Tags: jwbuiter/flood
Tags
4.3.1
- Make theme button always at the bottom of sidebar
- Remove legacy font formats from static assets
- Slightly tweak styles of country flags in peer list
- Better accommodate longer flags
- Display country code on hover
- qBittorrent fixes:
- Attach cookies to URL downloads
- Set trackers
- Transmission fixes:
- Percentage downloaded of contents of a torrent
- Bug fixes:
- API call to get peer list of a non-existent torrent no longer crash Flood server
- Handle file not exist and access denied cases in content download
- Properly handle API call to update password of a user
- Security enhancements:
- Rate limit resource-intensive mediainfo request
- Ensure path is allowed for mediainfo request
- API call to list users no longer receive hashed passwords and client connection settings
- Note: only an authenticated admin user may list users
- New translations
- Czech, thanks to @brezinajn
- Romanian, thanks to @T-z3P
- Bump dependencies
4.3.0 - Generate magnet link from torrent - Add a button to allow user to switch color scheme - Multi architecture Docker images - linux/amd64 - linux/arm64 (new) - linux/arm/v7 (new) - Allow to display precise percentage - Expanded view: 1 decimal place - Details: 3 decimal places - Mountpoints with very long paths are ignored by disk usage - Tags can be attached while adding torrents to qBittorrent (needs qbittorrent/qBittorrent#13882) - Bug fixes: - Download destination fallback to rTorrent default destination (Mika-/torrent-control#105) - Properly catch errors of AddFiles and AddURLs when using qBittorrent - Display existing trackers in set trackers modal - New translations - Spanish, thanks to @vain4us - Bump dependencies Side note: I am starting to maintain a distribution of rTorrent, available at [jesec/rtorrent](https://github.com/jesec/rtorrent). It is optimized and small. It uses modern CMake and Bazel build systems. Bazel can also be used for dependency management and to produce statically linked reproducible builds. Static binaries (amd64, arm64) can be downloaded via [Github Actions](https://github.com/jesec/rtorrent/actions?query=workflow%3A%22Publish+rolling+build%22). Docker images are also available at [jesec/rtorrent](https://hub.docker.com/r/jesec/rtorrent). I made a simple [Dockerfile](https://github.com/jesec/flood/blob/5cc56067c3be6c91ccf94f71d4784be99c2823f8/Dockerfile.rtorrent) to demonstrate how to integrate rTorrent with Flood.
4.1.0⚠️ Changes that may require manual attention:⚠️ - Configuration is now schema validated before the start of Flood server - No action required if you use (preferred and default) CLI configuration interface - This ensures that when the config.js needs to be updated, the failure happens loud and early - Check [shared/schema/Config.ts](https://github.com/jesec/flood/blob/master/shared/schema/Config.ts) for more details - Enforces that the length of secret must be larger than 30 - Secret can be brute forced locally without interaction with the server - However, an attacker must get a valid token (generated by proper authentication) first - If all users are trusted, attackers have no way to get a valid token - Secret is used to sign authentication tokens but it is NOT linked to the password - Attacker may log into Flood as any user if they have the secret - However, they are still constrained by capabilities and settings (such as `--allowedpath`) of Flood Other changes: - Tag selector preference: - Single selection - Multi selection - UX enhancements to tag selector - Suggest destination based on selected tag - `add-urls` and `add-files` API endpoints no longer fail if `destination` property is not provided - Download destination fallback has been implemented: - Tag-specific preferred download destination - Last used download destination - Default download destination of connected torrent client - This makes things easier for API users - No direct impact on Flood itself - Remember last used "Add Torrents" tab - Remove center alignment of certain modals to align with global styles - Disallow browser's input suggestion when tag selector or folder browser is open - Don't pop up the browser menu on right click while context menu is open - Experimental standalone (single-executable) builds - New translations - German, thanks to @chint95 - Romanian, thanks to @T-z3P - Bump dependencies - Bug fixes: - Properly handle "error" alerts (display "❗" icon instead of "✅" icon)
* Experimental multi-client support * qBittorrent * Transmission * Stabilized and documented public API endpoints * Defined and documented internal interfaces, data structures and APIs * Better documentation for users and developers * Full migration to TypeScript * Reasonable test coverages for API endpoints * Torrent creation support * Add torrents as completed * Dropdown selector for existing tags * Seeding status in status filter * Set tracker URLs of torrents * Improved handling of rendering, updating and scrolling of torrent list * Preliminary tests show that Flood can now handle 500,000 torrents at least in the frontend. * Note: real-world performance depends on other factors such as method call and deserialization operations in the backend and data transfer between backend and frontend. * Better performance, less memory and CPU consumption in both frontend and backend * New translations * Chinese (Traditional), thanks to @vongola12324 * Czech, thanks to Jan Březina * French, thanks to @zopieux and @Mystere98 * German, thanks to @chint95 * Bug fixes * Security enhancements * Dockerfile revamp * Native build tools no longer needed as native dependency is replaced with WebAssembly variant * Server is packed before distribution, reduced number of dependencies in production, faster installation
3.1.0 * Allow to replace main tracker of torrents * Allow adjustment of visible context menu items * config.cli: make all configs configurable by options and env * styles: properly set width of clipboard icon (fixes jesec#26) * client: hide logout button when auth is disabled * Hungarian support (jesec#21), thanks to @sfu420 * New translations: * Chinese Traditional, thanks to @vongola12324 * Czech, thanks to @brezina.jn * Portuguese, thanks to @Zamalor * Security enhancements: * Allow restriction on file operations by paths * Do not bypass authentication token validation with disableUsersAndAuth * server: prohibit Cross-Origin Resource Sharing * server: auth: strictly prohibit cross-site cookie * Minor security fixes: * rTorrentDeserializer: avoid double unescaping * SettingsModal: mergeObjects: prevent prototype pollution * server: setSettings: turn inboundTransformations into a Map to validate dynamic call * server: be explicit about client app routes * server: cache index.html into memory * Minor refactoring and other changes * Bump dependencies to the latest revisions
PreviousNext