mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-17 00:52:16 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

v1.18.9

Browse source
This commit is contained in:
ed 2025-08-01 20:56:27 +00:00
parent 09910ba807
commit ca22cd8853
3 changed files with 81 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
copyparty/__version__.py
View file

@ -1,8 +1,8 @@
# coding: utf-8 # coding: utf-8
VERSION = (1, 18, 8) VERSION = (1, 18, 9)
CODENAME = "logtail" CODENAME = "logtail"
BUILD_DT = (2025, 7, 31) BUILD_DT = (2025, 8, 1)
S_VERSION = ".".join(map(str, VERSION)) S_VERSION = ".".join(map(str, VERSION))
S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT) S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

2
copyparty/up2k.py
View file

@ -402,7 +402,7 @@ class Up2k(object):
def get_unfinished_by_user(self, uname, ip) -> dict[str, Any]: def get_unfinished_by_user(self, uname, ip) -> dict[str, Any]:
# returns dict due to ExceptionalQueue # returns dict due to ExceptionalQueue
if PY2 or not self.reg_mutex.acquire(timeout=2): if PY2 or not self.reg_mutex.acquire(timeout=2):
return {"timeout":1} return {"timeout": 1}
ret: list[tuple[int, str, int, int, int]] = [] ret: list[tuple[int, str, int, int, int]] = []
userset = set([(uname or "\n"), "*"]) userset = set([(uname or "\n"), "*"])

78
docs/changelog.md
View file

@ -1,3 +1,81 @@
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
# 2025-0731-0833 `v1.18.8` sfx hotfix
## 🩹 bugfixes
* #354 fix `copyparty-sfx.py` failing to start on certain versions of python c17ce4892ecdb4e11437bc2785d132bd8100eaec
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
# 2025-0730-2131 `v1.18.7` SECURITY: fix another XSS
## ⚠️ ATTN: this release fixes an XSS vulnerability
[GHSA-8mx2-rjh8-q3jq](https://github.com/9001/copyparty/security/advisories/GHSA-8mx2-rjh8-q3jq), could let an attacker execute arbitrary JS by tricking you into clicking a malicious URL
Soon there won't be many of these left, surely. Huge thanks to @Ju0x for finding and reporting this.
## 🧪 new features
* #265 uid/gid for new files can be configured per-volume f1959988
* has preconditions; [see readme](https://github.com/9001/copyparty#chmod-and-chown)
* #212 add German translation (thx @rGunti, @Scotsguy, @chocolateimage) 9d32564c
## 🩹 bugfixes
* GHSA-8mx2-rjh8-q3jq a8705e61
* #276 windows: fix segfault (thx @kernel1994 for debugging!) a9d07c63
* #272 webdav: send disk-size and disk-free to clients 4988a55e
* #285 use disk-free sans root-reserve on linux (thx @Arklaum!) c3cc2dde
* cors-check was funky on IPv6 e9684d40
* #325 upgrade sharex example for newer versions 6016ec93
* #300 restore support for old versions of python 2.7 b7ca6f4a
## 🔧 other changes
* shares: the config POST-target is now always the webroot (for ease of IdP configuration) fb7cbc42
* unlist: now applies to the navpane too fbf17be2
* windows: show disk-usage as well, not just disk-free 5c6341e9
* #228 nix-pkg improvements (thx @dtomvan!) 4915b14b
* docker-compose: ensure logs appear in realtime 3cde1f3b
* mention that IdP-volumes and users [can now be persisted](https://github.com/9001/copyparty/blob/hovudstraum/docs/idp.md#but-you-can-enable-idp-volume-persistence) 6069bc9b
* #316 explain a scary-looking thing in the code 053de619
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
# 2025-0728-2320 `v1.18.6` reflink-dedup
## 🧪 new features
* #201 add support for reflink-based dedup on cow filesystems df9feabc
* combine `--dedup` with `--reflink` to enable, or volflags with same name
* a better and safer alternative to the other dedup approaches (symlink/hardlink), but only possible to use in some cases:
* needs linux 5.3 or newer, python 3.14 or newer, btrfs/xfs/zfs
* not available in the docker images yet; needs a new version of python, so maybe next alpine release (november/december 2025)
* ratelimit password changes to impede bruteforcing a2601fd6
* limit is set by `--ban-pwc` (default is 5 changes in 60min)
## 🩹 bugfixes
* #240 nixos: fix unixgroups issue (thx @chinponya!) 7c9c962b
* #246 cbz: use correct page for thumbnail (thx @Scotsguy!) 542a1de1
## 🔧 other changes
* volflag `nosub` now also prevents mkdir 0f2c6235
* improve documentation:
* #229 use the same example UDS path everywhere cb019afe
* [example nginx config](https://github.com/9001/copyparty/blob/hovudstraum/contrib/nginx/copyparty.conf) had misleading cloudflare comment (thx @jmi2k!) 674fc1fe
* more readable `--help-chmod` 03d23dae
* #244 fix typo in `--help` 4f013f64
* #242 hide "use real pw" on connectpage if no accounts (thx @toast003!) 025942a7
* #211 docker: remove deprecated attribute (thx @ptweezy!) 5b98e104
* #190 add the feature-showcase video to the readme (thx @RustoMCSpit!) 43e6da34
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
# 2025-0727-2305 `v1.18.5` SECURITY: fix XSS in media tags # 2025-0727-2305 `v1.18.5` SECURITY: fix XSS in media tags