Skip to content

Merge https://github.com/filebrowser/filebrowser:master (fe7efb2) into oadp-dev#18

Open
oadp-rebasebot-app[bot] wants to merge 75 commits into
migtools:oadp-devfrom
oadp-rebasebot:rebase-bot-oadp-dev
Open

Merge https://github.com/filebrowser/filebrowser:master (fe7efb2) into oadp-dev#18
oadp-rebasebot-app[bot] wants to merge 75 commits into
migtools:oadp-devfrom
oadp-rebasebot:rebase-bot-oadp-dev

Conversation

@oadp-rebasebot-app

Copy link
Copy Markdown

No description provided.

@openshift-ci openshift-ci Bot requested review from Joeavaikath and weshayutin May 18, 2026 01:10
@openshift-ci

openshift-ci Bot commented May 18, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: oadp-rebasebot-app[bot]
Once this PR has been reviewed and has the lgtm label, please assign kaovilai for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented May 18, 2026

Copy link
Copy Markdown

Hi @oadp-rebasebot-app[bot]. Thanks for your PR.

I'm waiting for a migtools member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@oadp-rebasebot-app oadp-rebasebot-app Bot changed the title Merge https://github.com/filebrowser/filebrowser:master (22b848f) into oadp-dev Merge https://github.com/filebrowser/filebrowser:master (ca0108f) into oadp-dev May 25, 2026
hacdias and others added 13 commits June 3, 2026 09:59
…, symlink escape)

- http/raw.go: strip Windows backslash separators from archive entry names
  on any host. filepath.ToSlash is a no-op for "\" on Linux, so a stored
  backslash filename was emitted verbatim and could escape the extraction
  directory on Windows extractors (zip-slip). (GHSA-gxjx-7m74-hcq8)

- http/auth.go: cap the login and signup request bodies with
  http.MaxBytesReader (1 MiB). The JSON decoder previously read an
  arbitrarily large password into memory before bcrypt truncated it,
  enabling unauthenticated memory-exhaustion DoS. (GHSA-w5fm-68j4-fpc4)

- files/file.go, http/resource.go: add files.WithinScope and refuse to
  follow a symlink whose on-disk target escapes the user's scoped root,
  on both the read path (stat) and the write path (writeFile). Prevents a
  scoped user from reading/overwriting/sharing files outside their scope
  via a pre-existing escaping symlink. (GHSA-239w-m3h6-ch8v)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
transifex-integration Bot and others added 11 commits June 27, 2026 07:19
…p-gpj6)

When Signup is enabled with the default scope and createUserDir off, every
self-registered user inherits the served root and can read/modify/delete all
files. Add a startup WARNING for this configuration and document the risk and
the --createUserDir mitigation. No behavior or default change.
…6h-j3ww)

The fix for CVE-2026-54093 rewrote backslashes to the path separator "/" in
archive entry names. On POSIX hosts a backslash is a legal filename byte, so
that rewrite manufactured a traversal sequence ("..\..\x" -> "../../x") out
of a single in-scope file, turning a Windows-only zip-slip into a cross-platform
one. Neutralize backslashes to an inert character instead, and reject any entry
whose name is not already a normalized root-relative path. Adds a regression
test that downloads a folder containing a backslash-named file as a zip.
…-g7h6-22m7)

cleanUsername is many-to-one, so distinct usernames (e.g. "teamone/x" and
"teamone-x") can normalize to the same home directory. With CreateUserDir
enabled, the second registrant silently reused the first user's directory,
breaking per-user isolation. Add a GetByScope lookup and reject a signup whose
derived scope is already taken. The check is gated on CreateUserDir: when it is
off, signups intentionally share the configured default scope. Adds a regression
test for the colliding-username case.
…GHSA-833g-cqhp-h72j)

The share management endpoints serialized the storage struct directly, returning
the bcrypt password_hash (crackable offline) and the bypass token for every
share an authenticated caller could list, with admins seeing them for all users.
Return a response DTO that exposes only whether a share is password-protected
(hasPassword) and drops both secrets. The storage struct keeps its tags so the
secrets stay persisted and the server-side auth/public flows are unchanged.
Updates the frontend to use hasPassword and adds a regression test.
…SA-pp88-jhwj-5qh5)

DeleteWithPathPrefix queried the share index with the raw path, so deleting a
directory through a trailing-slash path (e.g. DELETE /api/resources/a/) only
matched descendants like /a/child and missed the exact /a share, leaving it in
storage. If the same path was later recreated, the stale public share re-exposed
the new content. Normalize the path before the prefix query so the exact share
and its descendants are both removed. Adds a regression test.
@oadp-rebasebot-app oadp-rebasebot-app Bot changed the title Merge https://github.com/filebrowser/filebrowser:master (be23ab3) into oadp-dev Merge https://github.com/filebrowser/filebrowser:master (c05ead7) into oadp-dev Jun 29, 2026
justadityaraj and others added 14 commits July 4, 2026 08:09
New config option:
  --branding.disableUserProfile

This option allows to disable User Profile together
with User settings.

Signed-off-by: Michal Pryc <mpryc@redhat.com>
New config option:
  --branding.defaultLoginUser "username"

This option allows to provide default Username, which will result
in hiding username field from the welcome page.

Signed-off-by: Michal Pryc <mpryc@redhat.com>
Removes Help options "Delete" and "Rename" if the
following permissions are revoked from a particular
user:

  --perm.delete=false
  --perm.rename=false

Signed-off-by: Michal Pryc <mpryc@redhat.com>
Add multi-stage Containerfile for UBI-based builds.

Signed-off-by: Michal Pryc <mpryc@redhat.com>
Adds OWNERS file.

Signed-off-by: Michal Pryc <mpryc@redhat.com>
Fix downstream changes to match upstream refactored functions.

Signed-off-by: Michal Pryc <mpryc@redhat.com>
Disable Validate Title check (semantic commit PR titles are
not used downstream). Fix Go version to 1.25 and add oadp-*
branches to CI triggers.
@oadp-rebasebot-app oadp-rebasebot-app Bot changed the title Merge https://github.com/filebrowser/filebrowser:master (c05ead7) into oadp-dev Merge https://github.com/filebrowser/filebrowser:master (fe7efb2) into oadp-dev Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.