This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+1 more
Affected surfaces
ReleasePort's take
Moderate signalFileBrowser v2.63.6 resolves critical security issues: archive traversal, login denial‑of‑service, and symlink escape vulnerabilities.
Why it matters: Addresses three high‑severity (≥80) disclosures affecting file handling and authentication; operators should upgrade immediately to mitigate risk.
Summary
AI summaryFixes security disclosures including archive traversal, login DoS, and symlink escape.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Critical |
Addresses three security disclosures: archive traversal, login DoS, symlink escape. Addresses three security disclosures: archive traversal, login DoS, symlink escape. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Security | High |
Fixes cross‑user unauthorized deletion of share links. Fixes cross‑user unauthorized deletion of share links. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Security | High |
Corrects incorrect access control in public directory shares via rule path rebasing. Corrects incorrect access control in public directory shares via rule path rebasing. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Deprecation | Low |
Removes undocumented hook auth with shell replacement. Removes undocumented hook auth with shell replacement. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Bugfix | Medium |
Parses CSV files with uneven columns correctly. Parses CSV files with uneven columns correctly. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Refactor | Low |
Disables automatic major updates. Disables automatic major updates. Source: llm_adapter@2026-06-03 Confidence: high |
— |
Full changelog
Changelog
- 85b7d2762dda67b6158220991654c65b43739005 chore(release): 2.63.6
- 4edabb9ccc74c8b0bc80f0ac6af121d106ca6647 chore(docs): update CLI documentation
- 103683069e077fa5976da7bb4b390110a68bdc30 chore: Updates for project File Browser (#5947)
- 5328e80d2e88d1c279a1250a7dfee4fc96f703ec fix: parse csv files with uneven columns in their rows (#5965)
- 847d08bdd135e5c3659f2e6dea2f0cd36617af9b fix: address three security disclosures (archive traversal, login DoS, symlink escape)
- 0231b7ebdfbe77a6c54027d30c4856c3fd81ee4d fix: cross-user unauthorized share-link deletion
- e07c59df0b850f5924d5b1683e8609661ddcf534 fix: incorrect access control in public directory shares via rule path rebasing
- 0d3eb9bea96127e6d7b53a84f4551d709affe865 docs: clarify hide dotfiles
- 34ae34e764d72540c039f1f5ea2ec4c974168c1f fix: remove undocumented hook auth with shell replacement
- ca0108f0709741828c5d4c9f0406e2b25dd7ca88 chore: disable automatic major updates
Security Fixes
- fix: address three security disclosures (CVE not provided) — archive traversal, login DoS, symlink escape
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Beta — feedback welcome: [email protected]