Skip to content

Releases: 9001/copyparty

race the beam

20 Apr 22:59
Compare
Choose a tag to compare

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

new features

  • files can be downloaded before the upload has completed ("almost like peer-to-peer")
    • watch the release trailer 👌
    • if the downloader catches up with the upload, the speed is gradually slowed down so it never runs ahead
    • can be disabled with --no-pipe
  • option --no-db-ip disables storing the uploader IP in the database bf58507
  • u2c (cli uploader): option --ow to overwrite existing files on the server 439cb7f

bugfixes

  • when running on windows, using the web-UI to abort an upload could fail 8c552f1
  • rapidly PUT-uploading and then deleting files could crash the file hasher feecb3e

⚠️ not the latest version!

ie11 fix

12 Apr 21:46
Compare
Choose a tag to compare

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

new features

  • new option --bauth-last for when you're hosting other basic-auth services on the same domain 7b94e4e
    • makes it possible to log into copyparty as intended, but it still sees the passwords from the other service until you do
    • alternatively, the other new option --no-bauth entirely disables basic-auth support, but that also kills the android app

bugfixes

  • internet explorer isn't working?! FIX IT!!! 9e5253e
  • audio transcoding was buggy with filekeys enabled b873365
  • on windows, theoretical chance that antivirus could interrupt renaming files, so preemptively guard against that c8e3ed3

other changes


⚠️ not the latest version!

scrolling stuff

10 Apr 00:08
Compare
Choose a tag to compare

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

new features

  • while viewing pictures/videos, the scrollwheel can be used to view the prev/next file 844d16b

bugfixes

  • #81 (scrolling suddenly getting disabled) properly fixed after @icxes found another way to reproduce it (thx) 4f0cad5
  • and fixed at least one javascript glitch introduced in v1.12.0 while adding dirkeys 989cc61
    • directory tree sidebar could fail to render when popping browser history into the lightbox

other changes

  • music preloader is slightly less hyper f89de6b
  • u2c.exe: updated TLS-certs and deps ab18893

⚠️ not the latest version!

locksmith

06 Apr 20:58
Compare
Choose a tag to compare

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

new features

  • #64 dirkeys; option to auto-generate passwords for folders, so you can give someone a link to a specific folder inside a volume without sharing the rest of the volume 10bc2d9 32c912b ef52e2c 0ae1286
    • enabled by volflag dk (exact folder only) and/or volflag dks (also subfolders); see readme
  • audio transcoding to mp3 if browser doesn't support opus a080759
    • recursively transcode and download a folder using ?tar&mp3
    • accidentally adds support for playing just about any audio format in ie11
  • audio equalizer also applies to videos 7744226

bugfixes

  • #81 scrolling could break after viewing an image in the lightbox 9c42cbe
  • on phones, audio playback could stop if network is slow/unreliable 59f815f b88cc7b 59a53ba

other changes

  • updated dompurify to 3.0.11
  • copyparty.exe: updated to python 3.11.9
  • support for building with pyoxidizer was removed 5ab5476

⚠️ not the latest version!

public idp volumes

23 Mar 18:00
Compare
Choose a tag to compare

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

new features

  • global-option --iobuf to set a custom I/O buffersize 2b24c50

    • changes the default buffersize to 256 KiB everywhere (was a mix of 64 and 512)
    • may improve performance of networked volumes (s3 etc.) if increased
    • on gbit networks: download-as-tar is now up to 20% faster
    • slightly faster FTP and TFTP too
  • global-option --s-rd-sz to set a custom read-size for sockets c6acd3a

    • changes the default from 32 to 256 KiB
    • may improve performance of networked volumes (s3 etc.) if increased
    • on 10gbit networks: uploading large files is now up to 17% faster
  • add url parameter ?replace to overwrite any existing files with a multipart-post c6acd3a

bugfixes

  • #79 idp volumes (introduced in v1.11.0) would only accept permissions for the user that owned the volume; was impossible to grant read/write-access to other users d30ae84

other changes


⚠️ not the latest version!

dont ban the pipes

18 Mar 17:45
Compare
Choose a tag to compare

the previous release had all the fun new features... this one's just bugfixes

no vulnerabilities since 2023-07-23

bugfixes

  • less aggressive rejection of requests from banned IPs 51d3158
    • clients would get kicked before the header was parsed (which contains the xff header), meaning the server could become inaccessible to everyone if the reverse-proxy itself were to "somehow" get banned
      • ...which can happen if a server behind cloudflare also accepts non-cloudflare connections, meaning the client IP would not be resolved, and it'll ban the LAN IP instead heh
        • that part still happens, but now it won't affect legit clients through the intended route
    • the old behavior can be restored with --early-ban to save some cycles, and/or avoid slowloris somewhat
  • the unpost feature could appear to be disabled on servers where no volume was mapped to / 0287c7b
  • python 3.12 support for compiling the dependencies necessary to detect bpm/key in audio files 32553e4

other changes


⚠️ not the latest version!

You Can (Not) Proceed

15 Mar 21:43
Compare
Choose a tag to compare

this release was made possible by stoltzekleiven, kvikklunsj, and tako

no vulnerabilities since 2023-07-23

new features

  • #62 support for identity providers and automatically creating volumes for each user/group ("home folders")
    • login with passkeys / fido2 / webauthn / yubikey / ldap / active directory / oauth / many other single-sign-on contraptions
    • documentation and examples could still use some help (I did my best)
  • #77 UI to cancel unfinished uploads (available in the 🧯 unpost tab) 3f05b66
    • the user's IP and username must match the upload by default; can be changed with global-option / volflag u2abort
  • new volflag sparse to pretend sparse files are supported even if the filesystem doesn't 8785d2f
    • gives drastically better performance when writing to s3 buckets through juicefs/geesefs
    • only for when you know the filesystem can deal with it (so juicefs/geesefs is OK, but definitely not fat32)
  • --xff-src and --ipa now support CIDR notation (but the old syntax still works) b377791
  • ux:
    • #74 option to use custom fonts 263adec 6cc7101 8016e67
    • option to disable autoplay when page url contains a song hash 8413ed6
      • good if you're using copyparty to listen to music at the office and the office policy is to have the webbrowser automatically restart to install updates, meaning your coworkers are suddenly and involuntarily enjoying some loud af jcore while you're asleep at home

bugfixes

  • don't panic if cloudflare (or another reverse-proxy) decides to hijack json responses and replace them with html 7741870
  • #73 the fancy markdown editor was incompatible with caddy (a reverse-proxy) ac96fd9
  • media player could get confused if neighboring folders had songs with the same filenames 206af8f
  • benign race condition in the config reloader (could only be triggered by admins and/or SIGUSR1) 096de50
  • running tftp with optimizations enabled would cause issues for --ipa b377791
  • cosmetic tftp bugs 115020b
  • ux:
    • up2k rendering glitch if the last couple uploads were dupes 547a486
    • up2k rendering glitch when switching between readonly/writeonly folders 51a83b0
    • markdown editor preview was glitchy on tiny screens e558260

other changes

  • add a sharex v12.1 config example 2527e90
  • make it easier to discover/diagnose issues with docker and/or reverse-proxy config d744f3f
  • stop recommending the use of --xff-src=any in the log messages 7f08f10
  • ux:
    • remove the k304 togglebutton in the controlpanel by default 1c011ff
    • mention that a full restart is required for [global] config changes to take effect 0c03921
  • docs e78af02
  • copyparty.exe: updated pyinstaller to 6.5.0 bdbcbbb

⚠️ not the latest version!

tall thumbs

21 Feb 21:59
Compare
Choose a tag to compare

no vulnerabilities since 2023-07-23

new features

  • thumbnails can be way taller when centercrop is disabled in the browser UI 5026b21
    • good for folders with lots of portrait pics (no more letterboxing)
  • more thumbnail stuff:
    • zoom levels are twice as granular 5026b21
    • write-only folders get an "upload-only" icon 89c6c2e
    • inaccessible files/folders get a 403/404 icon 8a38101

bugfixes

  • tftp fixes d07859e
    • server could crash if a nic disappeared / got restarted mid-transfer
    • tiny resource leak if dualstack causes ipv4 bind to fail
  • thumbnails:
    • when behind a caching proxy (cloudflare), icons in folders would be a random mix of png and svg 43ee6b9
    • produce valid folder icons when thumbnails are disabled 14af136
  • trailing newline in html responses d39a99c

other changes

  • webdeps: update dompurify 13e7777
  • copyparty.exe: update jinja2, markupsafe, pyinstaller, upx 13e7777

⚠️ not the latest version!

big thumbs

18 Feb 16:27
Compare
Choose a tag to compare

no vulnerabilities since 2023-07-23

new features

  • button to enable hi-res thumbnails 33f41f3 58ae38c
    • enable with the 3x button in the gridview
    • can be force-enabled/disabled serverside with --th-x3 or volflag th3x
  • tftp: IPv6 support and UTF-8 filenames + optimizations 0504b01
  • ux:
    • when closing the image viewer, scroll to the last viewed pic bbc3799
    • respect prefers-reduced-motion some more places fbfdd83

bugfixes

  • #72 impossible to delete recently uploaded zerobyte files if database was disabled 6bd087d
  • tftp now works in copyparty.exe, copyparty32.exe, copyparty-winpe64.exe
  • the sharex config example was still using cookie-auth 8ff7094
  • ux:
    • prevent scrolling while a pic is open 7f1c992
    • fix gridview in older firefox versions 7f1c992

other changes

  • thumbnail center-cropping can be force-enabled/disabled serverside with --th-crop or volflag crop
    • replaces --th-no-crop which is now deprecated (but will continue to work)

this release contains a build of copyparty-winpe64.exe which is almost entirely useless, except for in extremely specific scenarios, namely the kind where a TFTP server could also be useful -- the previous build was from version 1.8.7 (2023-07-23)


⚠️ not the latest version!

tftp

15 Feb 00:41
Compare
Choose a tag to compare

no vulnerabilities since 2023-07-23

new features

  • TFTP server d636316 8796c09 acbb826 0287971
    • based on partftpy, has most essential features EXCEPT for rfc7440 so WAN will be slow
    • is already doing real work out in the wild! see the fantastic quote in the readme
  • detect some (un)common configuration mistakes
    • buggy reverse-proxy which strips away all URL parameters 136c0fd
      • could cause the browser to get stuck in a refresh-loop
    • a volume on an sqlite-incompatible filesystem (a remote cifs server or such) and an up2k volume inside d4da386
      • sqlite could deadlock or randomly throw exceptions; serverlog will now explain how to fix it
  • ie11: file selection with shift-up/down 64ad585

bugfixes

  • prevent music playback from stopping at the end of a folder f262aee
    • preloader will now proactively hunt for the next file to play as the last song is ending
  • in very specific scenarios, clients could be told their upload had finished processing a tiny bit too early, while the HDD was still busy taking in the last couple bytes 6f8a588
    • so if you expected to find the complete file on the server HDD immediately as the final chunk got confirmed, that was not necessarily the case if your server HDD was severely overloaded to the point where closing a file takes half a minute
      • huge thx to friend with said overloaded server for finding all the crazy edge cases
  • ignore harmless javascript errors from easymde 879e83e

other changes

  • the "copy currently playing song info to clipboard" button now excludes the uploader IP ed524d8
  • mention that enabling -j0 can improve HDD load during uploads 5d92f4d
  • mention a debian-specific docker bug which prevents starting most containers (not just copyparty) 4e797a7

⚠️ not the latest version!