github Skyfay/SkySend v2.11.0
on GitHub

5 hours ago

Password Protection Algorithm Removal, New Copy Button for Password Values, and Improvements

⚠️ Breaking: Password-protected uploads created with PBKDF2 (prior to v2.4.0) or the legacy Argon2id parameters (v2.4.0 - v2.5.0, 4-day window) can no longer be decrypted - both algorithms have been fully removed from the decryption pipeline. All such uploads have exceeded their maximum retention period and have expired, but any password-protected file from those eras cannot be opened after upgrading to this version.

✨ Features

  • web: Added a copy button to the password value fields in the "password" tab, matching the behaviour of the "password protection" input.

🎨 Improvements

  • web: Fixed the password generator not closing after clicking "generate" in the "password" tab.

🗑️ Removed

  • crypto: Removed PBKDF2-SHA256 decryption support - deriveKeyFromPasswordPbkdf2 and PBKDF2_ITERATIONS are deleted, deriveKeyFromPassword now requires an Argon2id function and no longer accepts undefined as a fallback. All pre-v2.5.0 PBKDF2-protected uploads have expired.
  • web: Removed "pbkdf2" from the passwordAlgo Zod enum in the download and note-info API schemas - responses containing this value are now treated as invalid.
  • client: Removed "pbkdf2" from the passwordAlgo Zod enum in the file-info and note-info API schemas, and removed the PBKDF2 decryption branch from prepareDownload.
  • server: Removed "pbkdf2" from the accepted passwordAlgo upload header values - any upload attempt with this algorithm now returns HTTP 400.
  • crypto: Removed ARGON2_PARAMS_LEGACY (19 MiB / 2 iterations) and the argon2Params optional parameter from deriveKeyFromPassword - the return type is now the literal "argon2id-v2". All uploads created during the 4-day "argon2id" window (v2.4.0 - v2.5.0) have expired.
  • web: Removed "argon2id" from the passwordAlgo Zod enum in the download and note-info API schemas - responses with the legacy algorithm are now treated as invalid.
  • client: Removed "argon2id" from the passwordAlgo Zod enum and the legacy decryption branch in prepareDownload - the function now always uses the current Argon2id parameters.
  • server: Removed "argon2id" from the accepted passwordAlgo upload header values - new uploads with this algorithm now return HTTP 400.

🐳 Docker

  • Image: skyfay/skysend:v2.11.0
  • Also tagged as: latest, v2
  • Platforms: linux/amd64, linux/arm64
Check out latest releases or
releases around Skyfay/SkySend v2.11.0

Don't miss a new SkySend release

NewReleases is sending notifications on new releases.

Get notifications