Monthly Archives: April 2014

FileSender 1.6-release-candidate-1 released!

We’re happy to announce that FileSender 1.6-rc1 is now available for download and in the FileSender package repositories.  As per our release status and life cycle policy when a Release Candidate has been running on least two FileSender sites without error for a period of at least 1 week under meaningful use, this release candidate can be re-branded as a release.  We usually wait with this until also all documentation has been updated.  If anyone wants to volunteer to help with the documentation please drop me a line!

This release candidate contains a few fixes found during the beta1 cycle (thanks all for reporting!) including three security related fixes based on the security code review.

We encourage you to try this rc1 and most notably have a look at the ‘download pause/resume’ functionality that now should work for IE 11, FireFox and wget/curl.

Please note: the new terasender feature is now by default disabled when using the supplied config-dist.php template.

The changes and fixes since the previous 1.6-beta release (ticket numbers listed in parentheses) are:

  • Download pause/resume now possible with browsers supporting partial download (most notably Firefox, IE11, curl and wget)
  • ‘terasender’ default disabled in config-dist.php
  • Added IE10+ and Safari 6+ to supported browsers in HELP text for en, no and nl languages (#1063)
  • Security: also escape single quotes for externally supplied output (#1079)
  • Security: encode MMredirectURL in Flash detection code (#1078)
  • Security: strict type comparison in XSFR check (#1080)
  • ‘friendly name’ extraction fixed (#1068)
  • Various fixes and improvements in the partial download code (#1076)
  • chunked reading and buffering to prevent server side memory exhaustion with large range requests
  • more robust range request detection to make actual pause/resume possible

We would like to thank you all for your patience and of course your input and contributions. A list of people and organisations that made this release candidate possible can be found at the acknowledgements page for version 1.6

Keep those patches, comments and translations and all other useful input coming!  We welcome feedback, preferably to the mailinglist.