FileRise
File Storage & SyncSelf‑hosted web file manager with WebDAV, per‑folder ACLs, optional folder‑level encryption, and OnlyOffice integration.
Features
- Self‑hosted “cloud drive” running via Docker or a PHP web server (no external DB required)
- Granular per‑folder access control lists (ACLs) enforced across UI, API, and WebDAV
- Optional folder‑level encryption at rest with transparent decryption on download
Recent releases
View all 40 releases →
v3.13.0
Maintenance
Minor fixes and improvements.
Full changelog
Changes 05/07/2026 (v3.13.0)
release(v3.13.0): DOMPurify and phpseclib dependency updates
Commit message
release(v3.13.0): DOMPurify and phpseclib dependency updates
- deps(frontend): upgrade bundled DOMPurify from 3.3.1 to 3.4.2
- deps(composer): upgrade phpseclib/phpseclib to 3.0.52
Changed
- Dependency security maintenance
- Updated bundled DOMPurify from
3.3.1to3.4.2and pointed the app shell at the new vendored path. - Updated
phpseclib/phpseclibto3.0.52in Composer dependencies and the locked dependency set.
- Updated bundled DOMPurify from
v3.13.0
Full Changelog
SHA-256 (zip)
d10522271eeadb3556329ab87b292faf5b143b7035dea78c1a0d63f4e3ad977e FileRise-v3.13.0.zip
v3.12.0
Security relevant
⚠ Upgrade required
- Users needing to replace their authenticator must disable TOTP and enable it again to generate a fresh enrollment.
Security fixes
- TOTP setup flow hardening: QR generation now requires a fully authenticated profile session and disallows reusing existing TOTP enrollment data, closing an abuse vector.
Full changelog
Changes 04/29/2026 (v3.12.0)
release(v3.12.0): TOTP setup flow hardening
Commit message
release(v3.12.0): TOTP setup flow hardening
- auth(totp): tighten setup QR access to fully authenticated profile sessions
- auth(totp): avoid reusing existing TOTP enrollment data during setup
Fixed
- TOTP setup flow hardening
- Tightened TOTP setup so enrollment QR generation is only available from a fully authenticated profile session.
- Accounts that already have TOTP configured are no longer offered a setup QR for the existing enrollment.
- Existing TOTP sign-in, recovery-code, disable, and first-time setup flows remain supported.
Changed
- Authenticator re-enrollment behavior
- Users who need to enroll a replacement authenticator should disable TOTP and enable it again to generate a fresh enrollment.
v3.12.0
Full Changelog
SHA-256 (zip)
40e8c5c1c30f6196c0dabe69437377ddb9ca6a7fba4440de4e63e6da152673a2 FileRise-v3.12.0.zip
v3.11.2
Security relevant
Security fixes
- Variable-time HMAC comparison vulnerability in SSH2::get_binary_packet() (phpseclib/phpseclib 3.0.51)
Full changelog
Changes 04/16/2026 (v3.11.2)
release(v3.11.2): phpseclib security dependency update
Commit message
release(v3.11.2): phpseclib security dependency update
- deps(composer): upgrade phpseclib/phpseclib to 3.0.51 to pick up the latest upstream security fix
Changed
- Dependency security maintenance
- Updated
phpseclib/phpseclibto3.0.51in Composer dependencies to pick up the current upstream security fix in the locked dependency set. - This release addresses the upstream advisory covering variable-time HMAC comparison in
SSH2::get_binary_packet().
- Updated
v3.11.2
Full Changelog
SHA-256 (zip)
ab30b6a719d042ba638332d136870449a2f94d9355b85b00e939cb55989909ff FileRise-v3.11.2.zip
v3.11.1
Security relevant
Security fixes
- Deleted-account session invalidation
- Remember-me token revocation
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
About
Stars
964
Forks
43
Languages
JavaScript
PHP
CSS
Install & Platforms
Install via
docker
