944dd29
What's New in ProjectSend r1945
🔐 Security & Enterprise Features
Server-Side File Encryption: AES-256-GCM authenticated encryption for files at rest with support for cloud storage
Advanced Permissions System: Complete overhaul with granular controls and custom role creation
Enhanced LDAP/Active Directory: Improved enterprise authentication with dynamic role management and smart fallbacks
Security Fixes:
XSS vulnerability fixes in file editor and custom download aliases (reported by Raducu Alexandru-ionut)
Server software info escaping
Secure random string generation (found by hassan al-khafaji)
Prevention of unauthorized file previews
📁 File Management
Download Limits: Set per-user or total download caps with automatic enforcement and abuse prevention
Disk Quota Management: Per-account storage limits with real-time usage tracking
Redesigned File Editor: Modern tabbed interface with bulk operations and mobile optimization
External Storage Integration: AWS S3 support with flexible upload destinations and file import capabilities
Batch File Encryption Tool: Encrypt multiple files at once
Enhanced Folder System: Improved folder visibility for clients with better permission handling
(contributions by Matani-Git)
🎨 Customization & UI
9 New Themes: Expanded from 3 to 9 professional themes including Modern, Retro90s, Dark Cards, Business, and Google-like templates
Email Templates & Themes: Visual editor with CKEditor integration, multiple professional designs and dynamic variables
Custom Fields System: Add custom fields for users and clients with drag-and-drop ordering and multiple field types
Enhanced User Interface:
Unsaved changes warnings
Data preservation on validation failures
Light/dark mode toggle for admin pages
Improved form validation and required field indicators
Cards view for manage files with details sidebar
⚙️ System Improvements
System Auto Update: Automatic updates with zero downtime and configurable channels (stable/beta)
Regenerate Thumbnails: Advanced thumbnail regeneration tool with filtering, custom dimensions, and date range support
Multiple CAPTCHA Methods: Choose from reCAPTCHA v2, v3, or Cloudflare Turnstile
Remember Me Option: Persistent login sessions with configurable duration
Favicon Customization: Upload custom favicon files
Dashboard Widgets: New download analytics and storage analytics widgets with drag-drop positioning
Roles Manager: Complete role and permission management interface with custom role creation
🐛 Bug Fixes & Improvements
Fixed session expiring with "Remember me" checked
Fixed missing "Manage files" link with correct permissions
Fixed SMTP authentication (by dawnstrider)
Fixed username validation to allow underscores (by xia-stan)
Fixed folder display issues for clients (by Matani-Git)
Fixed 500 error when users upload files (by Matani-Git)
Fixed actions log sorting (by rainyday4me)
Fixed custom downloads table missing ID
Fixed video preview functionality (by Nimon77)
Fixed double X in close modal button (by rob4226)
Fixed uploads folder .htaccess (by log4en)
Fixed bad redirects (found by MGPhil)
Fixed cronjob example (by ehawman)
Registration bug fix (by bmartin13)
Fixed deprecated dynamic property warnings (by raduhazsda)
Fixed plupload styling for dark mode
Preserve form data on errors
Light mode set as default
Added missing CSRF protections
Fixed toggle styling
🔧 Technical Improvements
PHPStan implementation with baseline (Co-authored by Claude)
Updated dependencies: axios, @babel/traverse, follow-redirects
GitHub Actions for security scanning and build status
Composer validation fixes
Support for environment variables in SMTP configuration (by redondi88)
CodeMirror loaded from local lib (node_modules can be excluded)
Auto-calculation of version numbers for releases
Improved chunk size configuration (fixes #1203)