github filesender/filesender filesender-2.9
Release 2.9
on GitHub

latest releases: master3-filesender-release3.0.beta7, filesender-2.48, filesender-2.47...
4 years ago

Release Version 2.9

Release date: 5 Oct 2019.

Distribution

Source snapshots are attached to this announcement and the git tag filesender-2.9 contains the base that these snapshots were created from.

Installation

Documentation is available at http://docs.filesender.org/v2.0/install/

Upgrade Notes

Version 2.x breaks compatibility with version 1.x. We recommend a fresh installation to version 2.x of FileSender.

Major changes since 2.8

Execution of scripts/upgrade/database.php will be required to update to this release. Some new columns are added to the transfers and files tables and a new column in the transfers view. No serious data migration is performed.

[update 25-oct] Note that some templates have changed in this release. The following commands may be useful to explicitly see the changes. Note that the first command may not be needed. 

$ git fetch --tags
$ git diff  filesender-2.8 filesender-2.9 templates

[end update 25-oct]

This release adds two new encryption modes that use AES-GCM instead of the previously offered AES-CBC. These are used by setting encryption_key_version_new_files as described in "Configuration changes" below. These modes work on Safari, Chrome, and Firefox but not Edge and IE. A major advantage on Safari is that bad passwords are detected by AES-GCM modes on that browser. For more information on GCM see https://en.wikipedia.org/wiki/Galois/Counter_Mode

The AES-GCM modes also have basic authenticated encryption with associated data (AEAD) information with the code extended to handle creating a canonical representation and passing that around correctly. This is planned to be extended in the future to assist with security.

Passwords are now explicitly user generated (strings) or computer generated (as arrays of bytes encoded to base64 strings). This is similar to before but the explicit handling and recording of password type allows optimizations in key handling for computer generated passwords which can not be performed on user generated passwords. Computer generated passwords are now explicitly sized to use the full keyspace of the encryption algorithm used. This deprecates the encryption_generated_password_length configuration setting.

The CI system has been updated to check that files encrypted with one key_version will decrypt when the key_version to be used for new files is changed.

A fix for some buttons shrinking on mouse over was merged, a fix for cron jobs failing was merged.

Configuration changes

encryption_key_version_new_files can now have values 2 and 3 which will cause new files that use encryption to use AES-GCM. The difference between mode 2 and 3 is how passwords are turned into keys with the later being more secure. It is highly recommended to use version 3 of you are wishing to use AES-GCM.

encryption_generated_password_length is now deprecated. Generated passwords will be created to a length that provide optimal security for the encryption being used.

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists and Feature requests.

Check out latest releases or
releases around filesender/filesender filesender-2.9

Don't miss a new filesender release

NewReleases is sending notifications on new releases.

Get notifications