Skip to content

v2.7.4

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 27 Jun 17:25
· 135 commits to main since this release
Immutable release. Only release title and notes can be modified.
v2.7.4
5c1286e
This commit was signed with the committer’s verified signature.
drakkan Nicola Murino
GPG key ID: 935D2952DEC4EECF
Verified
Learn about vigilant mode.

New features

  • Symbolic links: the new symlink_mode setting selects, per backend, whether clients holding the create_symlinks permission may create symbolic links on the local filesystem, the SFTP backend, or both. It is disabled by default. Creating a link requires create_symlinks on both the link's directory and the directory it points into, so per-directory permissions are enforced consistently on the path the client requests.
  • OIDC redirect: the WebClient OIDC login now preserves a next redirect target across the IdP round-trip.

Bug fixes

  • httpd: return after a CSRF failure in the web client login. The login POST handler rendered the CSRF error page but did not return, so execution fell through into the post-connect hook and the credential verification pipeline. Added the missing return to match the admin login, password reset, and setup handlers.

Hardening

  • Improve symbolic links handling and add more test cases.
  • httpd: clean and unify the WebClient post-login redirect target validation.
Assets 23
Loading