- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2026-03-08)
⚠️ ATTN: this release fixes a vulnerability
GHSA-m6hv-x64c-27mm the nohtml volflag did not prevent javascript inside SVG images from executing -- a malicious user with write-access could upload an SVG file which would execute as javascript when someone opens it 1c9f894
recent important news
- v1.20.9 (2025-02-25) fixed CVE-2026-27948 (XSS)
🧪 new features
- version-checker (thx @icxes!) c6965f0
- default-disabled; you must choose a URL to grab security advisories from to enable it
- periodically checks the security advisories and shows a warning in the controlpanel if you're running a vulnerable version
- can optionally panic and shutdown the server if you prefer that
- man, the timing on this though... absolute cinema
🩹 bugfixes
- fix
nohtmlnot being aware that SVG images can execute javascript 1c9f894- a new volflag noscript was also added;
nohtmlwill automatically enablenoscript, butnoscriptcan also be useful on its own; see readme
- a new volflag noscript was also added;
- various upload rules fixes:
- combining rp-loc and site was a bit jank (thx @new-sashok724!) 31b2384
- global-option idp-store: 2 would result in excessive config reloading 1272de9
- fix fd-leak when indexing certain compressed files, including epub books 8b5ac23
- forget-ip: fix sqlite cursor-locking 37123e3
🔧 other changes
- #1316 Chinese translation got a huge makeover (thx @satgo1546 and @lxdlam!) b015274
- #1324 better rclone advice on the connect-page 8941701
- static website resources, previously served from
/.cpr/have moved to/.cpr/w/for easier configuration of allowlists in reverseproxies and authentication middlewares 753ff54
🌠 fun facts
- according to the SVG spec, images being able to execute javascript is a feature and intentional behavior... what a concept!
💾 what to download?
| download link | is it good? | description |
|---|---|---|
| copyparty-sfx.py | ✅ the best 👍 | runs anywhere! only needs python |
| copyparty-en.py | ✅ also good | same but english-only, no i18n |
| a docker image | it's ok | good if you prefer docker 🐋 |
| copyparty.exe | ⚠️ acceptable | for win8 or later; built-in thumbnailer |
| u2c.exe | ⚠️ acceptable | CLI uploader as a win7+ exe (video) |
| copyparty.pyz | ⚠️ acceptable | similar to the regular sfx, mostly worse |
| copyparty-en.pyz | ⚠️ acceptable | english-only, no smb-server |
| copyparty32.exe | ⛔️ dangerous | for win7 -- never expose to the internet! |
| cpp-winpe64.exe | ⛔️ dangerous | runs on 64bit WinPE, otherwise useless |
| bootable usb | ┐(゚∀゚)┌ | a surprisingly useful joke (x86_64) |