Skip to content

FileRise

v3.15.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 7d File Storage & Sync
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

acl docker file-editor file-manager file-upload folder-management
+11 more
javascript multi-file-upload php self-hosted sso twofactor-auth unraid uploader web web-based webdav

Affected surfaces

auth rbac

ReleasePort's take

Moderate signal
editorial:auto 7d

FileRise v3.15.0 hardens shared‑folder boundaries to ensure subpaths remain confined within the original share.

Why it matters: Security fix with severity 90; protects against path traversal in all shared-folder operations (list, download, upload, ZIP creation).

Summary

AI summary

Updates v3.15.0, shares, and https://github.com/error311/FileRise/compare/v3.14.0...v3.15.0 across a mixed release.

Changes in this release

Security Critical

Hardens shared-folder boundary to keep subpaths inside original share.

Hardens shared-folder boundary to keep subpaths inside original share.

Source: llm_adapter@2026-06-12

Confidence: high
Full changelog

Changes 06/11/2026 (v3.15.0)

release(v3.15.0): shared-folder boundary hardening

Commit message

release(v3.15.0): shared-folder boundary hardening

- security(shares): keep shared-folder subpaths inside the original shared folder boundary

Fixed

  • Shared-folder boundary hardening
    • Tightened public shared-folder subpath handling so listing, direct file download, upload targets, and ZIP creation remain inside the originally shared folder.
    • Existing normal files, subfolders, and in-bound shared-folder content remain supported.

v3.15.0

Full Changelog

v3.14.0 → v3.15.0

SHA-256 (zip)

3915ba1d5beccfe4cf84b32f26b4a0c53120b33e5bcdf5f0c8ed14d206b1bb2c  FileRise-v3.15.0.zip

Security Fixes

  • Shared-folder boundary hardening prevents traversal outside the originally shared folder for listing, download, upload, and ZIP creation.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track FileRise

Get notified when new releases ship.

Sign up free

About FileRise

FileRise – lightweight, self-hosted file manager & storage hub with granular ACLs, resumable uploads, encrypted folders, WebDAV & SSO. Fully Docker / Unraid compatible.

All releases →

Related context

Beta — feedback welcome: [email protected]