• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-02-25)

recent important news

• v1.16.15 (2025-02-25) fixed low-severity xss when uploading maliciously-named files
• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

NEW: make it a bootable usb flashdrive

get the party going anywhere, anytime, no OS required! download flashdrive image or watch the low-effort demo video which eventually gets to the copyparty part after showing off a bunch of other stuff on there

• there is source code and build instructions too
• please don't take this too seriously

🧪 new features

• option to specify max-size for download-as-zip/tar 494179b 0a33336
  • either the total download size (--zipmaxs 500M), and/or max number of files (--zipmaxn 9k)
  • applies to all uesrs by default; can also ignore limits for authorized users (--zipmaxu)
  • errormessage can be customized with --zipmaxt "winter is coming... but this download isn't"
• appledoubles are detected and skipped when uploading with the browser-UI 7820840
• IdP-volumes can be filtered by group 9c2c423
  • [/users/${u}] in a config-file creates the volume for all users like before
  • [/users/${u%+canwrite}] only if the user is in the canwrite group
  • [/users/${u%-admins}] only if the user is NOT in the admins group

🩹 bugfixes

• when moving a folder with symlinks, don't expand them into full files 5ab0976
  • absolute symlinks are moved as-is; relative symlinks are rewritten so they still point to the same file when possible (if both source and destination are indexed in the db)
  • the previous behavior was good for un-deduplicating files after changing the server-settings, but was too inconvenient for all other usecases
• #146 fix downloading from shares when -j0 enabled 8417098
• only show the download-as-zip link when the user is actually allowed to 14bb299
• the suggestions in the serverlog regarding how to fix incorrect X-Forwarded-For settings would be incorrect if the reverse-proxy used IPv6 to communicate with copyparty 16462ee
• set nofollow on ?doc links so crawlers don't download binary files as text 6a2644f

🔧 other changes

• #147 IdP: fix the warning about dangerous misconfigurations to be more accurate 29a17ae
• #143 print a warning on incorrect character-encoding in textfiles (config-files, logues, readmes etc.) 25974d6
• copyparty.exe: update to jinja 3.1.6 (copyparty was not affected by the jinja-3.1.5 vuln)

💾 what to download?

• except for u2c.exe, all of the options above are mostly equivalent
• the zip and tar.gz files below are just source code
• python packages are available at PyPI