zipline

v4.6.2 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 22h File Storage & Sync

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

docker file-server file-sharing file-upload file-uploader gallery

+7 more

mantine reactjs screenshot sharex sharex-server sharex-uploader zipline

Affected surfaces

auth rce_ssrf

ReleasePort's take

Moderate signal

editorial:auto 20h

ReleasePort v4.6.2 patches GHSA‑identified vulnerabilities and improves several UI components.

Why it matters: The update closes security exposures referenced by GHSA‑2h25‑m8rf‑v86j and GHSA‑84c9‑r2mj‑p9pp, affecting the stats page handling large data sets; apply immediately to mitigate risk.

Summary

AI summary

GHSA vulnerability fixes close security exposures.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Patches vulnerabilities identified by GHSA-2h25-m8rf-v86j and GHSA-84c9-r2mj-p9pp Patches vulnerabilities identified by GHSA-2h25-m8rf-v86j and GHSA-84c9-r2mj-p9pp Source: llm_adapter@2026-06-03 Confidence: high	—
Feature
Feature	Low	Enhances mimetype detection and handling logic Enhances mimetype detection and handling logic Source: llm_adapter@2026-06-03 Confidence: high	—
Feature	Low	Allows folder navigation by name via `/folder/<name>` endpoint Allows folder navigation by name via `/folder/<name>` endpoint Source: llm_adapter@2026-06-03 Confidence: high	—
Feature	Low	Introduces activity chart for uploads and logins on the home page Introduces activity chart for uploads and logins on the home page Source: llm_adapter@2026-06-03 Confidence: high	—
Feature	Low	Adds removable recents, activity chart, and file‑type table options in dashboard settings Adds removable recents, activity chart, and file‑type table options in dashboard settings Source: llm_adapter@2026-06-03 Confidence: high	—
Bugfix
Bugfix	Medium	Prevents access to thumbnails when their associated file is password‑protected Prevents access to thumbnails when their associated file is password‑protected Source: llm_adapter@2026-06-03 Confidence: high	—
Bugfix	Medium	Improves performance of stats page when loading all‑time statistics Improves performance of stats page when loading all‑time statistics Source: llm_adapter@2026-06-03 Confidence: low	—
Bugfix	Low	Resolves styling inconsistencies across the web application Resolves styling inconsistencies across the web application Source: llm_adapter@2026-06-03 Confidence: high	—

Full changelog

🚨 GHSA-2h25-m8rf-v86j, GHSA-84c9-r2mj-p9pp

What's changed

fixed stats page with large data
- a lot faster when loading all time stats
fixed inconsistencies with styling around the web app
fixed thumbnails being accessible when their file has a password
added better mimetype handling
added folder reference by name, /folder/<name>
added activity chart for uploads and logins
added removable recents / activity chart / file type table from dashboard settings

Pulls merged

feat: add user activity chart on home page by @notzorexlol in https://github.com/diced/zipline/pull/1092

Full Changelog: https://github.com/diced/zipline/compare/v4.6.1...v4.6.2

Security Fixes

GHSA-2h25-m8rf-v86j — unspecified vulnerability fix
GHSA-84c9-r2mj-p9pp — unspecified vulnerability fix

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track zipline

Get notified when new releases ship.

About zipline

A ShareX/file upload server that is easy to use, packed with features, and with an easy setup!

All releases →