drivebase

v4.0.0 Security

This release patches 1 CVE for security teams tracking exposure across their dependency inventory.

Published 16h File Storage & Sync

View tool

1 patched CVE

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE CVE-2025-31125 EPSS 83%

1 CVEs patched

Topics

bun docker dropbox e2e file-management file-manager

+8 more

ftp google-drive nodejs react s3 self-hosted storage vite

Summary

AI summary

Added Dropbox and OneDrive provider support, preview option for images, and telemetry worker rate limiting.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Low	Adds Dropbox provider. Adds Dropbox provider. Source: llm_adapter@2026-06-03 Confidence: high	—
Feature	Low	Adds OneDrive provider. Adds OneDrive provider. Source: llm_adapter@2026-06-03 Confidence: high	—
Feature	Low	Adds install event with EventName derived from ALLOWED_EVENT_NAMES. Adds install event with EventName derived from ALLOWED_EVENT_NAMES. Source: llm_adapter@2026-06-03 Confidence: high	—
Feature	Low	Adds preview option for images. Adds preview option for images. Source: llm_adapter@2026-06-03 Confidence: high	—
Feature	Low	Implements rate limiting, payload size guard, and event name validation in telemetry worker. Implements rate limiting, payload size guard, and event name validation in telemetry worker. Source: llm_adapter@2026-06-03 Confidence: high	—
Dependency	Low	Updates Docker configuration for production deployment. Updates Docker configuration for production deployment. Source: llm_adapter@2026-06-03 Confidence: high	—
Bugfix
Bugfix	Medium	Exports ALLOWED_EVENT_NAMES and corrects ratelimits field in wrangler. Exports ALLOWED_EVENT_NAMES and corrects ratelimits field in wrangler. Source: llm_adapter@2026-06-03 Confidence: high	—
Bugfix	Medium	Handles OAuth route properly. Handles OAuth route properly. Source: llm_adapter@2026-06-03 Confidence: high	—
Bugfix	Medium	Refetches providers on desktop after OAuth connect. Refetches providers on desktop after OAuth connect. Source: llm_adapter@2026-06-03 Confidence: high	—
Refactor	Low	Resets migrations to clean state. Resets migrations to clean state. Source: llm_adapter@2026-06-03 Confidence: high	—

Full changelog

Features

add dropbox provider (28d84d6)
add install event, derive EventName from ALLOWED_EVENT_NAMES (b9d7824)
add onedrive provider (3234e42)
preview option for images (2c7f7e0)
rate limiting, payload size guard, event name validation in telemetry worker (0ece434)

Fixes

export ALLOWED_EVENT_NAMES + correct ratelimits field in wrangler (c3f0d74)
handle oauth route (710c4c9)
refetch providers on desktop after oauth connect (0794f84)

Styles

use dark mode only (69f3d94)

Others

add makefile (1bcd2ce)
reset migrations (cdf2e04)
update .gitignore (4cb2163)
update docker config for production deployment (a473a65)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track drivebase

Get notified when new releases ship.

About drivebase

Drivebase is a cloud-agnostic file management platform for people and teams using multiple storage providers.

All releases →