- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
no vulnerabilities since 2023-07-23
- there is a discord server with an
@everyonein case of future important updates - v1.8.7 (2023-07-23) - CVE-2023-38501 - reflected XSS
- v1.8.2 (2023-07-14) - CVE-2023-37474 - path traversal (first CVE)
- all serverlogs reviewed so far (5 public servers) showed no signs of exploitation
breaking changes
- two of the prometheus metrics have changed slightly; see the breaking changes readme section
- (i'm not familiar with prometheus so i'm not sure if this is a big deal)
new features
- #58 versioned docker images! no longer just
latest - browser: the mkdir feature now accepts
foo/bar/quxand../fooand/bar - add 14 more prometheus metrics; see readme for details
- connections, requests, malicious requests, volume state, file hashing/analyzation queues
- catch some more malicious requests in the autoban filters
- some malicious requests are now answered with HTTP 422, so that they count against
--ban-422
- some malicious requests are now answered with HTTP 422, so that they count against
bugfixes
- windows: fix symlink-based upload deduplication
- MS decided to make symlinks relative to working-directory rather than destination-path...
--statswould produce invalid metrics if a volume was offline- minor improvements to password hashing ux:
- properly warn if
--ah-clior--ah-genis used without--ah-alg - support
^Dduring--ah-cli
- properly warn if
- browser-ux / cosmetics:
- fix toast/tooltip colors on splashpage
- easier to do partial text selection inside links (search results, breadcrumbs, uploads)
- more rclone-related hints on the connect-page
other changes
- malformed http headers from clients are no longer included in the client error-message
- just in case there are deployments with a reverse-proxy inserting interesting stuff on the way in
- the serverlog still contains all the necessary info to debug your own clients
- updated example nginx config to recover faster from brief server outages
- the default value of
fail_timeout(10sec) makes nginx cache the outage for longer than necessary
- the default value of
💾 what to download?
| download link | is it good? | description |
|---|---|---|
| copyparty-sfx.py | ✅ the best 👍 | runs anywhere! only needs python |
| a docker image | it's ok | good if you prefer docker 🐋 |
| copyparty.exe | ⚠️ acceptable | for win8 or later; built-in thumbnailer |
| u2c.exe | ⚠️ acceptable | CLI uploader as a win7+ exe (video) |
| copyparty32.exe | ⛔️ dangerous | for win7 -- never expose to the internet! |
| cpp-winpe64.exe | ⛔️ dangerous | runs on 64bit WinPE, otherwise useless |