Skip to content

r1994-ls261

Choose a tag to compare

View all tags
@LinuxServer-CI LinuxServer-CI released this 15 Mar 05:31
· 4 commits to master since this release
r1994-ls261
f0c9939
This commit was signed with the committer’s verified signature.
LinuxServer-CI LinuxServer.io CI
SSH Key Fingerprint: fh11rWL5oCDRdg8ER4TS1r8mdK7lLmwPcJouqXZgNko
Verified
Learn about vigilant mode.

CI Report:

https://ci-tests.linuxserver.io/linuxserver/projectsend/r1994-ls261/index.html

LinuxServer Changes:

Full Changelog: r1945-ls260...r1994-ls261

Remote Changes:

ZIP file hash: f3236991f3e87ab714bc9dfc96e21666fdfae1472b0faf7f6024730bfcb218f9

Full changelog at https://projectsend.org/changelog/r1994.php

What's New in ProjectSend r1994

A stability-focused release with critical security patches, improved compatibility, and over 20 bug fixes addressing issues reported by the community since r1945.

🔐 Security

  • Updated aws/aws-sdk-php to fix CVE-2025-14761
  • Updated axios to fix CVE-2026-25639 (DoS via prototype pollution)
  • Removed vulnerable babel-traverse (CVE-2023-45133) and gulp-babel (unused)
  • Updated gulp to v5, fixing CVE-2024-4068 (braces) and CVE-2026-27903 (minimatch)
  • Updated CKEditor to latest predefined build (44.3.0)
  • Fix: do not allow encryption if encryption key is not present
  • Fix file preview exposing direct file URL

🔧 Compatibility

  • MySQL 5.7 support restored: Replaced MySQL 8.0-only recursive CTE with PHP-based parent folder traversal (#1498)
  • HTTPS reverse proxy support: Detect HTTPS via X-Forwarded-Proto, X-Forwarded-SSL, and SERVER_PORT (#1524)
  • Fresh install stability: Fixed crash when tbl_options doesn't exist (#1516) and migration 2022102701 failure with non-standard foreign key names
  • Local S3-compatible storage: Extended Amazon S3 to support local instances like MinIO (#1495)

🐛 Bug Fixes

  • Fix 403 error on first new client login with password change required (#1502, #1494)
  • Fix client creation failing in r1945
  • Fix permissions for existing roles not saving
  • Fix "You cannot delete your own account" error
  • Fix missing optional fields in Security settings
  • Fix encrypted downloads returning scrambled data with X-Accel-Redirect
  • Fix 'remember me' when using 2FA (#1519)
  • Fix disk quota and max file size display inconsistency on clients list (#1506)
  • Fix upload icon visible when uploads disabled in Business Professional, Drive, Dark Cards, and Gallery templates (#1517)
  • Fix duplicate "new file" notifications sent when editing file properties (#1522)
  • Fix template variables not parsed in custom email header/footer (#1490)
  • Fix error counter and crash-safe error parsing in JS upload form
  • Fix inconsistent error response format in upload process
  • Fix setDefaults() called before filename_original is set during upload
  • Fix event bindings duplicating on repeated form submissions
  • Social login fix
  • SMTP port default when not defined
  • Fixes for issue #1525

⚡ Improvements

  • Release session lock early during file uploads (performance improvement for multi-file uploads)
  • Add default SMTP port selection on auth method change
  • Upgrade Chart.js to version 4.5.0 (#1454)
  • Updated translation files

🙏 Thanks

Thanks to all contributors: dino2gnt, maidis, TenBirk, krcgk, JazzMalar, Frmwrk-GmbH, sitecode, veenone, and everyone who reported issues.

Assets 2
Loading