- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-07-30)
⚠️ ATTN: this release fixes an XSS vulnerability
GHSA-8mx2-rjh8-q3jq, could let an attacker execute arbitrary JS by tricking you into clicking a malicious URL
Soon there won't be many of these left, surely. Huge thanks to @Ju0x for finding and reporting this.
recent important news
- v1.18.7 (2025-07-30) fixed XSS in the recent-uploads page
- v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
- v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details
🧪 new features
- #265 uid/gid for new files can be configured per-volume f195998
- has preconditions; see readme
- #212 add German translation (thx @rGunti, @Scotsguy, @chocolateimage) 9d32564
🩹 bugfixes
- GHSA-8mx2-rjh8-q3jq a8705e6
- #276 windows: fix segfault (thx @kernel1994 for debugging!) a9d07c6
- #272 webdav: send disk-size and disk-free to clients 4988a55
- #285 use disk-free sans root-reserve on linux (thx @Arklaum!) c3cc2dd
- cors-check was funky on IPv6 e9684d4
- #325 upgrade sharex example for newer versions 6016ec9
- #300 restore support for old versions of python 2.7 b7ca6f4
🔧 other changes
- shares: the config POST-target is now always the webroot (for ease of IdP configuration) fb7cbc4
- unlist: now applies to the navpane too fbf17be
- windows: show disk-usage as well, not just disk-free 5c6341e
- #228 nix-pkg improvements (thx @dtomvan!) 4915b14
- docker-compose: ensure logs appear in realtime 3cde1f3
- mention that IdP-volumes and users can now be persisted 6069bc9
- #316 explain a scary-looking thing in the code 053de61