Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 06:10:54 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,277 Commits 9 Branches 53 Tags
cbdc48ba7c47b6155cc78dc34f0506678c483138
Commit Graph

2277 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
cbdc48ba7c Bump actions/checkout from 5 to 6 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-30 12:26:47 +01:00
Nicola Murino
90821ffc23 cloud backends: update part size limits 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-11-23 12:56:59 +01:00
Nicola Murino
32cc426cb9 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-11-20 09:00:39 +01:00
Nicola Murino
9fa18c37f7 fix lint warning 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-11-19 19:29:04 +01:00
Nicola Murino
4230da8e7d s3: implement multipart downloads without using the S3 Manager 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-11-19 18:53:27 +01:00
Nicola Murino
22c875c0a1 sftpd: add support for OpenPubkey SSH 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-11-19 09:16:56 +01:00
Nicola Murino
74f8539247 pre-login hook: require either a full user object or no user modification 
The previous behavior was a leftover from an old refactor.
This change aligns the pre-login hook with the behavior of other hooks,
although it may break some edge cases that relied on the previous inconsistent
behavior.

Fixes #2107

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-11-18 20:09:22 +01:00
dependabot[bot]
3a42c70021 Bump golangci/golangci-lint-action from 8 to 9 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 8 to 9.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v8...v9)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-18 18:54:01 +01:00
dependabot[bot]
59bd46a227 Bump actions/upload-artifact from 4 to 5 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 08:55:40 +01:00
dependabot[bot]
5039a0ee31 Bump actions/download-artifact from 5 to 6 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 08:55:02 +01:00
Nicola Murino
973b68a383 data provider: micro-optimization 
skip availability check when updating the node timestamp.
If the update succeeds, the data provider is healthy

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-26 09:48:47 +01:00
Nicola Murino
5ce9688780 enforce group-level password strength for users and shares 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-26 09:44:32 +01:00
Nicola Murino
accb9703d0 back to development 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-26 08:14:24 +01:00
Nicola Murino
9c42ec34e8 pkgs update 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-26 08:12:32 +01:00
Nicola Murino
29c635a9a6 update version and deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
v2.7.0 		2025-10-23 18:26:44 +02:00
Nicola Murino
e82d1bbef6 sftpgo.json: remove non-existent setting 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-16 19:40:29 +02:00
Nicola Murino
2c36077178 CI: use Go 1.25 for FreeBSD 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-16 19:39:49 +02:00
dependabot[bot]
4e91326124 Bump github/codeql-action from 3 to 4 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-15 08:42:08 +02:00
Nicola Murino
317f14f869 Docker: remove git and rsync 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-15 08:41:05 +02:00
Nicola Murino
a768dac29d jwt: increase leeway and add some tests 
also export a constant for the Cookie name

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-11 14:14:21 +02:00
Nicola Murino
c4bc88cd2e Docker: update to debian 13 
also update nfpm to 2.43.4

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-10 21:30:33 +02:00
Nicola Murino
90685d8ef2 fix random failure in test cases 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-10 21:30:05 +02:00
Nicola Murino
f21c3d2af2 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-09 20:46:29 +02:00
Nicola Murino
278f522e30 sftpgo.json: cleanup unsupported configuration keys 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-09 20:44:43 +02:00
Nicola Murino
fa70ff35c4 Add debug log to investigate intermittent test failure in CI 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-08 19:22:35 +02:00
Nicola Murino
314bb5c886 update deps and nfpm 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-08 18:51:52 +02:00
Nicola Murino
0ae2354fed JWT: replace jwtauth/jwx with lightweight wrapper around go-jose 
We replaced the jwtauth and jwx libraries with a minimal custom wrapper
around go-jose because we don’t need the full feature set provided by jwx.
Implementing our own wrapper simplifies the codebase and improves
maintainability.

Moreover, go-jose depends only on the standard library, resulting in a
leaner dependency that still meets all our requirements.

This change also reduces the SFTPGo binary size by approximately 1MB

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-08 18:10:39 +02:00
Nicola Murino
9ca35c3555 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-04 11:42:35 +02:00
Nicola Murino
69f2c70661 CI: use windows-latest and install iscc manually 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 18:41:39 +02:00
Nicola Murino
35525e22e9 remove rsync support 
rsync was executed as an external command, which means we have no insight
into or control over what it actually does.
From a security perspective, this is far from ideal.

To be clear, there's nothing inherently wrong with rsync itself. However,
if we were to support it properly within SFTPGo, we would need to implement
the low-level protocol internally rather than relying on launching an external
process. This would ensure it works seamlessly with any storage backend,
just as SFTP does, for example.
We recommend using one of the many alternatives that rely on the SFTP
protocol, such as rclone

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 18:15:15 +02:00
Nicola Murino
cc0ee9f43b update nfpm to 2.43.1 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 10:03:45 +02:00
Nicola Murino
7dd5757a44 CI: use Windows-2022 for now 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 10:02:27 +02:00
Nicola Murino
3f21db14e4 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 09:36:28 +02:00
Nicola Murino
e892748ef4 system commands: recursively verify required permissions 
If any permission is missing at any level, return a "Permission Denied"
error

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 09:36:19 +02:00
Nicola Murino
f4092b9f9e sftpd: use VerifiedPublicKeyCallback 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 09:22:27 +02:00
Nicola Murino
cdaefbf04a Fix flaky test case 
ensure the user filter is set on the rule so notification triggers
only when expected.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:16:28 +02:00
Nicola Murino
5c3aa8278b CI: switch to Go 1.25 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:16:23 +02:00
Nicola Murino
255ad5f6db remove automaxprocs: no longer required with Go 1.25 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:16:14 +02:00
Nicola Murino
a469dd68a2 update theme and js deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:15:57 +02:00
Nicola Murino
29e9d95088 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-21 14:21:57 +02:00
Nicola Murino
952df50a98 remove ftpserverlib fork 
the correct flow is to add features to the upstream library first

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-21 14:21:53 +02:00
Nicola Murino
d2ee43585a remove x/crypto fork 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-21 14:21:47 +02:00
dependabot[bot]
726f1fde19 Bump golang from 1.24-bookworm to 1.25-bookworm 
Bumps golang from 1.24-bookworm to 1.25-bookworm.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25-bookworm
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-21 14:20:25 +02:00
Nicola Murino
75a9ebcdf9 CI: remove Azure Trusted Signing action 
The Azure Trusted Signing certificate is expiring soon, and renewal is no
longer available  for individuals or organizations outside of Canada and USA.

Due to this limitation, we are removing the Trusted Signing step from our
CI pipeline.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-20 18:07:21 +02:00
Nicola Murino
7f03dc0fab convert action migration: allow to import any command action 
EnabledCommands are initialized after the migration so allow any
command, they will be denied if not allowed and this is temporary.
The migration will be removed in the future

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-20 17:59:15 +02:00
Nicola Murino
52ae36f169 README: better clarify how to select the appropriate documentation 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-10 20:14:35 +02:00
Nicola Murino
7ce456edef CI release: move Azure login closer to signing step in Windows workflow 
The Azure login token validity has been decreased so login just before
signing

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-09 19:46:06 +02:00
Nicola Murino
b1208279b7 CI: move Azure login closer to signing step in Windows workflow 
Azure login tokens now appear to expire after 5 minutes.
To avoid authentication issues, the login step is now performed
immediately before signing the binaries.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-09 19:08:57 +02:00
Nicola Murino
0dca906351 docs: clarify sponsor/support model and how to use versioned documentation 
- Updated the "Sponsors" section to reflect the current open-core model
- Clarified that sponsorship supports the open-source edition
- Improved "Support" section to distinguish community vs. Enterprise support
- Added instructions on selecting the correct documentation version

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-09 18:38:27 +02:00
dependabot[bot]
20df8ba48b Bump actions/setup-go from 5 to 6 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 18:16:22 +02:00