github filesender/filesender master-filesender-2.26
Release 2.26
on GitHub

latest releases: master3-filesender-release3.0.beta7, filesender-2.48, filesender-2.47...
2 years ago

Release Version 2.26

Release date: 30 June 2021.

Distribution

Source snapshots are attached to this announcement and the git tag master-filesender-2.26 contains the base that these snapshots were created from.

Installation

Documentation is available at http://docs.filesender.org/v2.0/install/

Major changes since 2.25

The database update script needs to be run.
The templates directory was changed.

PHP 7.3 or later is now required. This allows improved cookie security.

Option to setup anti virus and anti malware software to inspect and report on unencrypted files #1064 #1067 #1069 #1085

Language imports for Brazilian Portuguese #1080 #1083 Japanese #1081 and Croatian #1082 have been performed and the import script updated to perform them in the future as batch imports are performed.

The default settings for user supplied passwords are now more strict #1049
There is a new option to allow a rather long passphrase used as the user supplied password to relax other constraints such as upper/lower case and numbers #1050

An update to the default configuration and install guide for cookies #1055
Use of the samesite cookie setting by default #1059
Possible improvements to the php session cookie #1060

HSTS header setting by default #1061
Option for a strict CSP policy (enabled by default) to protect script and style #1062

The default URL for mitm in StreamSaver has been vacated #1070

Some tests in StreamSaver have been brought forward #1071

Decryption failures can be logged to the server if desired #1063

PBKDF2 dialog is dismissed earlier in some edge cases #1072 #1073

Update to the graph for encryption mandatory #1074

An update to the Chunked storage #1075

Download progress can be shown as a simple percentage again for encrypted file download #1077

Documentation about the auth_remote_applications option has been updated with an example #1048
A formatting update to the documentation #1053

Documentation on encryption password length is updated #1068

Translation terms were updated #1065
Translations from poeditor have been imported #1079

Configuration changes

New configuration directives: avprogram_list, avprogram_max_size_to_scan, use_strict_csp, header_add_hsts_duration, encryption_password_text_only_min_password_length, and auth_sp_force_session_start_first.

The avprogram settings allow anti virus and anti malware scanners to be setup.

The use_strict_csp option is on by default and will cause a strict Content-Security-Policy (CSP) header to be send to clients.

The header_add_hsts_duration option will set a Strict-Transport-Security header with a default value of 63072000. Setting this option to 0 will disable the HTTP header.

The auth_sp_force_session_start_first is false by default can can be enabled to force an early session start to allow cookie options to be set for the session cookie if such a cookie is to be sent to the client.

Update to documentation to rename remote_applications to auth_remote_applications.

These options are detailed in the docs/v2.0/admin/configuration/index.md file as usual.

Deprecated setting encryption_generated_password_length.

Support and Feedback

Please lodge new github issues for things that might improve the next release!
See Support and Mailinglists and Feature requests.

Check out latest releases or
releases around filesender/filesender master-filesender-2.26

Don't miss a new filesender release

NewReleases is sending notifications on new releases.

Get notifications