You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Groups: simplify the administration of multiple accounts by letting you assign settings once to a group, instead of multiple times to each individual user.
Branding: allow to easily customize the WebAdmin and WebClient UIs to match your brand.
OpenID Connect: SFTPGo can be connected to your existing Identity Provider.
ACME: add support to obtain and automatically renew TLS certificates from Let's encrypt and other ACME compliant certification authorities.
Allow to require two-factor authentication per user.
Allow to set a start directory for SFTP, FTP and HTTP users.
Data transfer bandwidth limits, with total limit or separate settings for uploads and downloads and overrides based on the client's IP address.
Check disk and data transfer quota usage between ongoing transfers even if the transfers are performed on different nodes.
Global whitelist: services can be restricted to specific ranges of IP addresses.
New Geo-IP filtering plugin: services can be restricted based on the the geographical location of the clients' IP addresses.
Allow to hide files/folders in directory listing based on pattern filters.
Allow to cache external authentication.
External shares: add read/write mode and allow to browse shared directories.
Allow to configure the minimum version of TLS to be enabled.
Naming rules for usernames, folder and group names: case insensitive matching is configurable.
S3: add support for ARN roles.
HTTP proxy headers: add a depth setting to extract the correct rightmost IP in the list.
WebAdmin: allow to control column visibility and ordering.
Allow to set different TLS certificates for each binding.
Allow to customize execution timeout and environment variable for program based hooks.
Execute db migrations holding a database-level lock, for databases that support locking.
s3fs: migrate to AWS SDK v2.
azblobfs: migrate to the new Azure Blob SDK.
sshd: disable by default sha1 based host keys, KEXs and MACs.
Check and update the password hashing algorithm on user login.
Make sure that JWT tokens, cookies and CSRF tokens can only be used from the IP they were issued for.
Other minor improvements and bug fixes.
Backward incompatible changes
External auth: the HTTP hook now receive a proper JSON serialized user. Before we were sending a user serialized as JSON string. See #836 for more details.
Removed prefer_database_credentials setting. We now assume that this setting is true. We don't store GCS credentials on filesystem anymore.
Rename permission must be explicitly granted. We don't assume anymore that rename permission is implicitly granted if the user has delete and upload permissions.
sshd: sha1-based host keys, KEXs and MACs are now disabled by default for security reasons. If you need to support old clients you need to explictly enable them.
skip_natural_keys_validation is now replaced by the more generic naming_rules. The default value for naming_rules is 1 which is the same as skip_natural_keys_validation to true.
to be able to extract the client IP address from proxy headers like X-Forwarded-For, X-Real-IP etc. you need to specify the header to search for using the client_ip_proxy_header setting.
