-
Notifications
You must be signed in to change notification settings - Fork 6.4k
Expand file tree
/
Copy path9001.copyparty.locale.en-US.yaml
More file actions
56 lines (55 loc) · 3.03 KB
/
9001.copyparty.locale.en-US.yaml
File metadata and controls
56 lines (55 loc) · 3.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Created with YamlCreate.ps1 Dumplings Mod
# yaml-language-server: $schema=https://aka.ms/winget-manifest.defaultLocale.1.12.0.schema.json
PackageIdentifier: 9001.copyparty
PackageVersion: 1.20.11
PackageLocale: en-US
Publisher: ocv.me
PublisherUrl: https://github.com/9001/copyparty
PublisherSupportUrl: https://github.com/9001/copyparty/issues
Author: "9001"
PackageName: copyparty
PackageUrl: https://github.com/9001/copyparty/releases/tag/v1.19.17
License: MIT
LicenseUrl: https://github.com/9001/copyparty/blob/HEAD/LICENSE
Copyright: 2026, ed
ShortDescription: Portable file server with accelerated resumable uploads, dedup, WebDAV, FTP, TFTP, zeroconf, media indexer, thumbnails++ all in one file, no deps
Description: Portable file server with accelerated resumable uploads, dedup, WebDAV, FTP, TFTP, zeroconf, media indexer, thumbnails++ all in one file, no deps
Tags:
- copyparty
- file-server
- file-sharing
- file-upload-server
- ftp-server
- nas-frontend
- tftp-server
- webdav-server
ReleaseNotes: |-
GHSA-m6hv-x64c-27mm the nohtml volflag did not prevent javascript inside SVG images from executing -- a malicious user with write-access could upload an SVG file which would execute as javascript when someone opens it 1c9f894e
recent important news
- v1.20.9 (2025-02-25) fixed CVE-2026-27948 (XSS)
🧪 new features
- version-checker (thx @icxes!) c6965f06
- default-disabled; you must choose a URL to grab security advisories from to enable it
- periodically checks the security advisories and shows a warning in the controlpanel if you're running a vulnerable version
- can optionally panic and shutdown the server if you prefer that
- man, the timing on this though... absolute cinema
🩹 bugfixes
- fix nohtml not being aware that SVG images can execute javascript 1c9f894e
- a new volflag noscript was also added; nohtml will automatically enable noscript, but noscript can also be useful on its own; see readme
- various upload rules fixes:
- #1335 rotf couldn't handle trailing slash (thx @NecRaul!) 8e20506d
- #1337 rotn didn't always count correctly (thx @NecRaul!) 23d4a62e
- rotn didn't apply to dupes 00e821db
- combining rp-loc and site was a bit jank (thx @new-sashok724!) 31b23843
- global-option idp-store: 2 would result in excessive config reloading 1272de9d
- fix fd-leak when indexing certain compressed files, including epub books 8b5ac23e
- forget-ip: fix sqlite cursor-locking 37123e33
🔧 other changes
- #1316 Chinese translation got a huge makeover (thx @satgo1546 and @lxdlam!) b0152741
- #1324 better rclone advice on the connect-page 8941701a
- static website resources, previously served from /.cpr/ have moved to /.cpr/w/ for easier configuration of allowlists in reverseproxies and authentication middlewares 753ff548
🌠 fun facts
- according to the SVG spec, images being able to execute javascript is a feature and intentional behavior... what a concept!
ReleaseNotesUrl: https://github.com/9001/copyparty/releases/tag/v1.20.11
ManifestType: defaultLocale
ManifestVersion: 1.12.0