sftpgo

mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00

Author	SHA1	Message	Date
Nicola Murino	314bb5c886	update deps and nfpm Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-10-08 18:51:52 +02:00
Nicola Murino	0ae2354fed	JWT: replace jwtauth/jwx with lightweight wrapper around go-jose We replaced the jwtauth and jwx libraries with a minimal custom wrapper around go-jose because we don’t need the full feature set provided by jwx. Implementing our own wrapper simplifies the codebase and improves maintainability. Moreover, go-jose depends only on the standard library, resulting in a leaner dependency that still meets all our requirements. This change also reduces the SFTPGo binary size by approximately 1MB Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-10-08 18:10:39 +02:00
Nicola Murino	9ca35c3555	update deps Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-10-04 11:42:35 +02:00
Nicola Murino	69f2c70661	CI: use windows-latest and install iscc manually Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-28 18:41:39 +02:00
Nicola Murino	35525e22e9	remove rsync support rsync was executed as an external command, which means we have no insight into or control over what it actually does. From a security perspective, this is far from ideal. To be clear, there's nothing inherently wrong with rsync itself. However, if we were to support it properly within SFTPGo, we would need to implement the low-level protocol internally rather than relying on launching an external process. This would ensure it works seamlessly with any storage backend, just as SFTP does, for example. We recommend using one of the many alternatives that rely on the SFTP protocol, such as rclone Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-28 18:15:15 +02:00
Nicola Murino	cc0ee9f43b	update nfpm to 2.43.1 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-28 10:03:45 +02:00
Nicola Murino	7dd5757a44	CI: use Windows-2022 for now Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-28 10:02:27 +02:00
Nicola Murino	3f21db14e4	update deps Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-28 09:36:28 +02:00
Nicola Murino	e892748ef4	system commands: recursively verify required permissions If any permission is missing at any level, return a "Permission Denied" error Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-28 09:36:19 +02:00
Nicola Murino	f4092b9f9e	sftpd: use VerifiedPublicKeyCallback Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-28 09:22:27 +02:00
Nicola Murino	cdaefbf04a	Fix flaky test case ensure the user filter is set on the rule so notification triggers only when expected. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-22 09:16:28 +02:00
Nicola Murino	5c3aa8278b	CI: switch to Go 1.25 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-22 09:16:23 +02:00
Nicola Murino	255ad5f6db	remove automaxprocs: no longer required with Go 1.25 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-22 09:16:14 +02:00
Nicola Murino	a469dd68a2	update theme and js deps Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-22 09:15:57 +02:00
Nicola Murino	29e9d95088	update deps Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-21 14:21:57 +02:00
Nicola Murino	952df50a98	remove ftpserverlib fork the correct flow is to add features to the upstream library first Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-21 14:21:53 +02:00
Nicola Murino	d2ee43585a	remove x/crypto fork Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-21 14:21:47 +02:00
dependabot[bot]	726f1fde19	Bump golang from 1.24-bookworm to 1.25-bookworm Bumps golang from 1.24-bookworm to 1.25-bookworm. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25-bookworm dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2025-09-21 14:20:25 +02:00
Nicola Murino	75a9ebcdf9	CI: remove Azure Trusted Signing action The Azure Trusted Signing certificate is expiring soon, and renewal is no longer available for individuals or organizations outside of Canada and USA. Due to this limitation, we are removing the Trusted Signing step from our CI pipeline. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-20 18:07:21 +02:00
Nicola Murino	7f03dc0fab	convert action migration: allow to import any command action EnabledCommands are initialized after the migration so allow any command, they will be denied if not allowed and this is temporary. The migration will be removed in the future Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-20 17:59:15 +02:00
Nicola Murino	52ae36f169	README: better clarify how to select the appropriate documentation Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-10 20:14:35 +02:00
Nicola Murino	7ce456edef	CI release: move Azure login closer to signing step in Windows workflow The Azure login token validity has been decreased so login just before signing Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-09 19:46:06 +02:00
Nicola Murino	b1208279b7	CI: move Azure login closer to signing step in Windows workflow Azure login tokens now appear to expire after 5 minutes. To avoid authentication issues, the login step is now performed immediately before signing the binaries. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-09 19:08:57 +02:00
Nicola Murino	0dca906351	docs: clarify sponsor/support model and how to use versioned documentation - Updated the "Sponsors" section to reflect the current open-core model - Clarified that sponsorship supports the open-source edition - Improved "Support" section to distinguish community vs. Enterprise support - Added instructions on selecting the correct documentation version Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-09 18:38:27 +02:00
dependabot[bot]	20df8ba48b	Bump actions/setup-go from 5 to 6 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-09-09 18:16:22 +02:00
Nicola Murino	b160090866	httpdtest: remove unused constant Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-07 18:19:45 +02:00
Nicola Murino	78d93730e0	update README and support link now that SFTPGo Enterprise is GA Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-09-07 18:18:55 +02:00
Nicola Murino	aad4de6001	html templates: update attribution Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-22 16:21:20 +02:00
Nicola Murino	19d1a0e0c1	update deps Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-22 15:57:55 +02:00
Nicola Murino	a5dd529d88	node token: embed permissions directly in JWT Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-22 15:57:41 +02:00
Nicola Murino	6bde42fc3f	dataprovider: prevent action execution after external authentication As per the documentation for external authentication, provider actions should not be executed post-authentication. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-21 07:20:06 +02:00
Nicola Murino	917d992231	CI: update FreeBSD to 14.3 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-19 21:29:17 +02:00
dependabot[bot]	fc111b44d9	Bump actions/download-artifact from 4 to 5 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-08-19 21:27:28 +02:00
dependabot[bot]	cdcea54f46	Bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-08-19 21:26:52 +02:00
Nicola Murino	a2d3613250	dataprovider: preserve initial sort order for related resources Folders and groups now retain their initial order, improving compatibility and predictability when used with Terraform Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-19 16:11:53 +02:00
Nicola Murino	81a9813376	Windows: fix build Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-17 13:35:29 +02:00
Nicola Murino	63366b0007	virtual folders: fix path placeholder check Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-17 12:42:37 +02:00
Nicola Murino	0f6202f059	update deps Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-17 12:34:35 +02:00
Nicola Murino	e7a1128574	remove AWS Marketplace specific code it is out of context for the Open-Source edition Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-17 12:29:57 +02:00
Nicola Murino	0dec86474e	update deps Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-06 20:44:09 +02:00
Nicola Murino	b48a90bce9	update deps Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-02 19:21:53 +02:00
Nicola Murino	75ad6346c3	removed some unused constants Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-02 19:00:15 +02:00
Nicola Murino	b2948a5255	sshd: removed Git support Git integration has been removed as it is out of scope for a file transfer solution like SFTPGo. Maintaining Git support introduces unnecessary complexity and potential security risks due to reliance on system commands. In particular, allowing Git operations could enable authorized users to upload repositories containing hooks, which might then be executed and abused. To reduce the attack surface and simplify the codebase, Git support has been fully dropped. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-02 18:58:03 +02:00
Nicola Murino	ddbe40cefa	HTTPD, WebDAV: use http.ResponseController backport from Enterprise edition Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-02 18:00:45 +02:00
Nicola Murino	9a0137befb	config: redact master key string Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-07-22 19:53:19 +02:00
Nicola Murino	0bac81816c	WebClient: add an id field to files list to simplify UI logic Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-07-22 18:59:20 +02:00
Nicola Murino	8ae6e5e486	WebUI: improve fileSizeIEC function and make it more readable Fixes #1974 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-07-21 18:26:09 +02:00
Nicola Murino	c49d76274d	WebClient: translate "selected items" label also at bottom of page Fixes #1979 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-07-21 18:24:49 +02:00
Nicola Murino	ae11c81bf8	Improve issue templates Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-07-20 13:18:25 +02:00
dependabot[bot]	166b87fa3c	Bump azure/trusted-signing-action from 0.5.1 to 0.5.9 Bumps [azure/trusted-signing-action](https://github.com/azure/trusted-signing-action) from 0.5.1 to 0.5.9. - [Release notes](https://github.com/azure/trusted-signing-action/releases) - [Commits](https://github.com/azure/trusted-signing-action/compare/v0.5.1...v0.5.9) --- updated-dependencies: - dependency-name: azure/trusted-signing-action dependency-version: 0.5.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-20 10:52:22 +02:00

1 2 3 4 5 ...

2252 Commits