drakkan/sftpgo (docker.io/drakkan/sftpgo)
### [`v2.6.3`](https://redirect.github.com/drakkan/sftpgo/releases/tag/v2.6.3)
[Compare Source](https://redirect.github.com/drakkan/sftpgo/compare/v2.6.2...v2.6.3)
#### New features
- EventManager: system commands are disabled by default and an allow list has been added to explicitly define which ones are allowed.
- EventManager: add `{{EscapedVirtualPath}}` placeholder.
- EventManager: add `{{DateTime}}` placeholder.
#### Bug Fixes
- WebAdmin: check CSRF header when deleting blocked hosts in the same way we already do for all other state-changing endpoints.
- WebAdmin: correctly display multiple active connections for the same session.
- WebClient: improve readability of upload progress.
- Plugins: fix passing additional environment variables.
#### Backward incompatible changes
If you rely on EventManager to execute system commands, you should add the commands to the allowed list like this:
`SFTPGO_COMMON__EVENT_MANAGER__ENABLED_COMMANDS="/bin/command1,/usr/bin/command2"`
The following admin permissions have been removed:
- manage_admins
- manage_apikeys
- manage_system
- retention_checks
- manage_event_rules
- manage_roles
- manage_ip_lists
Now you need to add the `*` permission to replace the removed granular permissions because the removed permissions allow actions that should only be allowed to super administrators.
For example, you can define an administrator with the `manage_system` permission and not with the `manage_admins` or `manage_user` permission, but the `manage_system` permission allows you to restore a backup and then create users and administrators.
There is no point in having separate, overlapping permissions.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v2.6.2->v2.6.3Release Notes
drakkan/sftpgo (docker.io/drakkan/sftpgo)
### [`v2.6.3`](https://redirect.github.com/drakkan/sftpgo/releases/tag/v2.6.3) [Compare Source](https://redirect.github.com/drakkan/sftpgo/compare/v2.6.2...v2.6.3) #### New features - EventManager: system commands are disabled by default and an allow list has been added to explicitly define which ones are allowed. - EventManager: add `{{EscapedVirtualPath}}` placeholder. - EventManager: add `{{DateTime}}` placeholder. #### Bug Fixes - WebAdmin: check CSRF header when deleting blocked hosts in the same way we already do for all other state-changing endpoints. - WebAdmin: correctly display multiple active connections for the same session. - WebClient: improve readability of upload progress. - Plugins: fix passing additional environment variables. #### Backward incompatible changes If you rely on EventManager to execute system commands, you should add the commands to the allowed list like this: `SFTPGO_COMMON__EVENT_MANAGER__ENABLED_COMMANDS="/bin/command1,/usr/bin/command2"` The following admin permissions have been removed: - manage_admins - manage_apikeys - manage_system - retention_checks - manage_event_rules - manage_roles - manage_ip_lists Now you need to add the `*` permission to replace the removed granular permissions because the removed permissions allow actions that should only be allowed to super administrators. For example, you can define an administrator with the `manage_system` permission and not with the `manage_admins` or `manage_user` permission, but the `manage_system` permission allows you to restore a backup and then create users and administrators. There is no point in having separate, overlapping permissions.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.