Releases: 9001/copyparty
an idp fix for xmas
- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone
in case of future important updates, such as vulnerabilities (most recently 2023-07-23)
recent important news
- v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
- v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
☃️🎄 there is still time 🎅🎁
❄️❄️❄️ please enjoy some appropriate music -- you'll probably like this more than the idp thing honestly ❄️❄️❄️
🧪 new features
- more improvements to the recent-uploads feature 87598dc
- move html rendering to clientside
- any changes to the filter-text applies in real-time
- loads 50% faster, reduces server-load by 30%
- inhibits search engines from indexing it
- move html rendering to clientside
🩹 bugfixes
- using idp without e2d could mess with uploads dd6e9ea
- u2c (commandline uploader): fix window title 946a8c5
- mDNS/SSDP: fix incorrect log colors when multiple primary IPs are lost 552897a
🔧 other changes
- ui: make it more obvious that the volume-control is a volume-control 7f04437
- copyparty.exe: update deps (jinja2, markupsafe, pyinstaller) c0dacbc
- improve safety of custom plugins 988a722
- if you've made your own plugins which expect certain values (host-header, filekeys) to be html-safe, then you'll want to upgrade
- also fixes rss-feed xml if password contains special characters
💾 what to download?
download link | is it good? | description |
---|---|---|
copyparty-sfx.py | ✅ the best 👍 | runs anywhere! only needs python |
a docker image | it's ok | good if you prefer docker 🐋 |
copyparty.exe | for win8 or later; built-in thumbnailer | |
u2c.exe | CLI uploader as a win7+ exe (video) | |
copyparty.pyz | similar to the regular sfx, mostly worse | |
copyparty32.exe | ⛔️ dangerous | for win7 -- never expose to the internet! |
cpp-winpe64.exe | ⛔️ dangerous | runs on 64bit WinPE, otherwise useless |
merry \x58mas
- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone
in case of future important updates, such as vulnerabilities (most recently 2023-07-23)
recent important news
- v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
- v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
☃️🎄 it is time 🎅🎁
❄️❄️❄️ please enjoy some appropriate music (trust me on this one, you won't regret it) ❄️❄️❄️
🧪 new features
- list of recent uploads eaa4b04
- new button in the controlpanel; can be disabled with
--no-ups-page
- only users with the dot-permission can see dotfiles
- only admins can see uploader-ip and upload-times
- enable
--ups-when
to let all users see upload-times
- enable
- new button in the controlpanel; can be disabled with
- #125 log decoded request-URLs 73f7249
- non-ascii filenames would make the accesslog a wall of
%E5%B9%BB%E6%83%B3%E9%83%B7
so print the decoded URL in addition to the original one, which is left as-is for debugging purposes
- non-ascii filenames would make the accesslog a wall of
🩹 bugfixes
- #126 improve dotfile handling 4c4e48b
- was impossible to delete a folder which contained hidden files if the user did not have the permission to see hidden files
- would also affect moving, renaming, copying folders, in which case the dotfiles would not be carried over to the new location
- now, dotfiles are always deleted, and always moved/copied into a new destination, on the condition that this is safe -- if the user has the dotfile permission in the target loocation but not in the source location, the dotfiles will be left behind to avoid accidentally making then browsable
- ux: cosmetic eta/idle-timer fixes 01a3eb2
🔧 other changes
- warn on ambiguous comments in config files da5ad2a
- avoid writing mojibake to the log 3051b13
- use
\x
-encoding for unprintable text
- use
⚠️ not the latest version!
4chrome
- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone
in case of future important updates, such as vulnerabilities (most recently 2023-07-23)
recent important news
- v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
- v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
🧪 new features
-
#124 add workaround for a chrome bug (crash during upload) 24ce46b
- chrome and chromium-based browsers could OOM
- https://issues.chromium.org/issues/383568268
-
#122 "hybrid IdP", regular users can still auth while IdP is enabled 64501fd
- previously, enabling IdP would entirely disable password-based login
- now, password-auth is attempted for requests without a valid IdP header
🩹 bugfixes
- the terminal window title would only change if
--no-ansi
was specified, which is exactly the opposite of what it should be (and now is) doing db3c0b0
🔧 other changes
- mDNS: better log messages when several IPs are added/removed a49bf81
- webdeps: update dompurify 0686860
this release includes a build of copyparty-winpe64.exe since the last one was almost a year ago
-
winpe64.exe is only for very specific usecases, you almost definitely do not want to download it, please just grab the regular copyparty.exe instead (works on all 64bit machines running win8 or newer)
-
the only difference between winpe64.exe and copyparty32.exe is that winpe64.exe works in the win7x64 PE (rescue-env), which makes it almost entirely useless, and every bit as dangerous to use as copyparty32.exe
⚠️ not the latest version!
ux is hard
- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone
in case of future important updates, such as vulnerabilities (most recently 2023-07-23)
recent important news
- v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
- v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
🧪 new features
- improve the upload ui so it explains how to abort an unfinished upload when someone uploads to the wrong folder by accident be6afe2
- also reduces serverload slightly when cloning an incoming file to multiple destinations
- u2c (commandline uploader): windows improvements 9163780
- now supports globbing (filename wildcards) on windows
- progressbar in the windows taskbar (requires conemu or the "new windows terminal")
⚠️ not the latest version!
120%
note: docker images were last updated 2024-12-06, 17:26 UTC (alpine 3.21, python 3.12.8)
- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone
in case of future important updates, such as vulnerabilities (most recently 2023-07-23)
recent important news
- v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
- v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
🧪 new features
- #120 add option
--srch-excl
and volflagsrch_excl
for excluding certain paths from search results 697a4fa - mDNS: add workaround for avahi/avahi#379 6c1cf68 94d1924
- Avahi mDNS Reflection, sometimes used in intricate LAN setups, doesn't understand NSEC records and corrupts them
- the workaround makes copyparty able to read the corrupted packets, but clients without a similar workaround will require either
--zm4
or--zm6
so copyparty doesn't include the usual NSEC records- this is mentioned in a very loud warning in the logs when necessary
- mDNS: option to silently ignore buggy devices instead of spamming the log with parser errors 395af05
- webdav: support listing unmapped root with infinite recursion (Depth:0) 21a3f36
- embed current sort config into media URLs (gallery/music) 0f257c9 4cfdc4c 0167082
- ensures that anyone clicking your link will see the files in the same order as you
- can be confgured serverside (
--hsortn
, volflaghsortn
) and clientside (#sort
in settings)
- URL and UI options to disable checksum calculation of PUT, bup, basic uploads c5a000d
- also allows choosing either md5, sha1, sha256, or blake2 instead of the default sha512
- can give uploads a nice speed boost when copyparty is running on a potato
🩹 bugfixes
- webdav: more correct login challenge 2ce8233
- the previous behavior could make some clients reluctant to send the password
- #120 forget metadata of all files (including uploads) when shadowed d168b2a
- thanks to @Gremious for all the debugging to narrow this down!
- #120 drop volume caches if relevant config is changed (mainly indexing filters) 2f83c6c
- #121 couldn't access arbitrary toplevel files from accounts with
h
permission 1f5f42f
🔧 other changes
- exclude thumbnails from accesslog by default 9082c47
- filesearch: show a final summary of time-elapsed and average hashing speed 8a631f0
- improve phrasing of debug messages during indexing at startup 127f414
--license
no longer depends on opensource.org at build time 33c4ccf- update deps 6cedcfb
- copyparty.exe: python 3.12.7 => 3.12.8
- webdeps: hashwasm, dompurify
⚠️ not the latest version!
webdav upload fix
- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone
in case of future important updates, such as vulnerabilities (most recently 2023-07-23)
recent important news
- v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
- v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
🧪 new features
- add
--nsort
and volflagnsort
to default-enable natural sort of filenames with leading digits 8f7ffcf - video-player: support
.mov
files which contain browser-native codecs 2d0cbdf
🩹 bugfixes
- #119 v1.16.0 broke webdav uploads from rclone and possibly other clients 7dfbfc7
- a collection of webdav unittests will be added soon to prevent similar issues in the future
- #118 ip-ranges can be mixed with
lan
when specifying the list of trusted proxies forx-forwarded-for
with--xff-src
- found and fixed by @codemicro (thx!) 0e31cfa
- ux:
🔧 other changes
- upto 7% faster folder listings due to refactoring for more ux knobs 0c43b59
- fix resource leaks (only affected tests/debug) 2ab8924
⚠️ not the latest version!
cbz thumbnails
- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone
in case of future important updates, such as vulnerabilities (most recently 2023-07-23)
recent important news
- v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
- v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
🧪 new features
- thumbnails of .cbz manga archives 4d15dd6
🩹 bugfixes
- when running with
-j0
, download-ETA could break in complex volume layouts 10fc476 - linking to the image gallery didn't quite work if multiselect was enabled 56a0499
- password-hashing parameters (cpu/ram cost) could not be customized 1f17752
- the defaults must be perfect considering nobody ever tried changing them ¯\(ツ)/¯
🔧 other changes
- add intentional crash on startup if two volumes are configured to use the same histpath 2b63d7d
- prevents funky deadlocks and an eventual database loss in case of a no-thoughts-head-empty moment, purely hypothetical of course 🗿
⚠️ not the latest version!
COPYparty
- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone
in case of future important updates, such as vulnerabilities (most recently 2023-07-23)
recent important news
- v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
- v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
🧪 new features
- #46 #115 copy/paste files and folders cacec9c
- cut/paste still exists, but now you can copy too
- with a UI to rename files in case of filename collisions 56317b0
- files are created according to the dedup settings in the target volume (either full copies or symlinks/hardlinks)
- show currently active downloads in the controlpanel 8aba5ae
- can be made admin-only with
--dl-list=1
or disabled with--dl-list=0
- hides filenames of hidden files, and files from volumes where the viewer doesn't have access
- can be made admin-only with
- #114 async reinit on new IdP users 44ee07f
- new IdP users can now always auth, even while a filesystem reindex is running
- ux:
🩹 bugfixes
- folders that fail to list due to a corrupt HDD/filesystem will now return a 404 instead of an empty listing 119e88d
- also fixes similar issues in u2c and partyfuse
- u2c (commandline uploader): detect and adapt to proxies with short connection keepalives c784e52
- ui/ux:
🔧 other changes
- choose more conservative defaults when server has less than 1 GiB RAM 2bf9055
- runs okay down to 128 MiB, but thumbnails die below 256 MiB
- update the comparison to similar software after years of optimizations on both sides 0ce7cf5
⚠️ not the latest version!
temporary upload links
- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone
in case of future important updates, such as vulnerabilities (most recently 2023-07-23)
recent important news
- v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
- v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
🧪 new features
- shares can now be uploaded into, and unpost works too 4bdcbc1
- useful to create temporary URLs for other people to upload to
- shares can be write-only, so visitors can't browse or see any files
- #110 HTTP 304 (caching):
- support
If-Range
for HTTP 206 159f51b - add server-side and client-side options to force-disable cache dd6dbdd
--no304=1
shows a button in the controlpanel to disable caching--no304=2
makes that button auto-enabled- even when
--no304
is not specified, accessing the URL/?setck=no304=y
force-disables cache - when cache is force-disabled, browsers will waste a lot of network traffic / data usage
- might help to avoid bugs in browsers or proxies, for example if media files suddenly stop loading
- but such bugs should be exceedingly rare, so do not enable this unless actually necessary
- support
🩹 bugfixes
- #110 HTTP 304 (caching):
- remove
Content-Length
andContent-Type
response headers from 304 replies 9124023- browsers don't need these, and some middlewares might get confused if they're present
- remove
- #113 fix crash on startup if
-j0
was combined with--ipa
or--ipu
3a0d882 - #111 fix javascript crash if
--u2sz
was set to an invalid value b13899c
🔧 other changes
- #110 HTTP 304 (caching):
- never automatically enable k304 because the
Vary
header killed support for caching in msie anyways 63013cc - change time comparison for
If-Modified-Since
to require an exact timestamp match, instead of the intended "modified since". This technically violates the http-spec, but should be safer for backdating file mtimes 159f51b
- never automatically enable k304 because the
- new option
--ohead
to log response headers 7678a91 - added nintendo 3ds to the list of supported browsers cb81f0a
⚠️ not the latest version!
rss server
- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone
in case of future important updates, such as vulnerabilities (most recently 2023-07-23)
recent important news
- v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
- v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
🧪 new features
- #109 rss feed generator 7ffd805
- monitor folders recursively with RSS readers
🩹 bugfixes
- #107
--df
diskspace limits was incompatible with webdav 2a570bb - #108 up2k javascript crash (only affected the Chinese translation) a7e2a0c
🔧 other changes
- up2k: detect buggy webworkers 5ca8f07
- up2k: improve upload retry/timeout logic a9b4436
- js: make handshake retries more aggressive
- u2c: reduce chunks timeout + ^
- main: reduce tcp timeout to 128sec (js is 42s)
- httpcli: less confusing log messages