Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,263 Commits 9 Branches 53 Tags
29c635a9a6f68d0f57b520dd82cba8e16d412b30
Commit Graph

2263 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicola Murino
29c635a9a6 update version and deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
v2.7.0 		2025-10-23 18:26:44 +02:00
Nicola Murino
e82d1bbef6 sftpgo.json: remove non-existent setting 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-16 19:40:29 +02:00
Nicola Murino
2c36077178 CI: use Go 1.25 for FreeBSD 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-16 19:39:49 +02:00
dependabot[bot]
4e91326124 Bump github/codeql-action from 3 to 4 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-15 08:42:08 +02:00
Nicola Murino
317f14f869 Docker: remove git and rsync 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-15 08:41:05 +02:00
Nicola Murino
a768dac29d jwt: increase leeway and add some tests 
also export a constant for the Cookie name

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-11 14:14:21 +02:00
Nicola Murino
c4bc88cd2e Docker: update to debian 13 
also update nfpm to 2.43.4

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-10 21:30:33 +02:00
Nicola Murino
90685d8ef2 fix random failure in test cases 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-10 21:30:05 +02:00
Nicola Murino
f21c3d2af2 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-09 20:46:29 +02:00
Nicola Murino
278f522e30 sftpgo.json: cleanup unsupported configuration keys 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-09 20:44:43 +02:00
Nicola Murino
fa70ff35c4 Add debug log to investigate intermittent test failure in CI 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-08 19:22:35 +02:00
Nicola Murino
314bb5c886 update deps and nfpm 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-08 18:51:52 +02:00
Nicola Murino
0ae2354fed JWT: replace jwtauth/jwx with lightweight wrapper around go-jose 
We replaced the jwtauth and jwx libraries with a minimal custom wrapper
around go-jose because we don’t need the full feature set provided by jwx.
Implementing our own wrapper simplifies the codebase and improves
maintainability.

Moreover, go-jose depends only on the standard library, resulting in a
leaner dependency that still meets all our requirements.

This change also reduces the SFTPGo binary size by approximately 1MB

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-08 18:10:39 +02:00
Nicola Murino
9ca35c3555 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-04 11:42:35 +02:00
Nicola Murino
69f2c70661 CI: use windows-latest and install iscc manually 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 18:41:39 +02:00
Nicola Murino
35525e22e9 remove rsync support 
rsync was executed as an external command, which means we have no insight
into or control over what it actually does.
From a security perspective, this is far from ideal.

To be clear, there's nothing inherently wrong with rsync itself. However,
if we were to support it properly within SFTPGo, we would need to implement
the low-level protocol internally rather than relying on launching an external
process. This would ensure it works seamlessly with any storage backend,
just as SFTP does, for example.
We recommend using one of the many alternatives that rely on the SFTP
protocol, such as rclone

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 18:15:15 +02:00
Nicola Murino
cc0ee9f43b update nfpm to 2.43.1 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 10:03:45 +02:00
Nicola Murino
7dd5757a44 CI: use Windows-2022 for now 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 10:02:27 +02:00
Nicola Murino
3f21db14e4 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 09:36:28 +02:00
Nicola Murino
e892748ef4 system commands: recursively verify required permissions 
If any permission is missing at any level, return a "Permission Denied"
error

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 09:36:19 +02:00
Nicola Murino
f4092b9f9e sftpd: use VerifiedPublicKeyCallback 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 09:22:27 +02:00
Nicola Murino
cdaefbf04a Fix flaky test case 
ensure the user filter is set on the rule so notification triggers
only when expected.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:16:28 +02:00
Nicola Murino
5c3aa8278b CI: switch to Go 1.25 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:16:23 +02:00
Nicola Murino
255ad5f6db remove automaxprocs: no longer required with Go 1.25 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:16:14 +02:00
Nicola Murino
a469dd68a2 update theme and js deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:15:57 +02:00
Nicola Murino
29e9d95088 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-21 14:21:57 +02:00
Nicola Murino
952df50a98 remove ftpserverlib fork 
the correct flow is to add features to the upstream library first

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-21 14:21:53 +02:00
Nicola Murino
d2ee43585a remove x/crypto fork 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-21 14:21:47 +02:00
dependabot[bot]
726f1fde19 Bump golang from 1.24-bookworm to 1.25-bookworm 
Bumps golang from 1.24-bookworm to 1.25-bookworm.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25-bookworm
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-21 14:20:25 +02:00
Nicola Murino
75a9ebcdf9 CI: remove Azure Trusted Signing action 
The Azure Trusted Signing certificate is expiring soon, and renewal is no
longer available  for individuals or organizations outside of Canada and USA.

Due to this limitation, we are removing the Trusted Signing step from our
CI pipeline.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-20 18:07:21 +02:00
Nicola Murino
7f03dc0fab convert action migration: allow to import any command action 
EnabledCommands are initialized after the migration so allow any
command, they will be denied if not allowed and this is temporary.
The migration will be removed in the future

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-20 17:59:15 +02:00
Nicola Murino
52ae36f169 README: better clarify how to select the appropriate documentation 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-10 20:14:35 +02:00
Nicola Murino
7ce456edef CI release: move Azure login closer to signing step in Windows workflow 
The Azure login token validity has been decreased so login just before
signing

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-09 19:46:06 +02:00
Nicola Murino
b1208279b7 CI: move Azure login closer to signing step in Windows workflow 
Azure login tokens now appear to expire after 5 minutes.
To avoid authentication issues, the login step is now performed
immediately before signing the binaries.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-09 19:08:57 +02:00
Nicola Murino
0dca906351 docs: clarify sponsor/support model and how to use versioned documentation 
- Updated the "Sponsors" section to reflect the current open-core model
- Clarified that sponsorship supports the open-source edition
- Improved "Support" section to distinguish community vs. Enterprise support
- Added instructions on selecting the correct documentation version

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-09 18:38:27 +02:00
dependabot[bot]
20df8ba48b Bump actions/setup-go from 5 to 6 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 18:16:22 +02:00
Nicola Murino
b160090866 httpdtest: remove unused constant 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-07 18:19:45 +02:00
Nicola Murino
78d93730e0 update README and support link now that SFTPGo Enterprise is GA 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-07 18:18:55 +02:00
Nicola Murino
aad4de6001 html templates: update attribution 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-22 16:21:20 +02:00
Nicola Murino
19d1a0e0c1 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-22 15:57:55 +02:00
Nicola Murino
a5dd529d88 node token: embed permissions directly in JWT 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-22 15:57:41 +02:00
Nicola Murino
6bde42fc3f dataprovider: prevent action execution after external authentication 
As per the documentation for external authentication, provider actions
should  not be executed post-authentication.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-21 07:20:06 +02:00
Nicola Murino
917d992231 CI: update FreeBSD to 14.3 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-19 21:29:17 +02:00
dependabot[bot]
fc111b44d9 Bump actions/download-artifact from 4 to 5 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-19 21:27:28 +02:00
dependabot[bot]
cdcea54f46 Bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-19 21:26:52 +02:00
Nicola Murino
a2d3613250 dataprovider: preserve initial sort order for related resources 
Folders and groups now retain their initial order, improving compatibility
and predictability when used with Terraform

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-19 16:11:53 +02:00
Nicola Murino
81a9813376 Windows: fix build 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-17 13:35:29 +02:00
Nicola Murino
63366b0007 virtual folders: fix path placeholder check 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-17 12:42:37 +02:00
Nicola Murino
0f6202f059 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-17 12:34:35 +02:00
Nicola Murino
e7a1128574 remove AWS Marketplace specific code 
it is out of context for the Open-Source edition

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-17 12:29:57 +02:00