Skip to content

FileRise

v3.14.0 Feature

This release adds 1 notable feature for engineering teams evaluating rollout.

Published 20h File Storage & Sync
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

acl docker file-editor file-manager file-upload folder-management
+11 more
javascript multi-file-upload php self-hosted sso twofactor-auth unraid uploader web web-based webdav

Affected surfaces

auth deps

ReleasePort's take

Moderate signal
editorial:auto 20h

ReleasePort v3.14.0 enforces CSRF token checks on several endpoints and upgrades `symfony/yaml` to 8.0.12.

Why it matters: CSRF protection now mandatory for file creation, share‑link creation, admin OIDC discovery, and ClamAV self‑test; Composer dev dependency symfony/yaml locked at version 8.0.12.

Summary

AI summary

Updates v3.14.0, csrf, and composer across a mixed release.

Changes in this release

Security High

Enforces CSRF token checks on file creation, share-link creation, admin OIDC discovery, and ClamAV self-test POST actions.

Enforces CSRF token checks on file creation, share-link creation, admin OIDC discovery, and ClamAV self-test POST actions.

Source: llm_adapter@2026-06-03

Confidence: high
Dependency Low

Upgraded `symfony/yaml` to version 8.0.12 in Composer dev dependencies and locked set.

Upgraded `symfony/yaml` to version 8.0.12 in Composer dev dependencies and locked set.

Source: llm_adapter@2026-06-03

Confidence: high
Full changelog

Changes 06/03/2026 (v3.14.0)

release(v3.14.0): request validation hardening and symfony/yaml dependency update

Commit message

release(v3.14.0): request validation hardening and symfony/yaml dependency update

- security(csrf): enforce request-token checks on additional file and admin POST actions
- deps(composer): upgrade symfony/yaml to 8.0.12

Fixed

  • Request validation hardening
    • Added server-side CSRF enforcement to file creation and file share-link creation.
    • Added CSRF enforcement to admin OIDC discovery and ClamAV self-test POST actions.
    • Existing web UI flows continue to send the required CSRF token for these actions.

Changed

  • Dependency security maintenance
    • Updated symfony/yaml to 8.0.12 in Composer dev dependencies and the locked dependency set.

v3.14.0

Full Changelog

v3.13.0 → v3.14.0

SHA-256 (zip)

bd68703dc9140caa8f7cbc8c1a4be004ef9e665d01316fd527fe38b0a76b99e5  FileRise-v3.14.0.zip
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track FileRise

Get notified when new releases ship.

Sign up free

About FileRise

FileRise – lightweight, self-hosted file manager & storage hub with granular ACLs, resumable uploads, encrypted folders, WebDAV & SSO. Fully Docker / Unraid compatible.

All releases →

Related context

Beta — feedback welcome: [email protected]