- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
no vulnerabilities since 2023-07-23
- there is a discord server with an
@everyonein case of future important updates - v1.8.7 (2023-07-23) - CVE-2023-38501 - reflected XSS
- v1.8.2 (2023-07-14) - CVE-2023-37474 - path traversal (first CVE)
new features
- initial work on #62 (support identity providers, oauth/SSO/...); see readme
- only authentication so far; no authorization yet, and users must exist in the copyparty config with bogus passwords
- new option
--iparejects connections from clients outside of a given allowlist of IP prefixes - environment variables can be used almost everywhere that takes a filesystem path; should make it way more comfy to write configs for docker / systemd
- #59 added a basic docker-compose yaml and an example config
- probably much room for improvement on everything docker still
bugfixes
- the nftables-based port-forwarding in the systemd example was buggy; replaced with CAP_NET_BIND_SERVICE
- palemoon-specific js crash if a text selection was dragged
- text selection in messageboxes was jank
other changes
- improved systemd example with hardening and a better example config
- logfiles are flushed for every line written; can be disabled with
--no-logflushfor ~3% more performance best-case - iphones probably won't broadcast cover-art to car stereos over bluetooth anymore since the thingamajig in iOS that's in charge of that doesn't have cookie-access, and strapping in the auth is too funky so let's stop doing that b7723ac
- can be remedied by enabling filekeys and granting unauthenticated people access that way, but that's too much effort for anyone to bother with I'm sure