Skip to content

Releases: filesender/filesender

Release 3.0.rc2

01 Jul 07:40
c35b301
Compare
Choose a tag to compare
Release 3.0.rc2 Pre-release
Pre-release

Release date: 1 July 2024.

Installation

Documentation is available at https://docs.filesender.org/filesender/v3.0/install/

Major changes for the start of the 3.x series

A security issue was discovered in FileSender 3.x where anyone able to access your FileSender install may be able to download files not intended for them. This vulnerability was introduced in FileSender 3 at november 2nd 2023, all versions since that date are vulnerable to this attack. This has been addressed in this release.

Please note that there are some known issues as shown on github some of which are considered blocking. As such the release is for internal consideration rather than deployment. I encourage administrators to investigate the new UI and provide feedback on existing issues and/or lodge new issues.

Changes since Beta 7 / rc1.

The templates directory HAS changed.
The database update script DOES need to be run since the last 3.x beta release.

A security issue was discovered in FileSender 3.x where anyone able to access your FileSender install may be able to download files not intended for them. This vulnerability was introduced in FileSender 3 at november 2nd 2023, all versions since that date are vulnerable to this attack. This has been addressed in this release.

Note that this is the same as rc1 but has binary file diffs applied between master3 and development3. I have kept the release notes fairly much the same as rc1 as this is the same but with these binary images diffed in the bounce patch.

Performance improvements:

help sort by downloads by better recording the count #1891

option to precache values for upload graph #1892

Details:

ui: option to warn user if session has expired #1905

v3: don't make send a tick, generate_password to a button #1877

d3: Ensure that auditlog_lifetime is long enough to avoid strange surprises #1879

v3 statistics icon #1880

aggregate stats: set div to 1 by default #1883

d3ui3 make the auditlog button work for files again #1885

fix ip when $ip[0] doesn't exist #1886

getClientIP() tweaks #1893

Fix mime types #1896

d3ui3: bring back date picker for file upload as option #1897

d3ui3: scroll upload page to top as you progress #1898

d3ui3: fix regression. hide this part of the page until it is needed #1901

I think the SQ may have only been for a limited amount of time #1902 #1903

UI3: download template cleanup #1904

improve argument checking for filesender.py #1906

update for verp #1907

ui3d3: theme the bootbox dialogs with round corners #1908

ui3d3: bootbox button colours match theme #1909

d3ui3: option to allow new invitation expire time to be set by date picker #1910

SimpleSAMLphp2xSupport #1911

Update known-installs.md #1912

Only run CI on non-forked repositories #1914

db: add index on TranslatableEmails.token #1918

Bring back configurable site_logo from v2 #1919

Limit CI runs on development branches as well #1921

ui3: make expire action icons match #1926

ui3: allow direct actions for recipients on the transfer details page #1927

ui3: bring back quick actions for transfer list #1928

ui3: make the transfers table icons css match others #1929

ui3 info icon in transfer list to hint at clickable #1930

ui3 make recips in a column #1931

ui3: hide quota from profile page if the system is not using one #1932

ui3: fix guests icons #1933

Add missing package php-intl to docs #1934

Fix undef HTTP_ACCEPT_LANGUAGE warning #1935

Create v3 documentation #1937
update docs to include information about 3.x #1941

Ui3 service aup update #1942

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists and Feature requests.

Release 3.0.rc1

01 Jul 07:09
ea911d0
Compare
Choose a tag to compare
Release 3.0.rc1 Pre-release
Pre-release

Release date: 1 July 2024.

Installation

Documentation is available at https://docs.filesender.org/filesender/v3.0/install/

Major changes for the start of the 3.x series

A security issue was discovered in FileSender 3.x where anyone able to access your FileSender install may be able to download files not intended for them. This vulnerability was introduced in FileSender 3 at november 2nd 2023, all versions since that date are vulnerable to this attack. This has been addressed in this release.

Please note that there are some known issues as shown on github some of which are considered blocking. As such the release is for internal consideration rather than deployment. I encourage administrators to investigate the new UI and provide feedback on existing issues and/or lodge new issues.

Changes since Beta 7:

The templates directory HAS changed.
The database update script DOES need to be run since the last 3.x beta release.

A security issue was discovered in FileSender 3.x where anyone able to access your FileSender install may be able to download files not intended for them. This vulnerability was introduced in FileSender 3 at november 2nd 2023, all versions since that date are vulnerable to this attack. This has been addressed in this release.

Performance improvements:

help sort by downloads by better recording the count #1891

option to precache values for upload graph #1892

Details:

ui: option to warn user if session has expired #1905

v3: don't make send a tick, generate_password to a button #1877

d3: Ensure that auditlog_lifetime is long enough to avoid strange surprises #1879

v3 statistics icon #1880

aggregate stats: set div to 1 by default #1883

d3ui3 make the auditlog button work for files again #1885

fix ip when $ip[0] doesn't exist #1886

getClientIP() tweaks #1893

Fix mime types #1896

d3ui3: bring back date picker for file upload as option #1897

d3ui3: scroll upload page to top as you progress #1898

d3ui3: fix regression. hide this part of the page until it is needed #1901

I think the SQ may have only been for a limited amount of time #1902 #1903

UI3: download template cleanup #1904

improve argument checking for filesender.py #1906

update for verp #1907

ui3d3: theme the bootbox dialogs with round corners #1908

ui3d3: bootbox button colours match theme #1909

d3ui3: option to allow new invitation expire time to be set by date picker #1910

SimpleSAMLphp2xSupport #1911

Update known-installs.md #1912

Only run CI on non-forked repositories #1914

db: add index on TranslatableEmails.token #1918

Bring back configurable site_logo from v2 #1919

Limit CI runs on development branches as well #1921

ui3: make expire action icons match #1926

ui3: allow direct actions for recipients on the transfer details page #1927

ui3: bring back quick actions for transfer list #1928

ui3: make the transfers table icons css match others #1929

ui3 info icon in transfer list to hint at clickable #1930

ui3 make recips in a column #1931

ui3: hide quota from profile page if the system is not using one #1932

ui3: fix guests icons #1933

Add missing package php-intl to docs #1934

Fix undef HTTP_ACCEPT_LANGUAGE warning #1935

Create v3 documentation #1937
update docs to include information about 3.x #1941

Ui3 service aup update #1942

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists and Feature requests.

Release 2.48

25 Apr 23:37
ae68688
Compare
Choose a tag to compare

Release Version 2.48

Release date: 26 April 2024.

Distribution

Source snapshots are attached to this announcement and the git tag filesender-2.48 contains the base that these snapshots were created from.

Installation

Documentation is available at https://docs.filesender.org/filesender/v2.0/install/

Major changes since 2.47

The database update script DOES NOT need to be run.
The templates directory HAS changed.

Short summary:

A new nodejs rest client with encryption support. Many included dependencies have had their versions updated.

Details:

rest: new nodejs rest client with encryption support #1815

read only mode to allow for major migrations #1823

i18n: if a translation is not found log the error and try to continue #1819

adding that new term to poeditor #1824

i18n: add email hint into the tr system #1825

adding another new term to poeditor #1826

deps: update chartjs and web-streams-polyfill #1827

deps: update web-streams-polyfill to 4.x #1828

deps: update dompdf #1829

Update known-installs.md #1830

Update known-installs.md #1831

deps: update docs gemfile #1834

deps update for ci #1835

fix for some deprecations in modern php #1839

Allow a specific array of exceptions to not be logged. #1843

auth: do not throw here if not authenticated #1848

handle deleting a file in a collection #1862

Update known-installs.md #1863

Update known-installs.md #1864

Structural Pattern Matching only came in python 3.10+ most python3 on… #1865

bump in build version number #1870

i18n: auto import from poedtor on 2024-04-26-1714085117 #1871

Configuration changes

New configuration directive read_only_mode to help allow migration of FileSender from 2.x installations to 3.x installations.

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists or create a Feature requests using Github issues.

Release 3.0.beta7

26 Apr 00:01
551f299
Compare
Choose a tag to compare
Release 3.0.beta7 Pre-release
Pre-release

Release Version 3.0.beta7

Release date: 26 April 2024.

Installation

Documentation is available at https://docs.filesender.org/filesender/v2.0/install/

Major changes for the start of the 3.x series

Please note that there are some known issues as shown on github some of which are considered blocking. As such the release is for internal consideration rather than deployment. I encourage administrators to investigate the new UI and provide feedback on existing issues and/or lodge new issues.

This should be functionally similar to release 2.48. Though the 3.0 beta 7 will have the updated UI.

See the release notes for release 2.48, release 2.47, release 2.46 for details of the functional updates.

Changes since Beta 6:

The templates directory HAS changed.
The database update script DOES need to be run since the last 3.x beta release.

The following are updates made to the UI and this series in addition to the 2.x updates

In short:

A new theme and selector were added. Some defaults have been updated to more modern settings. Time presentation can now respect the time zone the user has in their browser.

Details:

Feature/theme improvements #1833

SAML: update default id attibute to the more modern pairwise-id for ui3 #1836

ui3: update crypto to version 3 (GCM+PBKDF2) by default #1837

feat: user theme selector; theme improvements; #1841

d3: move away from deprecated strftime #1842

d3: foramt dates with locale and a config as to how long the admin wishes these to be #1844

2024/march/d3 more deprecation updates #1846

d3ui3: allow download links to be clicked if this advanced feature is enabled #1847

d3ui3: respect make_download_links_clickable if enabled #1849

remove redundant dashes as the UX puts the text in its own bubble #1850

option to send timezone from the client to the server for date handling #1852

V3 theme block config #1853

backout setting the timezone cookie here for now #1854

share timezone from filesender.js if the feature is enabled #1855

Make CLI client config default_transfer_days_valid dynamic (again) #1857

dev3 update link to cconfig file #1858

Configuration changes

See release 2.48, release 2.47, release 2.46 for new and changed items.

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists and Feature requests.

Release 2.47

09 Mar 23:34
4db5746
Compare
Choose a tag to compare

Release Version 2.47

Release date: 10 March 2024.

Distribution

Source snapshots are attached to this announcement and the git tag filesender-2.47 contains the base that these snapshots were created from.

Installation

Documentation is available at https://docs.filesender.org/filesender/v2.0/install/

Major changes since 2.46

The database update script DOES NOT need to be run.
The templates directory HAS NOT changed.

Short summary:
All UUID generation has moved from version 7 back to using v4 UUIDs. The cron job will now delete empty directories from older transfers when daily buckets are in use.

Details:

Use uuidv7 for storage and uuidv4 for key-based identification #1810
use uuidv4 for all uuids again for now. update to filesystem daily buckets to work with uuidv4 #1812
daily buckets: cron job to delete old empty directories #1809

Configuration changes

New configuration directives which will mostly not have to change from their internal preset values. These are storage_filesystem_per_day_max_age_to_create_directory, storage_filesystem_per_day_min_days_to_clean_empty_directories, and storage_filesystem_per_day_max_days_to_clean_empty_directories

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists or create a Feature requests using Github issues.

Release 2.46

03 Mar 22:50
d711a61
Compare
Choose a tag to compare

Release Version 2.46

Release date: 4 March 2024.

Distribution

Source snapshots are attached to this announcement and the git tag filesender-2.46 contains the base that these snapshots were created from.

Installation

Documentation is available at https://docs.filesender.org/filesender/v2.0/install/

Major changes since 2.45

The database update script DOES need to be run.
The templates directory HAS changed.

Short summary:

UUID generation moved to using version 7 which places the time as a common prefix for the identifier. Files can now be stored in optional daily and then optional hourly subdirectories in the files storage location to avoid having very large directories. A bug with add_me_to_recipients and guests has been fixed. PHP8 is now required.

Details:

uuidv7 use and per day and hour buckets for filesystem storage #1789

guests: update to get the auth attribute from the document #1803

i18n: update new terms #1799

sec: security vs xsrf tokens, respect that they are slightly different #1798

docs: update for guest creation (POST /guest) #1797

Configuration changes

New configuration directives transfers_table_show_admin_full_path_to_each_file, storage_filesystem_per_day_buckets, and storage_filesystem_per_hour_buckets

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists or create a Feature requests using Github issues.

Release 3.0.beta6

24 Feb 01:33
7b1f762
Compare
Choose a tag to compare
Release 3.0.beta6 Pre-release
Pre-release

Release Version 3.0.beta6

Release date: 24 February 2024.

Installation

Documentation is available at https://docs.filesender.org/filesender/v2.0/install/

Major changes for the start of the 3.x series

Please note that there are some known issues as shown on github some of which are considered blocking. As such the release is for internal consideration rather than deployment. I encourage administrators to investigate the new UI and provide feedback on existing issues and/or lodge new issues.

This should be functionally similar to release 2.45. Though the 3.0 beta 6 will have the updated UI.

See the release notes for release 2.45, release 2.44, release 2.43 for details of the functional updates.

Changes since Beta 5:

The templates directory HAS changed.
The database update script DOES need to be run since the last 3.x beta release.

This release contains many updates to issues found by the SonarQube code scanner in beta 5.

Update for 100 file limitation in directories dropped in Chrome #1716

use the same bucket names for guests #1719

Found during cron investigation. More robust. #1722

cron: handle already deleted files a little better #1723

Handle report_event_transfer_decrypt_failed translation #1724

ui3: SAML if relogin is needed return to details page correctly #1726

d3ui3 go back to default max_transfer_days_valid and respecting it #1727

add SonarQube CI #1728

another nothing change for CI #1730

add SonarQube-CI against development3 #1731

build(deps): bump aws/aws-sdk-php from 3.277.0 to 3.288.1 in /optional-dependencies/s3 #1732

php 8.x move get_class() to get_class($this) in member functions. #1734

seems this should be REQUEST not a GET #1735

Make sure that the page is allowed early on rather than after access is attempted #1736

most of the time this is what is meant by the getGET method #1737

more code cleanup #1738

although this has to match a regex check it with hsc too #1739

verify host by default. If an insure mode is desired it should be made explicit in a subsequent PR. #1740

see if this passes code scan #1741

try to stop esc key without using window.addEventListener #1742

try to stop esc key without using window.addEventListener #1743

tighten up what we log #1744

Refresh the version of some of the dependencies #1745

Add at least one assertion to this test case. #1749

avoid empty test case #1750

sq: return something in these admin only performance test functions #1751

sq: we dont even use that variable so dont declare it; #1752

dev3: remove asmcrypto fallback for non Chromuim Edge #1753

dev3sq: add var to these declarations #1754

d3sq: more explicit var use #1755

d3sq: more explicit var use #1756

d3sq: more explicit var use #1757

d3sq: more explicit var use #1758

d3sq: cleanup scss #1759

d3sq code smell single return for function #1760

d3sq: Remove or correct this useless self-assignment #1761

d3sq: Review the data-flow - use of uninitialized value. #1762

d3sq: Review the data-flow - use of uninitialized value. #1763

d3sq: Delete this unreachable code or refactor the code to make it reachable #1764

d3sq: Review the data-flow - use of uninitialized value. #1765

d3sq: declare these as this.var #1767

d3sq: this is an attempt at Add "" headers to this "

" #1768

feat: new partners footer image #1769

S3: Add bulk delete option #1775

Fix french typo #1779

Encryption support in python client #1780

Support for newer 2.1 versions of SimpleSAMLphp #1783

Remove logoff buttton agian as was the original 3.0 design #1784

rest: guests with no transfer options should have at least one default #1786

option for more info when delete fails #1787

update some of the vendor deps to more modern ones #1788

uuidv7 use and per day and hour buckets for filesystem storage #1789

guests: Warn the user if they do not provide an email address #1790

these are also on poeditor now #1791

build(deps-dev): bump nokogiri from 1.14.3 to 1.16.2 in /docs #1792

Fix download recipient for only-send-to-me guests #1793

i18n: auto import from poedtor on 2024-02-12-1707698035 #1794

docs: saml attributes #1795

docs: update for guest creation (POST /guest) #1797

sec: security vs xsrf tokens, respect that they are slightly different #1798

i18n: update new terms #1799

Configuration changes

See release 2.45, release 2.44, release 2.43 for new and changed items. There are also some configuration keys that are known to be ineffective such as how long expire times can be set for transfers.

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists and Feature requests.

Release 2.45

16 Feb 03:15
6181dbc
Compare
Choose a tag to compare

Release Version 2.45

Release date: 16 February 2024.

Distribution

Source snapshots are attached to this announcement and the git tag filesender-2.45 contains the base that these snapshots were created from.

Installation

Documentation is available at https://docs.filesender.org/filesender/v2.0/install/

Major changes since 2.44

The database update script DOES NOT need to be run.
The templates directory HAS changed.

Short summary:

The python client now supports encryption allowing upload and download of encrypted files from the command line. Newer versions of SimpleSAMLphp are now supported.

Details:

Encryption support in python client #1780
This currently has specific cryptography settings requirements (such as $config['encryption_key_version_new_files'] = 3).

S3: Add bulk delete option #1775

Support for newer 2.1 versions of SimpleSAMLphp #1783

rest: guests with no transfer options should have at least one default #1786

guests: Warn the user if they do not provide an email address #1790

Fix download recipient for only-send-to-me guests #1793

update some of the vendor deps to more modern ones #1788

Fix french typo #1779
Some new terms are also on poeditor now #1791
i18n: auto import from poedtor on 2024-02-12-1707698035 #1794

option for more info when delete fails #1787

docs: saml attributes #1795

Configuration changes

New S3 configuration directives cloud_s3_bulk_delete and cloud_s3_bulk_size.

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists or create a Feature requests using Github issues.

Release 2.44

28 Dec 20:00
d1f062e
Compare
Choose a tag to compare

Release Version 2.44

Release date: 29 December 2023.

Distribution

Source snapshots are attached to this announcement and the git tag filesender-2.44 contains the base that these snapshots were created from.

Installation

Documentation is available at https://docs.filesender.org/filesender/v2.0/install/

Major changes since 2.43

The database update script DOES need to be run.
The templates directory HAS NOT changed.

Short summary:

This release includes an update to the code that allows multiple files to be downloaded from unencrypted transfers that may have prevented such archives being made for some people. Dropping more than 100 files into Chrome is now supported.

Details:

Update for 100 file limitation in directories dropped in Chrome #1716

seems this should be REQUEST not a GET #1735

use the same bucket names for guests #1719

cron: handle already deleted files a little better #1723

Remove unused files_actions_div_extra_class #1691

avprograms wrap that in a try/catch to avoid file not found terminal #1693

Download flow consolidation for v2.x #1699

php 8.x move get_class() to get_class($this) in member functions. #1734

add SonarQube CI #1728

Configuration changes

N/A

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists or create a Feature requests using Github issues.

Release 3.0.beta5

17 Nov 21:30
ab245b7
Compare
Choose a tag to compare
Release 3.0.beta5 Pre-release
Pre-release

Release Version 3.0.beta5

Release date: 18 November 2023.

Installation

Documentation is available at https://docs.filesender.org/filesender/v2.0/install/

Major changes for the start of the 3.x series

This is the third release with the refreshed UI . Please note that there are some known issues as shown on github some of which are considered blocking. As such the release is for internal consideration rather than deployment. I encourage administrators to investigate the new UI and provide feedback on existing issues and/or lodge new issues.

This should be functionally similar to release 2.42. Though the 3.0 beta 5 will have the updated UI.

See the release notes for release 2.42 for details of the functional updates.

Changes since Beta 4:

The database schema has changed.
The database update script DOES need to be run since the last 3.x beta release.

d3ui3 Bring back pause, play, stop on upload as option #1712

d3ui3 Guest table filtering is in database Guest::fromUserAvailable #1711

d3ui3 bring back ability to extend expire time of transfer. #1710

d3ui3 Allow longer expire uploads #1709

Allow options to be put in advanced or not through config.php #1708

d3ui3 move some titles to using the translation strings #1707

d3ui3 remove this option when getting a link #1706

d3uid3 bring back show/hide password option #1705

d3ui3 bring back top menu logoff button #1704

d3ui3 remove the remover #1703

d3ui3 Use saved transfer settings if user wants #1702

d3ui3: Two config options in user settings #1701

d3ui3: Move if the total count and size is shown into the translation layer #1700

d3ui3 Simplify guest lookup by id #1698

Configuration changes

See release 2.42 for new and changed items. There are also some configuration keys that are known to be ineffective such as how long expire times can be set for transfers.

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists and Feature requests.