Skip to content

Commit fa162ae

Browse files
chore: sync CHANGELOG.md + VERSION (v3.10.0) from FileRise
1 parent b1fba60 commit fa162ae

2 files changed

Lines changed: 36 additions & 1 deletion

File tree

CHANGELOG.md

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,40 @@
11
# Changelog
22

3+
## Changes 03/16/2026 (v3.10.0)
4+
5+
`release(v3.10.0): resumable upload hardening and ONLYOFFICE callback authorization tightening`
6+
7+
**Commit message**
8+
9+
```text
10+
release(v3.10.0): resumable upload hardening and ONLYOFFICE callback authorization tightening
11+
12+
- upload(resumable): stop deriving temporary chunk directories from raw client identifiers and switch to hashed internal temp-folder names
13+
- upload(cleanup): require authenticated upload access for resumable temp-folder removal and keep recursive cleanup bounded to the intended staging root
14+
- upload(compat): preserve normal resumable upload flow while making temp-path resolution consistent across probe, write, and cleanup paths
15+
- onlyoffice(callback): issue save callbacks only for editable sessions, bind callbacks to the authorized actor/file, and stop trusting body-supplied editor identities
16+
- onlyoffice(origin): restrict callback fetch URLs to the configured Document Server origin while keeping callback JWT validation compatible with existing deployments
17+
```
18+
19+
**Changed**
20+
21+
- **Resumable temp-folder naming**
22+
- Resumable upload staging now maps client identifiers to hashed internal temp-folder names instead of using raw identifier values directly in filesystem paths.
23+
- The same temp-folder mapping is now used consistently for chunk probe, chunk staging, and resumable cleanup operations.
24+
25+
**Fixed**
26+
27+
- **Resumable cleanup guardrails**
28+
- Tightened resumable temp-folder cleanup so recursive deletion stays bounded to the expected staging area.
29+
- The resumable cleanup endpoint now requires an authenticated session with upload permission for the target folder before removing chunk temp data.
30+
31+
- **ONLYOFFICE save authorization**
32+
- View-only ONLYOFFICE sessions no longer receive save-capable callback URLs.
33+
- ONLYOFFICE save callbacks are now bound to the authorized actor and file, and no longer trust body-supplied editor identities.
34+
- Save fetches are restricted to the configured ONLYOFFICE Document Server origin before FileRise downloads updated content and writes it back to disk.
35+
36+
---
37+
338
## Changes 03/15/2026 (v3.9.4)
439

540
`release(v3.9.4): preserve legacy compatibility path while keeping post-rotation key-file preference`

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
v3.9.4
1+
v3.10.0

0 commit comments

Comments
 (0)