AeroFTP Files

[3.2.6] - 2026-03-31

macOS static linking fix & security hardening

Fixed

• macOS crash at launch (DYLD / library not found): The macOS binary was dynamically linking against Homebrew's liblzma.5.dylib (/opt/homebrew/lib/), causing a DYLD crash at launch. Users without Homebrew got a missing library error; users with Homebrew could still crash due to library version mismatches. Now statically links liblzma into the binary, eliminating the external dependency entirely
• Security: HIGH vulnerability resolved (GHSA-q29p-9pfr-j652): Upgraded russh 0.57 to 0.59, which replaces libcrux-ml-kem/libcrux-sha3 with RustCrypto ml-kem, eliminating the vulnerable dependency from the tree
• Security: XSS SAST finding resolved: Removed dangerouslySetInnerHTML from GitHubReleaseBrowser, replaced with safe React element rendering

Changed

• Upgraded indicatif 0.17 to 0.18, removing unmaintained number_prefix dependency
• Cargo dependency update: 116 crate bumps including openssl, rustls, tao, wry
• SourceForge provider preset hidden until provider confirmation (dev-only)
• FeliCloud direct access: Clicking FeliCloud in the connection screen now goes directly to the connection form instead of routing through the WebDAV preset list
• FeliCloud badge: Uses Nextcloud blue (#0083ce) for API OCS badge in protocol selector and saved servers
• Saved servers WebDAV URL: Shortened to hostname only instead of full URL path
• Status bar panel consistency: File count indicators (remote/local) now match the visual panel order when panels are swapped

Security

• Aikido Security audit: Top 5% benchmark, 0 open issues across all categories
• Full compliance coverage: OWASP Top 10, ISO 27001, CIS v8.1, NIS2, GDPR

Downloads:

• Windows: .msi installer, .exe, or .zip portable (no installation required)
• macOS: .dmg disk image
• Linux: .deb, .rpm, .snap, or .AppImage