filebrowser releases

What's Changed

Notes:

• When indexing is disabled for a source, the usage will always reported as partition size.
• removed deprecated source.config.disableIndexing, see rules

BugFixes:

• Disable index option not working (#2385)

Full Changelog: https://github.com/gtsteffaniak/filebrowser/compare/v1.3.9-beta...v1.3.10-beta

What's Changed

Security:

• [Critical] Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion GHSA-fwj3-42wh-8673 (thanks @Yesuhei)
• [Moderate] Stored XSS via SVG File in Public Share (Missing CSP Header) GHSA-mmpx-jh39-wrv6 (thanks @MuxiLyuLucy)

Notes:

• Creating/deleting password-based user requires reauthentication (#2112)

BugFixes:

• Fix context menu items and adjust when items show to more accurately reflect permissions.
• Quick download icon style after icon change.
• Missing error popup for resource creation actions (upload/create)
• EnforcedOtp login failure until restart (#2330)
• Thumbnails for Folders only display sporadically (#2353)
• Unwanted user scope change for users with non-default scopes (#2347)
• Fix sidebar source info totals (#2321) (#2322) (#982)
• Error uploading a large number of photos -- only 100 items get uploaded (#2348)
• TOTP works for admin but fails for standard users on re-login until Docker is restarted (#2330)
• No Loginfields shown if password authentication is set to false (#2331)

Full Changelog: https://github.com/gtsteffaniak/filebrowser/compare/v1.3.0-stable...v1.3.1-stable

What's Changed

BugFixes:

• Quick download icon style after icon change.
• Missing error popup for resource creatoin actions (upload/create)
• EnforcedOtp login failure until restart (#2330)
• Thumbnails for Folders only display sporadically (#2353)
• Unwanted user scope change for users with non-default scopes (#2347)
• Fix sidebar source info totals (#2321) (#2322) (#982)
• Error uploading a large number of photos -- only 100 items get uploaded (#2348)

Full Changelog: https://github.com/gtsteffaniak/filebrowser/compare/v1.3.7-beta...v1.3.8-beta

What's Changed

Notes:

• creating/deleting password-based user requires reauthentication (#2112)

BugFixes:

• TOTP works for admin but fails for standard users on re-login until Docker is restarted (#2330)
• No Loginfields shown if password authentification is set to false (#2331)

Full Changelog: https://github.com/gtsteffaniak/filebrowser/compare/v1.3.6-beta...v1.3.7-beta

What's Changed

[!CAUTION]
Breaking changes:

• (potentially breaking) for Docker users: the default user is now filebrowser (1000:1000) instead of root. see docs

New Features:

• New Sidebar Features
  • Sidebar tree navigation (#2006) (#350)
  • Source usage to be customized to show os-reported values rather than calculated. This can be changed per source by editing the source link in the sidebar. (#1266) (#982)
• Archive/Unarchive actions in UI (#1252) (#335) (#1569)
  • new api to archive/unarchive files on the server
  • requires create user permissions
  • archiving actions respect server.maxArchiveSize
• Added share icon to items that are shared (#1420)
• Authentication enhancements
  • LDAP login support with OIDC feature parity. (#591)
  • userGroup for OIDC and LDAP, only users in a group will get access. (#1964)
  • Add JWT token authentication support (#1364)
• Enhanced thumbnail and item previews
  • Added ability to show "motion preview" for folders with multiple child items that have previews. cycles through the first 4 images.
  • support for reading embedded images from raw image or heic/heif files (#215)
  • reorganized and simplified thumbnail settings in profile settings (#1968)
  • removed highQuality thumbnail option, which only affected gallery view. Now it's always enabled.
  • improved caching for unsupported images, the same file won't be attempted again with the same modtime.
  • supports 3d model previews.
• FileWatcher also supports watching directories
• Support previews for 3D model files (STL, OBJ, 3MF, etc.) (#1273)
  • supported formats via threejs: GLTF, GLB, OBJ, STL, PLY, DAE (Collada), 3MF, 3DS, USDZ, USD, USDA, USDC, AMF, VRML, WRL, VTK, VTP, PCD, XYZ, VOX, KMZ, FBX
  • supports animations (for formats that contain them)
  • supports embedded textures, external neighboring file textures, or textures in /textures subdirectory
• Enhanced prompts
  • All prompts have a taskbar with a close button
  • Prompts can be freely moved by dragging the taskbar
  • Prompt styling has been updated
  • Clicking outside of prompts no longer automatically closes them.
• add webdav support (#209) -- thanks to @reddac for (#1764)
  • see docs on how to use
  • requires api an un-customized api token as a password
  • respects access rules
  • requires download permission to view and modify/create/delete permission to modify.
• More user options for settings (#2072) (#2067):
  • Option to disable thumbnails userDefaults.preview.audio and userDefaults.preview.models for Audio and 3D Models.
  • Option to disable files in the Tree navigation userDefaults.hideFilesInTree
  • Option to disable source files deletion when creating/extracting archives. userDefaults.deleteAfterArchive
• Option in settings userDefaults.preferEditorForMarkdown to prefer editor first for Markdown files (#2136)
• Copy to clipboard button for code blocks in Markdown Viewer (#2160)
• Add "Last modified" filter in search dialog (#2157)
• Copy/paste files and folders (CTRL+C/CTRL+V) from other apps (win explorer, thunar, finder, etc) to upload them directly (#2197)
• Caption font size can be adjusted in video settings
• Ability to adjust the startup check method for SQL database via server.startupIntegrityCheck (#2221)
• Status bar for editor and markdown viewer (#2226)
• Epub placement URL anchors to bookmark a specific location on the doc.
• Add Requirement for Current Password When Changing Account Password or user for permissions and scope (#2112)
• Copy file path to clipboard through right-click (#2204)

Notes:

• user scope editing has path picker and filesystem validation
• removed upx compression on docker image (#2193)
• videos double-tap to fast-forward and rewind added.
• Adjust Image album swipe behavior (#2068)
  • swipe animation for next/previous
  • Swipe down on the image to close and go to the parent folder.
  • supports videos
• Chunked uploads will save to a temporary file at the destination and be renamed on completion. Better upload pause handling (#2129)
• The Icons in the UI were updated! (#2203)
  • More supported icons in the Icon Picker tool.
  • More file types have new icons across all the listings (such as .md, .apk, etc).
• removed upx compression on docker image (#2193)
• Chunked uploads will save to a temporary file at the destination and be renamed on completion. Better upload pause handling (#2129)
• deprecated source.config.CreateUserDir, now it's always true. If a user directory doesn't exist it will get created empty.
• CTRL+Mouse Wheel shortcut to change listing size. Also for changing font size in editor (#2227)
• Docs preview for text and PDF has a 2-second timeout. If it hangs for whatever reason, the maximum time would be 2 seconds. (#2105) (#2114)
• Downloading multiple file streams the archive creation rather than using cacheDir -- thanks @janakoram (#2125) (#2130)
  • server.maxArchiveSizeGB now defaults to 20 (GB) and only applies to archive/unarchive actions (not downloads).
  • The browser download progress bar will no longer show for archive downloads. This is the main drawback to the streaming approach.
  • should allow for much higher parallel download support and lower cleanup maintenance.
• remote IP in logs now prefers X-Forwarded-For if it exists, then X-Real-IP, then lastly the standard RemoteAddr. Useful when running behind a proxy to log the public IP of each request. (#2110)
• changed loading spinner style to be more compatible with Safari browsers.
• Share icon does not show in the share listing or for shares for other users.
• File Size Analyzer tool max items increased from 100 to 200.
• changed symlink detection logic.
• Docker images default to filebrowser user instead of root
• reorganized api routes
  • consolidated tags for swagger to be more accurately grouped
  • tools are all behind /api/tools routes
  • /api/raw is deprecated (but functional). The /api/resources/download route will be used instead.
  • /api/preview has been removed and replaced with /api/resources/preview
  • /api/onlyoffice has been replaced with /api/office
  • /api/shares has been moved to /api/share/list
  • /api/auth/tokens has been moved to /api/auth/token/list and /api/auth/token has been added to get specific token info
  • PUT /api/token has been moved to POST /api/token
  • /public/api/shareinfo has been moved to /public/api/share/info
  • POST /resources/bulk/delete api has been moved to DELETE /resources/bulk (#1984)

BugFixes:

• Long folder names get cut off at the top navigation bar (#1934)

Full Changelog: https://github.com/gtsteffaniak/filebrowser/compare/v1.2.4-stable...v1.3.0-stable

What's Changed

Notes:

• any password change or admin user property change for a password user requires reauthentication (#2112)

BugFixes:

• PWA icon fixes (#2292)
• deny-rule'd folders visible in directory listings (regression from v1.2.4-stable) (#2295)
• OTP and password requirement fixes (#2112) (#2263)
• CLI not picking up config properly
• Storage usage numbers on first load adjusted.
• Some items in userDefaults are not setting defaults for new users properly #2278
• Fix copy to clipboard and simplify code (#2281) (#2274)
• Fix search shortcut / and pdf previews (#2307)
• Special permissions bit not set when declared in createDirectoryPermission (#2283)
• Execute permission altered after editing sh script with FB Quantum (#2309)
• Source is red but working (#2289)

New Contributors

• @Gorupa made their first contribution in https://github.com/gtsteffaniak/filebrowser/pull/2272
• @nebula-it made their first contribution in https://github.com/gtsteffaniak/filebrowser/pull/2286

Full Changelog: https://github.com/gtsteffaniak/filebrowser/compare/v1.3.4-beta...v1.3.5-beta