The web end of seafile server.

Overview

Build Status

Introduction

Seahub is the web frontend for Seafile.

Preparation

Getting it

You can grab souce code from GitHub.

$ git clone git://github.com/haiwen/seahub.git

Set up a virtualenv to install dependencies locally:

$ virtualenv .virtualenv
$ . .virtualenv/bin/activate

Install python libraries by pip:

$ pip install -r requirements.txt

Configuration

Modify CCNET_CONF_DIR, SEAFILE_CENTRAL_CONF_DIR, SEAFILE_CONF_DIR and PYTHONPATH in setenv.sh.template to fit your path.

CCNET_CONF_DIR is the directory, that contains the ccnet socket (and formerly ccnet.conf).

Since 5.0 SEAFILE_CENTRAL_CONF_DIR contains most config files.

SEAFILE_CONF_DIR is the seafile-data directory (and formerly contained seafile.conf).

Run and Verify

Run as:

$ . .virtualenv/bin/activate
$ ./run-seahub.sh.template

Then open your browser, and input http://localhost:8000/, there should be a Login page. You can create admin account using seahub-admin.py script under tools/ directory.

Internationalization (I18n)

Please refer to https://github.com/haiwen/seafile/wiki/Seahub-Translation

Comments
  • Creation date 1970-01-01 pretty silly

    Creation date 1970-01-01 pretty silly

    Hi there, I read somewhere you optimized the file view in seahub by not showing the real creation date but '1970-01-01' instead. I think this is pretty wrong - just looks like a bug. Either remove the date completely or, which I would prefer, just show the real date as before. Maybe make it an option to be set in seahub_settings.py? But this current way just is waste of space and nerves. Thanks and regards

    opened by HenriWahl 28
  • 500 Internal Server Error when accesing files/history via Seahub

    500 Internal Server Error when accesing files/history via Seahub

    Since a few versions (around 3.1.X), when accessing the history via Seahub on my private Seafile server, I encounter a "500 Internal server error". No change have been made on the Apache configuration since the "old" days of 3.0.

    Some times, when trying hard, I can temporarily access the history/viewing the files, but eventually I'll go back to the 500 Internal Error issue.

    Library is encrypted if that matters.

    opened by devillemereuil 28
  • Log of failed login attempts

    Log of failed login attempts

    If Seahub would log failed login attempts with IP and username, fail2ban could be used to prevent brute force attacks against seafile. I know there already is a captcha feature to do this. But I think with current captcha solving programs the fail2ban approach is more secure.

    feature 
    opened by Don42 21
  • Enable thumbnail generation for image lightbox

    Enable thumbnail generation for image lightbox

    This is a pull request based on the ticket: #594

    This update makes use of the thumbnail generation for larger image galleries. While browsing images using the lightbox the user doesn't have to download the full size image which could have several mb in size. instead a downscaled image is created (default 1280px).

    The thumbnail_create function is modified to use jpeg instead of png for thumbs > 100 pixel to save space (1mb > 200kb).

    The generation hooks into the mangificPopop elementParse() callback but as a blocking request until the thumb is generated.

    The new settings variables have been introduced:

    • THUMBNAIL_LARGE = '100'
    • THUMBNAIL_EXTENSION_LARGE = 'jpeg'
    • ENABLE_THUMBNAIL_LARGE = True
    • THUMBNAIL_LARGE_SIZE = '1280'

    A new url has been added introduced (similar to create) to create thumbs based on the THUMBNAIL_LARGE_SIZE setting

    • /thumbnail//large/

    Possible updates/tweaks for the future:

    • switing to ajax method instead of image (right now the thumbnail generation is a blocking ajax callback)
    • make cleanup urls /thumbnail//create/(small|medium|large|xlarge)
    • take care of the devices screen resolution/retina/HiDPI settings, etc.
    opened by dhoffend 21
  • Thumbnail generator creates too many processes

    Thumbnail generator creates too many processes

    Hello,

    when opening a library/folder containing many pictures (several hundred) the seahub thumbnail generator creates too many processes and makes my tiny server run out of memory. I use an ARM A20, 1GB RAM machine with seafile for raspberry pi. When opening a folder with many pictures, first I see lots of processes in top:

    top - 11:50:22 up 24 min, 1 user, load average: 20,49, 6,27, 2,75 Tasks: 167 total, 47 running, 120 sleeping, 0 stopped, 0 zombie %Cpu(s): 85,3 us, 14,1 sy, 0,0 ni, 0,0 id, 0,0 wa, 0,0 hi, 0,6 si, 0,0 st KiB Mem: 1008516 total, 957004 used, 51512 free, 100684 buffers KiB Swap: 0 total, 0 used, 0 free. 90960 cached Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1906 seafile+ 20 0 502420 7564 2824 S 9,6 0,8 0:28.33 seaf-server 986 mysql 20 0 328716 60628 5380 S 4,8 6,0 0:34.45 mysqld 2150 seafile+ 20 0 48192 25248 1852 R 4,5 2,5 0:00.99 python2.7 2157 seafile+ 20 0 47936 25036 1852 R 4,5 2,5 0:00.92 python2.7 2158 seafile+ 20 0 47936 25224 1852 R 4,5 2,5 0:00.97 python2.7 2195 seafile+ 20 0 47308 24664 1744 R 4,5 2,4 0:00.81 python2.7 2107 seafile+ 20 0 52168 29348 2000 R 4,1 2,9 0:02.23 python2.7 2133 seafile+ 20 0 47936 25092 1852 R 4,1 2,5 0:00.97 python2.7 2137 seafile+ 20 0 47936 25116 1852 R 4,1 2,5 0:00.98 python2.7 2138 seafile+ 20 0 48192 25364 1852 R 4,1 2,5 0:01.02 python2.7 ... many more ... 2171 seafile+ 20 0 47576 24888 1792 R 3,7 2,5 0:00.85 python2.7 2172 seafile+ 20 0 47308 24616 1740 R 3,7 2,4 0:00.84 python2.7 2173 seafile+ 20 0 47936 25040 1852 R 3,7 2,5 0:00.89 python2.7 2176 seafile+ 20 0 47308 24552 1692 R 3,7 2,4 0:00.85 python2.7 2182 seafile+ 20 0 47572 24892 1796 R 3,7 2,5 0:00.84 python2.7 2183 seafile+ 20 0 47680 24904 1808 R 3,7 2,5 0:00.83 python2.7 2186 seafile+ 20 0 47576 24896 1792 R 3,7 2,5 0:00.82 python2.7 2187 root 20 0 84180 15608 8564 R 3,7 1,5 0:00.76 horde-alarms 2190 seafile+ 20 0 47572 24888 1792 R 3,7 2,5 0:00.82 python2.7

    After < 1 minute I see in syslog that my server runs out of memory and starts to kill processes: [ 1510.748932] lowmemorykiller: Killing 'mysqld' (1004), adj 0, [ 1510.748941] to free 56168kB on behalf of 'python2.7' (2195) because [ 1510.748946] cache 6084kB is below limit 6144kB for oom_score_adj 0 [ 1510.748951] Free memory is -2644kB above reserved ...

    The most weird thing about this is, in grid mode this doesn't happen, there I only see 5 processes max. It runs slow but doesn't crash. But I cannot prevent my users from using list mode.

    I can reproduce this issue any time and provide more output, just tell me what you need.

    Any help is appreciated!

    opened by derschueddi 12
  • Custom frontend (index/home page before login)

    Custom frontend (index/home page before login)

    I am wondering how is/are the pages handled when a user tries to access the domain seafile is installed on ? I see that initially a login page is shown always and if user is logged in, hes redirected to libraryHomePage.

    I wanted to try and create a few custom html/php based frontend pages like a actual "home page", help page, FAQ, etc. which will open by default on domain root and open the seafile login page externally by its url (adding link in nav bar and such) Basically have a proper website-like structure

    I know one of the solutions is to host the seafile instances on sub-domains like cloud.xxx.com or on non-root like xxx.com/seafile but are there any alternatives ?

    opened by shubhank008 12
  •  Massive Web UI performance issues on Raspberry Pi

    Massive Web UI performance issues on Raspberry Pi

    From https://github.com/haiwen/seafile/issues/736

    On Raspberry Pi, it takes up to 30 seconds (clarification: most of the time it's around 4s) to load a simple repository overview page.

    I did a little bit of profiling on this but couldn't find one single source of slowness. It's hard to profile performance, though, because 90% of the logic is in templates, not Python code, which are difficult to properly profile.

    May I suggest that on long term, logic should be moved from templates into the views and models, which has the following benefits:

    • It's the recommended programming style for Django
    • It's easier to profile and optimize
    • It's faster by multiple orders of magnitude
    opened by jonashaag 12
  • SERVICE_URL in ccnet/ccnet.conf ignored

    SERVICE_URL in ccnet/ccnet.conf ignored

    Hi, since server 1.7.0.1 the option SERVICE_URL in ccnet/ccnet.conf seems to be ignored, at least any shared URL has at once the default port 8000 URL instead of the one configured. It worked with 1.6.1 before.

    opened by HenriWahl 12
  • Change in upload link handling.

    Change in upload link handling.

    This is a change in the upload API that happens somewhere between 6.3 and 7.1. I was able to use repos/<repo-id>/upload-link/ to get an upload URL and then use the parent_dir=<...> to specify the directoy I want to upload the file into.

    Now in 7.1.1, if I don't give the p= parameter for thhe upload-link request, I get {"error": "Permission denied."} as return value (with status code 200 btw). If I only use p= in thte first request but not the parent_dir= in the second request, I get {"error": "Invalid URL. "} (with a new line before the closing quote, which might be invalid JSON, also 200 status code). I had to provide he directory in both requests. This is fine to work with but is a bit strange. The error return is also a bit strange and give no useful information.....

    opened by yuyichao 11
  • OnlyOffice support generates document key of 0000000000000000000000000000000000000000 for emtpy files

    OnlyOffice support generates document key of 0000000000000000000000000000000000000000 for emtpy files

    If a file is empty (i.e. file size of 0), for instance if you have created a new file in seafile, the key passed to OnlyOffice is always 0000000000000000000000000000000000000000

    For instance the script created looks like:

    var config = { "document": { "fileType": "docx", "key": "0000000000000000000000000000000000000000", "title": "yetanother.docx",

    The problem is that this creates a key clash if you attempt to open multiple empty files, as OnlyOffice thinks that these are the same file.

    opened by mdovey 11
  • mail notifications not working

    mail notifications not working

    I've tried to setup mail delivery as described here: http://manual.seafile.com/config/sending_email.html but wasn't succesfull. Neither with gmail (and app password) no via my own mailserver.

    Is there any option to get debug info? I couldn't find anything in the logs. I've only found out that some mails have been send to my local mailbox (on the server, not the mailserver).

    opened by shoeper 11
  • Bump glob-parent, @pmmmwh/react-refresh-webpack-plugin, webpack and webpack-dev-server in /frontend

    Bump glob-parent, @pmmmwh/react-refresh-webpack-plugin, webpack and webpack-dev-server in /frontend

    Bumps glob-parent to 5.1.2 and updates ancestor dependencies glob-parent, @pmmmwh/react-refresh-webpack-plugin, webpack and webpack-dev-server. These dependencies need to be updated together.

    Updates glob-parent from 3.1.0 to 5.1.2

    Release notes

    Sourced from glob-parent's releases.

    v5.1.2

    Bug Fixes

    v5.1.1

    Bug Fixes

    v5.1.0

    Features

    • add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

    v5.0.0

    ⚠ BREAKING CHANGES

    • Drop support for node <6 & bump dependencies

    Miscellaneous Chores

    • Drop support for node <6 & bump dependencies (896c0c0)

    v4.0.0

    ⚠ BREAKING CHANGES

    • question marks are valid path characters on Windows so avoid flagging as a glob when alone
    • Update is-glob dependency

    Features

    • hoist regexps and strings for performance gains (4a80667)
    • question marks are valid path characters on Windows so avoid flagging as a glob when alone (2a551dd)
    • Update is-glob dependency (e41fcd8)
    Changelog

    Sourced from glob-parent's changelog.

    5.1.2 (2021-03-06)

    Bug Fixes

    6.0.2 (2021-09-29)

    Bug Fixes

    6.0.1 (2021-07-20)

    Bug Fixes

    • Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

    6.0.0 (2021-05-03)

    ⚠ BREAKING CHANGES

    • Correct mishandled escaped path separators (#34)
    • upgrade scaffold, dropping node <10 support

    Bug Fixes

    • Correct mishandled escaped path separators (#34) (32f6d52), closes #32

    Miscellaneous Chores

    • upgrade scaffold, dropping node <10 support (e83d0c5)

    5.1.1 (2021-01-27)

    Bug Fixes

    5.1.0 (2021-01-27)

    Features

    • add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

    5.0.0 (2021-01-27)

    ⚠ BREAKING CHANGES

    • Drop support for node <6 & bump dependencies

    ... (truncated)

    Commits
    • eb2c439 chore: update changelog
    • 12bcb6c chore: release 5.1.2
    • f923116 fix: eliminate ReDoS (#36)
    • 0b014a7 chore: add JSDoc returns information (#33)
    • 2b24ebd chore: generate initial changelog
    • 9b6e874 chore: release 5.1.1
    • 749c35e ci: try wrapping the JOB_ID in a string
    • 5d39def ci: attempt to switch to published coveralls
    • 0b5b37f ci: put the npm step back in for only Windows
    • 473f5d8 ci: update azure build images
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by phated, a new releaser for glob-parent since your current version.


    Updates @pmmmwh/react-refresh-webpack-plugin from 0.4.2 to 0.5.10

    Release notes

    Sourced from @​pmmmwh/react-refresh-webpack-plugin's releases.

    v0.5.10

    0.5.10 (24 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#700)

    v0.5.9

    0.5.9 (10 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#685)

    v0.5.8

    0.5.8 (9 Oct 2022)

    Fixes

    • Fixed performance issue regarding require.resolve in loader injection (#669)
    • Bumped core-js-pure to not depend on deprecated versions (#674)

    v0.5.7

    0.5.7 (23 May 2022)

    Fixes

    • Removed debug console.log statement (#631)

    Internal

    • Run tests on Node.js 18 (#631)

    v0.5.6

    0.5.6 (10 May 2022)

    Fixes

    • Fixed faulty this type import in loader (#624)
    • Made current script detection more robust for edge cases (#630)

    Internal

    • Swapped to new ReactDOM.createRoot API in examples (#626)

    v0.5.5

    0.5.5 (4 April 2022)

    Fixes

    ... (truncated)

    Changelog

    Sourced from @​pmmmwh/react-refresh-webpack-plugin's changelog.

    0.5.10 (24 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#700)

    0.5.9 (10 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#685)

    0.5.8 (9 Oct 2022)

    Fixes

    • Fixed performance issue regarding require.resolve in loader injection (#669)
    • Bumped core-js-pure to not depend on deprecated versions (#674)

    0.5.7 (23 May 2022)

    Fixes

    • Removed debug console.log statement (#631)

    Internal

    • Run tests on Node.js 18 (#631)

    0.5.6 (10 May 2022)

    Fixes

    • Fixed faulty this type import in loader (#624)
    • Made current script detection more robust for edge cases (#630)

    Internal

    • Swapped to new ReactDOM.createRoot API in examples (#626)

    0.5.5 (4 April 2022)

    Fixes

    • Handle unknown moduleId for dynamically generated modules (#547)
    • Handle WDS auto value on port (#574)
    • Fixed [email protected] compatibility (#576)
    • Fixed crash when parsing compile errors in overlay (#577)
    • Respect virtual modules when injecting loader (#593)
    • Allow port to be missing for WDS, also some general refactoring (#623)

    ... (truncated)

    Commits
    • 0610d3c chore: release v0.5.10
    • 294bf83 chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#700)
    • 59e1441 chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/typescript-wi...
    • b1e64ec chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/webpack-dev-s...
    • ec834ff chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/typescript-wi...
    • 0dab66d chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/webpack-plugi...
    • 1a30df6 chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/webpack-hot-m...
    • ad5796e chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/flow-with-bab...
    • c0d3d1c chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/typescript-wi...
    • d6f3f17 chore: bump dev deps and examples (#692)
    • Additional commits viewable in compare view

    Updates webpack from 4.44.2 to 5.75.0

    Release notes

    Sourced from webpack's releases.

    v5.75.0

    Bugfixes

    • experiments.* normalize to false when opt-out
    • avoid NaN%
    • show the correct error when using a conflicting chunk name in code
    • HMR code tests existance of window before trying to access it
    • fix eval-nosources-* actually exclude sources
    • fix race condition where no module is returned from processing module
    • fix position of standalong semicolon in runtime code

    Features

    • add support for @import to extenal CSS when using experimental CSS in node
    • add i64 support to the deprecated WASM implementation

    Developer Experience

    • expose EnableWasmLoadingPlugin
    • add more typings
    • generate getters instead of readonly properties in typings to allow overriding them

    v5.74.0

    Features

    • add resolve.extensionAlias option which allows to alias extensions
      • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
    • add support for ES2022 features like static blocks
    • add Tree Shaking support for ProvidePlugin

    Bugfixes

    • fix persistent cache when some build dependencies are on a different windows drive
    • make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
    • remove left-over from debugging in TLA/async modules runtime code
    • remove unneeded extra 1s timestamp offset during watching when files are actually untouched
      • This sometimes caused an additional second build which are not really needed
    • fix shareScope option for ModuleFederationPlugin
    • set "use-credentials" also for same origin scripts

    Performance

    • Improve memory usage and performance of aggregating needed files/directories for watching
      • This affects rebuild performance

    Extensibility

    • export HarmonyImportDependency for plugins

    v5.73.0

    ... (truncated)

    Commits

    Updates webpack-dev-server from 3.11.0 to 4.11.1

    Release notes

    Sourced from webpack-dev-server's releases.

    v4.11.1

    4.11.1 (2022-09-19)

    Bug Fixes

    • respect client.logging option for all logs (#4572) (375835c)

    v4.11.0

    4.11.0 (2022-09-07)

    Features

    • make allowedHosts accept localhost subdomains by default (#4357) (0a33e6a)

    Bug Fixes

    v4.10.1

    4.10.1 (2022-08-29)

    Bug Fixes

    v4.10.0

    4.10.0 (2022-08-10)

    Features

    • allow to configure more client options via resource URL (#4274) (216e3cb)

    Bug Fixes

    • response correctly when receive an OPTIONS request (#4185) (2b3b7e0)

    v4.9.3

    4.9.3 (2022-06-29)

    Bug Fixes

    • avoid creation unnecessary stream for static sockjs file (#4482) (049b153)
    • history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

    ... (truncated)

    Changelog

    Sourced from webpack-dev-server's changelog.

    4.11.1 (2022-09-19)

    Bug Fixes

    • respect client.logging option for all logs (#4572) (375835c)

    4.11.0 (2022-09-07)

    Features

    • make allowedHosts accept localhost subdomains by default (#4357) (0a33e6a)

    Bug Fixes

    4.10.1 (2022-08-29)

    Bug Fixes

    4.10.0 (2022-08-10)

    Features

    • allow to configure more client options via resource URL (#4274) (216e3cb)

    Bug Fixes

    • response correctly when receive an OPTIONS request (#4185) (2b3b7e0)

    4.9.3 (2022-06-29)

    Bug Fixes

    • avoid creation unnecessary stream for static sockjs file (#4482) (049b153)
    • history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

    4.9.2 (2022-06-06)

    Bug Fixes

    ... (truncated)

    Commits
    • 418e932 chore(release): 4.11.1
    • 375835c fix: respect client.logging option for all logs (#4572)
    • ef2f9e9 chore: fix examples for open target not working (#4575)
    • 7da7336 ci: workflow security
    • 5d4b347 chore(deps-dev): bump core-js from 3.25.1 to 3.25.2 (#4574)
    • 87072c7 chore(deps-dev): bump @​types/node-forge from 1.0.4 to 1.0.5 (#4571)
    • 28f6381 chore(deps-dev): bump @​babel/plugin-transform-runtime (#4567)
    • 595003b chore(deps-dev): bump @​babel/core from 7.19.0 to 7.19.1 (#4568)
    • 67acc2e chore(deps-dev): bump @​babel/eslint-parser from 7.18.9 to 7.19.1 (#4569)
    • ad2dcc5 chore(deps-dev): bump @​babel/preset-env from 7.19.0 to 7.19.1 (#4570)
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump ansi-html, @pmmmwh/react-refresh-webpack-plugin and webpack-dev-server in /frontend

    Bump ansi-html, @pmmmwh/react-refresh-webpack-plugin and webpack-dev-server in /frontend

    Removes ansi-html. It's no longer used after updating ancestor dependencies ansi-html, @pmmmwh/react-refresh-webpack-plugin and webpack-dev-server. These dependencies need to be updated together.

    Removes ansi-html

    Updates @pmmmwh/react-refresh-webpack-plugin from 0.4.2 to 0.5.10

    Release notes

    Sourced from @​pmmmwh/react-refresh-webpack-plugin's releases.

    v0.5.10

    0.5.10 (24 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#700)

    v0.5.9

    0.5.9 (10 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#685)

    v0.5.8

    0.5.8 (9 Oct 2022)

    Fixes

    • Fixed performance issue regarding require.resolve in loader injection (#669)
    • Bumped core-js-pure to not depend on deprecated versions (#674)

    v0.5.7

    0.5.7 (23 May 2022)

    Fixes

    • Removed debug console.log statement (#631)

    Internal

    • Run tests on Node.js 18 (#631)

    v0.5.6

    0.5.6 (10 May 2022)

    Fixes

    • Fixed faulty this type import in loader (#624)
    • Made current script detection more robust for edge cases (#630)

    Internal

    • Swapped to new ReactDOM.createRoot API in examples (#626)

    v0.5.5

    0.5.5 (4 April 2022)

    Fixes

    ... (truncated)

    Changelog

    Sourced from @​pmmmwh/react-refresh-webpack-plugin's changelog.

    0.5.10 (24 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#700)

    0.5.9 (10 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#685)

    0.5.8 (9 Oct 2022)

    Fixes

    • Fixed performance issue regarding require.resolve in loader injection (#669)
    • Bumped core-js-pure to not depend on deprecated versions (#674)

    0.5.7 (23 May 2022)

    Fixes

    • Removed debug console.log statement (#631)

    Internal

    • Run tests on Node.js 18 (#631)

    0.5.6 (10 May 2022)

    Fixes

    • Fixed faulty this type import in loader (#624)
    • Made current script detection more robust for edge cases (#630)

    Internal

    • Swapped to new ReactDOM.createRoot API in examples (#626)

    0.5.5 (4 April 2022)

    Fixes

    • Handle unknown moduleId for dynamically generated modules (#547)
    • Handle WDS auto value on port (#574)
    • Fixed [email protected] compatibility (#576)
    • Fixed crash when parsing compile errors in overlay (#577)
    • Respect virtual modules when injecting loader (#593)
    • Allow port to be missing for WDS, also some general refactoring (#623)

    ... (truncated)

    Commits
    • 0610d3c chore: release v0.5.10
    • 294bf83 chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#700)
    • 59e1441 chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/typescript-wi...
    • b1e64ec chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/webpack-dev-s...
    • ec834ff chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/typescript-wi...
    • 0dab66d chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/webpack-plugi...
    • 1a30df6 chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/webpack-hot-m...
    • ad5796e chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/flow-with-bab...
    • c0d3d1c chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/typescript-wi...
    • d6f3f17 chore: bump dev deps and examples (#692)
    • Additional commits viewable in compare view

    Updates webpack-dev-server from 3.11.0 to 3.11.3

    Release notes

    Sourced from webpack-dev-server's releases.

    v3.11.3

    3.11.3 (2021-11-08)

    Bug Fixes

    • replace ansi-html with ansi-html-community (#4011) (4fef67b)

    v3.11.2

    3.11.2 (2021-01-13)

    Bug Fixes

    • cli arguments for serve command (a5fe337)

    v3.11.1

    3.11.1 (2020-12-29)

    Bug Fixes

    Changelog

    Sourced from webpack-dev-server's changelog.

    3.11.3 (2021-11-08)

    Bug Fixes

    • replace ansi-html with ansi-html-community (#4011) (4fef67b)

    3.11.2 (2021-01-13)

    Bug Fixes

    • cli arguments for serve command (a5fe337)

    3.11.1 (2020-12-29)

    Bug Fixes

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump node-forge, @pmmmwh/react-refresh-webpack-plugin and webpack-dev-server in /frontend

    Bump node-forge, @pmmmwh/react-refresh-webpack-plugin and webpack-dev-server in /frontend

    Bumps node-forge to 1.3.1 and updates ancestor dependencies node-forge, @pmmmwh/react-refresh-webpack-plugin and webpack-dev-server. These dependencies need to be updated together.

    Updates node-forge from 0.10.0 to 1.3.1

    Changelog

    Sourced from node-forge's changelog.

    1.3.1 - 2022-03-29

    Fixes

    • RFC 3447 and RFC 8017 allow for optional DigestAlgorithm NULL parameters for sha* algorithms and require NULL paramters for md2 and md5 algorithms.

    1.3.0 - 2022-03-17

    Security

    • Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa Yahyazadeh ([email protected]).
    • HIGH: Leniency in checking digestAlgorithm structure can lead to signature forgery.
    • HIGH: Failing to check tailing garbage bytes can lead to signature forgery.
    • MEDIUM: Leniency in checking type octet.
      • DigestInfo is not properly checked for proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
      • CVE ID: CVE-2022-24773
      • GHSA ID: GHSA-2r2c-g63r-vccr

    Fixed

    • [asn1] Add fallback to pretty print invalid UTF8 data.
    • [asn1] fromDer is now more strict and will default to ensuring all input bytes are parsed or throw an error. A new option parseAllBytes can disable this behavior.
      • NOTE: The previous behavior is being changed since it can lead to security issues with crafted inputs. It is possible that code doing custom DER parsing may need to adapt to this new behavior and optional flag.
    • [rsa] Add and use a validator to check for proper structure of parsed ASN.1

    ... (truncated)

    Commits

    Updates @pmmmwh/react-refresh-webpack-plugin from 0.4.2 to 0.5.10

    Release notes

    Sourced from @​pmmmwh/react-refresh-webpack-plugin's releases.

    v0.5.10

    0.5.10 (24 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#700)

    v0.5.9

    0.5.9 (10 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#685)

    v0.5.8

    0.5.8 (9 Oct 2022)

    Fixes

    • Fixed performance issue regarding require.resolve in loader injection (#669)
    • Bumped core-js-pure to not depend on deprecated versions (#674)

    v0.5.7

    0.5.7 (23 May 2022)

    Fixes

    • Removed debug console.log statement (#631)

    Internal

    • Run tests on Node.js 18 (#631)

    v0.5.6

    0.5.6 (10 May 2022)

    Fixes

    • Fixed faulty this type import in loader (#624)
    • Made current script detection more robust for edge cases (#630)

    Internal

    • Swapped to new ReactDOM.createRoot API in examples (#626)

    v0.5.5

    0.5.5 (4 April 2022)

    Fixes

    ... (truncated)

    Changelog

    Sourced from @​pmmmwh/react-refresh-webpack-plugin's changelog.

    0.5.10 (24 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#700)

    0.5.9 (10 Nov 2022)

    Fixes

    • Bumped loader-utils to fix security vulnerability (#685)

    0.5.8 (9 Oct 2022)

    Fixes

    • Fixed performance issue regarding require.resolve in loader injection (#669)
    • Bumped core-js-pure to not depend on deprecated versions (#674)

    0.5.7 (23 May 2022)

    Fixes

    • Removed debug console.log statement (#631)

    Internal

    • Run tests on Node.js 18 (#631)

    0.5.6 (10 May 2022)

    Fixes

    • Fixed faulty this type import in loader (#624)
    • Made current script detection more robust for edge cases (#630)

    Internal

    • Swapped to new ReactDOM.createRoot API in examples (#626)

    0.5.5 (4 April 2022)

    Fixes

    • Handle unknown moduleId for dynamically generated modules (#547)
    • Handle WDS auto value on port (#574)
    • Fixed [email protected] compatibility (#576)
    • Fixed crash when parsing compile errors in overlay (#577)
    • Respect virtual modules when injecting loader (#593)
    • Allow port to be missing for WDS, also some general refactoring (#623)

    ... (truncated)

    Commits
    • 0610d3c chore: release v0.5.10
    • 294bf83 chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#700)
    • 59e1441 chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/typescript-wi...
    • b1e64ec chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/webpack-dev-s...
    • ec834ff chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/typescript-wi...
    • 0dab66d chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/webpack-plugi...
    • 1a30df6 chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/webpack-hot-m...
    • ad5796e chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/flow-with-bab...
    • c0d3d1c chore(deps): bump loader-utils from 2.0.3 to 2.0.4 in /examples/typescript-wi...
    • d6f3f17 chore: bump dev deps and examples (#692)
    • Additional commits viewable in compare view

    Updates webpack-dev-server from 3.11.0 to 4.11.1

    Release notes

    Sourced from webpack-dev-server's releases.

    v4.11.1

    4.11.1 (2022-09-19)

    Bug Fixes

    • respect client.logging option for all logs (#4572) (375835c)

    v4.11.0

    4.11.0 (2022-09-07)

    Features

    • make allowedHosts accept localhost subdomains by default (#4357) (0a33e6a)

    Bug Fixes

    v4.10.1

    4.10.1 (2022-08-29)

    Bug Fixes

    v4.10.0

    4.10.0 (2022-08-10)

    Features

    • allow to configure more client options via resource URL (#4274) (216e3cb)

    Bug Fixes

    • response correctly when receive an OPTIONS request (#4185) (2b3b7e0)

    v4.9.3

    4.9.3 (2022-06-29)

    Bug Fixes

    • avoid creation unnecessary stream for static sockjs file (#4482) (049b153)
    • history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

    ... (truncated)

    Changelog

    Sourced from webpack-dev-server's changelog.

    4.11.1 (2022-09-19)

    Bug Fixes

    • respect client.logging option for all logs (#4572) (375835c)

    4.11.0 (2022-09-07)

    Features

    • make allowedHosts accept localhost subdomains by default (#4357) (0a33e6a)

    Bug Fixes

    4.10.1 (2022-08-29)

    Bug Fixes

    4.10.0 (2022-08-10)

    Features

    • allow to configure more client options via resource URL (#4274) (216e3cb)

    Bug Fixes

    • response correctly when receive an OPTIONS request (#4185) (2b3b7e0)

    4.9.3 (2022-06-29)

    Bug Fixes

    • avoid creation unnecessary stream for static sockjs file (#4482) (049b153)
    • history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

    4.9.2 (2022-06-06)

    Bug Fixes

    ... (truncated)

    Commits
    • 418e932 chore(release): 4.11.1
    • 375835c fix: respect client.logging option for all logs (#4572)
    • ef2f9e9 chore: fix examples for open target not working (#4575)
    • 7da7336 ci: workflow security
    • 5d4b347 chore(deps-dev): bump core-js from 3.25.1 to 3.25.2 (#4574)
    • 87072c7 chore(deps-dev): bump @​types/node-forge from 1.0.4 to 1.0.5 (#4571)
    • 28f6381 chore(deps-dev): bump @​babel/plugin-transform-runtime (#4567)
    • 595003b chore(deps-dev): bump @​babel/core from 7.19.0 to 7.19.1 (#4568)
    • 67acc2e chore(deps-dev): bump @​babel/eslint-parser from 7.18.9 to 7.19.1 (#4569)
    • ad2dcc5 chore(deps-dev): bump @​babel/preset-env from 7.19.0 to 7.19.1 (#4570)
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • RFC: Old and broken version of cffi

    RFC: Old and broken version of cffi

    https://github.com/haiwen/seahub/blob/0c1537a1de2d56762e58fa6b8fc5526769791da3/requirements.txt#L24

    This version is not supported on recent GCC installations, it errors out like this:

    x-x86_64-3.10/c/_cffi_backend.o
        c/_cffi_backend.c: In function ‘ctypedescr_dealloc’:
        c/_cffi_backend.c:407:23: error: lvalue required as left operand of assignment
          407 |         Py_REFCNT(ct) = 43;
              |                       ^
    

    It is fixed in 1.14.6 but I tested seahub with 1.15.1 successfully by replacing the cffi module. Is there a reason this is tagged at 1.14.0?

    The same issue is described here: https://forum.seafile.com/t/seafile-community-edition-9-0-5-is-ready/16388/20

    Edit: https://github.com/haiwen/seahub/issues/5336 is the reason for not jumping to 1.15.X in 9.X but 1.14.X should be doable:

    opened by MartB 0
  • download do not get deleted upon deletion of referenced file - possible information leakage

    download do not get deleted upon deletion of referenced file - possible information leakage

    We noticed a strange beahavior, that we consider a bug:

    After deleting a file that was shared via download-link, he added a file with the same name. The newly created file was still accessible through the prior created download-link. We think, this is a bug and the download-link should get deleted with the file. Otherwise the user could leak information, without noticing.

    Howto reproduce:

    • add file "test.md"
    • create download-link for "test.md"
    • delete "test.md"
    • create new file "test.md"
    • test formerly created download-link

    Possible solutions:

    • check for download-links upon deletion of file or folder and delete them with the file/folder
    • use unique file-id as reference in download-links (like the internal link does)
    • ...

    Thank you for looking into this!

    regards

    opened by muellefr 0
Releases(v9.0.14-pro)
ZODB Client-Server framework

ZEO - Single-server client-server database server for ZODB ZEO is a client-server storage for ZODB for sharing a single storage among many clients. Wh

Zope 40 Nov 04, 2022
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 02, 2023
Nerd-Storage is a simple web server for sharing files on the local network.

Nerd-Storage is a simple web server for sharing files on the local network. It supports the download of files and directories, the upload of multiple files at once, making a directory, updates and de

ハル 68 Jun 07, 2022
The Tahoe-LAFS decentralized secure filesystem.

Free and Open decentralized data store Tahoe-LAFS (Tahoe Least-Authority File Store) is the first free software / open-source storage technology that

Tahoe-LAFS 1.2k Jan 01, 2023
Barman - Backup and Recovery Manager for PostgreSQL

Barman, Backup and Recovery Manager for PostgreSQL Barman (Backup and Recovery Manager) is an open-source administration tool for disaster recovery of

EDB 1.5k Dec 30, 2022
A generic JSON document store with sharing and synchronisation capabilities.

Kinto Kinto is a minimalist JSON storage service with synchronisation and sharing abilities. Online documentation Tutorial Issue tracker Contributing

Kinto 4.2k Dec 26, 2022
An open source multi-tool for exploring and publishing data

Datasette An open source multi-tool for exploring and publishing data Datasette is a tool for exploring and publishing data. It helps people take data

Simon Willison 6.8k Jan 01, 2023
Synchronize local directories with Tahoe-LAFS storage grids

Gridsync Gridsync aims to provide a cross-platform, graphical user interface for Tahoe-LAFS, the Least Authority File Store. It is intended to simplif

171 Dec 16, 2022
ZFS, in Python, without reading the original C.

ZFSp What? ZFS, in Python, without reading the original C. What?! That's right. How? Many hours spent staring at hexdumps, and asking friends to searc

Colin Valliant 569 Oct 28, 2022
Continuous Archiving for Postgres

WAL-E Continuous archiving for Postgres WAL-E is a program designed to perform continuous archiving of PostgreSQL WAL files and base backups. To corre

3.4k Dec 30, 2022
The command-line tool that gives easy access to all of the capabilities of B2 Cloud Storage

B2 Command Line Tool The command-line tool that gives easy access to all of the capabilities of B2 Cloud Storage. This program provides command-line a

Backblaze 467 Dec 08, 2022
Postgres CLI with autocompletion and syntax highlighting

A REPL for Postgres This is a postgres client that does auto-completion and syntax highlighting. Home Page: http://pgcli.com MySQL Equivalent: http://

dbcli 10.8k Dec 30, 2022
TrueNAS CORE/Enterprise/SCALE Middleware Git Repository

TrueNAS CORE/Enterprise/SCALE main source repo Want to contribute or collaborate? Join our Slack instance. IMPORTANT NOTE: This is the master branch o

TrueNAS 2k Jan 07, 2023
The next generation relational database.

What is EdgeDB? EdgeDB is an open-source object-relational database built on top of PostgreSQL. The goal of EdgeDB is to empower its users to build sa

EdgeDB 9.9k Dec 31, 2022
a full featured file system for online data storage

S3QL S3QL is a file system that stores all its data online using storage services like Google Storage, Amazon S3, or OpenStack. S3QL effectively provi

917 Dec 25, 2022
The web end of seafile server.

Introduction Seahub is the web frontend for Seafile. Preparation Build and deploy Seafile server from source. See http://manual.seafile.com/build_seaf

476 Dec 29, 2022
Cross-platform desktop synchronization client for the Nuxeo platform.

Nuxeo Drive Desktop Synchronization Client for Nuxeo This is an ongoing development project for desktop synchronization of local folders with remote N

Nuxeo 63 Dec 16, 2022
A Terminal Client for MySQL with AutoCompletion and Syntax Highlighting.

mycli A command line client for MySQL that can do auto-completion and syntax highlighting. HomePage: http://mycli.net Documentation: http://mycli.net/

dbcli 10.7k Jan 07, 2023