Skip to content

Releases: error311/FileRise

v3.11.0

20 Mar 08:03
@github-actions github-actions
v3.11.0
1f97156

Choose a tag to compare

View all tags
v3.11.0 Latest
Latest

Changes 03/20/2026 (v3.11.0)

release(v3.11.0): snippet ownership enforcement and phpseclib security update

Commit message

release(v3.11.0): snippet ownership enforcement and phpseclib security update

- file(snippet): enforce per-file read_own ownership checks before returning hover-preview snippet content
- file(snippet): align snippet access with the existing single-file read authorization helper path
- deps(composer): upgrade phpseclib/phpseclib to 3.0.50 to pick up the latest upstream security patch

Fixed

  • Snippet access control for own-only folders
    • The file snippet / hover-preview endpoint now enforces the same per-file ownership check already used by other single-file read paths when access comes only from read_own.
    • Users with own-only visibility can no longer retrieve snippet content from files uploaded by other users in the same folder.

Changed

  • Dependency security maintenance
    • Updated phpseclib/phpseclib to 3.0.50 in Composer dependencies to pick up the current upstream security fix in the locked dependency set.

v3.11.0

Full Changelog

v3.10.0 β†’ v3.11.0

SHA-256 (zip)

a9884226d9bf0f0869de0574da06113bce3f750806e322d5d4ac17234bd475b3  FileRise-v3.11.0.zip
Assets 4
Loading

v3.10.0

17 Mar 03:33
@github-actions github-actions
v3.10.0
f948847

Choose a tag to compare

View all tags
v3.10.0

Changes 03/16/2026 (v3.10.0)

release(v3.10.0): resumable upload hardening and ONLYOFFICE callback authorization tightening

Commit message

release(v3.10.0): resumable upload hardening and ONLYOFFICE callback authorization tightening

- upload(resumable): stop deriving temporary chunk directories from raw client identifiers and switch to hashed internal temp-folder names
- upload(cleanup): require authenticated upload access for resumable temp-folder removal and keep recursive cleanup bounded to the intended staging root
- upload(compat): preserve normal resumable upload flow while making temp-path resolution consistent across probe, write, and cleanup paths
- onlyoffice(callback): issue save callbacks only for editable sessions, bind callbacks to the authorized actor/file, and stop trusting body-supplied editor identities
- onlyoffice(origin): restrict callback fetch URLs to the configured Document Server origin while keeping callback JWT validation compatible with existing deployments

Changed

  • Resumable temp-folder naming
    • Resumable upload staging now maps client identifiers to hashed internal temp-folder names instead of using raw identifier values directly in filesystem paths.
    • The same temp-folder mapping is now used consistently for chunk probe, chunk staging, and resumable cleanup operations.

Fixed

  • Resumable cleanup guardrails

    • Tightened resumable temp-folder cleanup so recursive deletion stays bounded to the expected staging area.
    • The resumable cleanup endpoint now requires an authenticated session with upload permission for the target folder before removing chunk temp data.

  • ONLYOFFICE save authorization

    • View-only ONLYOFFICE sessions no longer receive save-capable callback URLs.
    • ONLYOFFICE save callbacks are now bound to the authorized actor and file, and no longer trust body-supplied editor identities.
    • Save fetches are restricted to the configured ONLYOFFICE Document Server origin before FileRise downloads updated content and writes it back to disk.

v3.10.0

Full Changelog

v3.9.4 β†’ v3.10.0

SHA-256 (zip)

f29143d5ace47f847ac43a1526ba376f16a572e30c5b4fa3127cf5325eebbd61  FileRise-v3.10.0.zip
Loading

v3.9.4

15 Mar 05:19
@github-actions github-actions
v3.9.4
0af3819

Choose a tag to compare

View all tags
v3.9.4

Changes 03/15/2026 (v3.9.4)

release(v3.9.4): preserve legacy compatibility path while keeping post-rotation key-file preference

Commit message

release(v3.9.4): preserve legacy compatibility path while keeping post-rotation key-file preference

- crypto(compat): keep legacy default-key fallback behavior for existing installs with encrypted state and no explicit key
- crypto(resolve): continue preferring metadata/persistent_tokens.key after rotation so follow-up requests stop drifting back to the legacy fallback
- docs(changelog): clarify that legacy installs remain supported while the post-rotation request-consistency fix stays in place

Changed

  • Legacy compatibility path
    • Clarified that existing installs without an explicit PERSISTENT_TOKENS_KEY still retain the historical legacy fallback behavior for encrypted state compatibility.
    • The legacy fallback remains resolver-driven in config.php, while rotated installs continue preferring metadata/persistent_tokens.key for post-rotation consistency.

Fixed

  • Release note accuracy
    • Clarified the persistent-token key compatibility story so the legacy-install behavior and the post-rotation fix are documented together.

v3.9.4

Full Changelog

v3.9.3 β†’ v3.9.4

SHA-256 (zip)

0e840258d73faba60b031d416bd40aae86e0622d2e545d97d7486a6a27f8a7a3  FileRise-v3.9.4.zip
Loading

v3.9.3

15 Mar 04:57
@github-actions github-actions
v3.9.3
8afc872

Choose a tag to compare

View all tags
v3.9.3

Changes 03/15/2026 (v3.9.3)

release(v3.9.3): legacy fallback worker-env fix after persistent-token key rotation

Commit message

release(v3.9.3): legacy fallback worker-env fix after persistent-token key rotation

- crypto(startup): stop exporting the legacy fallback key as a process-wide env value on compatibility-path installs
- crypto(resolve): prefer the persisted key file over legacy_default source hints once a rotation has written metadata/persistent_tokens.key
- admin(ui): eliminate post-rotation getConfig/siteConfig failures caused by workers still decrypting with the inherited legacy fallback

Fixed

  • Post-rotation request consistency
    • Fixed a case where some Apache workers could keep using the legacy fallback persistent-token key immediately after an in-app rotation, causing transient getConfig.php / siteConfig.php 500 responses until a refresh or restart.
    • Compatibility-path installs no longer export the legacy fallback key as a worker-wide env value, and the key resolver now prefers the persisted key file once rotation has written metadata/persistent_tokens.key.

v3.9.3

Full Changelog

v3.9.2 β†’ v3.9.3

SHA-256 (zip)

752cd4d14acc59e0b65127994048ce115b2dd13fb64a06ed4c64e29a9dc19760  FileRise-v3.9.3.zip
Loading

v3.9.2

15 Mar 04:06
@github-actions github-actions
v3.9.2
539a630

Choose a tag to compare

View all tags
v3.9.2

Changes 03/15/2026 (v3.9.2)

release(v3.9.2): admin config decrypt retry after persistent-token key transitions

Commit message

release(v3.9.2): admin config decrypt retry after persistent-token key transitions

- admin(config): retry adminConfig.json reads once before surfacing decrypt errors after key changes
- admin(ui): avoid transient getConfig failures on the first Admin Panel open after key transitions

Fixed

  • Admin Panel first-open stability after key changes
    • Fixed a transient getConfig.php failure where the first Admin Panel open after a persistent-token key transition could return Failed to decrypt configuration. even though a manual refresh succeeded.
    • AdminModel::getConfig() now rereads adminConfig.json once and retries decryption before surfacing a real decrypt error.

v3.9.2

Full Changelog

v3.9.1 β†’ v3.9.2

SHA-256 (zip)

079eb01968fd8979eaa9ee45bc3897b59c0024b473682327cb6346b66a9f839b  FileRise-v3.9.2.zip
Loading

v3.9.1

15 Mar 03:24
@github-actions github-actions
v3.9.1
6a98b26

Choose a tag to compare

View all tags
v3.9.1

Changes 03/15/2026 (v3.9.1)

release(v3.9.1): post-rotation bootstrap fix and startup script cleanup

Commit message

release(v3.9.1): post-rotation bootstrap fix and startup script cleanup

- admin(startup): tolerate transient adminConfig decrypt fallback during persistent-token key rotation bootstrap
- docker(startup): split persistent-token key file export assignment to satisfy shellcheck

Fixed

  • Post-rotation bootstrap stability
    • Fixed a bootstrap path that could white-page the app if adminConfig.json was re-read during a persistent-token key rotation transition and decryption temporarily returned a non-string value.
    • The startup config path now falls back safely instead of fataling during json_decode(...).

Changed

  • Startup script shell hygiene
    • Adjusted the persistent-token key file load/export sequence in start.sh so CI shell linting passes without changing runtime behavior.

v3.9.1

Full Changelog

v3.9.0 β†’ v3.9.1

SHA-256 (zip)

ba04ea31cdd3ac2234f224ed495d6e88de32070bcd7cad384f8da1a824375968  FileRise-v3.9.1.zip
Loading

v3.9.0

15 Mar 03:17
@github-actions github-actions
v3.9.0
f2b749c

Choose a tag to compare

View all tags
v3.9.0

Changes 03/14/2026 (v3.9.0)

release(v3.9.0): persistent-token key lifecycle updates and admin rotation workflow

Commit message

release(v3.9.0): persistent-token key lifecycle updates and admin rotation workflow

- docker(startup): remove baked persistent-token key defaults and auto-generate a unique key for pristine installs
- admin(ui): warn when the instance is still using a legacy or placeholder persistent-token key and expose guided rotation for compatible installs
- admin(crypto): add persistent-token key rotation that re-encrypts stored secrets and expires remember-me sessions
- docs(docker): refresh docker run / compose guidance so metadata-backed generated keys are documented as the default path

Added

  • Admin rotation workflow for persistent-token keys
    • Added an admin-only rotation action that generates a new persistent-token key, re-encrypts stored secret-bearing data, writes metadata/persistent_tokens.key, and intentionally expires remember-me sessions.
    • Added an admin warning card with rotation guidance for instances still using a legacy or placeholder persistent-token key.

Changed

  • Docker startup behavior
    • Pristine Docker installs now auto-generate and persist a unique persistent-token key in metadata/persistent_tokens.key.
    • Existing installs without an explicit key continue on the legacy compatibility path until the operator rotates them.
  • Docker examples and env reference
    • Updated docker run, compose, and env-reference guidance so PERSISTENT_TOKENS_KEY is optional by default and no published placeholder value is documented.

Fixed

  • Persistent-token key lifecycle
    • Existing installs can now move off the legacy compatibility key without losing admin config, user-permissions, stored TOTP secrets, or source credentials.
    • Remember-me sessions are explicitly expired during rotation instead of being left in a mixed-key state.

Security

  • Install defaults
    • The runtime image no longer ships a baked-in persistent-token key default.
    • New Docker installs now start with instance-unique key material by default as long as metadata/ is persistent.

v3.9.0

Full Changelog

v3.8.0 β†’ v3.9.0

SHA-256 (zip)

f0757584dddccb5bbdd522cc45bf11f6a58d5f5e12666dd25ac56bd4ea9f6e00  FileRise-v3.9.0.zip
Loading

v3.8.0

13 Mar 03:17
@github-actions github-actions
v3.8.0
da9cbee

Choose a tag to compare

View all tags
v3.8.0

Changes 03/12/2026 (v3.8.0)

release(v3.8.0): share-link admin guards and centralized safe-upload policy

Commit message

release(v3.8.0): share-link admin guards and centralized safe-upload policy

- shares(security): require authenticated admin + CSRF for file share link listing and deletion
- uploads(policy): add centralized safe-upload policy with strict default and code-friendly admin override
- webdav(policy): enforce the shared write-name policy for WebDAV file and folder creation paths
- admin(ui): expose safe upload policy in Admin Panel and persist the normalized config value
- admin(fix): guard partial config updates that omit oidc payloads

Added

  • Centralized safe-upload policy
    • Added src/FileRise/Support/UploadNamePolicy.php to centralize write-path filename policy decisions.
    • Added admin-configurable policy modes:
      • strict (default)
      • code_friendly

Changed

  • File share admin endpoints
    • getShareLinks.php now requires an authenticated admin session.
    • deleteShareLink.php now requires an authenticated admin session and a valid CSRF token.
    • Updated the generated OpenAPI spec to reflect the authenticated share-link route behavior.
  • Write-path filename enforcement
    • Normal uploads, file create/save flows, selected folder write paths, and WebDAV now use the shared write-name policy instead of relying only on the generic filename regex.
    • Added an Admin Panel control under upload settings so operators can switch between strict and code_friendly behavior.

Fixed

  • Partial admin config saves
    • Fixed admin config updates failing when the submitted payload omits the oidc object during narrower settings changes.
  • WebDAV folder-name validation
    • WebDAV folder creation now rejects invalid path-like names such as empty names, . / .., and names containing path separators.

Security

  • Safe-upload defaults
    • New write operations default to strict mode.
    • .htaccess, .user.ini, and web.config remain blocked in all policy modes.
  • Share-link guard consistency
    • File share-link listing and deletion now use the same authenticated admin expectations as the rest of the admin share management surface.

v3.8.0

Full Changelog

v3.7.0 β†’ v3.8.0

SHA-256 (zip)

c9a2e45aeb8dc04e9f1b5b093e52aba134841a9d4fb7f51115048c23c1f8b97e  FileRise-v3.8.0.zip
Loading

v3.7.0

09 Mar 02:25
@github-actions github-actions
v3.7.0
fed969d

Choose a tag to compare

View all tags
v3.7.0

Changes 03/08/2026 (v3.7.0)

Demo videos

release(v3.7.0): AI chat admin workspace, public share/portal copilots, PDF previews, and WebDAV read-stream hardening

Commit message

release(v3.7.0): AI chat admin workspace, public share/portal copilots, PDF previews, and WebDAV read-stream hardening

- pro(ai): add core AI API wrappers, admin AI workspace hooks, and public share/portal copilot integration seams
- files(pdf): add opt-in local PDF thumbnails and inline PDF preview support
- mcp(core): extend scoped operation catalog for AI file/folder actions and metadata discovery
- automation(core): expose AI watched-rule and approval actions through ProAutomationApiService
- storage(webdav): switch remote reads to curl-backed streaming with low-speed timeout handling
- security: keep public AI explicitly opt-in per share/portal and preserve scoped public guards

Added

  • Core AI API surface for Pro integration
    • Added AI endpoint wrappers under:
      • /api/pro/ai/chat.php
      • /api/pro/ai/config/{get,save,public}.php
      • /api/pro/ai/share/chat.php
      • /api/pro/ai/portal/chat.php
      • /api/pro/ai/agents/{list,save,delete}.php
      • /api/pro/ai/recipes/{list,save,delete}.php
      • /api/pro/ai/jobs/queue.php
  • Automation AI workflow endpoints
    • Added endpoint wrappers under:
      • /api/pro/automation/ai-rules/{list,save,delete}.php
      • /api/pro/automation/approvals/{list,decide}.php
      • /api/pro/automation/agent/inbound.php
      • /api/pro/automation/jobs/output.php
  • Admin AI workspace UI
    • Added the in-app AI chat/admin shell and AI-specific admin controls in:
      • public/js/aiChat.js
      • public/js/adminAutomation.js

Changed

  • Public share + portal AI UX
    • Shared-folder and portal public views now expose scoped AI copilot entrypoints, prompt examples, and dedicated styling for public AI interactions.
    • Share and portal admin/settings flows now support per-link or per-portal AI enablement controls.
  • PDF preview support
    • Gallery cards and desktop hover previews can now show rasterized first-page thumbnails for local PDF files.
    • Added a Core admin toggle under Appearance, UI & Indexing so PDF thumbnails remain opt-in and can be disabled to restore the old icon/no-preview behavior.
    • PDF files can now open inline in the existing file preview modal when the feature is enabled.
  • Core MCP operation seam for AI
    • Extended src/FileRise/Domain/McpCoreOpsService.php with additional scoped operations used by AI flows:
      • read_file
      • create_file
      • create_folder
      • copy_files
      • rename_file
    • Added operation metadata/catalog helpers so AI/admin surfaces can describe allowed operations without duplicating rules.
  • Automation API service coverage
    • Extended src/FileRise/Domain/ProAutomationApiService.php to expose AI watched-rule and approval actions through the existing core service seam.
  • Share/portal metadata
    • Shared-folder and portal records now carry aiEnabled metadata so public AI can be explicitly enabled or disabled per surface.
  • Runtime image
    • Updated Dockerfile for the AI-enabled runtime prerequisites used by this release branch, including poppler-utils for local PDF thumbnailing and AI document workflows.

Fixed

  • Public AI share default regression
    • Fixed newly created shares defaulting to aiEnabled=0 when older or hidden UI paths omitted the field.
    • The share modal now only sends aiEnabled when the control is visible, preserving backward-compatible defaults.
  • Public AI config endpoint guard
    • Fixed /api/pro/ai/config/public.php using the authenticated AI guard instead of the public guard, which could block unauthenticated share/portal pages from loading AI availability correctly.
  • PDF preview regressions
    • Fixed authenticated PDF inline viewing so PDFs no longer download instead of rendering in the preview modal.
    • Fixed the PDF thumbnail toggle save path and disabled-state behavior so the old outside-the-modal PDF behavior is restored when the toggle is off.
  • WebDAV source streaming
    • Updated the WebDAV adapter read path to use the curl-backed read stream helper with clearer low-speed timeout handling and better read-stream failure reporting.

Security

  • Scoped public AI enforcement
    • Public share and portal AI routes stay bounded to the current share/portal scope, reuse existing access checks, and continue sending Cache-Control: no-store plus X-Content-Type-Options: nosniff.
  • External provider disclosure
    • Admin AI Settings and the in-app AI Chat now warn when enabled providers are external, so operators are explicitly reminded that prompts and visible file excerpts may leave the instance.
  • Admin/API guard consistency
    • New authenticated AI and automation wrappers use centralized bootstrap/guard helpers instead of duplicating auth/admin/CSRF logic across endpoints.

Docs

  • Added wiki coverage for Pro AI chat/admin features and linked it in the docs sidebar.

v3.7.0

Full Changelog

v3.6.1 β†’ v3.7.0

SHA-256 (zip)

f02358cbba2e4436379c5f5052666d0e98c95f5b8a2b21536a7a816c086329ed  FileRise-v3.7.0.zip
Loading

v3.6.1

05 Mar 07:19
@github-actions github-actions
v3.6.1
f16b03a

Choose a tag to compare

View all tags
v3.6.1

Changes 03/05/2026 (v3.6.1)

release(v3.6.1): iPad hover preview pointer compatibility + configurable hover delay (refs #105)

Commit message

release(v3.6.1): iPad hover preview pointer compatibility + configurable hover delay (refs #105)

- file-list(ux): add per-user hover preview delay setting in User Panel (0-2500ms, default 180ms)
- file-list(fix): allow hover preview on hybrid pointer devices (iPadOS + Magic Keyboard/trackpad) while keeping touch-only devices disabled
- i18n: add hover delay label/help strings

Changed

  • File-list hover preview UX
    • Added per-user hover preview delay control in User Panel -> Display (0-2500 ms, default 180 ms).

Fixed

  • Hover preview device-compatibility regression
    • Fixed hover preview being incorrectly disabled on iPadOS pointer setups (for example Magic Keyboard/trackpad) by allowing hover-capable hybrid pointer devices while keeping touch-only devices disabled.

v3.6.1

Full Changelog

v3.6.0 β†’ v3.6.1

SHA-256 (zip)

edbd4ab272db8ef7764e61f5c4d377acfb556b60d4fec993ccaeaabd7c4f3912  FileRise-v3.6.1.zip
Loading