Here's what's new:

Updated the project's dependencies to their latest versions with cargo update
This ensures dependencies don't become stale and any upstream security and bug fixes make their way into FerriShare as well. The base image for the runtime container has also been updated from Debian 12 to 13 and very small changes have been made to the source code to update now deprecated methods.

Here's what's new:

Allow configuring the file path of the config.toml
You can now optionally pass a --config-file <FILE> CLI-flag to the ferrishare binary to configure a custom location for the application's configuration. This affects both where a configuration will be saved during --init as well as where it is read during normal startup.

Thank you to @jo-m for contributing this feature.

Updated the project's dependencies to their latest versions with cargo update
This ensures dependencies don't become stale and any upstream security and bug fixes make their way into FerriShare as well.

Here's what's new:

Use deterministic IVs for AES-GCM instead of randomly generated ones
This isn't a necessary change, but aligns FerriShare with the recommended best practice for IV construction with AES-GCM.

Previously, FerriShare generated random IVs when encrypting filename and filedata.
This is considered safe by NIST for up to 2^32 messages with the same key before the risk of IV collision becomes untenable.
However, if possible, one should choose the IVs deterministically, thereby eliminating the risk of IV collision completely.

This patch switches FerriShare over to deterministic IVs, reducing the chance of an IV collision from 1 in 2^96 to 0.

Only display the "built with Rust and ♥ by Tobias Marschner" line in demo mode
After some consideration, I realized that that line in the footer on other people's self-hosted instances might suggest to visitors that I am somehow personally involved or responsible for the operation or maintenance of the instance, which is obviously not the case.

To prevent any confusion going forward, that line will only be shown when FerriShare is running in demo mode, as is the case at ferrishare-demo.tobiasm.dev. The link to this repository, the version tag, and the Privacy Policy and Legal Notice are unaffected by this change.

Here's what's new:

Drag-and-drop support on file upload page.
Super straightforward. Simply drag a file anywhere onto the upload page and it should automatically populate the upload form. There's also a little hint on the upload page informing the user of this capability.

Display a proper error message should encryption fail.
Previously the frontend would show the "Encrypting"-spinner indefinitely even if encryption failed and an error was thrown in the browser console. Now the user will be informed with an appropriate error message.

Enforce the 2GiB maximum filesize limit.
I've done a little more testing and determined that the WebCrypto-API limits message sizes to 2GiB, thereby effectively limiting the maximum filesize to 2GiB. This release enforces this limit during configuration setup and application startup.

Minor bugfix: Ensure the admin panel does not show expired but not yet deleted files.

Background: Expired files are not immediately cleaned up from the database and disk. Instead, an automatic task cleans up expired files every 15 minutes. The download page and endpoint take this into account, i.e. they check the expiry timestamp and refuse to serve files that are still on disk but have already expired. The admin panel showing all the files did not perform this check - now it does!

v1.0.0 - Initial Release 🥳

Remember, FerriShare is best deployed through Docker as described in the project's README.
That's why there are no binaries attached to this release, it's mostly here to mark the v1.0.0 bump.
If you're looking for the prebuilt Docker images, check out the repository's associated package.