the previous release had all the fun new features... this one's just bugfixes

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

no vulnerabilities since 2023-07-23

• there is a discord server with an @everyone in case of future important updates
• v1.8.7 (2023-07-23) - CVE-2023-38501 - reflected XSS
• v1.8.2 (2023-07-14) - CVE-2023-37474 - path traversal (first CVE)

bugfixes

• less aggressive rejection of requests from banned IPs 51d3158
  • clients would get kicked before the header was parsed (which contains the xff header), meaning the server could become inaccessible to everyone if the reverse-proxy itself were to "somehow" get banned
    • ...which can happen if a server behind cloudflare also accepts non-cloudflare connections, meaning the client IP would not be resolved, and it'll ban the LAN IP instead heh
      • that part still happens, but now it won't affect legit clients through the intended route
  • the old behavior can be restored with --early-ban to save some cycles, and/or avoid slowloris somewhat
• the unpost feature could appear to be disabled on servers where no volume was mapped to / 0287c7b
• python 3.12 support for compiling the dependencies necessary to detect bpm/key in audio files 32553e4

other changes

• mention real-ip configuration in the readme ee80cdb

💾 what to download?

• except for u2c.exe, all of the options above are equivalent
• the zip and tar.gz files below are just source code
• python packages are available at PyPI