github Sync-in/server v2.2.0
on GitHub

16 hours ago

Highlights

  • Full-text search upgrade: PDF OCR indexing and Markdown content indexing
  • Admin improvements: spaces can now be created/managed from the administration UI, with direct quota management
  • New file event system: automatic storage usage recalculation and full-text reindexing
  • Guest management enhancement: managers can now administer guests’ personal groups from profile settings
  • LDAP support extended with tlsOptions (including ca, rejectUnauthorized, etc.)
  • Better PDF experience: pdf.js is now the default viewer, with edit-mode fallback to OnlyOffice. Thanks @zjean
  • Reliability : indexing scheduler concurrency fix, cache/WebDAV/URL fixes.

⚠️ Security

  • Basic Auth security hardening
    The cache key is now based on a hash, eliminating case-related collisions and preventing the storage of decodable identifiers.
    Thanks @zalo-alex and @naif-alfardan

  • Fixed a security vulnerability: GHSA-43fj-qp3h-hrh5
    A flaw allowed user account enumeration via the login endpoint through response time analysis, particularly in brute-force scenarios.
    Reported by @ppfeister, fixed by @7185

➡️ Read the release announcement

Features

  • admin: allow managing spaces from the admin section (9822209)
  • backend:auth: add tlsOptions support for ldap provider (2042ade)
  • backend:files: add indexing support for markdown files (abf59e7)
  • backend:files: add pdf ocr indexing (d37c531)
  • backend:files: add support for configurable OCR language paths (48443aa)
  • backend:files: align emitted FileEvent actions with real file mutations (e0c7175)
  • backend:files: emit file event on document modification (e7ed38c)
  • backend:files: extend indexing key generation for anchored roots (824bff8)
  • backend:files: implement file event manager (c9951d7)
  • backend:files: implement incremental indexing triggers for full-text search (468c1c3)
  • backend:infrastructure: allow null or undefined args in cache key slug generation (9d661ea)
  • backend:users: allow searching groups by description (434bd30)
  • frontend:admin: show cumulative storage usage for users and spaces (5af4996)
  • frontend: extend group parent model with description and adjust anchor file dialog layout (01bc72b)
  • users: allow to manage personal groups from the guest profile dialog (c5d3c70)

Bug Fixes

  • backend:auth: derive basic auth cache key from hashed credentials instead of Authorization header (be98def)
  • backend:auth: prevent user enumeration via timing attacks (80eebf3)
  • backend:files: ensure content indexing scheduling has no parallel executions (0bef5a6)
  • backend:files: ensure storage quota is updated in cache (030b87e)
  • backend:files: handle locks without scope in checkConflicts (f9bcbde)
  • backend:files: handle optional chaining in indexing key generation (2b2c238)
  • backend:users: ensure whitelist cache entries with parameters are properly cleared (5e21b8d)
  • backend:users: handle guest login rename without space location rename (2627d2d)
  • backend:users: sanitize group and app password names for safe route params (d1b21a8)
  • backend:webdav: restore access to shares repository via WebDAV (bec04e1)
  • files: encode special characters not handled by AuthInterceptor (d9e81f0)
  • files: handle document-open error messages for HEAD requests (328d823)
  • frontend:users: add button behavior inside groups (d13132a)
  • users: ensure guests cannot be elected as group managers (24e0d57)
Check out latest releases or
releases around Sync-in/server v2.2.0

Don't miss a new server release

NewReleases is sending notifications on new releases.

Get notifications