Release v2.7.3 - 2026-05-25
CloudFlare-ImgBed v2.7.3 🥳
Add Features:
- Added an upload trend line chart to the system status page, showing uploads from the last 7 days by default
- Upload trends can be grouped by channel type or channel name, with a total uploads line
- Upload trends support date range filtering with a single-month calendar dialog; click twice to select start/end dates or manually enter the date range
- Dashboard file rename dialog now supports confirming with Enter
Optimization:
- Enhanced the
indexinfoAPI with upload trend statistics, using linear aggregation into date buckets and capped point/series counts to avoid high CPU usage on the status page - Optimized data loading on the admin user management page: the user list API now aggregates IP summaries in a single pass and returns summary rows only, while per-user file records are lazy-loaded on row expansion to reduce Worker CPU usage and response payload size
Security:
- WebDAV internal calls now use a dedicated API Token instead of admin password Basic Auth, eliminating the risk of password hash leakage
- Admin file previews no longer trust
from=adminor same-origin Referer, and now require a verified admin session before allowing admin previews - Manage APIs now get a default non-cacheable response header to prevent browser or CDN caching from causing stale state after GET-style management operations
- Reduced mutation response payloads for manage APIs to avoid returning unnecessary metadata or sensitive data from blocklist, tag, and API Token update endpoints
Fix Bugs:
- Fixed off-by-one error in Docker deployment
[[path]].jscatch-all route matching, causing/dav/and/file/root paths to return 404 - Fixed WebDAV PROPFIND always reporting file size as 0 (was reading non-existent
File-Sizefield, changed toFileSizeBytes) - Fixed WebDAV PROPFIND file href missing
/davprefix, preventing clients from downloading files - Fixed WebDAV PROPFIND missing
getcontenttypeproperty, preventing Alist and other clients from identifying file types and showing previews - Fixed duplicate
Content-Lengthresponse headers from the Docker native Node server when accessing/randomthrough a reverse proxy, which could cause Nginx / Cloudflare to return 502 - Fixed blocklist/whitelist toggles in the admin panel potentially returning cached old responses, which could show success without updating the actual state
Add Features:
- 系统状态页新增上传趋势折线图,默认展示最近 7 天上传数量
- 上传趋势支持按渠道类型或渠道名称分组绘制,并提供上传总数曲线
- 上传趋势支持日期范围筛选,新增单月日历弹窗,可点击两次选择起止日期,也可手动输入起止日期
- Dashboard 文件重命名弹窗支持按回车确认
Optimization:
indexinfo接口补充上传趋势统计数据,按日期桶线性聚合并限制最大点数与序列数,避免状态页趋势计算造成过高 CPU 开销- 优化管理端用户管理页面的数据加载方式:用户列表接口改为单次遍历聚合并仅返回 IP 摘要,展开用户时再懒加载对应文件列表,降低 Worker CPU 与响应体开销
Security:
- WebDAV 内部调用改用专用 API Token 认证,不再使用管理员密码构造 Basic Auth,消除密码哈希泄露风险
- 管理端文件预览不再信任
from=admin或同源 Referer,改为校验真实管理员会话后才放行后台预览 - 管理端 API 默认补充不可缓存响应头,避免 GET 型管理操作被浏览器或 CDN 缓存导致状态不同步
- 精简管理端变更接口响应内容,避免黑白名单、标签和 API Token 更新接口返回不必要的元数据或敏感信息
Fix Bugs:
- 修复 Docker 部署模式下
[[path]].js通配符路由匹配的 off-by-one 错误,导致/dav/和/file/根路径返回 404 - 修复 WebDAV PROPFIND 返回的文件大小始终为 0 的问题(读取了不存在的
File-Size字段,改为FileSizeBytes) - 修复 WebDAV PROPFIND 返回的文件 href 缺少
/dav前缀,导致客户端无法下载文件 - 修复 WebDAV PROPFIND 缺少
getcontenttype属性,导致 Alist 等客户端无法识别文件类型和显示预览图 - 修复 Docker 原生 Node 服务在反向代理访问
/random时可能返回重复Content-Length响应头,导致 Nginx / Cloudflare 返回 502 的问题 - 修复管理面板黑名单/白名单切换接口可能因缓存返回旧响应,导致提示成功但状态未实际更新的问题