⚠️ Action Required
Recovery key re-download: Admins and owners who previously downloaded the recovery key may be asked to download it again. The code was previously too eagerly closing the stream when downloading the password file which in combination with a slow connection to the server and some specific browsers would result in a password missing one or two characters at the end. The problem is very unlikely to happen but download the file again and make sure your existing saved one matches the new 64 character one.
New features
- SMB volumes can choose whether to map all files to the container user/group or preserve the ownership view reported by the SMB server. Existing SMB volumes keep the old mapping behavior automatically
Improvements
- Repository locks are now persisted in the database, reducing false “repository is already locked” failures caused by background checks, restarts, or isolated lock state.
- Better volume handling during backups: Backup execution now validates volume readiness more consistently and can surface clearer volume-related failures before running Restic.
- SFTP private keys are stored in secure temporary runtime locations, avoiding permission problems on bind-mounted storage such as Synology DSM.
- HTTP request/access logs now use debug logging, so LOG_LEVEL=warn no longer floods container logs during normal use.
Bug fixes
- Backup retry settings are preserved when enabling or disabling a backup schedule.
- Recovery key download now clearly explains when a local credential password is required instead of failing with an ambiguous password error.
- Recovery key downloads now keep the browser download URL alive briefly before revoking it, reducing the chance of truncated downloads.
- Encrypted values created with a different APP_SECRET are rejected earlier instead of failing later in less obvious ways.