gtsteffaniak/filebrowser v1.4.0-stable on GitHub

What's Changed

Security:

[High] Path traversal in subtitle handler allows any authenticated user to read arbitrary files (GHSA-vvp7-h4fj-m28w)
[Moderate] Add Rate Limiting on Authentication Endpoint Enables Brute Force Attacks (GHSA-r4v7-6wcg-ghj5)

New Features:

pinned files/folders (#2396) (#2510)
Markdown Image relative reference support (#2355)
Add an option to create a new folder for unarchiving (#2338)
read-only source configuration via source.config.readOnly: true (#2438)
Add Passkey (WebAuthn) support for passwordless authentication (#2287) (#2379) -- thanks @juansoler
Lyrics support for audio files (#2360):
- Updated UI for audio previews!
- The lyrics and the player gets syncronized in UI with the audio player.
- Supports embedded lyrics (ID3v2 USLT, flac, ogg, clyr) and sidecar .lrc files with the same name as the audio file.
- The Q shortcut in audio files will toggle the new panel visibility.
- E shortcut to change between tabs of the panel if it's open.
Api log filtering support via apiFilter option for logging.
- regex filter that excludes matching full api paths from being logged. (eg. /user\?id\=self) Defaults to ^/health|^/favicon.ico|^/static|^/public/static
- Add config option to disable /health endpoint logging (#2291)
More shortcuts (#2300)
- CTRL+F1 switch to normal view.
- CTRL+F2 switch to gallery view.
- CTRL+F3 switch to list view.
- Double click on empty space to select all items.
Option to hide certain files in UI by extension (#2403) (#2277)
Additional search features
- wildcard search similar to regex, but limited to sqlite GLOB syntax (#769)
- advanced search tool that shows all results in a listing thats sortable and actionable like a normal listing (#1051)
- advanced search supports multiple custom scopes per search
- multiple search terms with AND or OR logic support

Notes:

added fallback to show text in notification if copy fails (#2517)
added alt+arrow up shortcut as alias of backspace to go into parent directory (#2501) (#2521)
added alt+arrow down shortcut as alias of enter to open files in Listing View (#2501) (#2521)
updated help menu with better translations
migrate i18n to v11 (#2472) (#2504)
migrate eslint (#2459)
improved preview cancellation to improve performance when navigating UI.
auth rate limiting can be disabled via auth.disableRateLimit
updated share hash middleware (#2443)
updated source info popup to include private and readOnly properties
Enhanced indexing scheduler which doesn't wake the disk as often.
New API route media/lyrics used to fetch and parse lyrics (embedded or from .lrc sidecar) (#2360)
Swiping down gesture in fullscreen videos exit fullscreen instead of close preview.
Improved styles for path selection and tables
Improved style of drag and drop into listing view (#2407)
Edit Sidebar links has new "show tools in sidebar" toggle and all users have this enabled by default. can be disabled via for new users userDefaults.sidebar.showTools: false
Update user defaults ordering (#1140)
Save view modes and sizes into local storage instead of db (#2301)

BugFixes:

fix folder previews issue (#2487) (#2492)
fix accidental exit on images while using gestures (#2508)
socket field in config.yaml is ignored (#2497)
fix keep opened file selected after closing its preview @anpryl (#2515)
Logout from share page now redirects to the share instead of /Login again. (#2245)
This location cannot be reached error when navigating with FileTree in shares. (#2245)
Fix FileTree rename and move actions in previews. (#2245)
Delete prompt not showing date and thumbnails in some previews. (#2245)
fix path slash issue on windows (#2451) (#2433) (#2419)
Always force url rewrite for onlyoffice internal URL. Fixes Error saving with OnlyOffice (#2450)
Overriding a Deny with an Allow not working (#2405)
Blue overlay when using gestures in video files on mobile (#2360)
Playback queue wasn't updating when changing of folder (#2360)
Navigate close settings shows "something went wrong" (#2047)

Full Changelog: v1.3.3-stable...v1.4.0-stable