Skip to content

Releases: diced/zipline

v4.3.1

08 Sep 22:26
19fc878
Compare
Choose a tag to compare

What's Changed

  • fixed db migrations
  • fixed bypass local login for oauth
  • fixed invites redirecting even though they are valid
  • fixed legacy /r/<id> redirect
  • fixed not being able to view other user's files from the admin page

thanks for bearing with the shaky 4.3 release lol

Full Changelog: v4.3.0...v4.3.1

v4.3.0

05 Sep 18:43
e2e3edd
Compare
Choose a tag to compare

What's Changed

  • new: removed next.js in favor for a more traditional SPA built with Vite and React-Router
    • there should be little to no difference for users, most of the changes are under the hood!
    • the docker image is ~500mb smaller now
    • builds are quicker than ever, 10 seconds (on M4 Pro) compared to up to 20-30 seconds
      • skipping typechecking makes it even faster.
  • new: extraCss property in themes
  • new: asciinema .cast files are now rendered in the dashboard
  • new: PDFs are rendered in the dashboard (browsers with built-in PDF viewers are only supported, most modern browsers like Chrome, Firefox, and Safari all support this)
  • new: image compression formats - no longer only supports jpegs. configure to your liking with webp, jpg, png, and jxl (if supported)
  • new: thumbnail output format - no longer only outputs jpegs. configure to webp, jpg, or png.
  • new: build scripts (cleans up package.json)
  • new: better max-views handling
    • this fixed an issue where on max-views = 1, the file would not be viewable
    • the new method counts views on a per-ip and per-file basis, for every 5 seconds
  • fixed ishare icon
  • fixed dropzone loading z-index
  • fixed partials not rejected on normal upload
  • fixed date normalization on SSR routes
  • fixed metrics being shown even when admin only is enabled
  • fixed deselecting items in selects
  • fixed passwords being reset when editing urls
  • fixed the user object not being included on the variable parser on text file viewing

Pulls Merged

  • remove next.js in favor of client-side only by @diced in #857

What's Next

stuff that will most likely be included in the v4.4 release, but won't be available on trunk while being developed

  • currently working on #875 (migrating from Prisma to drizzle-orm)

Full Changelog: v4.2.3...v4.3.0

v4.2.3

10 Aug 05:53
71dbbb5
Compare
Choose a tag to compare

What's Changed

  • hotfix for uploads not uploading correctly
  • fixed some environment variables incorrectly defined #858

Pulls Merged

  • Fix environment variable mismatch when comparing to docs & change data type of RATELIMIT_WINDOW by @snipcola in #858

New Contributors

Full Changelog: v4.2.2...v4.2.3

v4.2.2

08 Aug 02:56
cd8b892
Compare
Choose a tag to compare

Warning

Security Vulnerability: All v4 versions affected, /api/user/files/transaction has a vulnerability in which any authenticated user is allowed to modify/delete files owned by other users. This is only possible if the attacker knows the file ID's and is making authenticated requests. All users are strongly advised to update immediately. If there are no other users you don't really need to worry ig.

What's changed

  • fixed multiple db connections on offloaded threads
  • ⚠️ fixed any user file modification/deletion on transactional api
  • mostly under the hood changes
    • refactor upload logic
    • refactor thumbnail logic
    • updated packages
    • nix flake uses devenv now for easier postgres/minio setup

Full Changelog: v4.2.1...v4.2.2

v4.2.1

28 Jul 19:25
ac08f4f
Compare
Choose a tag to compare

What's Changed

  • fixed typos regarding random words separator
  • fixed visual bugs and enhanced the web ui
  • fixed discord oauth not working (this was due to a faulty implementation of a allow/deny list)
  • fixed handling custom components in custom themes
  • fixed favoriting files in the transactional api
  • fixed errors when uploading a file with the same prefix as another file
  • added nix dev shell for my own use (and others if you want), just run nix develop!

Pulls Merged

Full Changelog: v4.2.0...v4.2.1

v4.2.0

02 Jul 00:45
4652ada
Compare
Choose a tag to compare

What's Changed

  • fixed split errors for username and password on login
  • fixed default expiration not being overridable
  • fixed broken link when uploading partial files
  • fixed long code blocks being unreadable
  • fixed flameshot script for mac (uses absolute path from flameshot.app)
  • added new gps metadata remover (subject to bugs but shouldn't bug as it's been tested thoroughly)
  • added download button on file table view
  • added discord oauth allowlist/denylist
  • added the option to use environment variable to configure zipline (not documented but will be soon)
    • if an environment variable is set, the corresponding setting input in the server settings page will be disabled and will have no effect on zipline since environment variables will always take priority over the database set settings.
    • there is a helper script to convert settings into environment variables
  • added better caching for version api
  • using up-to-date aws sdk as blackblaze fixed their shortcomings
  • cookie age is 2 weeks
  • new "midnight pink" theme

Pulls Merged

Full Changelog: v4.1.2...v4.2.0

v4.1.2

06 Jun 17:44
81866b4
Compare
Choose a tag to compare

Hotfix

This update fixes a bug introduced by updating a dependency in v4.1.1.
If you had issue uploading files while having the remove gps metadata setting turned on, this update now fixes that

Full Changelog: v4.1.1...v4.1.2

v4.1.1

06 Jun 06:00
d0a613a
Compare
Choose a tag to compare

What's Changed

  • fixed being able to scroll when zoomed in on image on view route
  • fixed passkeys not deletable
  • fixed passwords being sent in query string
  • fixed video/ogg (and other audio files that can have video streams) mimetype breaking thumbnail gen
  • added small (1-5 seconds, mostly 1) ratelimits for a bunch of POST/PATCH/DELETE methods on the API which should stop users that spam buttons (for some reason) from doing too much stuff
  • updated dependencies

Pulls Merged

  • Add the service_healthy requirement to Zipline's depends_on: by @Joshfindit in #811

New Contributors

Full Changelog: v4.1.0...v4.1.1

v4.1.0

21 May 04:12
6b0bbad
Compare
Choose a tag to compare

What's Changed

  • the "default" theme set in settings is now exposed on the view routes

  • better partial upload file checking, now handled by the server without trusting the client

  • version checking, new version checking api: https://github.com/diced/zipline-version
    version_show

    • you can host your own version checking api (view the repo above!) if you do not want to send requests to my cloudflare worker (a docker image is coming soon, so you can just add it to your docker-compose)
    • you can disable version checking in the settings
    • shows up at the bottom of the sidebar, above external links. clicking the version will open a modal with a lot of information about the current/latest versions
  • new options to show on view-routes
    new_options

    • show folder option: shows a link if the folder is public, if it isn't it shows the name
    • show tags option: shows a list of tags next to the name
    • show mimetype option (has been existing since v4): shows the file mimetype
  • DATASOURCE_S3_SUBDIRECTORY introduced to limit zipline uploads to a "subdirectory"

  • overhauled querystring system, reloading on pages with options will persist

  • fixed s3 multipart uploads

  • fixed import-dir script

  • fixed oauth route, you will be able to unlink/link providers without errors

  • fixed no mimetypes on s3 uploads

  • fixed upload button showing up on disabled upload folders

  • fixed overwritten sessions when logging in with webauthn keys

  • fixed s3 access testing, no longer requires list-buckets permissions

  • fixed removed avatar fetching every 30 seconds, now only updates on page loads

  • fixed more debug logs when oauth fails

  • fixed DEBUG logs, better handling now

  • fixed better image width/height sizing

Pulls Merged

  • Add: Discord auto continue on OAuth screen by @bigbenster702 in #795
  • fix filenames with special characters like spaces + fix mime type uploads for bash uploader by @rlko in #786
  • ci: node.js 23 -> 24 by @lajczi in #809

New Contributors

Full Changelog: v4.0.2...v4.1.0

v4.0.2

01 Apr 04:51
e8207ad
Compare
Choose a tag to compare

Roadmap Website

The roadmap website has been updated to show estimated release windows for new features and future versions. It can be accessed through the same link: https://zipline.diced.sh/roadmap

What's Changed

  • fixed security vuln with Math.random
  • fixed s3 max sockets issue
  • fixed v3 imports requiring a .stats property
  • fixed v3 imports limiting at 1 mb per request
  • fixed upload route not redirecting to /view for text/ files
  • fixed syntax highlighting
  • fixed empty lines being filtered out of code renderer
  • fixed s3 erroring on 204 status codes
  • updated next.js 15.2.4 (vuln that doesn't effect zipline, but to be safe!)
  • added new midnight blue and orange themes
  • added files per page selector for gallery view

Pulls Merged

  • Midnight Theme, Files Page Improvements & Bug Fixes by @curet-dev in #753
  • Improved Pagination - Files per Page Selector by @curet-dev in #757

New Contributors

Full Changelog: v4.0.1...v4.0.2