Skip to content

OpenList

v4.1.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 10mo File Storage & Sync
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

alist aliyunpan baidupan openlist

Affected surfaces

auth

Summary

AI summary

Potential XSS vulnerabilities were fixed.

Full changelog

   🚀 Features

  • 115_open: Add GetObjInfo to accelerate getting link  -  by @Seven66677731 in https://github.com/OpenListTeam/OpenList/issues/888 (54ae7)
  • ci: Add support for LoongArch64 architecture builds  -  by @Suyunmeng in https://github.com/OpenListTeam/OpenList/issues/907 (5b41a)
  • drivers: Enable local sorting for cloudreve, ilanzou  -  by @xrgzs in https://github.com/OpenListTeam/OpenList/issues/840 (23bdd)
  • fs: Full support webdav cross-driver copy and move  -  by @j2rong4cn in https://github.com/OpenListTeam/OpenList/issues/823 (4e9c3)
  • patch: Add migration from Alist V3 driver to OpenList  -  by @xrgzs in https://github.com/OpenListTeam/OpenList/issues/919 (ccd4a)
  • search: Enhanced meilisearch search experience  -  by @hcrgm in https://github.com/OpenListTeam/OpenList/issues/864 (1682e)
  • setting: Add site version information  -  by @xrgzs in https://github.com/OpenListTeam/OpenList/issues/859 (7da06)
  • strm: Add local mode  -  by @Seven66677731 and @xrgzs in https://github.com/OpenListTeam/OpenList/issues/885 (991da)
  • thunderx,pikpak: Add offline download support for ThunderX; add ctx to specific PikPak functions  -  by @nekohy and @xrgzs in https://github.com/OpenListTeam/OpenList/issues/879 (e0b3a)

   🐞 Bug Fixes

  • 123&&123_share:
    • Fix link request header referer  -  by @dgscyg in https://github.com/OpenListTeam/OpenList/issues/915 (a4980)
  • cmd:
    • Output to console  -  by @xrgzs in https://github.com/OpenListTeam/OpenList/issues/920 (cf912)
  • crypt:
    • Wrong ContentLength  -  by @j2rong4cn (0ee31)
  • drivers:
    • Update time-related fields to int64  -  by @xrgzs in https://github.com/OpenListTeam/OpenList/issues/913 (976c8)
  • fs:
    • Rename bug  -  by @hshpy in https://github.com/OpenListTeam/OpenList/issues/832 (61345)
  • local:
    • Treat junction as directory in Windows.  -  by @Rambin in https://github.com/OpenListTeam/OpenList/issues/809 (a5a22)
  • qb:
    • Configure HTTP client with connection pooling and fix resource leaks in qBittorrent client.  -  by @Suyunmeng in https://github.com/OpenListTeam/OpenList/issues/898 (3c7b0)
  • security:
    • Potential XSS vulnerabilities  -  by @hshpy and @xrgzs in https://github.com/OpenListTeam/OpenList/issues/880 (11cf5)
    • Potential XSS vulnerabilities  -  by @hshpy in https://github.com/OpenListTeam/OpenList/issues/896 (9469c)
  • static:
    • Support logo replacement (#834 Close #754)  -  by @xrgzs in https://github.com/OpenListTeam/OpenList/issues/834 and https://github.com/OpenListTeam/OpenList/issues/754 (da8d6)
  • user:
    • Show admin password on first start  -  by @ILoveScratch2 and Yinan Qin in https://github.com/OpenListTeam/OpenList/issues/883 (d6867)
    View changes on GitHub

Security Fixes

  • Potential XSS vulnerabilities fixed (commits 11cf5613, 9469c95b)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OpenList

Get notified when new releases ship.

Sign up free

About OpenList

File manager with support for multiple storage backends

All releases →

Related context

Beta — feedback welcome: [email protected]