v1.9.0

2025-08-17 09:02:15 -06:00 · 2023-08-20 22:02:40 +00:00 · 2023-08-20 22:02:40 +00:00 · cafe53c055
parent 7673beef72
commit cafe53c055
7 changed files with 36 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -1244,18 +1244,18 @@ example webserver configs:

 ## prometheus

-metrics/stats can be enabled  at `/.cpr/s/metrics` for grafana / prometheus / etc.
+metrics/stats can be enabled  at URL `/.cpr/metrics` for grafana / prometheus / etc (openmetrics 1.0.0)

-must be enabled with `--stats` since it reduces startup time a tiny bit
+must be enabled with `--stats` since it reduces startup time a tiny bit, and you probably want `-e2dsa` too

-the endpoint is only accessible by `admin` accounts, meaning the `a` in `rwmda` of the following example commandline: `python3 -m copyparty -a ed:wark -v /mnt/nas::rwmda,ed`
+the endpoint is only accessible by `admin` accounts, meaning the `a` in `rwmda` in the following example commandline: `python3 -m copyparty -a ed:wark -v /mnt/nas::rwmda,ed --stats -e2dsa`

 follow a guide for setting up `node_exporter` except have it read from copyparty instead; example `/etc/prometheus/prometheus.yml` below

 ```yaml
 scrape_configs:
  - job_name: copyparty
-    metrics_path: /.cpr/s/metrics
+    metrics_path: /.cpr/metrics
    basic_auth:
      password: wark
    static_configs:
--- a/copyparty/main.py
+++ b/copyparty/main.py
@ -964,7 +964,7 @@ def add_hooks(ap):

 def add_stats(ap):
    ap2 = ap.add_argument_group('grafana/prometheus metrics endpoint')
-    ap2.add_argument("--stats", action="store_true", help="enable stats at /.cpr/s/metrics for admin accounts")
+    ap2.add_argument("--stats", action="store_true", help="enable openmetrics at /.cpr/metrics for admin accounts")
    ap2.add_argument("--nos-hdd", action="store_true", help="disable disk-space metrics (used/free space)")
    ap2.add_argument("--nos-vol", action="store_true", help="disable volume size metrics (num files, total bytes, vmaxb/vmaxn)")
    ap2.add_argument("--nos-dup", action="store_true", help="disable dupe-files metrics (good idea; very slow)")
--- a/copyparty/version.py
+++ b/copyparty/version.py
@ -1,8 +1,8 @@
 # coding: utf-8

-VERSION = (1, 8, 8)
-CODENAME = "argon"
-BUILD_DT = (2023, 7, 25)
+VERSION = (1, 9, 0)
+CODENAME = "prometheable"
+BUILD_DT = (2023, 8, 20)

 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@ -822,7 +822,7 @@ class HttpCli(object):
                self.reply(b"", 301, headers=h)
                return True

-            if self.vpath == ".cpr/s/metrics":
+            if self.vpath == ".cpr/metrics":
                return self.conn.hsrv.metrics.tx(self)

            path_base = os.path.join(self.E.mod, "web")
--- a/copyparty/multicast.py
+++ b/copyparty/multicast.py
@ -346,6 +346,8 @@ class MCast(object):

            # linux does leaves/joins twice with 0.2~1.05s spacing
            time.sleep(1.2)
+            if not self.running:
+                return

            for srv in self.srv.values():
                self.hop(srv, True)
--- a/copyparty/up2k.py
+++ b/copyparty/up2k.py
@ -2413,6 +2413,8 @@ class Up2k(object):
                    except:
                        # missing; restart
                        if not self.args.nw and not n4g:
+                            t = "forgetting deleted partial upload at {}"
+                            self.log(t.format(path))
                            del reg[wark]
                        break

--- a/docs/changelog.md
+++ b/docs/changelog.md
@ -1,3 +1,26 @@
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2023-0725-1550  `v1.8.8`  just boring bugfixes
+
+final release until late august unless something bad happens and i end up building this thing on a shinkansen
+
+## recent security / vulnerability fixes
+* there is a [discord server](https://discord.gg/25J8CdTT6G) with an `@everyone` in case of future important updates
+* [v1.8.7](https://github.com/9001/copyparty/releases/tag/v1.8.7) (2023-07-23) - [CVE-2023-38501](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38501) - reflected XSS
+* [v1.8.2](https://github.com/9001/copyparty/releases/tag/v1.8.2) (2023-07-14) - [CVE-2023-37474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37474) - path traversal (first CVE)
+  * all serverlogs reviewed so far (5 public servers) showed no signs of exploitation
+
+## bugfixes
+* range-select with shiftclick:
+  * don't crash when entering another folder and shift-clicking some more
+  * remember selection origin when lazy-loading more stuff into the viewport
+* markdown editor:
+  * fix confusing warnings when the browser cache decides it *really* wants to cache
+  * and when a document starts with a newline
+* remember intended actions such as `?edit` on login prompts
+* Windows: TLS-cert generation (triggered by network changes) could occasionally fail
+
+
+
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
 # 2023-0723-1543  `v1.8.7`  XSS for days