- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
recent security / vulnerability fixes
- there is a discord server with an
@everyonein case of future important updates - v1.8.7 (2023-07-23) - CVE-2023-38501 - reflected XSS
- v1.8.2 (2023-07-14) - CVE-2023-37474 - path traversal (first CVE)
- all serverlogs reviewed so far (5 public servers) showed no signs of exploitation
new features
- #49 prometheus / grafana / openmetrics integration (see readme)
- read metrics from http://127.0.0.1:3923/.cpr/metrics after enabling with
--stats
- read metrics from http://127.0.0.1:3923/.cpr/metrics after enabling with
- download a folder with all music transcoded to opus by adding
?tar=opusor?zip&opusto the URL- can also be used to download thumbnails instead of full images;
?tar=wfor webp,?tar=jfor jpg- so i guess the long-time requested feature of pre-generating thumbnails kind of happened after all, if you schedule a
curl http://127.0.0.1:3923/?tar=w >/dev/nullafter server startup
- so i guess the long-time requested feature of pre-generating thumbnails kind of happened after all, if you schedule a
- can also be used to download thumbnails instead of full images;
- u2c (commandline uploader): argument
-xto exclude files by regex (compares absolute filesystem paths) --zm-spam 30can be used to improve zeroconf / mDNS reliability on crazy networks- only necessary if there are clients with multiple IPs and some of the IPs are outside the subnets that copyparty are in -- not spec-compliant, not really recommended, but shouldn't cause any issues either
- and
--mc-hopwasn't actually implemented until now
- dragging an image from another browser window onto the upload button is now possible
- only works on chrome, and only on windows or linux (not macos)
- server hostname is prefixed in all window titles
- can be adjusted with
--bname(the file explorer) and--doctitle(all other documents) - can be disabled with
--nth(just window title) or--nih(title + header)
- can be adjusted with
bugfixes
- docker: the autogenerated seeds for filekeys and account passwords now get persisted to the config volume (thx noktuas)
- uploading files with fancy filenames could fail if the copyparty server is running on android
- improve workarounds for some apple/iphone/ios jank (thx noktuas and spiky)
- some ui elements had their font-size selected by fair dice roll
- the volume control does nothing because apple disabled it, so add a warning
- the image gallery cannot be fullscreened as apple intended so add a warning
other changes
- file table columns are now limited to browser window width
- readme: mention that nginx-QUIC is currently very slow (thx noktuas)
- #50 add a safeguard to the wget plugin in case wget at some point adds support for
file://or similar - show a suggestion on startup to enable the database
💾 what to download?
| download link | is it good? | description |
|---|---|---|
| copyparty-sfx.py | ✅ the best 👍 | runs anywhere! only needs python |
| a docker image | it's ok | good if you prefer docker 🐋 |
| copyparty.exe | ⚠️ acceptable | for win8 or later; built-in thumbnailer |
| u2c.exe | ⚠️ acceptable | CLI uploader as a win7+ exe (video) |
| copyparty32.exe | ⛔️ dangerous | for win7 -- never expose to the internet! |
| cpp-winpe64.exe | ⛔️ dangerous | runs on 64bit WinPE, otherwise useless |