 d39c74c
• ftp: fix file rename d40f061
• u2c: couldn't upload files located at the very top of the unix file hierarchy 599e82f
• #699 markdown-editor: fix panic if the table-formatter is executed on something that isn't a table 4c042b3

🔧 other changes

• #696 a volume can be one single file, not just folders aa1c921
• #442 strongly prefer XDG_CONFIG_HOME as config location 3547255
• #691 album-art collected from audio-files can now become folder thumbnails 0b50fde
• allow spaces in more of the comma-separated options d30240b
• docs:
  • mention config requirements for syncing folders with u2c 6cd0a39 59f142c

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #328 run copyparty on iPhones; see install on iOS in the readme ca98d54
  • cannot run in the background, doesn't have full access to your files, and is slightly buggy, but it works
  • running on android gives you a much better experience
• save the qr-code to a file (txt/svg/png) 202ddea

🩹 bugfixes

• #661 fix incorrect rproxy hint in the logs 6c76614
• #649 fix js-crash when tapping in the exactly correct place (thx @hahaslav for debugging!) 0de07d8
• #628 ftpd: fix banning IPv6 clients 6d76254

🔧 other changes

• #296 nixos: support non-flake setups (thx @Sorixelle!) 20ef74c 3259367
• config-parser catches and explains a few more common mistakes cc65b1b
• docs:
  • #490, #199: readme: confirm that combining copyparty and syncthing is safe c51371c
  • #377 improved authelia docker example (thx @xFuture603!) cd8771f
  • mention the homebrew formulae f9cb2c1
  • #651 versus.md: fix hfs3 comparison (thx @rejetto!) 7a4973f

⚠️ not the latest version!

this release is a hotfix for #624; v1.19.2 broke volumes defined in config files

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

ℹ️ this upgrade is a one-way ticket

• your up2k database (.hist/up2k.db), used by the e2d filesystem indexing feature, will be upgraded to a new format which older copyparty versions cannot read. A backup of each database will be created automatically, named up2k.db.bak.SOMETHING.v5. If you need to downgrade to a previous version: Shutdown copyparty, delete these files: up2k.db up2k.db-shm up2k.db-wal and then copy up2k.db.bak.*.v5 to up2k.db

🧪 new features

• new translations:
  • #551 Swedish (thx @Bevinsky!) d676a86
  • #551 Korean (thx @nyqui!) 4e878d2
• #581 new theme: phi95 (thx @varphi-online!) d8662ae
• #567 .raw image thumbnails (thx @ar-nelson!) 0177a9b
  • available in docker-images iv and dj
• #561 epub thumbnails (thx @Scotsguy!) 9435e6b
• #252 music thumbnails use embdded coverart if available 98d117b
  • thumbnails folder .hist/th must be deleted to take effect
• #530 show username of uploaders in file listings; requires a (admin) permission 4df033e
• #604 a new group @acct which automatically contains all known usernames 68907ea
• controlpanel has a dedicated "logout all sessions" button, similar to the logout-link in the browser f4a3fba
• #397 accounts can be restricted to certian IPs 62e072a
• #504 automatic login through tailscale auth a4649d1
• #533 sticky qr-code with --qr-pin 1 1ebe06f
• #572 button to abort copy/move 715d374
• #618 "download selected files" didn't work on firefox 52 (winxp) dcc6b1b
• max number of cookies to allow can be configured 6303eff
  • good if you have too many selfhosted services on one domain (but will beware of the spec-mandataed max length of the cookie field!)

🩹 bugfixes

• fix xvol/xdev edgecases:
  • #603 rootless vfs 554cc2f
  • false-positive with overlapping volumes d9046f7
• #573 ftp: attempting an upload into read-only folder no longer kills the connection 3aa8b7a
• #306 adjust navpane for --rp-loc (location-based proxying)
• #556 more sensible config expansion order f4727f8
  • #624 ...which broke things bf1fdca
• the video player now stays fullscreen between videos 782e2f1
• heif thumbnailing with libvips

🔧 other changes

• #253 build nix-packages from source (thx @toast003, @chinponya!) 187cae2
• #616 logfiles will have a plaintext severity column if --no-ansi d4cf42e
• #598 separate option --ac-convt for audio transcoding timeout d562305
• #596 users with a blank password gets a strong random-generated one 7f44875
• copyparty.exe: upgrade to python 3.13.7

⚠️ not the latest version!

v1.19.3

v1.19.2

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• new translations:
  • #486 French (thx @Tr3yWay996, @Packingdustry, @Alee14, @jakubiakfr, @Equinoxs!) e9ddfcc 7aa2148 b87f8f1
  • #463 Polish (thx @pufereq and @daimond113!) 392a4db
  • #537 Nynorsk (thx @chinatsu!) 3931bc2
• #549 custom mdns domain 3c78c6a

🩹 bugfixes

• #539 FTP glitches when running on windows 8ba9887
• #555 global-config didn't load through PRTY_CONFIG (thx @icxes!) 074e106
• macos: could take a while to establish webdav connection from finder a01870b
• ux:
  • dropdown colors 347cf6a
  • case-sensitivity in filters e5e8229
  • iOS being too enthusiastic about using saved passwords 03acd65

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #511 login with username and password (not just password) can now optionally be enabled with --usernames 346515c
  • if you have enabled password hashing (ah-alg: argon2 or similar) then you will need to hash your passwords again after enabling usernames, hashing them as username:password:
• #468 add Greek translation (thx @chamdim!) 50f4618 392abd0
• #471 add Czech translation (thx @kubakubakuba!) c955658
• #515 support systemd socket acivation (thx @mati1210!) 9b9d2a9
• #523 add QR-code to the connectpage bcc3b15
• #513 optional EOL-conversion for texteditor 8b31ed8
• controlpanel refresh-button now toggles automatic refresh 7ae84de

🩹 bugfixes

• fix stuck uploads when the up2k database (e2d) is not enabled 4a04356
  • if more than 60'000 files were uploaded and there were several dupes of some files, they could get stuck and never upload
  • upload performance is improved remarkably by enabling e2d so such huge uploads non-e2d had not been tested in a long time
• #467 #470 fix ui-crash when exporting links of all uploaded files to clipboard (thx @geekalaa!) 0df1901
• #487 fix ui-crash when the location url-part is // 0f55a1a
• fix viewing .MD files (8a0746c)

🔧 other changes

• when a reverse-proxy is detected, force explicit configuration of --rproxy to obtain correct client IP 3f8cb7e
  • a bit inconvenient, but helps prevent potentially-dangerous misconfiguration
  • the necessary configuration changes are explained in the serverlog (you can't miss it)
  • thanks to @person4268 for pointing out that there was room for improvements!
• failed login attempts now only log a sha512 hash of the provided password
  • to see login-attempts with incorrect passwords as plaintext like before, log-badpwd: 1
• #502 add systemd user services and templated services (thx @icxes!) 34d98e9
• #475 improve helptext for multivalue global-options c2ac57a
• #475 add chungus.conf, massive extensive nonsensical demo config b664ebb
• try to detect proxies with incorrect caching behavior 9e980bb
• recent-uploads now support ie9 a57f7cc
• languages and themes are now dropdowns a9ee4f2
• copyparty.exe: upgrade python to 3.13.6 a98360f
• introduce copyparty-en.py, english-only edition of copyparty-sfx.py to save space 33497e6

🗿 known issues

• the copyparty.pyz in this release is english-only, and does not include the translations -- they got lost in transit while adjusting the buildscripts to make copyparty-en.py

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) (PREVIOUS RELEASE) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #426 add Dutch translation (thx @DeStilleGast!) 3798e19
• #458 add Italian translation (thx @AOTREVAI!) a38e6e6
• #456 transcode to flac/wav (thx @missaustraliana!) b469db3 b2d48c6 0d09fb6
• #439 config-file can be provided through PRTY_CONFIG (thx @icxes!) 971360e
• #459 videos can become folder thumbnails 16bbcce
• add --idp-cookie, session-tickets for IdP auth (performance boost) f9502c3
  • useful when the IdP-server becomes a bottleneck

🩹 bugfixes

• #412 fix PUT-uploads into volumes with nosub volflag 47fa4a9
• #435 ignore spurious exceptions from browser extensions 39e5582
• #449 IPv6 QR-Code didn't include port 66a5bf3
• #295 do not force d2d in blank vfs (introduced in v1.18.3) 848315c

🔧 other changes

• #440 improved finnish translation (thx @icxes!) a68d5b0
• point to the -nc option in the "at max connections" warning 153d240
• the play-button now indicates "play-as-audio" for video-files 40d56bb
• docs:
  • #411 improve password-hashing instructions (thx @chinponya!) c69c7c8
  • #429 improve --cert helptext (thx @kzshantonu!) 7e3825f
  • #413 copyparty is Wii Internet Channel compatible! (thx @techflashYT!) 50f1629
  • #461 how to use groups without IdP e85a710
  • mention that WebDAV and OpenGraph are incompatible by default (and how to fix that) 0bc1b8f
  • #345 short explanation about the sfx in quickstart ae5eefc
• #398 pypi-package now has extra-group all 6eaf8af

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes a Denial-of-Service vuln

CVE-2025-54796: an unauthenticated user could make the server grind to a halt by accessing a particular URL

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #310 translated to Spanish (thx @herruzo99!) a1dfd0b
• #350 translated to Ukrainian (thx @MrMebelMan!) fea45e4
• #321 translated to Russian (thx @A1Asriel!) 0b05c72
• #381 translated to Finnish (thx @icxes and @Permik!) 7ecedb2
  • haha it says surf
• #312 add option to use localtime in the UI ad23b25
• #386 initial packaging for debian (thx @Beethoven-n!) 3c6f0b1

🩹 bugfixes

• CVE-2025-54796 / GHSA-5662-2rj7-f2v6 09910ba
• #347 fix upload-abort when uploading to a share 6d6d79f
• fix xiu backlog dropping on restart 3222ba3
• #375 fix crash on really old versions of python2.7 (thx @bb!) b69d590
• #388 another python2.7 fix: improve unicode support in u2c (thx @KevinXuxuxu!) 9c19753
• log creator of new/blank markdown docs d0d2f20
• #400 config didn't support indenting with tabs c160428

🔧 other changes

• ack was changed to continue 4fa7be2

🌠 fun facts

• the translations have made the sfx size balloon from 766 to 845 KiB in under a week... nice! keep em coming 🎉

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

• v1.18.7 (2025-07-30) (PREVIOUS RELEASE) fixed XSS in the recent-uploads page
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🩹 bugfixes

• #354 fix copyparty-sfx.py failing to start on certain versions of python c17ce48

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-8mx2-rjh8-q3jq, could let an attacker execute arbitrary JS by tricking you into clicking a malicious URL

Soon there won't be many of these left, surely. Huge thanks to @Ju0x for finding and reporting this.

recent important news

• v1.18.7 (2025-07-30) fixed XSS in the recent-uploads page
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #265 uid/gid for new files can be configured per-volume f195998
  • has preconditions; see readme
• #212 add German translation (thx @rGunti, @Scotsguy, @chocolateimage) 9d32564

🩹 bugfixes

• GHSA-8mx2-rjh8-q3jq a8705e6
• #276 windows: fix segfault (thx @kernel1994 for debugging!) a9d07c6
• #272 webdav: send disk-size and disk-free to clients 4988a55
• #285 use disk-free sans root-reserve on linux (thx @Arklaum!) c3cc2dd
• cors-check was funky on IPv6 e9684d4
• #325 upgrade sharex example for newer versions 6016ec9
• #300 restore support for old versions of python 2.7 b7ca6f4

🔧 other changes

• shares: the config POST-target is now always the webroot (for ease of IdP configuration) fb7cbc4
• unlist: now applies to the navpane too fbf17be
• windows: show disk-usage as well, not just disk-free 5c6341e
• #228 nix-pkg improvements (thx @dtomvan!) 4915b14
• docker-compose: ensure logs appear in realtime 3cde1f3
• mention that IdP-volumes and users can now be persisted 6069bc9
• #316 explain a scary-looking thing in the code 053de61

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

• v1.18.5 (2025-07-28) (PREVIOUS RELEASE) fixed XSS in display of media tags
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #201 add support for reflink-based dedup on cow filesystems df9feab
  • combine --dedup with --reflink to enable, or volflags with same name
  • a better and safer alternative to the other dedup approaches (symlink/hardlink), but only possible to use in some cases:
    • needs linux 5.3 or newer, python 3.14 or newer, btrfs/xfs/zfs
    • not available in the docker images yet; needs a new version of python, so maybe next alpine release (november/december 2025)
• ratelimit password changes to impede bruteforcing a2601fd
  • limit is set by --ban-pwc (default is 5 changes in 60min)

🩹 bugfixes

• #240 nixos: fix unixgroups issue (thx @chinponya!) 7c9c962
• #246 cbz: use correct page for thumbnail (thx @Scotsguy!) 542a1de

🔧 other changes

• volflag nosub now also prevents mkdir 0f2c623
• improve documentation:
  • #229 use the same example UDS path everywhere cb019af
  • example nginx config had misleading cloudflare comment (thx @jmi2k!) 674fc1f
  • more readable --help-chmod 03d23da
  • #244 fix typo in --help 4f013f6
• #242 hide "use real pw" on connectpage if no accounts (thx @toast003!) 025942a
• #211 docker: remove deprecated attribute (thx @ptweezy!) 5b98e10
• #190 add the feature-showcase video to the readme (thx @RustoMCSpit!) 43e6da3

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-9q4r-x2hj-jmvr, exploitable in two different ways, could let an attacker execute arbitrary javascript on other users:

• either: tricking someone into clicking a malicious URL to load and execute javascript
• or: uploading a malicious audio file to the server, affecting any successive visitors

so, with new and curious eyes on the project, we are starting off with a bang. Huge thanks to @altperfect for finding and reporting this earlier today.

recent important news

• v1.18.5 (2025-07-28) fixed XSS in display of media tags
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #214 option to stop playback after one song, and/or at end of folder 6bb27e6

🩹 bugfixes

• GHSA-9q4r-x2hj-jmvr 895880a
• block external m3u files 2228f81
• #202 the connect-page could show IP-address when it should have used hostnames/domains b0dec83
• scrolling locked after tailing a file and closing it creatively d197e75

🔧 other changes

• #189 the SameSite cookie parameter now defaults to Strict, increasing CSRF protection ca6d0b8
  • new option --cookie-lax reverts to previous value Lax
• docker: add FTPS support b419984

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-02-25)

recent important news

• v1.16.15 (2025-02-25) fixed low-severity xss when uploading maliciously-named files
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #182 Landmarks edba7ff
  • detects that a storage backend is glitching out and disengage the up2k-database as a precaution
• #183 quickdelete 21a96bc
  • new togglebutton qdel in the UI which reduces the number of deletion confirmations by one
  • global-option --qdel=0 which can bring it all the way to zero (good luck)

🩹 bugfixes

• fix unpost in recently created shares 2d322dd
• fix filekeys on windows df6d4df

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-02-25)

recent important news

• v1.16.15 (2025-02-25) fixed low-severity xss when uploading maliciously-named files
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #181 the default chmod (unix-permissions) of new files and folders can now be changed 9921c43
  • --chmod-d or volflag chmod_d sets directory permissions; default is 755
  • --chmod-f or volflag chmod_f sets file permissions; default is usually 644 (OS-defined)
  • see --help-chmod which explains the numbers

🩹 bugfixes

• #179 couldn't combine --shr (shares) and --xvol (symlink-guard) 0f0f8d9
• #180 gallery buttons could still be clicked when faded-out 8c32b0e
• rss-feeds were slightly busted when combined with rp-loc (location-based proxying) 56d3bcf
• music-playback within search-results no longer jumps into the next folder at end-of-list 9bc4c5d
• video-playback on iOS now behaves like on all other platforms 78605d9
  • (it would force-switch into fullscreen because that's their default)

⚠️ not the latest version!