FFL

v3.9.7 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 1mo Secrets & Credentials

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

cosmopolitan-libc data-transfer end-to-end-encryption file-sharing folder-share networking

+4 more

peer-to-peer transfer tunnel webrtc

ReleasePort's take

Light signal

editorial:auto 26d

Release v3.9.7 fixes non‑ASCII filename resolution and WebRTC hang issues while adding in‑memory fallback for zero‑disk encrypted streams.

Why it matters: Patch to v3.9.7 immediately if your workloads use non‑ASCII filenames or rely on stable WebRTC transfers; test the new `--stdin-cache off`/`--e2ee` feature before production rollout.

Summary

AI summary

Fixed international filename resolution, WebRTC hang issues, duplicate receipt emails, and added in‑memory fallback for zero‑disk encrypted streams.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	Added support for `--stdin-cache off`, `--e2ee`, and WebRTC fallback with in-memory buffer. Added support for `--stdin-cache off`, `--e2ee`, and WebRTC fallback with in-memory buffer. Source: llm_adapter@2026-05-21 Confidence: high	—
Dependency	Medium	Native binaries provided for Windows, Linux (glibc 2.28+ and glibc 2.39+), and macOS (arm64 and x86_64). Native binaries provided for Windows, Linux (glibc 2.28+ and glibc 2.39+), and macOS (arm64 and x86_64). Source: llm_adapter@2026-05-21 Confidence: low	—
Dependency	Medium	APE single-file builds (`ffl.com`, `fflo.com`) available for cross-platform use. APE single-file builds (`ffl.com`, `fflo.com`) available for cross-platform use. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix
Bugfix	Medium	Fixed issue with non-ASCII filenames like 'технический' not being resolved. Fixed issue with non-ASCII filenames like 'технический' not being resolved. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Resolved indefinite WebRTC transfer hangs in unstable networks. Resolved indefinite WebRTC transfer hangs in unstable networks. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Prevented duplicate `--receipt` download completion email triggers. Prevented duplicate `--receipt` download completion email triggers. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Improved reliability of `/complete` signal for WebRTC transfers. Improved reliability of `/complete` signal for WebRTC transfers. Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

🚀 What's New in v3.9.7

This release focuses on edge-case bug fixes, internationalization compatibility, and making advanced streaming workflows incredibly resilient—even under extremely poor network conditions.

🐛 Bug Fixes & Improvements

International Filename Support: Fixed an issue where files with specific non-ASCII characters (such as the Russian filename технический) could not be found or resolved correctly by the system.
WebRTC Network Resilience: Fixed a bug where WebRTC transfers could hang indefinitely waiting for peer responses in highly unstable network environments. The connection recovery process is now much faster and more reliable.
Duplicate Receipts: Resolved an issue that occasionally caused the --receipt download completion email to trigger twice.
WebRTC Completion Tracking: Improved the reliability of the /complete signal during WebRTC transfers to prevent completion statuses from being lost at the very end of a download.

🛠️ Advanced Streaming: Zero-Disk Fallback

Support for --stdin-cache off + --e2ee + WebRTC Fallback: This is a major technical improvement for DevOps and high-speed streaming. Previously, if you piped data in with --stdin-cache off (to avoid writing to disk) alongside End-to-End Encryption (--e2ee), a dropped WebRTC connection meant the transfer would fail. Because there was no disk cache, the system couldn't fall back to HTTP relay to resume.

We have implemented a short-lived, in-memory sliding window buffer. Now, even with zero disk footprint, ffl retains just enough context in memory to seamlessly fall back to HTTP and resume the encrypted stream if the P2P connection drops. You get maximum speed, maximum security, and zero disk I/O—without sacrificing reliability.

Windows (native)

x86_64 → ffl-v3.9.7-x86_64-windows.zip
Unzip to get ffl.exe.

Linux (native)

We publish two glibc baselines. Pick the highest baseline that does not exceed your system glibc:

glibc 2.39+ — smaller & faster
- ffl-v3.9.7-manylinux_glibc2.39-x86_64-linux.tar.gz
- Best for newer distros (e.g., Ubuntu 24).
glibc 2.28+ — widest compatibility
- ffl-v3.9.7-manylinux_glibc2.28-x86_64-linux.tar.gz
- Works on older distros (e.g., Ubuntu 20); larger due to additional internal linking.

⚠️ If your system is musl-based (e.g., Alpine) or you’re unsure about glibc, prefer APE ffl.com.

macOS (native)

Apple Silicon (arm64) → ffl-v3.9.7-aarch-darwin.tar.gz
Intel (x86_64) → ffl-v3.9.7-x86_64-darwin.tar.gz

The archive unpacks to a single ffl binary.

🧰 APE (cross-platform single file, zero external deps)

ffl.com — Single-file build that runs natively on Linux, macOS, Windows, FreeBSD, OpenBSD 7.3, NetBSD, BIOS, and Android (Termux).
fflo.com — Alternative APE build that is exactly aligned with the open-source repo (no additional/proprietary addons).
As a result, features that require closed-source components—such as upload to server (e.g., --upload)—are not available.

For a deeper comparison between native and APE, see the README’s notes.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track FFL

Get notified when new releases ship.

About FFL

All releases →

FFL