Skip to content

Releases: centrolabs/ObjeX

v1.2.0

13 Apr 22:36
@MeritonAliu MeritonAliu
v1.2.0
89f70cd

Choose a tag to compare

View all tags
v1.2.0 Latest
Latest

Fixed

  • Blazor UI not interactive in Docker (blazor.web.js 404) — .NET 10 RCL requires RequiresAspNetWebAssets + MapStaticAssets
  • Docker bind mount permissions: entrypoint fixes /data ownership via setpriv (named volumes unaffected)
  • S3 PUT Object returned 201 instead of 200 (broke warp and some SDKs)
  • S3 aws-chunked transfer encoding not decoded, stored chunk framing as part of object data
  • Response compression applied to S3 port, causing size mismatches on download
  • Eliminated 15 CVEs by replacing gosu with setpriv (already in base image)

Full changelog: CHANGELOG.md

Full Changelog: v1.1.0...v1.2.0

Assets 2
Loading

v1.1.0

08 Apr 23:51
@github-actions github-actions
v1.1.0
e9a341f

Choose a tag to compare

View all tags
v1.1.0

Added

  • NuGet lock files for reproducible builds
  • Dockerfile HEALTHCHECK, non-root user, layer caching
  • Helm chart: Kubernetes Secret, securityContext, ServiceAccount, NOTES.txt, _helpers.tpl
  • CI: NuGet cache, job timeout, concurrency control with cancel-in-progress
  • CD: CI gate before publish, Docker layer cache, concurrency control

Fixed

  • Deactivated users could still access S3 API via SigV4 credentials
  • Open redirect on login via unvalidated returnUrl
  • XML injection in SigV4 error responses
  • CORS policy applied globally instead of S3 port only
  • Custom metadata headers writable to arbitrary response headers (now filtered to x-amz-meta-* on read)
  • Insecure password generation using Random.Shared instead of RandomNumberGenerator
  • CopyObject skipped destination key validation
  • Batch delete accepted unlimited keys (now capped at 1000 per S3 spec)
  • ListParts returned parts without ownership check
  • Blazor object delete only removed metadata, left orphaned blob on disk
  • HashingStream did not dispose inner stream (file handle leak)
  • Fire-and-forget task using scoped DbContext in SigV4 middleware
  • eval() calls replaced with proper JS interop
  • Dashboard file type chart showing raw MIME subtypes instead of file extensions

Improved

  • ZIP download and upload dialog stream directly instead of buffering in memory
  • Dashboard loads file type stats via server-side query instead of all objects into memory
  • Users page N+1 role query eliminated with batch loading
  • CancellationToken propagation in S3 upload, download, copy, and delete paths
  • UpdateBucketStats uses direct update instead of load-then-save
  • Radzen.Blazor pinned to exact version (was * wildcard)
  • Microsoft packages aligned to 10.0.5

Removed

  • Unused User.StorageUsedBytes property

Full changelog: CHANGELOG.md

Loading

v1.0.0

01 Apr 20:19
@github-actions github-actions
v1.0.0
7a5ae05

Choose a tag to compare

View all tags
v1.0.0

Added

  • PostgreSQL as opt-in database backend (DATABASE_PROVIDER=postgresql)
  • Audit log with Admin-only UI at /audit
  • Prometheus /metrics endpoint (HTTP request stats + per-bucket storage gauges)
  • Helm chart for Kubernetes deployment (charts/objex/)
  • Storage quota enforcement (per-user and global default)
  • Image and PDF inline previews (image, video, audio, PDF, text)
  • Bulk select with bulk delete + ZIP download
  • File metadata viewer dialog
  • Storage analytics charts (per-bucket donut, objects column, file types)
  • ETag integrity verification on read (opt-in x-objex-verify-integrity header)
  • Automated test suite — 113 xUnit tests (unit + integration, real SQLite, no mocks)

Fixed

  • BucketNameValidator rejected digit-start/end bucket names
  • Duplicate bucket creation returned 500 instead of 409
  • SigV4 auth missing role claims for Admin/Manager
  • Concurrent upload .tmp file collision

Full changelog: CHANGELOG.md

Loading

v0.2.0

31 Mar 01:22
@github-actions github-actions
v0.2.0
ee562b1

Choose a tag to compare

View all tags
v0.2.0

Added

  • S3 POST Object (presigned POST via form-field auth)
  • S3 DeleteObjects batch delete (POST /{bucket}?delete)
  • Startup seeding of buckets and S3 credentials via config/env vars
  • User management UI — Admin/Manager roles, create/deactivate/delete users, forced password change
  • Bucket ownership — users see only their own buckets; Admin/Manager see all
  • ListObjectsV2 (?list-type=2) with continuation token support
  • Presigned PUT URL support

Fixed

  • Object action icon visibility in light mode

Full changelog: CHANGELOG.md

Loading

v0.1.0

30 Mar 00:15
@github-actions github-actions
v0.1.0
379b346

Choose a tag to compare

View all tags
v0.1.0

Added

  • Core blob storage with content-addressable filesystem layout
  • S3-compatible API on port 9000 — bucket CRUD, object CRUD, AWS Signature V4 auth
  • S3 multipart upload (Initiate/UploadPart/Complete/Abort) with 5GB+ support
  • Presigned GET URLs with configurable expiry
  • Blazor Server UI — dashboard with charts, bucket browser, virtual folder navigation, drag-and-drop upload, dark mode
  • ASP.NET Core Identity with Admin/User roles, cookie auth for UI, SigV4 for S3
  • S3 credential management (create/delete, one-time secret display)
  • Hangfire background jobs — orphan blob cleanup, integrity verification, abandoned multipart cleanup
  • Profile page with username, email, password management
  • Docker multi-arch image (amd64/arm64) published to GHCR
  • CI pipeline (build gate on push to main and PRs)
  • Health checks (/health, /health/ready)

Full changelog: CHANGELOG.md

Loading