Copyparty Versions Save

Portable file server with accelerated resumable uploads, dedup, WebDAV, FTP, TFTP, zeroconf, media indexer, thumbnails++ all in one file, no deps

v1.13.0

3 weeks ago

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

new features

  • files can be downloaded before the upload has completed ("almost like peer-to-peer")
    • watch the release trailer 👌
    • if the downloader catches up with the upload, the speed is gradually slowed down so it never runs ahead
    • can be disabled with --no-pipe
  • option --no-db-ip disables storing the uploader IP in the database bf585078
  • u2c (cli uploader): option --ow to overwrite existing files on the server 439cb7f8

bugfixes

  • when running on windows, using the web-UI to abort an upload could fail 8c552f1a
  • rapidly PUT-uploading and then deleting files could crash the file hasher feecb3e0

💾 what to download?

download link is it good? description
copyparty-sfx.py ✅ the best 👍 runs anywhere! only needs python
a docker image it's ok good if you prefer docker 🐋
copyparty.exe ⚠️ acceptable for win8 or later; built-in thumbnailer
u2c.exe ⚠️ acceptable CLI uploader as a win7+ exe (video)
copyparty32.exe ⛔️ dangerous for win7 -- never expose to the internet!
cpp-winpe64.exe ⛔️ dangerous runs on 64bit WinPE, otherwise useless
  • except for u2c.exe, all of the options above are equivalent
  • the zip and tar.gz files below are just source code
  • python packages are available at PyPI

v1.12.2

1 month ago

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

new features

  • new option --bauth-last for when you're hosting other basic-auth services on the same domain 7b94e4edf322564869aacd9b57a636afa985de79
    • makes it possible to log into copyparty as intended, but it still sees the passwords from the other service until you do
    • alternatively, the other new option --no-bauth entirely disables basic-auth support, but that also kills the android app

bugfixes

  • internet explorer isn't working?! FIX IT!!! 9e5253ef8720f595b71a4d16c19cd02dbac55aba
  • audio transcoding was buggy with filekeys enabled b8733653a3fd54f212bde6c67001059a90f38c84
  • on windows, theoretical chance that antivirus could interrupt renaming files, so preemptively guard against that c8e3ed3aae053753d7eed30c892c25e042b021fc

other changes

  • add a "password" placeholder on the login page since you might think it's asking for a username da26ec36ca43e43454c86900ccf14faa05da13ff
  • config buttons were jank on iOS b772a4f8bb31c175f2595590d1f62c3a0d022544
  • readme: making your homeserver accessible from the internet

💾 what to download?

download link is it good? description
copyparty-sfx.py ✅ the best 👍 runs anywhere! only needs python
a docker image it's ok good if you prefer docker 🐋
copyparty.exe ⚠️ acceptable for win8 or later; built-in thumbnailer
u2c.exe ⚠️ acceptable CLI uploader as a win7+ exe (video)
copyparty32.exe ⛔️ dangerous for win7 -- never expose to the internet!
cpp-winpe64.exe ⛔️ dangerous runs on 64bit WinPE, otherwise useless
  • except for u2c.exe, all of the options above are equivalent
  • the zip and tar.gz files below are just source code
  • python packages are available at PyPI

v1.12.1

1 month ago

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

new features

  • while viewing pictures/videos, the scrollwheel can be used to view the prev/next file 844d16b9

bugfixes

  • #81 (scrolling suddenly getting disabled) properly fixed after @icxes found another way to reproduce it (thx) 4f0cad54
  • and fixed at least one javascript glitch introduced in v1.12.0 while adding dirkeys 989cc613
    • directory tree sidebar could fail to render when popping browser history into the lightbox

other changes

  • music preloader is slightly less hyper f89de6b3
  • u2c.exe: updated TLS-certs and deps ab18893c

⚠️ not the latest version!

v1.12.0

1 month ago

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

new features

  • #64 dirkeys; option to auto-generate passwords for folders, so you can give someone a link to a specific folder inside a volume without sharing the rest of the volume 10bc2d92 32c912bb ef52e2c0 0ae12868
    • enabled by volflag dk (exact folder only) and/or volflag dks (also subfolders); see readme
  • audio transcoding to mp3 if browser doesn't support opus a080759a
    • recursively transcode and download a folder using ?tar&mp3
    • accidentally adds support for playing just about any audio format in ie11
  • audio equalizer also applies to videos 7744226b

bugfixes

  • #81 scrolling could break after viewing an image in the lightbox 9c42cbec
  • on phones, audio playback could stop if network is slow/unreliable 59f815ff b88cc7b5 59a53ba9
    • fixes the issue on android, but ios/safari appears to be impossible d94b5b3f

other changes

  • updated dompurify to 3.0.11
  • copyparty.exe: updated to python 3.11.9
  • support for building with pyoxidizer was removed 5ab54763

⚠️ not the latest version!

v1.11.2

1 month ago

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

new features

  • global-option --iobuf to set a custom I/O buffersize 2b24c50e

    • changes the default buffersize to 256 KiB everywhere (was a mix of 64 and 512)
    • may improve performance of networked volumes (s3 etc.) if increased
    • on gbit networks: download-as-tar is now up to 20% faster
    • slightly faster FTP and TFTP too

  • global-option --s-rd-sz to set a custom read-size for sockets c6acd3a9

    • changes the default from 32 to 256 KiB
    • may improve performance of networked volumes (s3 etc.) if increased
    • on 10gbit networks: uploading large files is now up to 17% faster

  • add url parameter ?replace to overwrite any existing files with a multipart-post c6acd3a9

bugfixes

  • #79 idp volumes (introduced in v1.11.0) would only accept permissions for the user that owned the volume; was impossible to grant read/write-access to other users d30ae845

other changes

⚠️ not the latest version!

v1.11.1

1 month ago

the previous release had all the fun new features... this one's just bugfixes

no vulnerabilities since 2023-07-23

bugfixes

  • less aggressive rejection of requests from banned IPs 51d31588
    • clients would get kicked before the header was parsed (which contains the xff header), meaning the server could become inaccessible to everyone if the reverse-proxy itself were to "somehow" get banned
      • ...which can happen if a server behind cloudflare also accepts non-cloudflare connections, meaning the client IP would not be resolved, and it'll ban the LAN IP instead heh
        • that part still happens, but now it won't affect legit clients through the intended route
    • the old behavior can be restored with --early-ban to save some cycles, and/or avoid slowloris somewhat
  • the unpost feature could appear to be disabled on servers where no volume was mapped to / 0287c7ba
  • python 3.12 support for compiling the dependencies necessary to detect bpm/key in audio files 32553e45

other changes

⚠️ not the latest version!

v1.11.0

2 months ago

this release was made possible by stoltzekleiven, kvikklunsj, and tako

no vulnerabilities since 2023-07-23

new features

  • #62 support for identity providers and automatically creating volumes for each user/group ("home folders")
    • login with passkeys / fido2 / webauthn / yubikey / ldap / active directory / oauth / many other single-sign-on contraptions
    • documentation and examples could still use some help (I did my best)
  • #77 UI to cancel unfinished uploads (available in the 🧯 unpost tab) 3f05b665
    • the user's IP and username must match the upload by default; can be changed with global-option / volflag u2abort
  • new volflag sparse to pretend sparse files are supported even if the filesystem doesn't 8785d2f9
    • gives drastically better performance when writing to s3 buckets through juicefs/geesefs
    • only for when you know the filesystem can deal with it (so juicefs/geesefs is OK, but definitely not fat32)
  • --xff-src and --ipa now support CIDR notation (but the old syntax still works) b377791b
  • ux:
    • #74 option to use custom fonts 263adec7 6cc7101d 8016e671
    • option to disable autoplay when page url contains a song hash 8413ed6d
      • good if you're using copyparty to listen to music at the office and the office policy is to have the webbrowser automatically restart to install updates, meaning your coworkers are suddenly and involuntarily enjoying some loud af jcore while you're asleep at home

bugfixes

  • don't panic if cloudflare (or another reverse-proxy) decides to hijack json responses and replace them with html 7741870d
  • #73 the fancy markdown editor was incompatible with caddy (a reverse-proxy) ac96fd9c
  • media player could get confused if neighboring folders had songs with the same filenames 206af8f1
  • benign race condition in the config reloader (could only be triggered by admins and/or SIGUSR1) 096de508
  • running tftp with optimizations enabled would cause issues for --ipa b377791b
  • cosmetic tftp bugs 115020ba
  • ux:
    • up2k rendering glitch if the last couple uploads were dupes 547a4863
    • up2k rendering glitch when switching between readonly/writeonly folders 51a83b04
    • markdown editor preview was glitchy on tiny screens e5582605

other changes

  • add a sharex v12.1 config example 2527e903
  • make it easier to discover/diagnose issues with docker and/or reverse-proxy config d744f3ff
  • stop recommending the use of --xff-src=any in the log messages 7f08f10c
  • ux:
    • remove the k304 togglebutton in the controlpanel by default 1c011ff0
    • mention that a full restart is required for [global] config changes to take effect 0c039219
  • docs e78af022
  • copyparty.exe: updated pyinstaller to 6.5.0 bdbcbbb0

⚠️ not the latest version!

v1.10.2

2 months ago

no vulnerabilities since 2023-07-23

new features

  • thumbnails can be way taller when centercrop is disabled in the browser UI 5026b212
    • good for folders with lots of portrait pics (no more letterboxing)
  • more thumbnail stuff:
    • zoom levels are twice as granular 5026b212
    • write-only folders get an "upload-only" icon 89c6c2e0
    • inaccessible files/folders get a 403/404 icon 8a38101e

bugfixes

  • tftp fixes d07859e8
    • server could crash if a nic disappeared / got restarted mid-transfer
    • tiny resource leak if dualstack causes ipv4 bind to fail
  • thumbnails:
    • when behind a caching proxy (cloudflare), icons in folders would be a random mix of png and svg 43ee6b9f
    • produce valid folder icons when thumbnails are disabled 14af136f
  • trailing newline in html responses d39a99c9

other changes

  • webdeps: update dompurify 13e77777
  • copyparty.exe: update jinja2, markupsafe, pyinstaller, upx 13e77777

⚠️ not the latest version!

v1.10.1

2 months ago

no vulnerabilities since 2023-07-23

new features

  • button to enable hi-res thumbnails 33f41f3e 58ae38c6
    • enable with the 3x button in the gridview
    • can be force-enabled/disabled serverside with --th-x3 or volflag th3x
  • tftp: IPv6 support and UTF-8 filenames + optimizations 0504b010
  • ux:
    • when closing the image viewer, scroll to the last viewed pic bbc37990
    • respect prefers-reduced-motion some more places fbfdd833

bugfixes

  • #72 impossible to delete recently uploaded zerobyte files if database was disabled 6bd087dd
  • tftp now works in copyparty.exe, copyparty32.exe, copyparty-winpe64.exe
  • the sharex config example was still using cookie-auth 8ff7094e
  • ux:
    • prevent scrolling while a pic is open 7f1c9926
    • fix gridview in older firefox versions 7f1c9926

other changes

  • thumbnail center-cropping can be force-enabled/disabled serverside with --th-crop or volflag crop
    • replaces --th-no-crop which is now deprecated (but will continue to work)

this release contains a build of copyparty-winpe64.exe which is almost entirely useless, except for in extremely specific scenarios, namely the kind where a TFTP server could also be useful -- the previous build was from version 1.8.7 (2023-07-23)

⚠️ not the latest version!

v1.10.0

3 months ago

no vulnerabilities since 2023-07-23

new features

  • TFTP server d636316a 8796c09f acbb8267 02879713
    • based on partftpy, has most essential features EXCEPT for rfc7440 so WAN will be slow
    • is already doing real work out in the wild! see the fantastic quote in the readme
  • detect some (un)common configuration mistakes
    • buggy reverse-proxy which strips away all URL parameters 136c0fdc
      • could cause the browser to get stuck in a refresh-loop
    • a volume on an sqlite-incompatible filesystem (a remote cifs server or such) and an up2k volume inside d4da3861
      • sqlite could deadlock or randomly throw exceptions; serverlog will now explain how to fix it
  • ie11: file selection with shift-up/down 64ad5853

bugfixes

  • prevent music playback from stopping at the end of a folder f262aee8
    • preloader will now proactively hunt for the next file to play as the last song is ending
  • in very specific scenarios, clients could be told their upload had finished processing a tiny bit too early, while the HDD was still busy taking in the last couple bytes 6f8a588c
    • so if you expected to find the complete file on the server HDD immediately as the final chunk got confirmed, that was not necessarily the case if your server HDD was severely overloaded to the point where closing a file takes half a minute
      • huge thx to friend with said overloaded server for finding all the crazy edge cases
  • ignore harmless javascript errors from easymde 879e83e2

other changes

  • the "copy currently playing song info to clipboard" button now excludes the uploader IP ed524d84
  • mention that enabling -j0 can improve HDD load during uploads 5d92f4df
  • mention a debian-specific docker bug which prevents starting most containers (not just copyparty) 4e797a71

⚠️ not the latest version!