v1.2.0

What's new

Batch upload

• POST /uploads/batch-register — register up to 100 files in a single round-trip; returns TUS upload IDs for immediate PATCH sequencing
• Per-account pacing soft-lock: a second batch cannot be registered until the first reaches 50% completion, preventing runaway queuing
• GET /uploads/batch/{id} — poll batch progress (total, complete, failed counts)
• DELETE /uploads/batch/{id} — cancel a pending batch and release the lock early
• POST /files/batch-manifest — fetch chunk manifests for up to 100 files in one call; used by the download path to prefetch decryption metadata

Name validation

• Folder and team names now accept [], {}, #, @, +, and other characters that are valid on all major operating systems. Previously a narrow whitelist blocked these. The validator now uses the same blacklist approach as filenames (< > : " / \ | ? * and control characters only).
• ZIP download paths run through _sanitizeZipComponent() to strip any embedded path separators from file/folder names before archive construction.

Supply-chain hardening (v1.1.x)

• Frontend script tags carry SRI hashes (integrity= + crossorigin=anonymous); integrity manifest (manifest.json) verified at container start
• Python wheels pinned with SHA-256 hashes in requirements-hashed.txt; Docker build installs from hashes, not bare version pins
• OPAQUE server ID derived from a stable secret rather than regenerated on each restart, preventing session invalidation across container restarts

Dependency updates

• pydantic-settings 2.14.1 to 2.14.2 (GHSA-4xgf-cpjx-pc3j: symlink traversal in NestedSecretsSettingsSource; not used in this project but cleared as a precaution)
• python-multipart to 0.0.31 (quadratic querystring DoS, Content-Disposition smuggling, Negative Content-Length)
• cryptography to 48.0.1 (patched OpenSSL bundled in Alpine wheels)

v1.1.2

Bug fixes & improvements

Upload

• Fixed a spurious 401 error toast when resuming a large upload after session expiry — the resume HEAD request now retries with a refreshed token (same behavior as PATCH chunks)
• Fixed bulk upload file count tracking: progress counter now correctly accounts for files that fail early (encryption key mismatch) and for the normal completion path
• Partial uploads are now automatically resumed when the same file is re-dropped onto the upload area, rather than starting a duplicate upload

Account Activity

• Login events (OPAQUE, LDAP, OIDC) now display as "Logged in" / "Login failed" instead of raw event type strings
• Browser/user-agent is now shown in the event detail modal, making it easier to spot logins from unfamiliar devices

Dependencies & security

• Upgraded PyO3 0.24 → 0.29.0 (resolves Dependabot high and medium severity alerts)

v1.1.1

What's new in v1.1.1

New features

• Client-side metadata encryption — file and folder names are now encrypted client-side before upload; the server never sees plaintext names
• Folder-key sharing model — O(folder) share creation: one encrypted folder key covers all files in a folder, eliminating per-file key wrapping overhead
• Role-based folder grants and hierarchical permission tree UI — fine-grained per-folder role assignments with a visual tree that mirrors the team management interface; ceiling enforcement prevents escalation beyond parent grants
• Encrypted audit log — sensitive audit events are stored encrypted at rest using a per-instance audit key; tables are RANGE-partitioned for efficient time-range queries
• restrict_permissions ACL guards — delete, move, rename, and share operations now respect folder-level restriction flags; a compound rename+restrict bypass was also closed
• Open registration flow — admins can enable public self-registration; a first_run_completed bypass was also closed
• Custom Event Integrations panel — unified section in admin settings for managing notification channels; shared IP allowlist gate
• Notification channel severity filter — per-channel minimum severity checkbox grid with a filter_min_severity column; startup migration handles existing rows
• Operation result detail pages — batch operations (upload, move, etc.) now link to a per-operation detail view; includes build-ID stale-cache detection to prompt reload when the server has been updated
• Client-side manifest search — file search now runs entirely in the browser against the local manifest, replacing a round-trip server query

Bug fixes

• Fix team member visibility, activity feed, and key-rotation UX when a member's account has been deleted
• Fix [object Object] in error toasts from _handle403 and un-normalised FastAPI detail fields
• Fix database garbage cleanup gaps; blob deletion is now durable (survives restarts mid-cleanup)
• Fix folder role grants: custom roles, Api.del calls, and NULL ip_address constraint
• Fix team management: member roles display, add/remove role endpoints, badge timing, and recent-activity feed
• Fix admin settings display and profile avatar selector
• Fix NULL ip_address in security_events rows generated during audit-key operations
• Fix integration modal tabs (CSS class mismatch) and modal theming
• Fix duplicate _mkField declaration in admin.js
• Fix has_org_access check; add folder-creator static row to the By User permission tab
• Fix startup crash when partition-default creation races on first boot
• Fix circular import in audit_key.py
• Fix 4 failing E2E tests related to folder-key and trash-default handling

Infrastructure

• Simplified release workflow: workflow_dispatch-triggered CI builds the Docker image and uploads assets to the draft; the operator publishes manually from the GitHub UI
• Lint cleanup: Ruff import ordering, unused imports, dead code, ESLint no-unused-vars / prefer-const
• Update GitHub Actions to Node.js 24-compatible versions (checkout v6, docker/* v4/v6/v7, attest-build-provenance v4)

v1.0.0

Quick start

1. Download and extract the deployment bundle (.tar.gz or .zip) below
2. Run python generate-env.py and enter your domain when prompted
3. docker compose up -d

The image is also available directly:

docker pull ghcr.io/monickerd/tusshare:1.0.0

See the README for full setup and configuration docs.

Full Changelog: https://github.com/monickerd/tusShare/commits/v1.0.0