Release notes from server

v2.1.0

2026-03-15T17:44:09Z

⭐ Highlights

🎨 Major frontend UI refresh for a cleaner, more modern experience
🔐 New OIDC provider toggle: security.supportPKCE for PKCE flow control
🐳 Docker enhancement: new FORCE_PERMISSIONS env var to enforce data file permissions (@7185)
🌍 Internationalization update: Dutch (nl) locale added (@Stephan-P)
🕒 Database reliability: MySQL connections now consistently use UTC timezone
📂 File handling hardening: better PDF cleanup and safer directory scanning (skips unreadable paths)
➕ Additional quality and stability improvements across backend and frontend

➡️ Read the release announcement

Features

frontend refresh UI (#127)
backend:auth: add toggle for security.supportPKCE in OIDC provider (d90cbf7)
docker: add FORCE_PERMISSIONS variable to set permissions on data files (1eb57d6)
frontend:i18n: add nl (4c3a0cb)

Bug Fixes

backend:database: ensure MySQL connection uses UTC timezone (e7d2ed9)
backend:files: avoid buffer copy and ensure PDF document cleanup (f28c71b)
backend:files: skip unreadable directories when walking for size and entry counts (6b0a6a7)
frontend:recents: move user avatar tooltip container to body to fix overlap with card (5029911)

v2.0.0

2026-02-09T23:27:38Z

⭐ Highlights

🆔 OpenID Connect (OIDC) authentication support
⚠️ Breaking change: authentication configuration renamed and refactored
🔐 New authentication architecture enabling Desktop & CLI registration via OIDC
🏢 Advanced LDAP support (service bind, admin break-glass, DN/CN, auto user & permissions)
🔑 Support for OTP recovery codes and application-based client registration
🧩 Improved configuration validation and error diagnostics
✨ User experience improvements (recent items redesign, file rename behavior)
📊 JSON logging output for improved observability
➕ And many other improvements and refinements

➡️ Read the release announcement

⚠ BREAKING CHANGES

auth: rename method to provider in AuthConfig and replace authMethod with authProvider for naming consistency (9d187e0)
backend:auth:ldap: move adminGroup to options (96d52c9)

Features

auth:oidc: enhance OIDC configuration (8bcf35d)
auth:oidc: revise authentication flow logic (abb9979)
auth:sync: introduce registerWithAuth to enable desktop client registration from external process (OIDC) (b6525ec)
auth: implement OIDC authentication support and refactor auth providers (28bbf1d)
auth: refactor authentication services and add desktop client registration support (08c6e0f)
auth: support desktop app OIDC authentication flow (0d6963f)
backend:auth:ldap: add service bind support, adminGroup DN/CN handling, optimized search flow, tests, and updated docs (f7b9d0f)
backend:auth:ldap: add autoCreateUser and autoCreatePermissions (96d52c9)
backend:auth: add LDAP/OIDC local password fallback and admin break-glass access (23a93b5)
backend:config: improve error messages for environment config validation (a5df529)
backend:sync: add support for TOTP recovery codes during client registration (3cb3ea4)
backend:sync: improve sync path error handling and enforce subdirectory selection (549ada3)
backend: add jsonOutput option to logger (02cbe04)
frontend:spaces: improve server connection error handling and UI feedback (097b230)
frontend/backend: add client auth scope for password-based apps to register servers across desktop apps and CLI (5f131bf)
frontend: allow filename rename validation on blur (da930b8)
frontend: restyle recents widget (9845502)
frontend: update widget badge styles and color scheme (10feb97)

Bug Fixes

backend:webdav: ensure lock paths in headers are decoded correctly (ceb2f38)
backend:webdav: set correct http status line (a651fc3)
frontend:routes: remove redundant canActivateChild guard from app routes (3b5a80a)
frontend:spaces: remove tap directive keyboard handler blocking spaces in edit input and preserve whitespace in displayed file name (e0b328b)

v1.11.0

2026-01-21T00:06:50Z

Security

backend: upgrade tar to 7.5.4 (GHSA-8qq5-rm4j-mr97) (a42c1079)

Features

frontend: add delayed auto-collapse functionality for right sidebar (315bad2)

v1.10.1

2026-01-12T00:56:50Z

Bug Fixes

auth:webdav basic auth fails with ":" in password (#104) (9671b71)
backend:comments: refine file path query for better handling of space roots (5b0c8ff)
backend:webdav: treat PUT requests as binary streams to avoid body parsing (edc291c)

v1.10.0

2026-01-07T10:04:24Z

⭐ Highlights

📝 Collabora Online integration
Collaborative online editing based on open standards, with native support for OpenDocument formats and compatibility with Microsoft Office formats.
🔀 Intelligent multi-editor management
Automatic selection of the most appropriate editor based on the document format, with the ability to set a default editor.
🔗 Enhanced public links
Access, view, and edit documents directly through public links, depending on formats and access rights.
⚙️ Platform evolution
Migration to Node.js 24, while maintaining compatibility with Node.js 22, improving stability and performance.

Features

backend/frontend:files: improve file locking logic, enhance compatibility across apps such as WebDAV and Collabora and OnlyOffice (9eb5a17)
files: add Collabora Online integration to Docker setup (abe4fa4)
files: collabora online integration (dabeff6)
files: Collabora Online integration, multi-editor support, and improved file locking (e6bedc1)
files: improve editor selection and add editor preference support (8fea357)
frontend/backend:files: simplify file opening flow and improve readonly handling (6563f44)
links: allow direct access to spaces via public links; add file preview/edit/download; improve password validation (5102e9a)

Bug Fixes

backend:files-scheduler: correct ordering of recent files (aea6bcd)
backend:shares: clear cached permissions when share link permissions are changed (95a455b)
backend:spaces: apply MODIFY permission for PUT requests on existing files instead of ADD when the resource exists (e73ae93)
backend:webdav: properly handle HEAD requests on directories, match lock source file when the file is a space root and extend lock owner information (f1f4836)
docker:collabora: add capabilities for debian based hosts (9275df6)
frontend:auth: ensure server config is initialized during authentication to prevent OTP prompt from not appearing on desktop (e0053ae)
frontend:files: adjust badge styles to use white-space-normal for consistent text wrapping (615ea00)
frontend:files: correct writeable condition (288193e)
frontend:files: load tasks only when a user is logged in to prevent interceptor redirects when refreshing a public link URL (bda58d6)
frontend:i18n: remove explicit 'en' locale definition to prevent bs-datepicker translation conflicts (13529f1)
frontend:spaces: display deactivation date when space is disabled (7df2535)

v1.9.6

2025-12-16T23:59:16Z

Bug Fixes

backend:files: skip adding recents for trashed files (c445196)
backend:schedulers: resolve scheduled methods being skipped because of Timeout decorator overlap (50f4140)
frontend:files: enable autoplay for video in media viewer component (20fe25f)
frontend:files: remove hidden class from buttons for consistent visibility across breakpoints (a60538a)
frontend:files: update file metadata timestamps on save and align OnlyOffice state change handlers (db768e1)
frontend:search: improve search input layout and update filter button visibility for responsiveness (09ebce6)
frontend:spaces: show disabled space message to space managers (f8bcdf7)

v1.9.5

2025-12-16T22:55:43Z

chore(release): 1.9.5

v1.9.4

2025-12-16T22:21:31Z

chore(release): 1.9.4

v1.9.3

2025-12-07T00:45:25Z

Security Fixes

backend:security: prevent stored XSS by serving files with Content-Disposition: attachment to avoid arbitrary JavaScript execution in the browser (a6276d0)

Bug Fixes

ci: update Dockerfile to use alpine3.22 to avoid errors with busybox-1.37.0-r29 (ede1bec)
backend:users: clear whitelist caches when group visibility changes (071c3ae)
frontend:files: fix DataTransfer usage after async operations and delay overwrite until analysis completes to restore overwrite on dropped files (d9935e5)
frontend:styles: add min-width on app-auth background class (dffd5e5)

Community Highlights ❤️

We would like to thank @x0root for reporting this vulnerability and helping improve the security of the project.

v1.9.2

2025-12-06T23:57:06Z

chore(release): 1.9.2