Skip to content

OpenList

v4.0.9 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 10mo File Storage & Sync
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

alist aliyunpan baidupan openlist

Affected surfaces

deps

Summary

AI summary

Fixed upload progress error in feature 115_open.

Full changelog

   🚀 Features

  • Default settings api  -  by @j2rong4cn in https://github.com/OpenListTeam/OpenList/issues/716 (2a4c5)
  • 115_open: Add offline download  -  by @Seven66677731 in https://github.com/OpenListTeam/OpenList/issues/683 (19c6b)
  • archives: Add additional accepted archive extensions  -  by @xixu-me in https://github.com/OpenListTeam/OpenList/issues/747 (811a8)
  • docker: Change keep-alive strategy to runit, add aria2 log support  -  by @huancun in https://github.com/OpenListTeam/OpenList/issues/791 (afb04)
  • lenovonas_share: Add option to not show root directory  -  by @YangRucheng in https://github.com/OpenListTeam/OpenList/issues/772 (59ec1)
  • proxy: Add disable proxy sign  -  by @SenkjM in https://github.com/OpenListTeam/OpenList/issues/764 (5a0d8)
  • quark_uc_tv: Add streaming link api  -  by @dgscyg in https://github.com/OpenListTeam/OpenList/issues/728 (e8d45)
  • static: Fetch index.html from cdn for beta  -  by @xrgzs in https://github.com/OpenListTeam/OpenList/issues/372 (7d0de)
  • task-group: Introduce TaskGroupCoordinator for coordinated task execution  -  by @Seven66677731 and Copilot in https://github.com/OpenListTeam/OpenList/issues/721 (e93ab)
  • traffic: Update progress when caching file  -  by @Seven66677731 in https://github.com/OpenListTeam/OpenList/issues/646 (3838e)

   🐞 Bug Fixes

  • 115_open:
    • Upload progress error  -  by @Seven66677731 in https://github.com/OpenListTeam/OpenList/issues/637 (9e610)
  • ci:
    • Update OpenListTeam/cgo-actions to v1.2.2 to fix loongarch64 build  -  by @elysia-best in https://github.com/OpenListTeam/OpenList/issues/811 (c2271)
  • cloudreve_v4:
    • Remove deprecated authn check for login  -  by @xrgzs in https://github.com/OpenListTeam/OpenList/issues/767 (012e5)
  • cmd:
    • Optimize parse of command flag --data  -  by @j2rong4cn in https://github.com/OpenListTeam/OpenList/issues/777 (a20c2)
  • crypt:
    • Pass refresh list request  -  by @j2rong4cn in https://github.com/OpenListTeam/OpenList/issues/609 (01771)
  • deps:
    • Update module github.com/pkg/sftp to v1.13.9  -  in https://github.com/OpenListTeam/OpenList/issues/574 (efd88)
    • Update module github.com/yuin/goldmark to v1.7.12  -  in https://github.com/OpenListTeam/OpenList/issues/575 (d6783)
    • Update module github.com/blevesearch/bleve/v2 to v2.5.2  -  in https://github.com/OpenListTeam/OpenList/issues/582 (4965a)
    • Update module github.com/deckarep/golang-set/v2 to v2.8.0  -  in https://github.com/OpenListTeam/OpenList/issues/589 (c72ba)
    • Update module github.com/go-resty/resty/v2 to v2.16.5  -  in https://github.com/OpenListTeam/OpenList/issues/628 (eed3c)
    • Update module github.com/yuin/goldmark to v1.7.13  -  in https://github.com/OpenListTeam/OpenList/issues/794 (cacf6)
    • Update module github.com/ipfs/go-cid to v0.5.0  -  in https://github.com/OpenListTeam/OpenList/issues/680 (17989)
    • Update module github.com/go-webauthn/webauthn to v0.13.4  -  in https://github.com/OpenListTeam/OpenList/issues/677 (b5f0e)
    • Update module github.com/charmbracelet/bubbles to v0.21.0  -  in https://github.com/OpenListTeam/OpenList/issues/583 (74c2e)
    • Update module github.com/charmbracelet/bubbletea to v1.3.6  -  by Pikachu Ren in https://github.com/OpenListTeam/OpenList/issues/585 (8cf90)
    • Update github.com/fclairamb/ftpserverlib digest to 4a925d7  -  in https://github.com/OpenListTeam/OpenList/issues/675 (57cf2)
    • Update azure-sdk-for-go monorepo  -  in https://github.com/OpenListTeam/OpenList/issues/579 (676b8)
    • Update module github.com/rclone/rclone to v1.70.3  -  in https://github.com/OpenListTeam/OpenList/issues/802 (3da8c)
    • Update module github.com/azure/azure-sdk-for-go/sdk/storage/azblob to v1.6.2  -  by Pikachu Ren in https://github.com/OpenListTeam/OpenList/issues/801 (4a713)
    • Update module github.com/protonmail/go-crypto to v1.3.0  -  by Pikachu Ren in https://github.com/OpenListTeam/OpenList/issues/800 (c2e0d)
    • Update module github.com/pquerna/otp to v1.5.0  -  by Pikachu Ren in https://github.com/OpenListTeam/OpenList/issues/799 (93849)
    • Update module github.com/coreos/go-oidc to v2.3.0+incompatible  -  in https://github.com/OpenListTeam/OpenList/issues/586 (4d8c4)
    • Update module github.com/sheltonzhu/115driver to v1.1.0  -  in https://github.com/OpenListTeam/OpenList/issues/803 (923d2)
    • Update module golang.org/x/image to v0.29.0  -  in https://github.com/OpenListTeam/OpenList/issues/804 (bd297)
  • docker:
    • Fix the runsvdir permission issue caused by su-exec user switching and resolve the RUN_ARIA2 variable compatibility problem.  -  by @huancun in https://github.com/OpenListTeam/OpenList/issues/805 (d4b85)
  • net:
    • Ensure accurate content-length in response  -  by @pnparadise in https://github.com/OpenListTeam/OpenList/issues/749 (86324)
  • ocr:
    • Repair verification code OCR recognition service  -  by @Suyunmeng in https://github.com/OpenListTeam/OpenList/issues/602 (a77e5)
  • quark:
    • Set the transcoding link ContentLength to the correct size  -  by @j2rong4cn (6bb28)
  • security:
    • Add login count validation for webdav  -  by @itsHenry35 in https://github.com/OpenListTeam/OpenList/issues/693 (e5fbe)
    • Directory traversal  -  by @hshpy in https://github.com/OpenListTeam/OpenList/issues/744 (bba4f)
  • simplehttp:
    • Logic bug when unable to parse file name  -  by @j2rong4cn in https://github.com/OpenListTeam/OpenList/issues/761 (74d32)
  • static:
    • Correct CDN fetch condition for index.html  -  by @xrgzs in https://github.com/OpenListTeam/OpenList/issues/814 (4106e)
  • terabox:
    • File upload error  -  by @yuyamionini in https://github.com/OpenListTeam/OpenList/issues/733 (4c069)

   🏎 Performance

  • link: Optimize concurrent response  -  by @j2rong4cn and Copilot in https://github.com/OpenListTeam/OpenList/issues/641 (cc01b)
    View changes on GitHub

Security Fixes

  • Directory traversal vulnerability fixed in security module
  • Login count validation added for WebDAV to prevent abuse
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OpenList

Get notified when new releases ship.

Sign up free

About OpenList

File manager with support for multiple storage backends

All releases →

Related context

Beta — feedback welcome: [email protected]