Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,253 Commits 9 Branches 53 Tags
fa70ff35c4e7e84e4d5bfc4d537c3c4352060fd8
Commit Graph

2253 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicola Murino
fa70ff35c4 Add debug log to investigate intermittent test failure in CI 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-08 19:22:35 +02:00
Nicola Murino
314bb5c886 update deps and nfpm 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-08 18:51:52 +02:00
Nicola Murino
0ae2354fed JWT: replace jwtauth/jwx with lightweight wrapper around go-jose 
We replaced the jwtauth and jwx libraries with a minimal custom wrapper
around go-jose because we don’t need the full feature set provided by jwx.
Implementing our own wrapper simplifies the codebase and improves
maintainability.

Moreover, go-jose depends only on the standard library, resulting in a
leaner dependency that still meets all our requirements.

This change also reduces the SFTPGo binary size by approximately 1MB

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-08 18:10:39 +02:00
Nicola Murino
9ca35c3555 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-04 11:42:35 +02:00
Nicola Murino
69f2c70661 CI: use windows-latest and install iscc manually 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 18:41:39 +02:00
Nicola Murino
35525e22e9 remove rsync support 
rsync was executed as an external command, which means we have no insight
into or control over what it actually does.
From a security perspective, this is far from ideal.

To be clear, there's nothing inherently wrong with rsync itself. However,
if we were to support it properly within SFTPGo, we would need to implement
the low-level protocol internally rather than relying on launching an external
process. This would ensure it works seamlessly with any storage backend,
just as SFTP does, for example.
We recommend using one of the many alternatives that rely on the SFTP
protocol, such as rclone

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 18:15:15 +02:00
Nicola Murino
cc0ee9f43b update nfpm to 2.43.1 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 10:03:45 +02:00
Nicola Murino
7dd5757a44 CI: use Windows-2022 for now 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 10:02:27 +02:00
Nicola Murino
3f21db14e4 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 09:36:28 +02:00
Nicola Murino
e892748ef4 system commands: recursively verify required permissions 
If any permission is missing at any level, return a "Permission Denied"
error

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 09:36:19 +02:00
Nicola Murino
f4092b9f9e sftpd: use VerifiedPublicKeyCallback 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-28 09:22:27 +02:00
Nicola Murino
cdaefbf04a Fix flaky test case 
ensure the user filter is set on the rule so notification triggers
only when expected.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:16:28 +02:00
Nicola Murino
5c3aa8278b CI: switch to Go 1.25 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:16:23 +02:00
Nicola Murino
255ad5f6db remove automaxprocs: no longer required with Go 1.25 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:16:14 +02:00
Nicola Murino
a469dd68a2 update theme and js deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-22 09:15:57 +02:00
Nicola Murino
29e9d95088 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-21 14:21:57 +02:00
Nicola Murino
952df50a98 remove ftpserverlib fork 
the correct flow is to add features to the upstream library first

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-21 14:21:53 +02:00
Nicola Murino
d2ee43585a remove x/crypto fork 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-21 14:21:47 +02:00
dependabot[bot]
726f1fde19 Bump golang from 1.24-bookworm to 1.25-bookworm 
Bumps golang from 1.24-bookworm to 1.25-bookworm.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25-bookworm
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-21 14:20:25 +02:00
Nicola Murino
75a9ebcdf9 CI: remove Azure Trusted Signing action 
The Azure Trusted Signing certificate is expiring soon, and renewal is no
longer available  for individuals or organizations outside of Canada and USA.

Due to this limitation, we are removing the Trusted Signing step from our
CI pipeline.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-20 18:07:21 +02:00
Nicola Murino
7f03dc0fab convert action migration: allow to import any command action 
EnabledCommands are initialized after the migration so allow any
command, they will be denied if not allowed and this is temporary.
The migration will be removed in the future

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-20 17:59:15 +02:00
Nicola Murino
52ae36f169 README: better clarify how to select the appropriate documentation 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-10 20:14:35 +02:00
Nicola Murino
7ce456edef CI release: move Azure login closer to signing step in Windows workflow 
The Azure login token validity has been decreased so login just before
signing

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-09 19:46:06 +02:00
Nicola Murino
b1208279b7 CI: move Azure login closer to signing step in Windows workflow 
Azure login tokens now appear to expire after 5 minutes.
To avoid authentication issues, the login step is now performed
immediately before signing the binaries.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-09 19:08:57 +02:00
Nicola Murino
0dca906351 docs: clarify sponsor/support model and how to use versioned documentation 
- Updated the "Sponsors" section to reflect the current open-core model
- Clarified that sponsorship supports the open-source edition
- Improved "Support" section to distinguish community vs. Enterprise support
- Added instructions on selecting the correct documentation version

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-09 18:38:27 +02:00
dependabot[bot]
20df8ba48b Bump actions/setup-go from 5 to 6 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 18:16:22 +02:00
Nicola Murino
b160090866 httpdtest: remove unused constant 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-07 18:19:45 +02:00
Nicola Murino
78d93730e0 update README and support link now that SFTPGo Enterprise is GA 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-09-07 18:18:55 +02:00
Nicola Murino
aad4de6001 html templates: update attribution 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-22 16:21:20 +02:00
Nicola Murino
19d1a0e0c1 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-22 15:57:55 +02:00
Nicola Murino
a5dd529d88 node token: embed permissions directly in JWT 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-22 15:57:41 +02:00
Nicola Murino
6bde42fc3f dataprovider: prevent action execution after external authentication 
As per the documentation for external authentication, provider actions
should  not be executed post-authentication.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-21 07:20:06 +02:00
Nicola Murino
917d992231 CI: update FreeBSD to 14.3 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-19 21:29:17 +02:00
dependabot[bot]
fc111b44d9 Bump actions/download-artifact from 4 to 5 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-19 21:27:28 +02:00
dependabot[bot]
cdcea54f46 Bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-19 21:26:52 +02:00
Nicola Murino
a2d3613250 dataprovider: preserve initial sort order for related resources 
Folders and groups now retain their initial order, improving compatibility
and predictability when used with Terraform

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-19 16:11:53 +02:00
Nicola Murino
81a9813376 Windows: fix build 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-17 13:35:29 +02:00
Nicola Murino
63366b0007 virtual folders: fix path placeholder check 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-17 12:42:37 +02:00
Nicola Murino
0f6202f059 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-17 12:34:35 +02:00
Nicola Murino
e7a1128574 remove AWS Marketplace specific code 
it is out of context for the Open-Source edition

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-17 12:29:57 +02:00
Nicola Murino
0dec86474e update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-06 20:44:09 +02:00
Nicola Murino
b48a90bce9 update deps 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-02 19:21:53 +02:00
Nicola Murino
75ad6346c3 removed some unused constants 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-02 19:00:15 +02:00
Nicola Murino
b2948a5255 sshd: removed Git support 
Git integration has been removed as it is out of scope for a file transfer
solution like SFTPGo.

Maintaining Git support introduces unnecessary complexity and potential
security risks due to reliance on system commands.

In particular, allowing Git operations could enable authorized users to
upload repositories containing hooks, which might then be executed and abused.

To reduce the attack surface and simplify the codebase, Git support has been
fully dropped.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-02 18:58:03 +02:00
Nicola Murino
ddbe40cefa HTTPD, WebDAV: use http.ResponseController 
backport from Enterprise edition

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-08-02 18:00:45 +02:00
Nicola Murino
9a0137befb config: redact master key string 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-07-22 19:53:19 +02:00
Nicola Murino
0bac81816c WebClient: add an id field to files list to simplify UI logic 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-07-22 18:59:20 +02:00
Nicola Murino
8ae6e5e486 WebUI: improve fileSizeIEC function and make it more readable 
Fixes #1974

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-07-21 18:26:09 +02:00
Nicola Murino
c49d76274d WebClient: translate "selected items" label also at bottom of page 
Fixes #1979

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-07-21 18:24:49 +02:00
Nicola Murino
ae11c81bf8 Improve issue templates 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-07-20 13:18:25 +02:00