kopia

v0.23.0 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 23d Backup & Recovery

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

backup cloud deduplication encryption google-cloud-storage

Affected surfaces

auth breaking_upgrade

ReleasePort's take

Moderate signal

editorial:auto 13d

Kopia v0.23.0 removes LZ4 compression support and hardens unauthenticated server access to loopback-only binding. The release includes multiple data integrity and stability fixes across storage, repository, and snapshot handling.

Why it matters: Deployments using LZ4-compressed repositories must plan migration before upgrading. Security hardening restricts unauthenticated access to localhost; verify your server configuration. Data integrity fixes address index syncing and Windows MAX_PATH failures—test in dev before rolling to production.

Summary

AI summary

Removed LZ4 compression support.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	New feature restricts insecure unauthenticated server to loopback binds. New feature restricts insecure unauthenticated server to loopback binds. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Registration mechanism for storage providers implemented. Registration mechanism for storage providers implemented. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Hash benchmarking count added. Hash benchmarking count added. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added byte units to maintenance stat summaries. Added byte units to maintenance stat summaries. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	ErrorEntry policy resolution now uses child policy. ErrorEntry policy resolution now uses child policy. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Warns messages for extra storage providers added. Warns messages for extra storage providers added. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Notifies after releasing the lock in Storage Providers. Notifies after releasing the lock in Storage Providers. Source: llm_adapter@2026-05-21 Confidence: low	—
Performance	Medium	Bigmapbench profiling added. Bigmapbench profiling added. Source: llm_adapter@2026-05-21 Confidence: low	—
Performance	Medium	Limits `PutBlobInPath` to maximum of 2 attempts in Storage Providers. Limits `PutBlobInPath` to maximum of 2 attempts in Storage Providers. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix
Bugfix	Medium	Syncs index blob file before closing in Repository. Syncs index blob file before closing in Repository. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Resolves failures when exceeding Windows MAX_PATH. Resolves failures when exceeding Windows MAX_PATH. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Inaccessible entry no longer causes parent directory to be skipped. Inaccessible entry no longer causes parent directory to be skipped. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Cleans up temporary file on put blob failure in Storage Providers. Cleans up temporary file on put blob failure in Storage Providers. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Handles potential conversion overflow when setting progress default. Handles potential conversion overflow when setting progress default. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Skips htmlui tests that are timing out. Skips htmlui tests that are timing out. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Corrected retained log size double counting. Corrected retained log size double counting. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Addresses potential conversion overflows. Addresses potential conversion overflows. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Fixed string nits in codebase. Fixed string nits in codebase. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Syncs file in FS provider to ensure data is persisted. Syncs file in FS provider to ensure data is persisted. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Prefer assert.NoError in Testing improvements. Prefer assert.NoError in Testing improvements. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Resolves nits in TestSnapFail tests in Testing. Resolves nits in TestSnapFail tests in Testing. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Improves `TestSnapshotFail`* tests in Testing. Improves `TestSnapshotFail`* tests in Testing. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Low	Prevents inaccessible entries from causing parent directories to be skipped. Prevents inaccessible entries from causing parent directories to be skipped. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—
Bugfix	Low	Cleans up temporary files on put‑blob failures. Cleans up temporary files on put‑blob failures. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—
Refactor
Refactor	Medium	Leverages x/term.IsTerminal in CLI. Leverages x/term.IsTerminal in CLI. Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	Removed support for LZ4. Removed support for LZ4. Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	Made counters and size stats uint64 for consistency. Made counters and size stats uint64 for consistency. Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	Moved `SafeLongFilename` to `ospath`. Moved `SafeLongFilename` to `ospath`. Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	Made tests with injected errors more robust in Storage Providers. Made tests with injected errors more robust in Storage Providers. Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	Tweaked Copilot instructions in Infrastructure. Tweaked Copilot instructions in Infrastructure. Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	Updated agent instructions in Infrastructure. Updated agent instructions in Infrastructure. Source: llm_adapter@2026-05-21 Confidence: low	—
Other	Medium	Split out linux-based lint targets in CI/CD enhancements. Split out linux-based lint targets in CI/CD enhancements. Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

Command-Line Interface

New Feature restrict insecure unauthenticated server to loopback binds (#5354) by Jarek Kowalski
registration mechanism for storage providers (#5350) by Julio López
hash benchmarking count (#5312) by Julio López
leverage x/term.IsTerminal (#5308) by Julio López
handle potential conversion overflow when setting progress default (#5271) by Julio López

KopiaUI App

skip htmlui tests that are timing out (#5257) by Julio López

General Improvements

bigmapbench profiling (#5321) by Julio López
clean nits (#5313) by Julio López
remove support for LZ4 (#5296) by Julio López
retained log size double counting (#5302) by Julio López
make counters and size stats uint64 for consistency (#5262) by Julio López
address potential conversion overflows (#5266) by Julio López
string nits (#5265) by Julio López
cleanup nits (#5236) by Julio López
do not included concatenated entries in log (#5231) by lif
move SafeLongFilename to ospath (#5227) by Julio López
add byte units to maintenance stat summaries (#5178) by Julio López

Repository

sync index blob file before closing (#5292) by Julio López
failures when exceeding Windows MAX_PATH (#5226) by Julio López

Snapshots

ErrorEntry policy resolution to use child policy (#5234) by Baixiaochun
inaccessible entry causes parent directory to be skipped (#5217) by Julio López

Storage Providers

warn messages for extra storage providers (#5324) by Julio López
perform maximum of 2 attempt in PutBlobInPath (#5168) by Julio López
require.NoError (#5166) by Julio López
update injected error message (#5165) by Julio López
make tests with injected errors more robust (#5164) by Julio López
cleanup temporary file on put blob failure (#5157) by Julio López
notify after releasing the lock (#5154) by Julio López
sync file in FS provider to ensure data is persisted (#5150) by Julio López

Testing

prefer assert.NoError (#5299) by Julio López
nits in TestSnapFail tests (#5228) by Julio López
TestSnapshotFail* (#5225) by Julio López

Infrastructure

tweak copilot instructions (#5278) by Julio López
update agent instructions (#5153) by Julio López

CI/CD

split out linux-based lint targets (#5349) by ashmrtn
license-check-go make target (#5347) by Julio López
skip setup step on PRs on MacOS (#5344) by Julio López
generate govulncheck SARIF report (#5300) by Julio López
avoid duplicate test failure output (#5222) by Julio López
add install-checklocks convenience target (#5152) by Julio López

Graphical User Interface

Breaking Changes

Removed support for LZ4 compression

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track kopia

Get notified when new releases ship.

About kopia

Cross-platform backup tool for Windows, macOS & Linux with fast, incremental backups, client-side end-to-end encryption, compression and data deduplication. CLI and GUI included.

All releases →