Releases: manyfold3d/manyfold
v0.70.2
FIxing a couple of bugs in the recent release, mainly around ever-increasing cache folder size (which should now be automatically cleaned up) and some subtle background errors at first startup and library creation.
What's Changed
🐛 Bug Fixes 🐛
- Automatically update workers with new libraries before jobs start by @Floppy in #2341
- Avoid copying and caches when organizing files by @Floppy in #2342
🛠️ Other Improvements 🛠️
Full Changelog: v0.70.1...v0.70.2
Contributors
Assets 2
v0.70.1
Just a quick bugfix to speed up data migration during upgrade to v0.70.0. See release notes for that version for everything else!
What's Changed
🐛 Bug Fixes 🐛
Full Changelog: v0.70.0...v0.70.1
Contributors
Assets 2
v0.70.0
This releases brings BIG changes to the upload process. Firstly, file upload progress is shown as it happens, so you can see what's going on; then, the extraction of zip files happens in the background, so you can carry on using Manyfold while it happens. Models are created straight away, without the need for a full scan, so the "scan after upload" button has gone away. And finally, perhaps our single most popular feature request - you can now upload individual files as new models! So, no need to zip up a single STL any more.
We're certainly going to build on this more, with options like uploading files into an existing model, and renaming models during the upload process, which you can see on the feature roadmap.
We've also made changes to the way the background processing works. Expensive jobs like geometric analysis and file conversion may now take a little longer to work through by default, but they shouldn't saturate the server and stop other things happening in the meantime. You can control the concurrency of the background runners using the new DEFAULT_WORKER_CONCURRENCY and PERFORMANCE_WORKER_CONCURRENCY options, which are set to 4 and 1 by default. If you have lots of CPU and memory on your server, you can bump those up.
The underlying change that's enabled all of this is a big rewrite of the actual file storage engine. You shouldn't notice any difference, although this enables some great stuff in future, like support for cloud storage.
NOTE: it may take a long time to migrate data during the upgrade, depending on the size of your library, perhaps in the region of 10-20 seconds per gigabyte.
If you have any problems, as always, come say hi in our very helpful support chat or file a bug report on GitHub.
What's Changed
✨ New Features ✨
- Upload single 3d or image files as new models by @Floppy in #2323
- Improved uploader using Shrine and Uppy by @Floppy in #2315
- Automatically scan uploaded files, and more efficiently by @Floppy in #2320
- Change default upload size limit to 1GiB by @Floppy in #2319
- Add environment variable for database pool size by @aneurinprice in #2293
🐛 Bug Fixes 🐛
- Use new Rails 7.1 Redis connection pool by @Floppy in #2298
- Fix potential file access error when using read-only container filesystem by @Floppy in #2313
- Renormalize i18n file by @Floppy in #2321
- Fix CSS import for Uppy by @Floppy in #2326
- Fix tag 404 error when deleting models by @Floppy in #2327
🛠️ Other Improvements 🛠️
- Use our own fork of sqlite3_ar_regexp to get Rails 7.1 support by @Floppy in #2294
- Update to Ruby 3.3.1 by @Floppy in #2296
- Update donate link to go to website donate page by @Floppy in #2300
- Create security reporting policy by @Floppy in #2304
- Add Shrine storage engine by @Floppy in #2198
- Set connection pool size for ActiveJob::Status to same as DB by @Floppy in #2310
- Improve behaviour of background workers by @Floppy in #2312
- Move uploading into ModelsController by @Floppy in #2314
- Move archive decompression into a background job by @Floppy in #2322
Full Changelog: v0.69.0...v0.70.0
Contributors
Assets 2
v0.69.0
We had a security audit recently, thanks to NLNet / NGI Zero and Radically Open Security. This release fixes a load of security issues that were found in the audit, many of which fix other bugs at the same time.
The biggest obvious change is that you should now set PUID and PGID environment variables to specify which user and group Manyfold should run as - before, it would run as root because that's what Docker does by default, and that's obviously a security risk. If you don't set those variables, it will continue to run as root, but it will warn you loudly until you change it! Don't forget to make sure that your libraries are writable by the user you choose!
Visit our new Security page for more details on these and other new options to make your instances more secure!
What's Changed
✨ New Features ✨
- Show admins a security alert if container is being run as root by @Floppy in #2252
- Add PUID and PGID env vars to control which user the app runs as by @Floppy in #2253
- Lock accounts temporarily after too many failed login attempts by @Floppy in #2254
- Show free space in upload selector and library details (for admins only) by @Floppy in #2260
- Limit file upload size by @Floppy in #2266
- Add HTTPS_ONLY env option to force secure-only connections by @Floppy in #2275
- Limit size of extracted files on upload by @Floppy in #2281
🐛 Bug Fixes 🐛
- Restrict problem viewing to contributors, not viewers by @Floppy in #2257
- Set secure flags on libarchive extraction to avoid "Zip Slip" exploits by @Floppy in #2258
- Fix upload file filter on Windows machines by @Floppy in #2261
- Fix translation linter error by @Floppy in #2262
- Avoid naming race condition on upload by @Floppy in #2268
- Stop username enumeration through password reset form by @Floppy in #2283
- Check problematic item exists when rendering problem list by @Floppy in #2289
- Allow inline style attributes in Content-Security-Policy by @Floppy in #2290
🛠️ Other Improvements 🛠️
- Check file extension before unzipping uploads by @Floppy in #2267
- Make the "remember me" cookie HTTPS-only if appropriate by @Floppy in #2276
- Completely reset user session on logout by @Floppy in #2279
- Add session timeouts to reduce session fixation/hijacking by @Floppy in #2280
- Mitigate timing attacks on user lookups by @Floppy in #2282
- Change from cocoon to cocooned by @Floppy in #2259
- Remove external jQuery and selectize scripts by @Floppy in #2285
- Reduce javascript payload with tree-shaking by @Floppy in #2286
- Add Content-Security-Policy to increase security by @Floppy in #2287
Full Changelog: v0.68.0...v0.69.0
Contributors
Assets 2
v0.68.0
1db8eee
Floppy
James Smith
A small release this week, while we do some more big changes behind the scenes for a future release. Main thing is an improvement to the automatic grouping of files in models, so that they get arranged in a more sensible way. There's more to improve here, but this should make things a bit more useful!
What's Changed
✨ New Features ✨
🛠️ Other Improvements 🛠️
- Add target="_blank" to footer links by @chryton in #2200
- Adding app version as an attribute by @matthewbadeau in #2194
New Contributors
Full Changelog: v0.67.0...v0.68.0
Contributors
Assets 2
v0.67.0
This release introduces optional, anonymous, as-private-as-possible usage tracking, purely so that we can answer the question "how many people are using Manyfold?". There is a detailed breakdown of exactly what data is collected and how we use it in the admin manual, but in summary, we collect only the application version you're running, and we can't access or save it, other than getting aggregated statistics.
Privacy is super important to us, so we've put a lot of work in to make this as difficult for ourselves as possible! And of course, it's completely optional and off by default, so you can choose whether or not you want to report in.
Having said all that, letting us know is super useful, so if you're comfortable doing so, please please turn on the reporting in settings! ❤️
What's Changed
✨ New Features ✨
🛠️ Other Improvements 🛠️
- Removes account deletion box in single-user mode by @matthewbadeau in #2175
- Adds .well-known URI for password change by @matthewbadeau in #2174
- Don't schedule background usage reporting job if not enabled by @Floppy in #2188
Full Changelog: v0.66.2...v0.67.0
Contributors
Assets 2
v0.66.2
v0.66.1
v0.66.0
On the surface, this release is mostly about more accessibility - keyboard controls for rotating 3d models, correctly-tagged languages, and colour contrast. But in order to do that, behind the scenes the 3d renderer has had a massive rewrite, and I hope you'll find it a lot faster and smoother to use!
What's Changed
✨ New Features ✨
- Enable keyboard control for 3d canvases by @Floppy in #2163
- Improved keyboard controls for 3d views by @Floppy in #2165
🐛 Bug Fixes 🐛
- Remove enforced strict loading in dev by @Floppy in #2159
- Pass worker URL in as an attribute to avoid path problems by @Floppy in #2161
🛠️ Other Improvements 🛠️
- Allow Manyfold to be in a same origin frame by @Floppy in #2153
- Use Logstash JSON output format for production logs by @Floppy in #2154
- Move 3d rendering to a background web worker by @Floppy in #2152
- update xmldom to current version (via 3mf loader package) by @Floppy in #2160
- Set 'lang' attribute on untranslated strings by @Floppy in #2162
- Add health endpoint for uptime monitoring by @matthewbadeau in #2164
- Improve colour contrast for problem list by @Floppy in #2167
New Contributors
- @matthewbadeau made their first contribution in #2164
Full Changelog: v0.65.0...v0.66.0
Contributors
Assets 2
v0.65.0
This release is all about improving accessibility after a recent audit. No new features as such, but if you're a screen reader or keyboard user you should find the site much easier to use. We now have skip links for large content blocks, proper tab ordering, better labels for links and buttons, and much more. We now use shape as well as colour to differentiate problem severity icons, which should help users with reduced colour vision.
What's Changed
🐛 Bug Fixes 🐛
- Fix accessibility of upload page form labels by @Floppy in #2121
- Add ARIA labels for pagination links by @Floppy in #2131
- Fix tab ordering by moving sidebar later in DOM by @Floppy in #2138
- Fix accessibility issues on image carousel by @Floppy in #2140
🛠️ Other Improvements 🛠️
- Fix separate database env vars by @aneurinprice in #2116
- A11y fixes for problem icons, including shape differentiation by @Floppy in #2120
- Move breadcrumbs into a top-level nav for better accessibility by @Floppy in #2122
- Improve bulk editor accessibility by @Floppy in #2123
- Polish translation updates by @Floppy in #2124
- Add a skip link to get to main content by @Floppy in #2125
- Add skip links for large content blocks (models, creators, collections, tags) by @Floppy in #2129
- Show constraints alongside password input boxes by @Floppy in #2130
- Translation updates for Polish and French by @Floppy in #2134
- Improve labels on a number of links and buttons, for screen readers by @Floppy in #2135
- Improve labelling of metadata and filters by @Floppy in #2137
Full Changelog: v0.64.0...v0.65.0