This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+7 more
Affected surfaces
Summary
AI summaryDocker images now require Node.js 24, fixing file viewer height issues and anonymous folder upload errors.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | High |
CVE/GHSA-gr35-qcpp-65w5 vulnerability addressed. CVE/GHSA-gr35-qcpp-65w5 vulnerability addressed. Source: granite4.1:30b@2026-05-20-audit Confidence: low |
— |
| Feature | Medium |
Added option to turn on automute for videos and audio files. Added option to turn on automute for videos and audio files. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
| Feature | Medium |
Added option for media-only previews compatible with apps like Discord. Added option for media-only previews compatible with apps like Discord. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
| Dependency | Medium |
Updated Docker image to use Node.js 24. Updated Docker image to use Node.js 24. Source: granite4.1:30b@2026-05-20-audit Confidence: low |
— |
| Dependency | Low |
Pinned ffmpeg and tzdata versions in Dockerfile. Pinned ffmpeg and tzdata versions in Dockerfile. Source: granite4.1:30b@2026-05-20-audit Confidence: low |
— |
| Dependency | Low |
Upgraded Alpine base image to version 3.22. Upgraded Alpine base image to version 3.22. Source: granite4.1:30b@2026-05-20-audit Confidence: low |
— |
| Bugfix | Medium |
Fixed issues with image/video heights in the new file viewer. Fixed issues with image/video heights in the new file viewer. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
| Bugfix | Medium |
Resolved anonymous folder uploads returning a 404 error. Resolved anonymous folder uploads returning a 404 error. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
| Bugfix | Medium |
Stopped audio/videos from continuing to play on recent files page. Stopped audio/videos from continuing to play on recent files page. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
| Bugfix | Medium |
Fixed folder files not displaying any content. Fixed folder files not displaying any content. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
Full changelog
🚨 GHSA-gr35-qcpp-65w5, please update!
What's Changed
- ⚠️ The Docker images have been updated to using node@24:
- If you are running Zipline using something other than node, please update to v24
- Changes to the dockerfile include:
- Pinned ffmpeg & tzdata versions
- Alpine 3.22
- Node 24
- fixed issues with image/video, etc. heights in the new file viewer #1087
- fixed anonymous folder uploads returning a 404 #1089
- fixed audio/videos continuing to play in the recent files page #1083
- fixed folder files not showing anything
- added option to turn on automute on videos and audio files
- added option to have media-only previews for apps like Discord #1090
Pulls merged
- feat(view): media-only OpenGraph previews when embeds disabled by @notzorexlol in https://github.com/diced/zipline/pull/1090
New Contributors
- @notzorexlol made their first contribution in https://github.com/diced/zipline/pull/1090
Full Changelog: https://github.com/diced/zipline/compare/v4.6.0...v4.6.1
Breaking Changes
- Minimum runtime requirement changed: Docker images now require Node.js version 24 (previously unspecified).
Security Fixes
- GHSA-gr35-qcpp-65w5 — unspecified vulnerability addressed in Docker image update
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About zipline
A ShareX/file upload server that is easy to use, packed with features, and with an easy setup!
Related context
Related tools
Beta — feedback welcome: [email protected]