Releases: diced/zipline
v4.3.1
What's Changed
- fixed db migrations
- fixed bypass local login for oauth
- fixed invites redirecting even though they are valid
- fixed legacy
/r/<id>
redirect - fixed not being able to view other user's files from the admin page
thanks for bearing with the shaky 4.3 release lol
Full Changelog: v4.3.0...v4.3.1
v4.3.0
What's Changed
- new: removed next.js in favor for a more traditional SPA built with Vite and React-Router
- there should be little to no difference for users, most of the changes are under the hood!
- the docker image is ~500mb smaller now
- builds are quicker than ever, 10 seconds (on M4 Pro) compared to up to 20-30 seconds
- skipping typechecking makes it even faster.
- new:
extraCss
property in themes - new: asciinema
.cast
files are now rendered in the dashboard - new: PDFs are rendered in the dashboard (browsers with built-in PDF viewers are only supported, most modern browsers like Chrome, Firefox, and Safari all support this)
- new: image compression formats - no longer only supports jpegs. configure to your liking with webp, jpg, png, and jxl (if supported)
- new: thumbnail output format - no longer only outputs jpegs. configure to webp, jpg, or png.
- new: build scripts (cleans up package.json)
- new: better max-views handling
- this fixed an issue where on max-views = 1, the file would not be viewable
- the new method counts views on a per-ip and per-file basis, for every 5 seconds
- fixed ishare icon
- fixed dropzone loading z-index
- fixed partials not rejected on normal upload
- fixed date normalization on SSR routes
- fixed metrics being shown even when admin only is enabled
- fixed deselecting items in selects
- fixed passwords being reset when editing urls
- fixed the user object not being included on the variable parser on text file viewing
Pulls Merged
What's Next
stuff that will most likely be included in the v4.4 release, but won't be available on trunk
while being developed
- currently working on #875 (migrating from Prisma to drizzle-orm)
Full Changelog: v4.2.3...v4.3.0
v4.2.3
What's Changed
- hotfix for uploads not uploading correctly
- fixed some environment variables incorrectly defined #858
Pulls Merged
- Fix environment variable mismatch when comparing to docs & change data type of
RATELIMIT_WINDOW
by @snipcola in #858
New Contributors
Full Changelog: v4.2.2...v4.2.3
v4.2.2
Warning
Security Vulnerability: All v4 versions affected, /api/user/files/transaction
has a vulnerability in which any authenticated user is allowed to modify/delete files owned by other users. This is only possible if the attacker knows the file ID's and is making authenticated requests. All users are strongly advised to update immediately. If there are no other users you don't really need to worry ig.
What's changed
- fixed multiple db connections on offloaded threads
⚠️ fixed any user file modification/deletion on transactional api- mostly under the hood changes
- refactor upload logic
- refactor thumbnail logic
- updated packages
- nix flake uses devenv now for easier postgres/minio setup
Full Changelog: v4.2.1...v4.2.2
v4.2.1
What's Changed
- fixed typos regarding random words separator
- fixed visual bugs and enhanced the web ui
- fixed discord oauth not working (this was due to a faulty implementation of a allow/deny list)
- fixed handling custom components in custom themes
- fixed favoriting files in the transactional api
- fixed errors when uploading a file with the same prefix as another file
- added nix dev shell for my own use (and others if you want), just run
nix develop
!
Pulls Merged
- Predefined Domains (Dropdown) by @curet-dev in #822
Full Changelog: v4.2.0...v4.2.1
v4.2.0
What's Changed
- fixed split errors for username and password on login
- fixed default expiration not being overridable
- fixed broken link when uploading partial files
- fixed long code blocks being unreadable
- fixed flameshot script for mac (uses absolute path from flameshot.app)
- added new gps metadata remover (subject to bugs but shouldn't bug as it's been tested thoroughly)
- added download button on file table view
- added discord oauth allowlist/denylist
- added the option to use environment variable to configure zipline (not documented but will be soon)
- if an environment variable is set, the corresponding setting input in the server settings page will be disabled and will have no effect on zipline since environment variables will always take priority over the database set settings.
- there is a helper script to convert settings into environment variables
- added better caching for version api
- using up-to-date aws sdk as blackblaze fixed their shortcomings
- cookie age is 2 weeks
- new "midnight pink" theme
Pulls Merged
- Optimize view for long code blocks by @curet-dev in #823
- chore: update ESLint config by @lajczi in #826
Full Changelog: v4.1.2...v4.2.0
v4.1.2
Hotfix
This update fixes a bug introduced by updating a dependency in v4.1.1.
If you had issue uploading files while having the remove gps metadata setting turned on, this update now fixes that
Full Changelog: v4.1.1...v4.1.2
v4.1.1
What's Changed
- fixed being able to scroll when zoomed in on image on view route
- fixed passkeys not deletable
- fixed passwords being sent in query string
- fixed video/ogg (and other audio files that can have video streams) mimetype breaking thumbnail gen
- added small (1-5 seconds, mostly 1) ratelimits for a bunch of POST/PATCH/DELETE methods on the API which should stop users that spam buttons (for some reason) from doing too much stuff
- updated dependencies
Pulls Merged
- Add the
service_healthy
requirement to Zipline'sdepends_on:
by @Joshfindit in #811
New Contributors
- @Joshfindit made their first contribution in #811
Full Changelog: v4.1.0...v4.1.1
v4.1.0
What's Changed
-
the "default" theme set in settings is now exposed on the view routes
-
better partial upload file checking, now handled by the server without trusting the client
-
version checking, new version checking api: https://github.com/diced/zipline-version
- you can host your own version checking api (view the repo above!) if you do not want to send requests to my cloudflare worker (a docker image is coming soon, so you can just add it to your docker-compose)
- you can disable version checking in the settings
- shows up at the bottom of the sidebar, above external links. clicking the version will open a modal with a lot of information about the current/latest versions
-
new options to show on view-routes
- show folder option: shows a link if the folder is public, if it isn't it shows the name
- show tags option: shows a list of tags next to the name
- show mimetype option (has been existing since v4): shows the file mimetype
-
DATASOURCE_S3_SUBDIRECTORY
introduced to limit zipline uploads to a "subdirectory" -
overhauled querystring system, reloading on pages with options will persist
-
fixed s3 multipart uploads
-
fixed import-dir script
-
fixed oauth route, you will be able to unlink/link providers without errors
-
fixed no mimetypes on s3 uploads
-
fixed upload button showing up on disabled upload folders
-
fixed overwritten sessions when logging in with webauthn keys
-
fixed s3 access testing, no longer requires list-buckets permissions
-
fixed removed avatar fetching every 30 seconds, now only updates on page loads
-
fixed more debug logs when oauth fails
-
fixed DEBUG logs, better handling now
-
fixed better image width/height sizing
Pulls Merged
- Add: Discord auto continue on OAuth screen by @bigbenster702 in #795
- fix filenames with special characters like spaces + fix mime type uploads for bash uploader by @rlko in #786
- ci: node.js 23 -> 24 by @lajczi in #809
New Contributors
- @bigbenster702 made their first contribution in #795
- @rlko made their first contribution in #786
- @lajczi made their first contribution in #809
Full Changelog: v4.0.2...v4.1.0
v4.0.2
Roadmap Website
The roadmap website has been updated to show estimated release windows for new features and future versions. It can be accessed through the same link: https://zipline.diced.sh/roadmap
What's Changed
- fixed security vuln with
Math.random
- fixed s3 max sockets issue
- fixed v3 imports requiring a
.stats
property - fixed v3 imports limiting at 1 mb per request
- fixed upload route not redirecting to /view for
text/
files - fixed syntax highlighting
- fixed empty lines being filtered out of code renderer
- fixed s3 erroring on 204 status codes
- updated next.js 15.2.4 (vuln that doesn't effect zipline, but to be safe!)
- added new midnight blue and orange themes
- added files per page selector for gallery view
Pulls Merged
- Midnight Theme, Files Page Improvements & Bug Fixes by @curet-dev in #753
- Improved Pagination - Files per Page Selector by @curet-dev in #757
New Contributors
- @curet-dev made their first contribution in #753
Full Changelog: v4.0.1...v4.0.2