Pingvin Share X

v1.18.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 8d File Storage & Sync

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

docker fileshare fork self-hosted share

Affected surfaces

auth

ReleasePort's take

Moderate signal

editorial:auto 8d

The release patches a critical vulnerability in the TOTP implementation (GHSA-59q6-jvp6-w282).

Why it matters: Addresses CVE GHSA-59q6-jvp6-w282 with severity score 90; operators using TOTP authentication must upgrade to v1.18.1 immediately.

Summary

AI summary

Patches a critical TOTP vulnerability (GHSA-59q6-jvp6-w282)

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Patches a vulnerability in the TOTP implementation (GHSA-59q6-jvp6-w282). Patches a vulnerability in the TOTP implementation (GHSA-59q6-jvp6-w282). Source: llm_adapter@2026-05-26 Confidence: high	—
Bugfix	Medium	Prevents cleanup of shares with ongoing uploads. Prevents cleanup of shares with ongoing uploads. Source: llm_adapter@2026-05-26 Confidence: high	—

Full changelog

What's Changed

This release patches a bug in the TOTP implementation that has existed since 1.5.0 (GHSA-59q6-jvp6-w282). Updating immediately is strongly recommended.

Bug Fixes

shares: don't cleanup shares with ongoing uploads(#79)(4b63770)

Full Changelog: https://github.com/smp46/pingvin-share-x/compare/v1.18.0...v1.18.1

Security Fixes

GHSA-59q6-jvp6-w282 — critical vulnerability in the TOTP implementation

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.