filebrowser releases - releaseport

Review required

v2.63.10 Bug fix 10h

Auth RBAC

Write access at root

Open

Review required

v2.63.9 Bug fix 14h

Auth RCE / SSRF

Share token safety + symlink escape

Open

Review required

v2.63.8 Bug fix 15h

RBAC

Scope validation for shares

Open

Review required

v2.63.7 Bug fix 15h

Auth

Fix share validation

Open

Upgrade now

v2.63.6 Security relevant 16h

Auth RBAC

Security disclosures fixed

Open

No immediate action

v2.63.5 Bug fix 13d

Router undefined catch‑all fix

Open

No immediate action

v2.63.4 Bug fix 17d

Admin shares visibility

Open

v2.63.3 Bug fix 29d

Fixed conflict modal and added a resume transfer option for file transfers.

Full changelog

Changelog

ca5e249e3c0c94159c2136a0cd431a424eb18472 chore(release): 2.63.3
f4e148523e0dc9242081831b53544396f995c611 fix: Fix conflict modal and add a resume transfert option (#5884)
1f22fe65ecc41ff9ca6dc3128bb914793dd5b44f chore(deps): update all non-major dependencies (#5926)
e2bdf6f747dc90123a555ba58390aff2e34bf9dd chore: update translations
d236f1c563eee40488ee9cea0745bda4f2b261a4 chore(deps): update dependency marked to v18 (#5897)
4edf425a9fae15b7e555b033f33c77ddf1302f61 chore(i18n): add a translation for disk usage (#5916)
a1a7ac4f04706200cdd29a86951a84b7e5461520 chore: update translations (#5918)
74917c80370ef97e3cb973ab2a751d0aa61d4c62 chore(deps): update all non-major dependencies (#5915)
7bd27f5e823651420cedd87a6c6503b1a954a4dd chore: sync translations (#5901)
9f4288b1b4e8e197ec2ec2ca093e7bf761efd142 docs: Update documentation links in Global.vue (#5905)
41b801d30c736c8ca863e2be6aece7d99e92129e fix: correct environment variable in compose.yaml (#5910)
da6b7ac26b7d2dce84131435885e144492859146 chore(deps): update all non-major dependencies (#5912)
7f8b920aa4c2eb22d22bad7763e7fd880b63333d chore(deps): update actions/upload-pages-artifact action to v5 (#5913)
dd53644acbecd7b8b788396aa8dd133ae006382c chore(release): 2.63.2
9b80a9aa6cf87700624fa6e0ba5fe8eac71d84d7 chore(deps): update all non-major dependencies (#5870)
0321415a152b6c20e44c6f4afbffd0ed34919e22 chore: pull translations (#5871)
23e84c997422ef058dc8e348cba75e77b23aaf84 docs: update PR template
0fadf28b18e506ddca0027e83ebe567ac57932bf fix(preview): let arrow keys seek video instead of switching files (#5895)
871f33789259d644ec3ed89aa38f6bf20b72c42a chore(deps): update pnpm/action-setup action to v6 (#5898)

View release on GitHub

v2.63.2 Maintenance 1mo

## Changelog * 7970c26cbcb8c7dc8abf12f95fe2b97d6c89d577 chore(release): 2.63.2

View release on GitHub

v2.63.1 Security relevant 2mo

Security fixes

Restricted permissions for proxy-auth auto-provisioned users
Directory boundary enforcement in rule matching
Share owner permission validation

Full changelog

Changelog

29c73eaca6a7b91f0de3c73536a0d0a21eeda03e chore(release): 2.63.1
f13c7c8cffd6d58ff29c4a6763ced1385f69961e fix: restrict default permissions for proxy-auth auto-provisioned users (#5890)
1e03feadb550e4414b5589a6a8df57f538efba15 fix: check download permission in resource handler (#5891)
8adf127c7d33585333b8030869f6f318e6517179 fix: enforce directory boundary in rule path matching (#5889)
7dbf7a3528234b2a9ee9c4115e8ecf58d258ca51 fix: check share owner permissions on public share access (#5888)

View release on GitHub

v2.63.0 Mixed 2mo

Security fixes

Download permissions now enforced when sharing is enabled

Notable features

Copy operation on drag-and-drop with Ctrl key

Full changelog

Changelog

65a837de4916c054a89258bf84b35f075158a1b5 chore(release): 2.63.0
876cdb34265b090c2a74a69509f4106f2c5e8726 feat: enable copy operation on drag‑and‑drop with ctrl key (#5882)
2f805de5274514c627f61e2b648fc7a9b8eadb2c docs: update docker compose
7a16129bfc07dbdc2fa52b99d2985c1bc0ea12e2 fix(tus): reject negative upload-length to prevent inconsistent cache entry (#5876)
0f39bd055efdadc15abd2f8146cf5da3793f8318 fix: check download permission when sharing permission is enabled (#5875)

View release on GitHub

v2.62.2 Security relevant 2mo

Security fixes

Fixed HTML template XSS vulnerability
Fixed scripted content injection in EPUB files
Fixed JSON escaping vulnerability

View release on GitHub

v2.62.1 Bug fix 2mo

Fixed redirect behavior for base URL and reverse proxy configurations

View release on GitHub

v2.62.0 Bug fix 2mo

Notable features

Fixed permission.share dependency on share.download
Improved upload conflict handling for folders
Better config parse error surfacing

View release on GitHub

v2.61.2 Bug fix 2mo

Notable features

CSV viewer now supports missing text encodings
Password validation enhanced with modal confirmation

View release on GitHub

v2.61.1 Bug fix 3mo

Fixed permission validation for TUS Delete file operations.

View release on GitHub

v2.61.0 New feature 3mo

Notable features

Improved conflict resolution when uploading, copying, or moving files

View release on GitHub

v2.60.0 New feature 3mo

Notable features

Modal lifecycle improvements
CSV viewer enhancements

View release on GitHub

v2.59.0 New feature 3mo

Notable features

Direct image button
Equation rendering in markdown preview

View release on GitHub

v2.58.0 New feature 3mo

Notable features

CSV multi-encoding support
Dutch language support
Improved error response handling

View release on GitHub

v2.57.1 Maintenance 3mo

Fixed field capitalization normalization, addressed build process issues, and added comprehensive documentation for hook-based authentication methods.

View release on GitHub

v2.57.0 New feature 4mo

Notable features