Changelog

« Back to the list

FileRun Update 2023.1.0 (May 2023)

• Summary of changes

  • The architecture was redesigned for PHP 8 and the future.
  • Fresh new modern UI with theme editor.
  • File uploads on steroids. Reliably uploads anything you throw at it.
  • Faster everything.
  • Many improvements tags related.
  • Better third-party authentication integration.
  • Many security fixes and improvements.
  • Many smaller fixes and improvements which are not documented because the list would just become to large.

• Full list of changes

  • Support for PHP 8+

  • Security and authentication

    • Fixed vulnerabilities

      • Fixed undisclosed critical security vulnerability #1.
      • Fixed undisclosed critical security vulnerability #2.
      • Fixed undisclosed critical security vulnerability #3.
      • Fixed undisclosed critical security vulnerability #4.
      • Fixed undisclosed non-critical security vulnerability.
      • Fixed the permission "User can download folders and collections" which was still allowing collections to be downloaded even when disabled.
      • Fixed e-mail enumeration vulnerability.
      • To disable the 2-step verification, the user now needs to provide the current verification code.
      • Improved CSRF protection.
      • Improved brute force protection on session ids.

    • Third-part authentication

      • Possible breaking changes
        • The authentication options are still available but not as customizable plugins.
        • If your current authentication method is no longer available in the FileRun version, the update will reset the authentication back to FileRun default.
        • If you need to continue to use a custom authentication plugin, please contact us for options before installing this update.
        • If you are using an external login form, the target URL changed. "/?module=fileman&page=login&action=login" no longer works and instead you need to HTTP POST the form, including the variable "filerun_login_action" (any value would do), to the FileRun installation root URL.
        • PHP sessions are no longer being used:
          • "$_SESSION['FileRun']['username']" is no longer a possible way to automatically sign in FileRun users.
          • The PHP settings no longer have any impact on how the user authenticated sessions are being handled.
          • There is a control panel option for choosing to log the users out when they are closing their browsers. There is also a control panel option for choosing to log other sessions out and keep only the last login.
      • Added option to login with Google.
      • Added option to login with Dropbox.
      • Added option to login with Box.com.
      • Added option to login with Facebook.
      • Added option to login with Microsoft (Azure AD OAuth2).
      • "WordPress v4" authentication is now "WordPress" and has been tested with WordPress versions 5 and 6 and the SSO process is much smoother, redirecting to the WP login form and then straight back to FileRun.
      • "SimpleSAMLphp v1" is now "SimpleSAMLphp" and has been tested also with SimpleSAMLphp version 2 (tested with 2.0.3).
      • LDAP
        • The LDAP authentication plugin is now using the "Bind DN" to retrieve the user's record and group information.
        • Fix: The remote groups are now synced for the user accounts also when signing in using IWA SSO.
        • Improved troubleshooting.
      • Added dedicated authentication option for "Microsoft Active Directory". It extends the LDAP option with default settings for quicker or alternative setup.
    • Added option to force the last login to be the only authenticated session. This will log out all other active browser sessions, and will not affect existing OAuth2/API sessions or WebDAV access.
    • FileRun now informs the user with a message when he gets logged out because the authentication session expired.
    • FileRun now records inactivity logouts to the user acitivity log, so you can see when it happens and even attach e-mail notifications to it.
    • Guest accounts can now also be limited by IP.
    • When the third-party authentication plugin is limited to a particular IP address range, the third-party authentication is completely disabled for other users (no longer attempting login against the third-party system, nor showing the SSO button).
    • Signing in as a different user now logs the logout+login actions.
    • The action of removing a guest user account which no longer has access to any shares is now logged to the user activity log.
    • Logging out via the OAuth2 consent screen now logs the action as normal.
    • Fixed not updating last user login date when logging in via SSO.
    • Gracefuly allow signing in with another user account if the login page is open in one tab while already signed-in in another tab.
    • Accessing WebDAV with the main user account credentials when 2FA is enabled now results in a HTTP "400 Bad Request" error. This is more intuitive, rather than confusingly allowing the user access for just a few seconds until the current verification code expires.

  • Important fixes

    • Fixed crash of Android Nextcloud app when accessing FileRun.
    • Fixed warning in both ownCloud and Nextcloud apps regarding unsupported server version.
    • Fixed compatiblity with ONLYOFFICE 7.1
    • Fixed problem with user getting logged out because of inactivity while uploading large files.
    • Multiple files/folders can be now shared at the same time also anonymously.
    • CSV Editor plugin: Fixes saving changes. Fixed horizontal scrolling. Fixed support for non-UTF8 files.
    • Fixed FileRun not loading for users which do not have the permission to upload files nor make changes.

  • File Upload

    • You can now sync changes from a local folder to the remote one, in the browser, by simply dragging and dropping that folder into FileRun. Files with the exact same bytesize and same modification time, will simply be skipped.
    • You can now upload massive number of files while being able to use FileRun smoothly.
      The uploader no longer lists all files to be uploaded, but instead it groups the files by folders. Also, uploading more than 10 files, it groups them into one.
      It uses considerably less memory and CPU.
    • You can now upload image files to FileRun by directly dragging them from other web pages into the FileRun UI.
    • You can now upload also the empty folders in a selection, using copy+paste and drag+drop. Note: The folder upload via the "+ New" menu does not preserve empty folder structures (browser limitation (https://bugs.chromium.org/p/chromium/issues/detail?id=360412)).
    • Preserves files and folder last modified date from the user's computer to the server.

    • Fault tolerance

      • Intelligent automatic retries with various time intervals.
      • The upload queue no longer stops for any reason. Regardless if files/folders fail to transfer, the queue will continue until the last item.
      • The files/folders which failed to transfer, can be individually retried at any later time.
      • It lets users know if the network connection goes offline and automatically resumes when the connection is restored, regardless of how long that might take or in which stage of the transfer the connection went offline.
      • The number of max simultaneous files uploading drops automatically to 1 when a slow network connection speed is detected.
      • If an interrupted chunk has been actually successfully saved on the server, no longer errors out, but automatically skips ahead accordingly to resume the transfer.
      • Two different computers uploading the same file at the same time won't error, and it won't corrupt the file data either.
      • If a temporary upload file gets removed from the server durring a transfer, the file transfer automatically starts over.
    • Skips uploading folders like "@eaDir", ".DS_Store" or "$RECYCLE.BIN"
    • Skips files which are not allowed on the server before even trying to upload them.
    • Multiple users can successfully upload the same file, in the same folder, at the same time, without competing with each other and without corrupting the file.
    • Dynamic chunk size, adjusted automatically based on the user's connection speed, to allow users on slow connections to restore interrupted uploads more efficiently. FileRun helps you now never loose more than 5 minutes of upload.
    • Long uploads no longer log the users out.
    • More accurate individual and overall progress when transfers get interrupted/resumed.
    • Much more accurate transfer speed calculation and time remaining estimates, putting more weight on more recent transfer speeds, and taking into account server response times.
    • If a file transfer fails, the percent completed is still displayed.
    • Takes into account file's modification date to avoid resuming the wrong transfer if the file has been changed in the meantime.
    • You can upload the same file in multiple folders at the same time.
    • Better progress indicator when uploading a large number of empty files or folders.

  • UI and UX

    • Fresh new modern UI

      • Clean and streamlined, bringing the focus back on the content.
      • Smooth transition between the light and dark mode with many improvements for the dark mode.
      • The folder location of a selected file is now prominently displayed at the top of the file list. This allows you to identify files much quicker, compared to waiting for the selected file's information to be loaded on the "Details" panel.
        Particularly useful when browsing collections, search results or looking at the new shortcut files.
      • Colorful tags can now be displayed in the list of files and folders, in all display modes. You get to choose how many tags to display, and if they are displayed as a tag icon or textually.

      • Improved file viewer

        • Redesigned for bringing the focus on the file.
        • Remade for experience and performance.
        • Added touch support. Swipe left and right to browse images. Using pinching with panning for zooming.
        • You can click next to an image/file, instead of the back arrow, to close/hide the viewer.
        • You can now click the file's name to change it.

    • Themes

      • Brand new theme editor which allows you to completely customize the colors of the UI, both for the light and the dark version.
      • It is much easier now to create a custom theme.
      • The Google Drive theme has been replaced with the blue FileRun theme (which is now inline with the new Google Drive looks).
      • Breaking change The Corporate theme has been discontinued. The theme will revert to the FileRun default theme, with a black and white color scheme.
      • Added the possibility of applying different themes based on user id, via the configuration file.
    • Optimized the "Compact" and "Detailed" list view modes:
      • The file extension is now closer to the file name.
      • The file and folder labels are also shown now separate from the file icon/thumbnail.
      • There is more room available for longer names, particularly on mobile
      • The thumbnail column can be used to sort files by type.
      • Tooltips for checking long filenames.
    • Added a compact list display mode for the file browser. With this mode there are no thumbnails loading.
    • Added options for adding links like "Privacy", "Impressum", "Terms" or "Help" to the login page.
    • The OAuth2 login page has been replaced with the main FileRun login page.
    • Added control panel option for preventing search engines from indexing files shared by web links.
    • The login page is now fully responsive. It fits better any screensize, also after changing device orientation.
    • Improved usability of the control panel on mobile devices.
    • Breaking change If you have set a hex color code for "Page background" you will need to use an image now, or use the new control panel theme customization options for it (though note that the "Surface" color used for the login page is also used for the main user interface, and you will need to keep it very light).
    • Added possibility of loading custom CSS files based on user groups.
    • Updated third-party services icons.
    • Audio player volume is now 100% by default.
    • Much better experience using slider controls (such as the audio player progress track) on touch devices.
    • Various other UI improvements
    • Added buttons to open the file preview and "Open with.." options in new browser tabs.
    • Fixed saving values to multiple-value metadata fields without pressing TAB or Enter before submitting the form.
    • Added option to share created web links via the user's operating system integrated sharing UI.
    • The metadata window can be now maximized.
    • The "Activity" tab shows the new entry count bubble again.
    • Fixed contextual menu options for newly created collections and albums, to allow management and sharing.
    • Added option to show logo on the login page at the top of the form.
    • Fix: contextual menu "Copy/Move" is no longer shown when the user doesn't have upload permission.
    • All metadata, comments, tags and colors are now shown for folders inside Trash.
    • Additional data which loads under the Details tab is now cached, so it no longer have to load twice from the main view to the file viewer and back.
    • Holding shift when deleting files will automatically select the option for permanent deletion.

    • Keyboard operations

      • Ctrl+F now shows a field for selecting files and folders by searching text in their filenames. Similar to the browser's "Find" function, but limited to the listed files and folders and instead of highlighting, it actually selects the items.
      • Ctrl+Shift+A will select all items of same type as the one selected. If it is a folder, all folders will be selected. If it is a file, all files with the same file extension as the selected one will be selected.
      • Removed D as keyboard shortcut for deleting items. "Delete" key remains the only way.
      • Removed R as keyboard shortcut for renaming items. "F2" key remains the only way.
      • Removed S as keyboard shortcut for searchin items. "CTRL+S" key remains the only way.
      • Creating a new folder is now done using the plus (+) key, instead of N.
      • CTRL+Enter opens items in a "New tab".
      • "Page Up" and "Page Down" for scrolling the file list.
      • After closing the file viewer, the focus now returns to the file list, so that you can continue using the keyboard.
      • 0-5 keys change the rating of the selected files/folders.

    • UI fixes

      • Fixed sorting of shared folders.
      • Fixed broken UI when user has no permissions of making any changes to files.
      • Shares listed under a user, in the tree panel, did not show details, such as stars, web links or colors.
      • Changing metadata is reflected right away in the Details panel.
      • Removing one value from a "Multiple values" metadata field by clicking the value's X button. The button got hidden, but the value was not removed upon saving.
      • Going back/forward using the browser history between FileRun UI states which include searching
      • Resizing the browser when a modal window is shown, now keeps the window in view.
      • A moved window which got hidden is now preserving the position when being shown again.
      • Fixed not being able to paste text inside FileRun's various promps and fields.
      • Fixed inline video playback of videos on Safari mobile.
      • Fixed showing if a file/folder which is shared by other users is in a one of the user's own collections.
      • Fixed dark mode not being automatically applied for ONLYOFFICE.
      • Fixed login background color when one is set.
      • Made sure popups windows do not open larger than the browser body size on smaller screens or scaled-up desktops.
    • Added right-click option to create new collections and photo albums.
    • Better thumbnails for CSV files: no third-party software requirement, very fast generation, sharp text, columns and rows borders, and dark mode support.
    • Files/folders get removed from the list when unstarring while under the Starred section.
    • Brought the search panel closer to the search button to make it easier for big screens.
    • The profile pictures are now resized on the server for smoother results.
    • Showing full date on mouse over the "Modified" date field in the grid.

  • Tags

    • Tags of multiple selected files/folders can be now managed in bulk.
    • You can now specify colors for new tags, like this: tag|color. The color can be HTML color name (ex: red, green, blue, etc.) or a hexadecimal value. If you do not specify a color, one will automatically be assigned.
    • You can now change the color of an existing tag, by clicking the tag and choosing "Change color". (The change will apply only for the selected files/folders.)
    • The sorting is now reversed, with the newest tag being shown first.
    • You can add multiple tags at the same time, if the text is separated by comma (,) or by semicolon (;). Pasting also works.
    • A new tag can no longer be added to a file/folder which already has it but with different capitalization.
    • Tags are now being shown in color under "Photos" > "By tag".
    • 2 tags are by default displayed in the list of files. You can change that from the control panel section "Interface".
    • Tag suggestions list is now sorted by frequency of use.
    • The permission required for viewing tags remains the same as before, though now it is named "User can view metadata".
    • Added option to copy all tags from a file.
    • Multiple tags with same text but different case are no longer allowed.

  • Labels and colors

    • The labeling feature has been replaced by the tags feature. Use the "Quick tag" option from the contextual menu. The predefined tags can be customized from the configuration file, just as one could customize the labels in the previous versions.
    • Existing labels will be replaced with tags of same color.
    • Note: unlike labels, tags are not affected by language translations.
    • Breaking change: If you had e-mail notifications rules set for labeling, for example on "Label received", you will need to update these rules to use "Tag received" instead.

    • Folder colors

      • Labeled folders will preserve the icon color, which can be now changed using the "Change color" option.
      • The option is available only for folders.
      • The permission to set custom folder icon colors requires the "User can make changes to files and folders" and for a shared item, the permissions must include "Make changes". This update will not alter user permissions in any way, so if needed you will have to do that yourself manually.
      • Colors are now shown for folders also when choosing the target folder for a copy/move action.

  • Search

    • Made the search panel a bit more intuitive.
    • Content search: Added compatibility with all the newer ElasticSearch server versions. Tested with up to ElasticSearch version 8.5.2.
    • Breaking change If you continue to use an old ElasticSearch version, you will need to add the following line inside "customizables/config.php": $config['elasticsearch_legacy'] = true;
    • Added control panel option for resetting the ElasticSearch index, and also for clearing the indexing queue.
    • Added compatibility with newer Elasticsearch versions. If you upgrade Elasticsearch, remember to press the "Test server" button from the FileRun control panel. If you reinstall Elasticsearch, see the "reindex_files.php" command line script on this page https://docs.filerun.com/command_line_tools to reindex your documents.

  • Nextcloud apps

    • Fixed crash on Android.
    • Fixed warning in both ownCloud and Nextcloud apps regarding unsupported server version.
    • Fix ability to remove editing permissions from a web link via Nextcloud desktop app.
    • Fixed WebDAV/Sync not working with some files from Windows servers which can miss modification times.
    • Dekstop sync: added config option for not taking the device ID into account when checking for changes. Set $config['system']['webdav']['skip_device_id_for_etag'] = true; inside the config file.

  • Other Improvements

    • Improved overall server-side performance.
    • Added the possibility of editing multiple files at the same time with Google Docs Editor.
    • The file "Edit" function always opens in a new browser tab. The same when creating new files from the "New" menu.
    • Allows users without download permission to access the media library features.
    • Creating new files with plugins always opens in a new browser tab, to allow the user to return to file management operations before being done with the new file.
    • The installation wizard is now accessible by the FileRun superuser from the FileRun control panel section called "Reinstall". This can be used to reset the FileRun installation to factory default, but also just for checking that the server meets the requirements.

  • Other changes

    • Added partial support for AVIF image files. Thumbnail generation and sizing metadata extraction. Because we don't have the date taken metadata, they will not show under "Photos" media library. (Might require an update on ImageMagick (at least v7.0.25). Same for Vips and GraphicsMagick, make sure you update them.)
    • Changing file/folder rating is now logged independently of metadata.
    • When a guest user tries to access FileRun and there are no shares and his account gets deleted, the login access attempt gets logged now.
    • Updated CommonMark markdown parsing and added an extension for tasks lists.
    • Metadata change details are now shown in a file/folder activity log.
    • Fix: The user activity of changing a file's metadata now logs the action, as it should have, to the user activity log and to the file activity log.
    • Fixed not being able to add own admin account to a group by editing the group.
    • Creating two files with the same name but different case, is no longer possible.
    • Forced usernames to lowercase for accounts created via the API.
    • The QR code image that is generated when sharing a link can be now downloaded.
    • Better error logging in the user activity when failing to delete files/folders.
    • Added config option to delete files/folders to the trash folder by copy+delete instead of move, to allow cross-disks moves. Enable like this: $config['system']['trash']['use_safe_move'] = true;
    • Gallery Web Links: Added buttons to access a file's details page, to read possible shared metadata and comments.
    • Gallery Web Links: now use a lightbox for all file types, to allow a smooth experience for browsing folders with both photos, videos and other types of files.
    • Fixed share web link via Linkedin option.
    • XMP and/or Exif metadata is now extracted from WEBP files, allowing these files to show under the "Photos" media library.
    • Improved XMP compatibility extraction of photo creation date and caption.
    • Remote groups are now synced to FileRun every time a user logs in with remote credentials.
    • Fixed WebDAV compatibility with Enpass.
    • Added definition for delimited values text files to group .csv, .tsv and .tab files as type of files that can be connfigured to edit/open by default with a particular plugin. This type of files now preview by default with the CSV editor instead of the Text Viewer.
    • The "Folder index" plugin now sorts file/folder names in a case-insensitive way.
    • Added support for webloc MacOS bookmark files.
    • Improved speed of reading a PNG dimensions.
    • PNG metadata from the tEXt textual data ancillary chunks is now imported.
    • Every image generated by FileRun is now in SVG format, so PHP GD is no longer a requirement.
    • Fixed mime types of CSS files served via FileRun, in order to be accepted by browsers as stylesheets.
    • Better handling of MySQL connection when it timesout due to long PHP process activity.
    • Fixed display of image files which are wider than the browser window, when opening image files via web links.
    • Screenshots pasted in the browser will be uploaded with the name received from the browser. This is usually the same one every time, something like "image.png", so it will overwrite a potentially existing file with the same name. This change was needed in order to preverse the name of files uploaded individually by copy/paste. Because there is no way to distinguish pasting a file from cliboard or from the file system, they were both ending up named like "Pasted image 2022-07-17 14-37-37.png".
    • Limited pasting images with preview to 10MB to prevent browser from crashing.
    • If no image processing tool is found or functioning, just output web-safe images as they are for both thumbnails and image previews. For those few cases where the managed image files are low res.
    • Breaking change If you are running Nginx and you are unable to use the FileRun API or WebDAV/sync access after the update, review your Nginx+PHP configuration and use the updated official guide to correctly configure your server to register the PATH_INFO environment variable. (The workaround which was included in FileRun to help with misconfigured server has been now removed.)
    • The "HTML Editor" plugin, which was previously shipped disabled, has been now removed entirely.