🚀 OxiCloud v0.6.0 — "Open Skies"

Eight months. Two hundred and ten commits. One mission: turn a fast Rust file server into a full, self-hostable cloud you actually want to live in.

OxiCloud 0.6.0 is, without exaggeration, the largest release in the project's history. It is the version where OxiCloud stops being "a place to store files" and becomes a complete personal cloud — your files, your calendar, your contacts, your office, your photos — all served from a single, blazing-fast Rust binary, on your hardware, under your rules.

This is open skies. No vendor. No lock-in. No telemetry. Just your data, where it belongs.

✨ Headline features

🔌 Speak every protocol

OxiCloud now talks to the whole ecosystem out of the box:

• WebDAV (RFC 4918) — including LOCK/UNLOCK so Office and OS clients play nice.
• CalDAV — a real calendar server, with month/week/day UI and correct timezone handling for recurring events.
• CardDAV — contacts with full vCard import/export.
• NextCloud-compatible API — point the official NextCloud mobile & desktop apps straight at OxiCloud.
• WOPI — edit Office documents in the browser.

Your phone, your laptop, your calendar app — they all just connect.

🔐 Authentication, done right

• OIDC / OAuth2 single sign-on.
• Two-factor authentication (TOTP).
• Device flow for CLI and mobile clients.
• App passwords for third-party apps.
• Hardened internals: timing-attack-safe password comparison, fixed JWT expiry & OIDC token refresh, clean session teardown on logout.

💾 Smarter storage

• Content-addressable storage with BLAKE3 deduplication — store the same file a thousand times, pay for it once.
• Transparent compression for compressible content.
• Chunked & resumable uploads for large files over flaky connections.
• Per-user quotas with correct accounting after deletes.

🔎 Find anything

• Full-text search powered by PostgreSQL pg_trgm, with relevance ranking and safe query escaping.

🗂️ A real workspace

• Trash / recycle bin, favorites, recent items, and file version history.
• Public sharing with password protection and expiration dates.
• Smart image thumbnails with intelligent cropping and dimension hints.

🎨 A frontend that delights

• Dark mode, mobile-responsive layout, drag-and-drop upload, grid/list toggle, multi-select with shift-click, keyboard navigation, upload progress, and an improved preview modal.
• Cursor-based pagination on the main lists for instant, smooth scrolling at any scale.
• Multi-language support: 🇬🇧 English · 🇪🇸 Español · 🇫🇷 Français · 🇩🇪 Deutsch.
• A new user profile page with avatar upload, plus an admin panel for user management and system settings.

🛠️ For developers & operators

• OpenAPI spec generation + Swagger UI.
• GitHub Actions CI for tests and linting, and an automated release workflow.
• The server no longer reuses the port by default — safer, more predictable startup.

🐛 Reliability & security

64 fixes landed in this cycle. The highlights that matter most:

• 🔒 Patched a path-traversal vulnerability in file download.
• 🔒 Filename sanitization to prevent XSS.
• ⚡ Fixed connection-pool exhaustion under load and optimized folder-listing queries.
• 🧠 Closed a memory leak in image processing and tightened thumbnail caching.
• 🧩 Correct CalDAV recurring-event timezones, NextCloud PROPFIND format, WebDAV LOCK token validation, chunked-upload reassembly, and dedup ref-counting on delete.

⚙️ Upgrade notes

• Requires Rust 1.93+ (edition 2024) and PostgreSQL 13+ with the pg_trgm and ltree extensions.
• Database migrations apply automatically on startup.
• Heads-up: the server no longer reuses the listening port by default. If you relied on the old behavior, adjust your deployment config.

💛 Thank you — this release belongs to the community

OxiCloud 0.6.0 was built by people who believe self-hosting should be a joy, not a chore. To everyone who filed an issue, tested a nightly, translated a string, or sent a patch: thank you.

🏆 A special, heartfelt thank you to Edouard Vanbelle (@EdouardVanbelle)

Edouard is, quite simply, a crack. The most prolific community contributor of this entire cycle — 21 commits of consistently excellent work. He gave us cursor-based pagination on the main lists, hardened the server's startup behavior, polished the resource list UX with owner swimlanes and user vignettes, and showed up, again and again, with care and craft. This release would not be what it is without him. Edouard — you deserve everything good in this world. 🙏👑

🙌 And huge thanks to:

• Davide Lettieri (@davidelettieri) — for solid, thoughtful contributions across the codebase.
• Stefano Gennari — for jumping in and making OxiCloud better.

To every star-gazer, every self-hoster, every person running OxiCloud on a Raspberry Pi in a closet: this one's for you. ❤️

Full Changelog: https://github.com/DioCrafts/OxiCloud/compare/v0.5.0...v0.6.0

Built with 🦀 and stubborn love for open source.

What's Changed

• fix(wopi): decode escaped discovery action URLs by @onthebed in https://github.com/AtalayaLabs/OxiCloud/pull/314
• Refactor/keep badge order by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/309
• refactor/i18n by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/317
• refactor(ui): css: use of variables colors only by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/319
• docs(wopi): clarify public base URL for split-host office setups by @onthebed in https://github.com/AtalayaLabs/OxiCloud/pull/321
• chore(rust): use same params for clippy as the CI + correct clippy warnings by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/325
• style(claude): minimize code duplicate... by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/327
• fix(dav): handle username prefix in all CalDAV and CardDAV route handlers by @gidsi in https://github.com/AtalayaLabs/OxiCloud/pull/336
• fix(carddav): resolve PROPFIND 404 and MKCOL 500 bugs by @gidsi in https://github.com/AtalayaLabs/OxiCloud/pull/337
• style(server): correct clippy warnings by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/341
• fix audit issue (some are ignored) by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/342
• style(ui): request that all types defined by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/339
• add polish (pl) translation by @abnvle in https://github.com/AtalayaLabs/OxiCloud/pull/340
• feat(ui): thumbnail generation from client by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/338
• feat(openapi): upgrade code to generate openapi on all /api path by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/331
• feat(ui): permit drag&drop to the operating system (outside of browser) by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/329
• fix(share): password-protected downloads via signed unlock cookie by @abnvle in https://github.com/AtalayaLabs/OxiCloud/pull/346
• fix(ui): admin panel, profile, etc: restore missing icons library by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/352
• fix(storage names): enure folder and file names are not using reserved chars by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/353
• security: prevent re-use of refresh token (reduce surface for any stolen token) by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/351
• fix(ui): handle any session expired and trigger transparently a refresh token by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/350
• show item path on Recent + Favorite, add go to parent folder, fix Folder browsing in Favorites by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/349
• feat(audit): show trace with HTTP's client_ip , user + trusted proxy by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/320
• test: initial end to end test with playwright by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/343
• feat(ui): handle errors on folder creation or folder/file renaming by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/354
• feat(contacts): add API to address-books, contacts, groups by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/359
• feat(ui): drop from system available only on files section by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/358
• test(api): add API test coverage on files, folders, favorites, recent, trash by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/361
• Feat/copy folder by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/362
• feat(share): public folder browsing with descendant check, range, and zip by @abnvle in https://github.com/AtalayaLabs/OxiCloud/pull/347
• bugfix/thumbnails on update by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/330
• feat(openapi): complete openapi with new shares routes by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/365
• feat(server): add support of IPv6 (no dual stack) by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/367
• chore(release): bump version to 0.6.0 by @DioCrafts in https://github.com/AtalayaLabs/OxiCloud/pull/370
• feat(ui): improve mobile search and consolidate language selector by @kamil-alekber in https://github.com/AtalayaLabs/OxiCloud/pull/371
• feat(i18n): add Traditional Chinese (zh-TW) locale by @TW199501 in https://github.com/AtalayaLabs/OxiCloud/pull/373
• fix(front): fix issue with already declared constants on release mode by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/379
• fix(logo): specify localisation of oxicloud logo for browsers by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/380
• Js typed + fix JS bundling + fix publicShare + complete some end to end tests by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/374
• Adding OXICLOUD_DISABLE_REGISTRATION in documentation by @dscso in https://github.com/AtalayaLabs/OxiCloud/pull/375
• fix(share): permit scrolldown+ keep header sticky on the top by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/381
• Permissions Improvement: ReBAC, Permissions, Grants & Cascading by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/383
• feat(ui/trash): show original file path in tooltip on mouse over + show thumbnails in trash by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/387
• refactor(lifecycle hooks): simplify integration of new services by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/388
• refactor(i18n): rename safeT to t, drop export alias by @TW199501 in https://github.com/AtalayaLabs/OxiCloud/pull/391
• Feat/shared with me by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/390
• feat(user-avatar): users can now edit their image (if OIDC, image is taken from picture claims) by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/394
• feat(openapi): add auth path + show explicitly path requiring bearerAuth by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/398
• refactor+feat(swimlane): maximize components + add swimlane support + normalize API list return with cursor by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/396
• feat(server): add OXICLOUD_REUSE_PORT env parameter (false by default) by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/400
• feat(resourceList): implement groupby, and cursor capabilites, normalize also listing from API by @EdouardVanbelle in https://github.com/AtalayaLabs/OxiCloud/pull/399

New Contributors

• @onthebed made their first contribution in https://github.com/AtalayaLabs/OxiCloud/pull/314
• @gidsi made their first contribution in https://github.com/AtalayaLabs/OxiCloud/pull/336
• @abnvle made their first contribution in https://github.com/AtalayaLabs/OxiCloud/pull/340
• @kamil-alekber made their first contribution in https://github.com/AtalayaLabs/OxiCloud/pull/371
• @TW199501 made their first contribution in https://github.com/AtalayaLabs/OxiCloud/pull/373
• @dscso made their first contribution in https://github.com/AtalayaLabs/OxiCloud/pull/375

Full Changelog: https://github.com/AtalayaLabs/OxiCloud/compare/v0.5.6...v0.6.0