v1.6.1

Security alert

The fix introduced on v1.6.0 (#564) still had a bug allowing any IP to bypass basic http auth in case an IP whitelist was set, regardless the IP was matching the IP or not. This release include the fix for the bug.

What's Changed

• server/server.go: use TLS config provided by acme/autocert by @stefanbenten in #567
• Bump golang.org/x/net from 0.8.0 to 0.17.0 by @dependabot in #581
• deps: remove ioutil package by @ginglis13 in #583
• Bump google.golang.org/grpc from 1.53.0 to 1.56.3 by @dependabot in #586
• Fixes transfer() issues by @luizluca in #579
• Add new example by @AdamsGH in #574

New Contributors

• @ginglis13 made their first contribution in #583
• @luizluca made their first contribution in #579
• @AdamsGH made their first contribution in #574

Full Changelog: v1.6.0...v1.6.1

v1.6.0

Security alert

Since the first commit merged on main branch after v.1.5.0, including docker images tagged as edge (#537) we had a bug that disabled the basic auth feature. This release include the fix for the bug as well as the new feature that introduced the bug: ie, using and htpasswd file for basic auth credentials.

What's Changed

• add http-auth-htpasswd by @aspacca in #537
• add IP_FILTERLIST_BYPASS_HTTP_AUTH by @aspacca in #538
• Add Vary headers in responses by @kotx in #536
• call WriteHeader after last change to header map by @aspacca in #542
• Add charset to content type in getHandler by @snowphone in #545
• Dockerfile: Use Go 1.20 by default by @adamantike in #550
• Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by @dependabot in #552
• Add mime.types to docker container to select charset properly by @snowphone in #547
• Upgrade github.com/urfave/cli to v2 by @adamantike in #551
• Improve purgeTime display in web page by @natilou in #558
• Improve Docker layer caching for Go dependencies by @adamantike in #560
• Upgrade aws-sdk-go to v2 by @adamantike in #559
• fix basic auth by @aspacca in #564

New Contributors

• @kotx made their first contribution in #536
• @snowphone made their first contribution in #545
• @adamantike made their first contribution in #550
• @natilou made their first contribution in #558

Full Changelog: v1.5.0...v1.6.0

Accept range requests, client side gpg encryption and file paste on front-end

What's Changed

• server: reorganize storage layer into more clear subfolder by @stefanbenten in #496
• all: update gdrive client and various linting cleanups by @stefanbenten in #497
• Fixed improper implementation of content type by @blind-intruder in #501
• bump transfer.sh-web dep by @aspacca in #504
• Add /tmp dir to Docker image by @am97 in #506
• Fix for unrecognized flags on du by @frankievalentine in #488
• server: do not ignore listening errors by @mpl in #523
• min go version 1.18, include tip for test by @aspacca in #532
• Bump golang.org/x/crypto from 0.0.0-20220131195533-30dcbda58838 to 0.1.0 by @dependabot in #533
• Bump golang.org/x/net from 0.0.0-20220513224357-95641704303c to 0.7.0 by @dependabot in #534
• Lint accept range by @aspacca in #535
• gpg encryption support by @aspacca in #162

New Contributors

• @blind-intruder made their first contribution in #501
• @am97 made their first contribution in #506
• @frankievalentine made their first contribution in #488
• @mpl made their first contribution in #523

Full Changelog: v1.4.0...v1.5.0

Clamav prescan and minor fixes and improvement

What's Changed

• go.mod,go.sum: bumping storj dependency by @stefanbenten in #454
• .github/workflows: adding golangci-lint as new job by @stefanbenten in #453
• server/handlers.go,storage.go: smaller fixes by @stefanbenten in #452
• server: propagate context to storage layer by @stefanbenten in #455
• Clamav prescan by @aspacca in #389
• fix perform-clamav-prescan by @aspacca in #460
• server/storage.go: Update storj dependencies and set user-agent by @stefanbenten in #467
• Add X-Url-Delete-* headers to POST handler by @anihm136 in #435
• Docker: Allow selection of (unprivileged) UID/GID at build time by @lkubb in #418
• Correct typo in CODE_OF_CONDUCT.md by @keks24 in #480
• server: adding no-store header by @stefanbenten in #476
• .github/,go.mod,go.sum: Update storj dependencies, drop older go versions by @stefanbenten in #468
• Example Zsh/Bash function for transfer.sh homepage by @keks24 in #478
• Issue 485 by @aspacca in #486

New Contributors

• @anihm136 made their first contribution in #435
• @lkubb made their first contribution in #418
• @keks24 made their first contribution in #480

Full Changelog: v1.3.1...v1.3.2

A minor release: docs and bugfixing

What's Changed

• Golint by @aspacca in #404
• Update README.md by @modem7 in #414
• Update README.md by @mazedlx in #415
• Edited code of conduct for more information and corrected a grammatical error by @whosoumilarora in #421
• Fix path by @mattn in #416
• fix missed errors by @matsuyoshi30 in #417
• Implement Nix Flake by @ysndr in #424
• issue #420 return 400 response when Max-Days is too big by @kugiyasan in #422
• issue #420 added MaxDate.IsZero() check by @kugiyasan in #427
• Add uploading and copy download command by @GanZhiXiong in #412
• fix in force-https redirect by @aspacca in #441
• remove tor, remove bitcoin, fix contact us by @aspacca in #447

New Contributors

• @modem7 made their first contribution in #414
• @mazedlx made their first contribution in #415
• @whosoumilarora made their first contribution in #421
• @mattn made their first contribution in #416
• @matsuyoshi30 made their first contribution in #417
• @ysndr made their first contribution in #424
• @kugiyasan made their first contribution in #422
• @GanZhiXiong made their first contribution in #412

Full Changelog: v1.3.0...v1.3.1

Deletion on UI, few enhanchements and bug fixes

New features:

• Deletion on UI (#353)

Enhanchments:

• Version on build time for Docker and releases
• Purge time and max upload size on UI reflect configuration
• Releases for multiple targets and in archive fromat (tar gz) (thanks @wc7086)

Fixes:

• Fix for #398
• Fix for #380
• Fix for #377

v1.2.6

This is a patch release to provide static binaries in releases

v1.2.4

This is a security release, disclosures of details will follow.
Highly suggested to update to this version.

Others changes:

• .UrlRandomToken available in templates to help building custom url to the upload
• --random-token-length|RANDOM_TOKEN_LENGTH startup setting to define length of the url random token

This release fixes
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33497

Thanks to RyotaK for reporting them

v1.2.3

• Optimization on metadata writes @JustAnotherArchivist
• Optimization on reader for sanitisation @aspacca
• Migration to github actions @marzocchi

v1.2.2

• bump dependecies
• sanitize html in inline handler
• fix in docker/binary build