Skip to content

Release 2.16
Compare
Choose a tag to compare
@monkeyiq monkeyiq released this 26 Apr 05:57
· 48 commits to master since this release
master-filesender-2.16
766eecc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release Version 2.16

Release date: 26 April 2020.

Distribution

Source snapshots are attached to this announcement and the git tag master-filesender-2.16 contains the base that these snapshots were created from.

Installation

Documentation is available at http://docs.filesender.org/v2.0/install/

Upgrade Notes

Version 2.x breaks compatibility with version 1.x. We recommend a fresh installation to version 2.x of FileSender.

Major changes since 2.15

Execution of scripts/upgrade/database.php is required. There are changes in the templates directory. Changed templates are admin_users_section.php, download_page.php, statistics_page.php and user_page.php. The database migration script will need to run to create some new columns and a new index.

Many bug fixes, some security related updates, and the new feature that FileSender can no authenticate using a custom SimpleSAMLphp module against users stored in the local filesender database.

A new random roundtriptoken can be created and verified to ensure that the same Web browser is used to create an upload and complete it. #764

Frequent used email addresses are only sent over HTTP POST to avoid the potential for bad interactions with proxies and other potential data leaks. #765

Improved jquery in the transfers table to only show options that are permissible to users #775

Permission checks for transfers are now performed by a central havePermission() method #777

Attempts to modify part of a transfer by guests is now blocked #778

The filesender.py script has improved handing of SSL warnings #774

The password entered on the download page is now hidden by default with an option to reveal it. This is more inline with the upload page functionality and should be more secure in environments where the screen is not absolutely secure from inspection at download time. #772

The transfer::getUsage now performs the size calculation in the database server instead of transfering numbers back to PHP to sum. #776

Frequent email address lookups are now performed case insensitive #770

A new DBObbject::countEstimate() method was added to allow finding the estimated number of tuples in a database table. This should be quicker than select count(*) as it can use the database statistics to give an approximate answer. This is used to display the number of users in the global_statistics section of the statistics page #771

Improved error message when you attempt to download a transfer that is expired or deleted #769

Improvements to how client ip lookup is configured and performed #751 #752

A new SimpleSAMLphp module to allow the user setup and passwords to be handled by FileSender itself. This allows very small scale 1-30 people servers to easily be setup. #761 #763

Web interface for SimpleSAMLphp local filesender authentication mode. #762

lang.js variable replacement has an improved outcome when it encounters a request for variable replacement on null and undefined values #750

On upload page, sending is blocked if the password is too short #755 #756

A new database index was added on AuditLogs.created #749

User language preference is restricted to only when there is an active user #759

IPv6 addresses have ::ffff: removed when displaying IPv4 addresses d479607

A fix for some web environments for the python client download script relating to the generation of filesender.py.ini #746

Cleanup of known installations in documentation #760

Fix for typo in config-templates/apache/filesender.conf #758

Documentation fix for reports_show_ip_addr default value to properly reflect the real default value 1e39ece

Translations from poeditor were imported into github #753 #779

New terms exported to github #768

This relates to and includes the development branch up to and including 865a499

Configuration changes

chunk_upload_roundtriptoken_check_enabled
chunk_upload_roundtriptoken_accept_empty_before
using_local_saml_dbauth

Turning on chunk_upload_roundtriptoken_check_enabled will enable a check that a new
random token is returned with each file chunk that is uploaded for a transfer. That
new token is only returned to a client with a transfer is created. The chunk_upload_roundtriptoken_accept_empty_before can be used to allow transfers that started before the new roundtriptoken was introduced to continue. It allows an admin to set a grace time so that poeple can return, reload and resume an upload even after the roundtriptoken_check_enabled is enabled.

The using_local_saml_dbauth config allows authenticating users using the local filesender database. See the README for details on this feature and how to set it up. https://github.com/filesender/filesender/blob/development/scripts/simplesamlphp/passwordverify/README.md

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists and Feature requests.

Assets 2