Skip to content

prometheable
Compare
Choose a tag to compare
@9001 9001 released this 20 Aug 23:59
· 461 commits to hovudstraum since this release
v1.9.1
4444f0f

recent security / vulnerability fixes

  • there is a discord server with an @everyone in case of future important updates
  • v1.8.7 (2023-07-23) - CVE-2023-38501 - reflected XSS
  • v1.8.2 (2023-07-14) - CVE-2023-37474 - path traversal (first CVE)
    • all serverlogs reviewed so far (5 public servers) showed no signs of exploitation

new features

  • #49 prometheus / grafana / openmetrics integration (see readme)
  • download a folder with all music transcoded to opus by adding ?tar=opus or ?zip&opus to the URL
    • can also be used to download thumbnails instead of full images; ?tar=w for webp, ?tar=j for jpg
      • so i guess the long-time requested feature of pre-generating thumbnails kind of happened after all, if you schedule a curl http://127.0.0.1:3923/?tar=w >/dev/null after server startup
  • u2c (commandline uploader): argument -x to exclude files by regex (compares absolute filesystem paths)
  • --zm-spam 30 can be used to improve zeroconf / mDNS reliability on crazy networks
    • only necessary if there are clients with multiple IPs and some of the IPs are outside the subnets that copyparty are in -- not spec-compliant, not really recommended, but shouldn't cause any issues either
    • and --mc-hop wasn't actually implemented until now
  • dragging an image from another browser window onto the upload button is now possible
    • only works on chrome, and only on windows or linux (not macos)
  • server hostname is prefixed in all window titles
    • can be adjusted with --bname (the file explorer) and --doctitle (all other documents)
    • can be disabled with --nth (just window title) or --nih (title + header)

bugfixes

  • docker: the autogenerated seeds for filekeys and account passwords now get persisted to the config volume (thx noktuas)
  • uploading files with fancy filenames could fail if the copyparty server is running on android
  • improve workarounds for some apple/iphone/ios jank (thx noktuas and spiky)
    • some ui elements had their font-size selected by fair dice roll
    • the volume control does nothing because apple disabled it, so add a warning
    • the image gallery cannot be fullscreened as apple intended so add a warning

other changes

  • file table columns are now limited to browser window width
  • readme: mention that nginx-QUIC is currently very slow (thx noktuas)
  • #50 add a safeguard to the wget plugin in case wget at some point adds support for file:// or similar
  • show a suggestion on startup to enable the database

⚠️ not the latest version!

Assets 8