Download Latest Version FileRise-v3.3.3.zip (17.7 MB)
Email in envelope

Get an email when there's a new version of FileRise

Home / v3.3.0
Name Modified Size InfoDownloads / Week
Parent folder
FileRise-v3.3.0.zip 2026-01-31 17.6 MB
0
FileRise-v3.3.0.zip.sha256 2026-01-31 86 Bytes
0
README.md 2026-01-31 1.6 kB
0
v3.3.0 source code.tar.gz 2026-01-31 2.0 MB
0
v3.3.0 source code.zip 2026-01-31 2.1 MB
0
Totals: 5 Items   21.7 MB 0

Changes 01/31/2026 (v3.3.0)

release(v3.3.0): security hardening (tag color sanitization + restrict direct uploads access)

Security

  • Hardened tag color handling to prevent HTML/CSS injection:
  • Tag colors are now sanitized server-side on save and on read.
  • Allowed formats: #RGB / #RRGGBB and simple named colors.
  • Invalid values fall back to a safe default.
  • Docker default now blocks direct /uploads/* access:
  • File data should be accessed via authenticated API/download flows (and share links where applicable).
  • Added a constrained public endpoint for profile pictures / portal logos:
    • GET /api/public/profilePic.php?file=<filename>
    • Locked to UPLOAD_DIR/profile_pics/ with realpath boundary checks
    • Image-only MIME allowlist + X-Content-Type-Options: nosniff

Changed

  • Behavior change (security, Docker default): Direct requests to /uploads/... are no longer served.
  • If you intentionally need a public file host, use share links or a separate explicitly-public directory/vhost.
  • Tag APIs now accept optional sourceId and sanitize tags end-to-end for Sources.

Docs/OpenAPI

  • OpenAPI updated to reflect:
  • tag objects ({name,color})
  • sourceId parameters for tag endpoints
  • profile picture URLs served via /api/public/profilePic.php

v3.3.0

Full Changelog

v3.2.4 → v3.3.0

SHA-256 (zip)

2daf5b39dc0989da078b298c4d7a71ccf4558f826b99d167a5fc5e4ac93c13d5  FileRise-v3.3.0.zip
Source: README.md, updated 2026-01-31