Skip to content

Pingvin Share X

v1.16.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo File Storage & Sync
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

docker fileshare fork self-hosted share

Affected surfaces

auth

Summary

AI summary

Patches a TOTP verification bypass that allowed any six‑digit code to skip MFA while still requiring a valid password.

Full changelog

Updating is highly recommended

A bug with TOTP verification was found that allowed any six digit code to bypass the TOTP requirement on login. A valid password is still required to reach the bypass. This update patches the bug.

For more details view the Security Advisory: GHSA-j679-vp39-qwqq

Thanks to @probablyjassin for the report.

Full Changelog: https://github.com/smp46/pingvin-share-x/compare/v1.16.2...v1.16.3

Security Fixes

  • GHSA-j679-vp39-qwqq — fixes TOTP verification bypass allowing any six‑digit code to skip MFA (password still required)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Pingvin Share X

Get notified when new releases ship.

Sign up free

About Pingvin Share X

File sharing platform and WeTransfer alternative

All releases →

Related context

Beta — feedback welcome: [email protected]