We’re excited to announce that AirGradient is the latest manufacturer to join the fast-growing Works With Home Assistant program! They bring their air quality monitors to the program, with both indoor and outdoor models.

AirGradient is the first partner in the program focused on building advanced indoor and outdoor air quality monitors. They are also well known within our community for their powerful tech, and for their focus on open source and dedication to local air quality projects around the world.

A breath of fresh air

AirGradient is the first partner to join that operates out of Thailand, and they initially started making their air monitors to help their local community. They actively support air quality improvement projects both in Thailand itself, but also globally. AirGradient donates monitors and has partnered with a variety of different organisations and NGOs, including UNICEF. These monitors are often placed in schools, helping young people to better understand and work to protect their air quality.

An Open Air Monitor in Vietnam

Community is central to our work with AirGradient. Their hardware and software are open source, just like our own. Plus, they’ve taken an active role in integrating into Home Assistant, bringing their local Wi-Fi integration up to not just the gold, but the platinum tier on our integration quality scale. Like all of our Works With partners, the devices work completely locally with no need for a cloud connection. What’s more, they really embrace the DIY aspect of the smart home, with their devices available fully assembled or as a build-it-yourself kit!

AirGradient’s open approach even extends to the data collected by their community of users. Whilst completely optional, users can share their air quality readings with the world (which they visualize into an amazing map). This helpful air quality map grows every time a user opts to share their data, and is a fantastic open resource for climate researchers, students, or anyone concerned about air quality in their local area. If your area is a blank spot on this map, that is all the more reason to buy an AirGradient outdoor monitor.

Each kit comes with a screwdriver and is designed for easy repair. Broken sensor? Swap it out. Firmware update needed? Flash it yourself. Sustainability is one of the core guiding principles of the Open Home Foundation, and we love that repairability is built in. AirGradient also donates at least 1% of annual sales to non-profits and community direct donations. In fact, they asked us to include in this blog an open invitation to our community: If you have a local project that you think would benefit from open source air quality monitors, get in touch through this link.

Certified Devices

In case you’re new to Works With Home Assistant, unlike some certification programs, it’s not just a badge. We rigorously test items in-house and provide feedback to the manufacturers to ensure that products work easily out of the box and provide a seamless experience. The Works With program is operated by the Open Home Foundation and funded by the support of Home Assistant Cloud Subscribers.

AirGradient has certified the following devices with us:  

• AirGradient One - Indoor Air Quality Monitor

• AirGradient Open Air - Outdoor Air Quality Monitor

Finally, a metric to show precisely how badly you burned your dinner

When we talk about sustainability in relation to the smart home, it’s easy to focus on energy management and reducing our carbon impact. However, with AirGradient, you can deep dive into the impacts of the release of CO2 and other air pollutants, better understanding what you, your family, and friends breathe in every day. With an in-house science team of atmospheric chemists and public health experts, they ensure that the monitors are accurate and each of the fully assembled monitors are tested in a dedicated test chamber.

Whether you want to see if your new furniture is putting dangerous VOCs into the air, or if a smelly candle is going to aggravate any allergies, the use cases are endless. The AirGradient One also has a built-in display with both detailed data and a set of LEDs to show general air quality at a glance. Both devices measure carbon dioxide, VOCs, nitrogen oxides, particulate matter, temperature, and humidity. AirGradient also provides helpful documentation on their website that helps you understand these measurements and the impact they can have on your household.

These devices can not only give you in-depth information about the air in and out of your home, but they can also unlock powerful automations. We often see these devices paired with door or window open/close sensors, air purifiers, dehumidifiers, or air conditioners to reduce particulates in the home from pets or carpets.

Clearing the air

We’re so excited to be partnered with AirGradient. Their mission is important, and their open and sustainable approach is precisely what we love to see. Partnerships like this are only possible with the support of Home Assistant Cloud subscribers. Many of us at the Open Home Foundation have picked up AirGradient monitors and are sharing our air quality data today, and we’d love for you to join us on the map!

FAQs

Q: If I have a device that is not listed under Works With Home Assistant, does this mean it’s not supported?

A: No! It just means that it hasn’t gone through a testing schedule with our team or doesn’t fit the requirements of the program. It might function perfectly well, but be added to the testing schedule later down the road, or it might work under a different connectivity type that we don’t currently test under the program.

Q: Ok, so what’s the point of the Works With program?

A: It highlights the devices we know work well with Home Assistant and the brands that make a long-term commitment to keeping support for these devices going. The certification agreement specifies that the devices must have full functionality within Home Assistant, operate locally without the need for cloud and will continue to do so long-term.

Q: How were these devices tested?

A: All devices in this list were tested using a standard HA Green Hub with the local AirGradient integration and a Wi-Fi network. HA will automatically discover them after they join your network (following the device’s instructions to add it to the WiFi). If you have another setup, that’s not a problem, but we test against these as they are the most effective way for our team to certify within our ecosystem.

Q: Will you be adding more AirGradient devices to the program?

A: Why not! We’re thrilled to foster a close relationship with the team at AirGradient to work together on any upcoming releases or add in further products that are not yet listed here.

• Support for Global DLSS Overrides and NVIDIA Smooth Motion support for GeForce RTX 40 Series GPUs

• Cyberpunk 2077: Crash when using Photo Mode to take a screenshot with path tracing enabled [5076545]
• Marvel Rivals: Negative performance impact when using 580.88 driver [5444816]
• Forza Motorsport: Game crashes if using Smooth Motion while bringing up NVIDIA App overlay statistics [5412757]
• Gray Zone Warfare: Game stability issues [5371781]
• ARK: Survival Ascended: Game stability issues [5441616]

• Potential memory leak when using NVENC hardware encoding [5442678]
• Power cycling monitor can result in monitor flickering when NVIDIA App is installed [5434811]
• NVIDIA App game filter issues after driver update [5429651]

Changelog

Features

• 37b219b: feat: Add i18n Ukrainian (#1307) (@dima101097)

Others

• e8c9005: add note (@seriousm4x)
• 8b8cc96: update deps (@seriousm4x)

Go dependencies

• 9e387b9: go-dep: bump github.com/pocketbase/pocketbase in /backend (@dependabot[bot])
• f5af123: go-dep: bump golang.org/x/sys from 0.34.0 to 0.35.0 in /backend (@dependabot[bot])

Npm dependencies

• cb6e7d3: npm-dep: bump @eslint/compat from 1.3.1 to 1.3.2 in /frontend (@dependabot[bot])
• 9bd073c: npm-dep: bump @eslint/js from 9.32.0 to 9.33.0 in /frontend (@dependabot[bot])
• 4404019: npm-dep: bump @sveltejs/adapter-static from 3.0.8 to 3.0.9 in /frontend (@dependabot[bot])
• aa1e8a0: npm-dep: bump @sveltejs/kit from 2.27.0 to 2.27.1 in /frontend (@dependabot[bot])
• c3299ba: npm-dep: bump @sveltejs/kit from 2.27.1 to 2.27.3 in /frontend (@dependabot[bot])
• 28561b6: npm-dep: bump @sveltejs/kit from 2.27.3 to 2.28.0 in /frontend (@dependabot[bot])
• 97b1447: npm-dep: bump @sveltejs/kit from 2.28.0 to 2.29.1 in /frontend (@dependabot[bot])
• b4f33ea: npm-dep: bump @sveltejs/kit from 2.29.1 to 2.30.1 in /frontend (@dependabot[bot])
• 0c5d14d: npm-dep: bump @sveltejs/kit from 2.30.1 to 2.31.1 in /frontend (@dependabot[bot])
• 6d39733: npm-dep: bump @sveltejs/kit from 2.31.1 to 2.33.0 in /frontend (@dependabot[bot])
• ac1dbb6: npm-dep: bump @tailwindcss/postcss from 4.1.11 to 4.1.12 in /frontend (@dependabot[bot])
• 570d35d: npm-dep: bump eslint from 9.32.0 to 9.33.0 in /frontend (@dependabot[bot])
• 14ccf20: npm-dep: bump svelte from 5.37.3 to 5.38.0 in /frontend (@dependabot[bot])
• 0ea7815: npm-dep: bump svelte from 5.38.0 to 5.38.1 in /frontend (@dependabot[bot])
• 313a2df: npm-dep: bump svelte from 5.38.1 to 5.38.2 in /frontend (@dependabot[bot])
• e471023: npm-dep: bump tailwindcss from 4.1.11 to 4.1.12 in /frontend (@dependabot[bot])
• 0a48aaa: npm-dep: bump typescript-eslint from 8.38.0 to 8.39.0 in /frontend (@dependabot[bot])
• a5bddd1: npm-dep: bump typescript-eslint from 8.39.0 to 8.39.1 in /frontend (@dependabot[bot])
• 83fb7d3: npm-dep: bump typescript-eslint from 8.39.1 to 8.40.0 in /frontend (@dependabot[bot])

Github Actions

• 6628048: gh-action: bump actions/checkout from 4 to 5 (@dependabot[bot])

• Reverted "house" roof decorations near CT spawn.
• Restored the ability to wallbang the plywood in "cave".
• Various changes to the daytime soundscape.
• Fixed items getting stuck behind the rubble pile on T side of B.
• Player clipping adjustments.

• Player clipping adjustments.

• More Ancient and Shoots source content is now available for community map makers in maps/editor/zoo/ancient_zoo.vmap.

• Fixed knife slashes applying a 'dry' attack decal on wet surfaces.
• Fixed a case where clients would mispredict shots if the attack button was held across round respawn.
• Fixed a case where the viewmodel would stick to the camera when cl_lock_camera was set.
• Fixed a case where fullscreen windowed mode wasn't offering resolutions with extreme aspect ratios.
• Fixed a case where fullscreen windowed mode wasn't actually stretching to fill the screen.
• Fixed a case where relative mouse motion was incorrect on Linux.
• Various stability improvements.

• View downloads
• View release notes

• View downloads
• View release notes

• Milestone

A few highlights ✨:

• Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After
• Add sort by category title, or by feed title
• Add search operator c: for categories like c:23,34 or !c:45,56
• Custom feed favicons
• Several security improvements, such as:
  • Implement reauthentication (sudo mode)
  • Add Content-Security-Policy: frame-ancestors
  • Ensure CSP everywhere
  • Fix access rights when creating a new user
• Several bug fixes, such as:
  • Fix redirections when scraping from HTML
  • Fix feed redirection when coming from WebSub
  • Fix support for XML feeds with HTML entities, or encoded in UTF-16LE
• Docker alternative image updated to Alpine 3.22 with PHP 8.4 (PHP 8.4 for default Debian image coming soon)
• Start supporting PHP 8.5+
• And much more…

This release has been made by @Alkarex, @Inverle, @the7thNightmare and newcomers @Deioces120, @Fraetor, @Tarow, @dotsam, @hilariousperson, @pR0Ps, @triatic, @tryallthethings

Full changelog:

• Features
  • Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After #7760
  • Add sort by category title, or by feed title #7702
  • Add search operator c: for categories like c:23,34 or !c:45,56 #7696
  • Custom feed favicons #7646, #7704, #7717,
    #7792
  • Rework fetch favicons for fewer HTTP requests #7767
  • Add more unicity criteria based on title and/or content #7789
  • Automatically restore user configuration from backup #7682
  • API add support for states in s parameter of streamId #7695
  • Improve sharing via Print #7728
  • Redirect to the login page from bookmarklet instead of 403 #7782
  • Clean local cache more often, when refreshing feeds #7827
• Security
  • Implement reauthentication (sudo mode) #7753
  • Add Content-Security-Policy: frame-ancestors #7677
  • Ensure CSP everywhere #7810
  • Show warning when unsafe CSP policy is in use #7804
  • Fix access rights when creating a new user #7783
  • Improve security of form for user details #7771, #7786
  • Disallow setting non-existent theme #7722
  • Regenerate cookie ID after logging out #7762
  • Require current password when setting new password #7763
  • Add missing access checks for feed-related actions #7768
  • Strip more unsafe attributes such as referrerpolicy, ping #7770
  • Remove unneeded execution permissions #7802
• Bug fixing
  • Fix redirections when scraping from HTML #7654, #7741
  • Fix multiple authentication HTTP headers #7703
  • Fix HTML queries with a single feed #7730
  • WebSub: only perform a redirection when coming from WebSub #7738
  • Include enclosures in entries’ hash #7719
    • Negative side-effect: users of the option to automatically mark updated articles as unread will once have some articles with enclosures re-appear as unread
  • Fix cancellation of slider exit UI #7705
  • Honor disable update on update page #7733
  • Fix no registration limit setting #7751
  • Fix XML encoding of sharing functions #7822
• SimplePie
  • Fix propagation of HTTP error codes #7670
  • Fix support for XML feeds with HTML entities #7689, simplepie#915
  • Fix feeds encoded in UTF-16LE #7691, simplepie#916
  • Various upstream contributions simplepie#917, simplepie#924,
    simplepie#926, simplepie#932, simplepie#933
  • Sync upstream #7706, FreshRSS/simplepie#45, #7775,
    FreshRSS/simplepie#50, #7824, #7825,
  • Fix regex Backtrack limit was exhausted in clean_hash() #7813, FreshRSS/simplepie#48
• Deployment
  • Docker default image (Debian 12 Bookworm) updated to PHP 8.2.29 #7805
  • Docker alternative image updated to Alpine 3.22 with PHP 8.4.11 and Apache 2.4.65 #7740, #7740,
    #7803
  • Start supporting PHP 8.5+ #7787, #7826
    • Docker Alpine dev image :newest updated to PHP 8.5-alpha and Apache 2.4.65 #7773
  • Docker: interpolate FRESHRSS_INSTALL and FRESHRSS_USER variables #7725
  • Docker: Reduce how much data needs to be chown/chmod’ed on container startup #7793
  • Test for database PDO typing support during install (relevant for MySQL / MariaDB with obsolete driver) #7651
• Extensions
  • Add API endpoint for extensions #7576
  • Expose the reading modes for extensions #7668, #7688
  • New extension hook before_login_btn #7761
• UI
  • Improve mark as read request showing popup due to onbeforeunload #7554
  • Fix lazy-loading for <video poster="..."> and <image> #7636
  • Avoid styling <code> inside of <pre> #7797
  • Improve confirmation logic with data-auto-leave-validation #7785
  • Update chart.js to 4.5.0 #7752, #7816
  • Various UI and style improvements: #7616, #7811
• I18n
  • Show translation status in README #7715
  • Improve Indonesian #7654, #7721
  • Improve Persian #7795
• Misc.
  • Improve PHP code #7642, #7665, #7761,
    #7781, #7794
  • Update dev dependencies #7708, #7709, #7710,
    #7711, #7776, #7777

1. Fix an issue (introduced in v1.1.06) that Ventoy ISO partition cannot be mounted after boot linux distro.

SHA-256

4ffabce468b03d6357ce5f4594e209714d1509d065da102938096dad6654c36e  ventoy-1.1.07-linux.tar.gz
737c681af3549ebfb2234abe8dc4a2968a7b29548105b619b04cf9302b897557  ventoy-1.1.07-livecd.iso
3e7a8db199c7e791e341e6d388d078bfc6b7a77c6f10282edf9c7b82f84f3ad4  ventoy-1.1.07-windows.zip

1. Support TrueNAS Scale (Linux) distro. (#3069 #3137)
2. Update xfs to latest. (#3284)
3. Fix the boot issue for Parted Magic. (#3304)
4. Fix Libreelec 12.2.0 fails to boot. (#3323)
5. Fix the order issue in TreeView mode. (#3218)
6. Fix the issue that cannot boot Tails 6.13+ (#3171)

Wana boot and install OS through network (PXE)? Welcome to my new project iVentoy.

About iVentoy https://www.iventoy.com
iVentoy is an enhanced version of the PXE server.
Extremely easy to use
Many advanced features
x86 Legacy BIOS, IA32 UEFI, x86_64 UEFI and ARM64 UEFI mode supported
110+ common types of OS supported (Windows/WinPE/Linux/VMware)
......

SHA-256

6176cc1ea7c8b822f5ee11fa5c3c71331aa194c72167a35196d8f1380b2feb17  ventoy-1.1.06-linux.tar.gz
681f8ac9fecdfafeeedce8f55b8758c22a93f76be0284c01a78689ae9f60527f  ventoy-1.1.06-livecd.iso
ce192b6c3bb144f3f5e850b1df3e90457503badcc959581eaa46be9fcc9fa8e6  ventoy-1.1.06-windows.zip

this release is a hotfix for #624; v1.19.2 broke volumes defined in config files

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

ℹ️ this upgrade is a one-way ticket

• your up2k database (.hist/up2k.db), used by the e2d filesystem indexing feature, will be upgraded to a new format which older copyparty versions cannot read. A backup of each database will be created automatically, named up2k.db.bak.SOMETHING.v5. If you need to downgrade to a previous version: Shutdown copyparty, delete these files: up2k.db up2k.db-shm up2k.db-wal and then copy up2k.db.bak.*.v5 to up2k.db

🧪 new features

• new translations:
  • #551 Swedish (thx @Bevinsky!) d676a86
  • #551 Korean (thx @nyqui!) 4e878d2
• #581 new theme: phi95 (thx @varphi-online!) d8662ae
• #567 .raw image thumbnails (thx @ar-nelson!) 0177a9b
  • available in docker-images iv and dj
• #561 epub thumbnails (thx @Scotsguy!) 9435e6b
• #252 music thumbnails use embdded coverart if available 98d117b
  • thumbnails folder .hist/th must be deleted to take effect
• #530 show username of uploaders in file listings; requires a (admin) permission 4df033e
• #604 a new group @acct which automatically contains all known usernames 68907ea
• controlpanel has a dedicated "logout all sessions" button, similar to the logout-link in the browser f4a3fba
• #397 accounts can be restricted to certian IPs 62e072a
• #504 automatic login through tailscale auth a4649d1
• #533 sticky qr-code with --qr-pin 1 1ebe06f
• #572 button to abort copy/move 715d374
• #618 "download selected files" didn't work on firefox 52 (winxp) dcc6b1b
• max number of cookies to allow can be configured 6303eff
  • good if you have too many selfhosted services on one domain (but will beware of the spec-mandataed max length of the cookie field!)

🩹 bugfixes

• fix xvol/xdev edgecases:
  • #603 rootless vfs 554cc2f
  • false-positive with overlapping volumes d9046f7
• #573 ftp: attempting an upload into read-only folder no longer kills the connection 3aa8b7a
• #306 adjust navpane for --rp-loc (location-based proxying)
• #556 more sensible config expansion order f4727f8
  • #624 ...which broke things bf1fdca
• the video player now stays fullscreen between videos 782e2f1
• heif thumbnailing with libvips

🔧 other changes

• #253 build nix-packages from source (thx @toast003, @chinponya!) 187cae2
• #616 logfiles will have a plaintext severity column if --no-ansi d4cf42e
• #598 separate option --ac-convt for audio transcoding timeout d562305
• #596 users with a blank password gets a strong random-generated one 7f44875
• copyparty.exe: upgrade to python 3.13.7

⚠️ not the latest version!

v1.19.3

v1.19.2

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• new translations:
  • #486 French (thx @Tr3yWay996, @Packingdustry, @Alee14, @jakubiakfr, @Equinoxs!) e9ddfcc 7aa2148 b87f8f1
  • #463 Polish (thx @pufereq and @daimond113!) 392a4db
  • #537 Nynorsk (thx @chinatsu!) 3931bc2
• #549 custom mdns domain 3c78c6a

🩹 bugfixes

• #539 FTP glitches when running on windows 8ba9887
• #555 global-config didn't load through PRTY_CONFIG (thx @icxes!) 074e106
• macos: could take a while to establish webdav connection from finder a01870b
• ux:
  • dropdown colors 347cf6a
  • case-sensitivity in filters e5e8229
  • iOS being too enthusiastic about using saved passwords 03acd65

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #511 login with username and password (not just password) can now optionally be enabled with --usernames 346515c
  • if you have enabled password hashing (ah-alg: argon2 or similar) then you will need to hash your passwords again after enabling usernames, hashing them as username:password:
• #468 add Greek translation (thx @chamdim!) 50f4618 392abd0
• #471 add Czech translation (thx @kubakubakuba!) c955658
• #515 support systemd socket acivation (thx @mati1210!) 9b9d2a9
• #523 add QR-code to the connectpage bcc3b15
• #513 optional EOL-conversion for texteditor 8b31ed8
• controlpanel refresh-button now toggles automatic refresh 7ae84de

🩹 bugfixes

• fix stuck uploads when the up2k database (e2d) is not enabled 4a04356
  • if more than 60'000 files were uploaded and there were several dupes of some files, they could get stuck and never upload
  • upload performance is improved remarkably by enabling e2d so such huge uploads non-e2d had not been tested in a long time
• #467 #470 fix ui-crash when exporting links of all uploaded files to clipboard (thx @geekalaa!) 0df1901
• #487 fix ui-crash when the location url-part is // 0f55a1a
• fix viewing .MD files (8a0746c)

🔧 other changes

• when a reverse-proxy is detected, force explicit configuration of --rproxy to obtain correct client IP 3f8cb7e
  • a bit inconvenient, but helps prevent potentially-dangerous misconfiguration
  • the necessary configuration changes are explained in the serverlog (you can't miss it)
  • thanks to @person4268 for pointing out that there was room for improvements!
• failed login attempts now only log a sha512 hash of the provided password
  • to see login-attempts with incorrect passwords as plaintext like before, log-badpwd: 1
• #502 add systemd user services and templated services (thx @icxes!) 34d98e9
• #475 improve helptext for multivalue global-options c2ac57a
• #475 add chungus.conf, massive extensive nonsensical demo config b664ebb
• try to detect proxies with incorrect caching behavior 9e980bb
• recent-uploads now support ie9 a57f7cc
• languages and themes are now dropdowns a9ee4f2
• copyparty.exe: upgrade python to 3.13.6 a98360f
• introduce copyparty-en.py, english-only edition of copyparty-sfx.py to save space 33497e6

🗿 known issues

• the copyparty.pyz in this release is english-only, and does not include the translations -- they got lost in transit while adjusting the buildscripts to make copyparty-en.py

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

recent important news

• v1.18.9 (2025-08-01) (PREVIOUS RELEASE) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #426 add Dutch translation (thx @DeStilleGast!) 3798e19
• #458 add Italian translation (thx @AOTREVAI!) a38e6e6
• #456 transcode to flac/wav (thx @missaustraliana!) b469db3 b2d48c6 0d09fb6
• #439 config-file can be provided through PRTY_CONFIG (thx @icxes!) 971360e
• #459 videos can become folder thumbnails 16bbcce
• add --idp-cookie, session-tickets for IdP auth (performance boost) f9502c3
  • useful when the IdP-server becomes a bottleneck

🩹 bugfixes

• #412 fix PUT-uploads into volumes with nosub volflag 47fa4a9
• #435 ignore spurious exceptions from browser extensions 39e5582
• #449 IPv6 QR-Code didn't include port 66a5bf3
• #295 do not force d2d in blank vfs (introduced in v1.18.3) 848315c

🔧 other changes

• #440 improved finnish translation (thx @icxes!) a68d5b0
• point to the -nc option in the "at max connections" warning 153d240
• the play-button now indicates "play-as-audio" for video-files 40d56bb
• docs:
  • #411 improve password-hashing instructions (thx @chinponya!) c69c7c8
  • #429 improve --cert helptext (thx @kzshantonu!) 7e3825f
  • #413 copyparty is Wii Internet Channel compatible! (thx @techflashYT!) 50f1629
  • #461 how to use groups without IdP e85a710
  • mention that WebDAV and OpenGraph are incompatible by default (and how to fix that) 0bc1b8f
  • #345 short explanation about the sfx in quickstart ae5eefc
• #398 pypi-package now has extra-group all 6eaf8af

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes a Denial-of-Service vuln

CVE-2025-54796: an unauthenticated user could make the server grind to a halt by accessing a particular URL

recent important news

• v1.18.9 (2025-08-01) fixed CVE-2025-54796 (Denial-of-Service)
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #310 translated to Spanish (thx @herruzo99!) a1dfd0b
• #350 translated to Ukrainian (thx @MrMebelMan!) fea45e4
• #321 translated to Russian (thx @A1Asriel!) 0b05c72
• #381 translated to Finnish (thx @icxes and @Permik!) 7ecedb2
  • haha it says surf
• #312 add option to use localtime in the UI ad23b25
• #386 initial packaging for debian (thx @Beethoven-n!) 3c6f0b1

🩹 bugfixes

• CVE-2025-54796 / GHSA-5662-2rj7-f2v6 09910ba
• #347 fix upload-abort when uploading to a share 6d6d79f
• fix xiu backlog dropping on restart 3222ba3
• #375 fix crash on really old versions of python2.7 (thx @bb!) b69d590
• #388 another python2.7 fix: improve unicode support in u2c (thx @KevinXuxuxu!) 9c19753
• log creator of new/blank markdown docs d0d2f20
• #400 config didn't support indenting with tabs c160428

🔧 other changes

• ack was changed to continue 4fa7be2

🌠 fun facts

• the translations have made the sfx size balloon from 766 to 845 KiB in under a week... nice! keep em coming 🎉

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

• v1.18.7 (2025-07-30) (PREVIOUS RELEASE) fixed XSS in the recent-uploads page
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🩹 bugfixes

• #354 fix copyparty-sfx.py failing to start on certain versions of python c17ce48

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-8mx2-rjh8-q3jq, could let an attacker execute arbitrary JS by tricking you into clicking a malicious URL

Soon there won't be many of these left, surely. Huge thanks to @Ju0x for finding and reporting this.

recent important news

• v1.18.7 (2025-07-30) fixed XSS in the recent-uploads page
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #265 uid/gid for new files can be configured per-volume f195998
  • has preconditions; see readme
• #212 add German translation (thx @rGunti, @Scotsguy, @chocolateimage) 9d32564

🩹 bugfixes

• GHSA-8mx2-rjh8-q3jq a8705e6
• #276 windows: fix segfault (thx @kernel1994 for debugging!) a9d07c6
• #272 webdav: send disk-size and disk-free to clients 4988a55
• #285 use disk-free sans root-reserve on linux (thx @Arklaum!) c3cc2dd
• cors-check was funky on IPv6 e9684d4
• #325 upgrade sharex example for newer versions 6016ec9
• #300 restore support for old versions of python 2.7 b7ca6f4

🔧 other changes

• shares: the config POST-target is now always the webroot (for ease of IdP configuration) fb7cbc4
• unlist: now applies to the navpane too fbf17be
• windows: show disk-usage as well, not just disk-free 5c6341e
• #228 nix-pkg improvements (thx @dtomvan!) 4915b14
• docker-compose: ensure logs appear in realtime 3cde1f3
• mention that IdP-volumes and users can now be persisted 6069bc9
• #316 explain a scary-looking thing in the code 053de61

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

recent important news

• v1.18.5 (2025-07-28) (PREVIOUS RELEASE) fixed XSS in display of media tags
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #201 add support for reflink-based dedup on cow filesystems df9feab
  • combine --dedup with --reflink to enable, or volflags with same name
  • a better and safer alternative to the other dedup approaches (symlink/hardlink), but only possible to use in some cases:
    • needs linux 5.3 or newer, python 3.14 or newer, btrfs/xfs/zfs
    • not available in the docker images yet; needs a new version of python, so maybe next alpine release (november/december 2025)
• ratelimit password changes to impede bruteforcing a2601fd
  • limit is set by --ban-pwc (default is 5 changes in 60min)

🩹 bugfixes

• #240 nixos: fix unixgroups issue (thx @chinponya!) 7c9c962
• #246 cbz: use correct page for thumbnail (thx @Scotsguy!) 542a1de

🔧 other changes

• volflag nosub now also prevents mkdir 0f2c623
• improve documentation:
  • #229 use the same example UDS path everywhere cb019af
  • example nginx config had misleading cloudflare comment (thx @jmi2k!) 674fc1f
  • more readable --help-chmod 03d23da
  • #244 fix typo in --help 4f013f6
• #242 hide "use real pw" on connectpage if no accounts (thx @toast003!) 025942a
• #211 docker: remove deprecated attribute (thx @ptweezy!) 5b98e10
• #190 add the feature-showcase video to the readme (thx @RustoMCSpit!) 43e6da3

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-28)

⚠️ ATTN: this release fixes an XSS vulnerability

GHSA-9q4r-x2hj-jmvr, exploitable in two different ways, could let an attacker execute arbitrary javascript on other users:

• either: tricking someone into clicking a malicious URL to load and execute javascript
• or: uploading a malicious audio file to the server, affecting any successive visitors

so, with new and curious eyes on the project, we are starting off with a bang. Huge thanks to @altperfect for finding and reporting this earlier today.

recent important news

• v1.18.5 (2025-07-28) fixed XSS in display of media tags
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #214 option to stop playback after one song, and/or at end of folder 6bb27e6

🩹 bugfixes

• GHSA-9q4r-x2hj-jmvr 895880a
• block external m3u files 2228f81
• #202 the connect-page could show IP-address when it should have used hostnames/domains b0dec83
• scrolling locked after tailing a file and closing it creatively d197e75

🔧 other changes

• #189 the SameSite cookie parameter now defaults to Strict, increasing CSRF protection ca6d0b8
  • new option --cookie-lax reverts to previous value Lax
• docker: add FTPS support b419984

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-02-25)

recent important news

• v1.16.15 (2025-02-25) fixed low-severity xss when uploading maliciously-named files
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #182 Landmarks edba7ff
  • detects that a storage backend is glitching out and disengage the up2k-database as a precaution
• #183 quickdelete 21a96bc
  • new togglebutton qdel in the UI which reduces the number of deletion confirmations by one
  • global-option --qdel=0 which can bring it all the way to zero (good luck)

🩹 bugfixes

• fix unpost in recently created shares 2d322dd
• fix filekeys on windows df6d4df

⚠️ not the latest version!

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-02-25)

recent important news

• v1.16.15 (2025-02-25) fixed low-severity xss when uploading maliciously-named files
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #181 the default chmod (unix-permissions) of new files and folders can now be changed 9921c43
  • --chmod-d or volflag chmod_d sets directory permissions; default is 755
  • --chmod-f or volflag chmod_f sets file permissions; default is usually 644 (OS-defined)
  • see --help-chmod which explains the numbers

🩹 bugfixes

• #179 couldn't combine --shr (shares) and --xvol (symlink-guard) 0f0f8d9
• #180 gallery buttons could still be clicked when faded-out 8c32b0e
• rss-feeds were slightly busted when combined with rp-loc (location-based proxying) 56d3bcf
• music-playback within search-results no longer jumps into the next folder at end-of-list 9bc4c5d
• video-playback on iOS now behaves like on all other platforms 78605d9
  • (it would force-switch into fullscreen because that's their default)

⚠️ not the latest version!

Below are development builds for testing purposes.

Latest development build: 2.5.2.37 (September 15th 2025)

This version has new options to customize the toolbar buttons.
If you want to create your own toolbar design read this.

Latest stable release build: 2.5.2.0
https://github.com/clsid2/mpc-hc/releases/tag/2.5.2

• Added nighttime versions.
• Refreshed all ancient materials to use latest CS2 shaders.
• Added new blending options for ancient materials including wetness and moss.
• Added "ancient_zoo.vmap" with all assets and blending examples for mapmakers.

• Deluge Music Kit Box is now available for purchase in standard and StatTrak versions.
• New Limited Time Item, the M4A1-S | Solitude, is now available in The Armory.

• Sawed-off shotgun deploy modified and fixed shell penetration on reload.
• Improved deploy +quick inspect animations for all knives.
• Improved deploy +quick inspect animations for the AK, Galil, AUG, PP-Bizon.
• Improved deploy animations for the AWP, M4A4, M4A1-S.
• Improved animations for legacy SSG08 models.
• Removed the deploy inspect delay for most weapons.
• Fixed XM1014 blocking crosshair during reload.

• Rendering performance improvements across most maps.
• Rendering resolution and aspect ratio can now be changed in fullscreen windowed mode.
• fps_max can no longer be changed while connected to a server.
• Fixed a case where certain weapons could be fired sooner after a re-deploy.

New features:

• Support a "write only" mode for the mount points.
• Added the --version option to the server.
• FTP: Added support for wildcard patterns (`*` and `?`) in LIST, NLST, MLSD, and STAT commands, with matching semantics identical to those used on Windows. This feature is available on all platforms and is disabled by default. It can be enabled per session using `OPTS filezilla.wildcards=1`; support is advertised via the FEAT command. For reference on matching behavior, see: https://learn.microsoft.com/en-us/archive/blogs/jeremykuhne/wildcards-in-windows
• MSW: Added support for specifying credentials for UNC paths in the mount list. Credentials can be configured via the Administration Interface under Rights Management -> Windows Share Credentials.

Bugfixes and minor changes:

• Fixed edge case in paths normalization