Pingvin Share X

v1.18.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 13d File Storage & Sync

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

docker fileshare fork self-hosted share

Affected surfaces

deps

ReleasePort's take

Light signal

editorial:auto 13d

The Email feature now blocks activation unless a valid SMTP configuration is provided; share information updates automatically post‑creation, and the platform adds site‑wide language support with backend translations. Several UI bugs are fixed, including consistent custom color display, duplicate email prevention on Enter keypress, and addition of direct file‑share links.

Why it matters: Patch to enforce SMTP before enabling Email; automatic share updates improve consistency; new i18n features require testing in dev environments for locale handling. Fix UI bugs immediately to avoid user confusion.

Summary

AI summary

Mitigate Next.js vulnerabilities and resolve npm audit security issues.

Changes in this release

Type	Severity	Summary	CVE
Security	High	Next.js vulnerabilities mitigated. Next.js vulnerabilities mitigated. Source: granite4.1:30b@2026-05-22-audit Confidence: high	—
Security	Medium	Security vulnerabilities resolved via npm audit and Next.js mitigation. Security vulnerabilities resolved via npm audit and Next.js mitigation. Source: llm_adapter@2026-05-22 Confidence: high	—
Feature
Feature	Medium	Email feature now prevents enabling without SMTP configuration. Email feature now prevents enabling without SMTP configuration. Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Share info is updated automatically after creation. Share info is updated automatically after creation. Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Site-wide default language support and backend string translations added. Site-wide default language support and backend string translations added. Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix
Bugfix	Medium	Config UI now consistently shows custom color input. Config UI now consistently shows custom color input. Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	Direct file share link functionality added. Direct file share link functionality added. Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	Prevents email duplicate when pressing Enter in recipients field. Prevents email duplicate when pressing Enter in recipients field. Source: llm_adapter@2026-05-22 Confidence: low	—

Full changelog

What's Changed

Features

email: prevent enabling email without smtp configured (f7e93a2)
shares: update share info after creation (#69) (9553c56)
site wide default language support, translations for backend strings (#70) (1d788f7)

Bug Fixes

config: show custom color input consistently (d850519)
deps: resolve security vulns via npm audit (54abd9a)
shares: direct file share link (#75) (b970f44)(https://github.com/smp46/pingvin-share-x/issues/74)
security: mitigate nextjs vulnerabilties (b3135c5)
upload: prevent email dupe when pressing Enter in recipients field (bd89709)

Full Changelog: https://github.com/smp46/pingvin-share-x/compare/v1.17.0...v1.18.0

Security Fixes

Mitigate Next.js vulnerabilities — unspecified CVE(s)
Resolve security vulnerabilities via npm audit for dependencies

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.