- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
no vulnerabilities since 2023-07-23
- there is a discord server with an
@everyonein case of future important updates - v1.8.7 (2023-07-23) - CVE-2023-38501 - reflected XSS
- v1.8.2 (2023-07-14) - CVE-2023-37474 - path traversal (first CVE)
- all serverlogs reviewed so far (5 public servers) showed no signs of exploitation
new features
- rudimentary support for jython and graalpy, and directory tree sidebar in internet explorer 9 through 11, and firefox 10
- all older browsers (ie4, ie6, ie8, Netscape) get basic html instead
- #35 adds a hook which extends the message-to-serverlog feature so it writes the message to a textfile on the server
- could theoretically be extended into a full instant-messaging feature but that's silly, nobody would do that
- r0c is much better than this joke
- could theoretically be extended into a full instant-messaging feature but that's silly, nobody would do that
bugfixes
- 163e3fc the
x-forwarded-forheader was ignored if the nearest reverse-proxy is not asking from 127.0.0.1, which broke client IPs in containerized deployments- the serverlog will now explain how to trust the reverse-proxy to provide client IPs, but basically,
--xff-hdrspecifies which header to read the client's real ip from--xff-srcis an allowlist of IP-addresses to trust that header from
- a62f744 if copyparty was started while an external HDD was not connected, and that volume's index was stored elsewhere, then the index would get wiped (since all the files are gone)
- 3b8f66c javascript could crash while uploading from a very unreliable internet connection
other changes
- copyparty.exe: updated pillow to 10.0.1 which fixes the webp cve
- alpine, which the docker images are based on, turns out to be fairly slow -- currently working on a new docker image (probably fedora-based) which will be 30% faster at analyzing multimedia files and in general 20% faster on average
💾 what to download?
| download link | is it good? | description |
|---|---|---|
| copyparty-sfx.py | ✅ the best 👍 | runs anywhere! only needs python |
| a docker image | it's ok | good if you prefer docker 🐋 |
| copyparty.exe | ⚠️ acceptable | for win8 or later; built-in thumbnailer |
| u2c.exe | ⚠️ acceptable | CLI uploader as a win7+ exe (video) |
| copyparty32.exe | ⛔️ dangerous | for win7 -- never expose to the internet! |
| cpp-winpe64.exe | ⛔️ dangerous | runs on 64bit WinPE, otherwise useless |