the 'a' in "ip address" stands for authentication

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

recent important news

• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• cidr-based autologin b7f9bf5
  • map a cidr ip-range to a username; anyone connecting from that ip-range will autologin as that user
  • thx to @byteturtle for the idea!
• u2c / commandline uploader:
  • option --chs to list individual chunk hashes cf1b756
  • fix progress indicator when resuming an upload 53ffd24
• up2k: verbose logging of detected/corrected bitflips ee62836
  • foreshadowing intensifies (story still developing)

🩹 bugfixes

• up2k with database disabled / running without -e2d 705f598
  • respect noforget when loading snaps
  • ...but actually forget deleted files otherwise
  • snap-loader adds empty need/hash entries as necessary

🔧 other changes

• authed users can now unpost recent uploads of unauthed users from the same IP 22b58e3
  • would have become problematic now that cidr-based autologin is a thing

---

⚠️ not the latest version!

preadme

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

recent important news

• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• #105 files named preadme.md appear at the top of directory listings 1d68acf
• entirely disable dedup with --no-clone / volflag noclone 3d7facd 6b7ebdb
  • even if a file exists for sure on the server HDD, let the client continue uploading instead of reusing the existing data
  • using this option "never" makes sense, unless you're using something like S3 Glacier storage where reading is really expensive but writing is cheap

🩹 bugfixes

• up2k jank after detecting a bitflip or network glitch 4a4ec88
  • instead of resuming the interrupted upload like it should, the upload client could get stuck or start over
• #104 support viewing dotfile documents when dotfiles are hidden 9ccd8bb
• fix a buttload of typos 6adc778 1e7697b

---

⚠️ not the latest version!

pyz all the cores

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

recent important news

• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🩹 bugfixes

• the pkgres / pyz changes in 1.15.4 broke multiprocessing c398553

🔧 other changes

• pyz: drop easymde to save some bytes + make it a tiny bit faster

---

⚠️ not the latest version!

hermetic

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

recent important news

• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• u2c (commandline uploader):
  • remove all dependencies; now entirely self-contained 9daeed9
    • made it 3x faster for small files, 2x faster in general
  • improve -x behavior to not traverse into excluded folders b9c5c7b
• partyfuse (fuse client; mount a copyparty server as a local filesystem):
  • 9x faster directory listings 03f0f99
  • 4x faster downloads on high-latency connections 847a2bd
  • embed fuse.py (its only dependency) -- can be downloaded from the connect-page 44f2b63
  • support mounting nginx and iis servers too, not just copyparty c81e898
• reduce ram usage down to 10% when running without -e2d 88a1c5c
  • does not affect servers with -e2d enabled (was already optimal)
• share folders as qr-codes e454206
  • when creating a share, you get a qr-code for quick access
  • buttons in the shares controlpanel to reshow it, optionally with the password embedded into the qr-code
• #98 read embedded webdeps and templates with pkg_resources; thx @shizmob! a462a64 d866841
  • copyparty.pyz now runs straight from the source file without unpacking anything to disk
    • ...and is now much slower at returning resource GETs, but that is fine
• og / opengraph / discord embeds: support filekeys ae98200
• add option for natural sorting; thx @oshiteku! 9804f25
• eyecandy timer bar on toasts 0dfe1d5
• smb-server: impacket 0.12 is out! dc4d0d8
  • now possible to list folders with more than 400 files (it's REALLY slow)

🩹 bugfixes

• webdav:
  • support <allprop/> in propfind dc157fa
  • list volumes when root is unmapped 480ac25
    • previously, clients couldn't connect to the root of a copyparty server unless a volume existed at /
• #101 show .prologue.html and .epilogue.html in directory listings even if user cannot see hidden files 21be82e
• #100 confusing toast when pressing F2 without selecting anything 2715ee6
• fix prometheus metrics 678675a

🔧 other changes

• #100 allow uploading .prologue.html and .epilogue.html 19a5985
• #102 make translation easier when running in docker

---

⚠️ not the latest version!

incoming eta

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

recent important news

• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

🧪 new features

• incoming uploads (and their ETA) are shown in the controlpanel 609c592 844194e
• list total directory sizes 427597b
  • show the total size and number of files of each directory in listings
  • makes browsing a bit slower (up to 30%) so can be disabled with --no-dirsz
  • sizes are calculated during startup, so it requires -e2dsa
    • file-uploads will recalculate the sizes immediately, but a full rescan is necessary to see changes caused by moves/deletes
• optimizations;
  • reduce broker overhead when multiprocessing is disabled 4e75534
    • should reduce cpu usage by uploads, thumbnails, prometheus metrics
  • reduce cpu usage from downloading thumbnails 7d64879

🩹 bugfixes

• fix sqlite indexes d67e9cc
  • upload handshakes would get exponentially slow if a volume has more than 200'000 files
  • reindex on startup can be 150x faster in some rare cases (same filename in MANY folders)
  • the database is now around 10% larger (likely worst-case)
• misc ux: 58835b2
  • shares: show media tags
  • html hydrator assumed a folder named foo.txt was a doc
  • due to sessions, use pwd as password placeholder on services

🔧 other changes

• add example for uploading screenshots from linux with flameshot 1c2acdc
• nginx example: use unix-sockets for higher performance a5ce103
• #97 chinese translation was improved, thx again @ultwcz 7a573ca

🗿 known issues

• prometheus metrics are busted
  • workaround: disable monitoring of volume status with --nos-vst

---

⚠️ not the latest version!

session

blessed by ⑨, this release is certified strong (artist)

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

recent important news

• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

new features

• login sessions b540517
  • a random session cookie is generated for each known user, replacing the previous plaintext login cookie
  • the logout button will nuke the session on all clients where that user is logged in
  • the sessions are stored in the database at --ses-db, default ~/.config/copyparty/sessions.db (docker uses /cfg/sessions.db similar to the other runtime configs)
    • if you run multiple copyparty instances, much like shares and user-changeable passwords you'll want to keep a separate db for each instance
  • can be mostly disabled with --no-ses when it turns out to be buggy

bugfixes

• v1.13.8 broke the u2c --ow option to replace/overwrite files on the server during upload 6eee601

---

⚠️ not the latest version!

fill the drives

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

recent important news

• v1.15.0 (2024-09-08) changed upload deduplication to be default-disabled
• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

upload deduplication now disabled by default

because many people found the behavior surprising. This also makes it easier to use copyparty together with other software, since there is no risk of damage to symlinks if there are no symlinks to damage

to enable deduplication, use either --dedup (old-default, symlink-based), or --hardlink (will use hardlinks when possible), or --hardlink-only (disallow symlinks). To choose the approach that fits your usecase, see file deduplication in the readme

verification of local file consistency was also added; this happens when someone uploads a dupe, to ensure that no other software has modified the local file since last reindex. This unfortunately makes uploading of duplicate files much slower, and can be disabled with --safe-dedup 1 if you know that only copyparty will be modifying the filesystem

new features

• dedup improvements:
  • verify consistency of local files before using them as dedup source 6e671c5
    • if a local file has been altered by other software since the last reindexing, then this will now be detected
• u2c (commandline uploader): add mode to print hashes of local files 08848be
  • if you've lost a file but you know its wark (file identifier), you can now use u2c.exe to scan your whole filesystem for it: u2c - .
• #96 use local timezone in log messages b599fba

bugfixes

• dedup fixes:
  • symlinks could break if moved/renamed inside a volume where deduplication was disabled after some files within had already been deduplicated 4401de0
  • when moving/renaming, only consider symlinks between volumes if xlink volflag is set b5ad936
• database consistency verifier (-e2vp):
  • support filenames with newlines, and warn about missing files b0de84c
• opengraph/--og: fix viewing textfiles e5a836c
• up2k.js: fix confusing message when uploading many copies of the same file f1130db

other changes

• disable upload deduplication by default a2e0f98
• up2k.js: increase handshake timeout to several minutes because of the dedup changes c5988a0
• copyparty.exe: update to python 3.12.6

---

⚠️ not the latest version!

another

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

recent important news

• v1.14.3 (2024-08-30) fixed a bug that was introduced in v1.13.8 (2024-08-13); this bug could lead to data loss -- see the v1.14.3 release-notes for details

bugfixes

• a network glitch could cause the uploader UI to panic d9e9526

---

⚠️ not the latest version!

important dedup fix

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

important bugfix ☢️

this version fixes a file deduplication bug which was introduced in v1.13.8, released 2024-08-13

its worst-case outcome is loss of data in the following scenario:

• someone uploads a file into a folder where that filename is already taken, but the file contents are different, and the server already has a copy of that new file elsewhere under a different name

specific example:

• the server has two existing files, logo.png and logo-v2.png, in the same volume but not necessarily in the same folder, and those files contain different data
• you have a local copy of logo-v2.png on your laptop, but your local filename is logo.png
• you upload your local logo.png onto the server, into the same folder as the server's logo.png
• because the files contain different data, the server accidentally replaces the contents of logo.png with your version

if you have been using the database feature (globally with -e2dsa or volflag e2ds), and you suspect you may have hit this bug, then it is a good idea to make a backup of the up2k databases for all your volumes (the files with names starting with up2k.db) before restarting copyparty and before you do anything else, especially if you do not have serverlogs from far back in time -- if you have either the databases and/or the serverlogs, then it is possible to identify replaced files with some manual work

you can check if you hit the bug using one of the following two approaches:

• if your OS has the gnu find command, do a search for empty files with find -type f -size 0
• using copyparty (any OS), do the following steps:
  • make sure that reindex-on-startup is enabled; either globally with -e2dsa or volflag e2ds
  • then install this new copyparty version
  • click the search tab [🔎] and type the number 0 into the maximum MiB textbox

if you find any empty files with a filename that indicates it was autogenerated to avoid a name collision, for example logo.png-1725040569.239207-kbt0xteO.png, and the value of the number after logo.png is larger than 1723507200 (unixtime for 2024-08-13), then this indicates that logo.png may have been replaced by another upload

if you have the serverlogs from when the original upload of logo.png was made, then this can be used to identify the original contents of the file that was replaced, and to look for other copies. Please get in touch on the discord for assistance if necessary

---

new features

• shares: add revival and expiration extension ad2371f
  • share-owners can revive expired shares for --shr-rt minutes (default 1 day)
  • ...and extend expiration time by adding 1 minute or 1 hour to the timer
• sfx customizer improvements 03b13e8
  • improved translations stripper
  • add more examples

bugfixes

• the dedup bug 3da62ec
• tftp: support unmapped root 0123399

other changes

• copyparty.exe: update to pyinstaller 6.10.0
• textviewer wordwrapping c4e2b0f
• add logo 7037e73 ee35974

---

⚠️ not the latest version!

bing chilling

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2023-07-23)

new features

• #94 @ultwcz translated the UI to Chinese (thx!) 92edea1
• #84 improvements to shares: 8122dde
  • if one or more files are selected for sharing, they are placed into a virtual folder
  • more appropriate password UI for accessing protected shares
  • human-readable timestamps in shares listing
• u2c (commandline uploader): support multiple exclusion patterns f356faa

bugfixes

• remove confusing logmessage when downloading a zerobyte file 9f034d9
• shares: 7ff4696
  • fix crash if the root volume is unmapped
  • log-spam on config reload
  • password coalescing
  • add chrome support

other changes

• #93 add html IDs to the tabstrip 461f315

---

⚠️ not the latest version!