kqjy/MyFSIO
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 33 Wiki Activity

33 Releases 33 Tags

RSS Feed
  • v0.3.2 66b7677d2c
    Compare

    MyFSIO v0.3.2 Beta Pre-Release

    kqjy released this 2026-02-26 10:15:39 +00:00 | 68 commits to main since this release

    The following release fixes a breaking bug in v0.3.1 release.

    Bug Fixes

    • Fix null ETags in shallow listing by updating etag index on store/delete
    Downloads
  • v0.3.1 4d90ead816
    Compare

    MyFSIO v0.3.1 Beta Pre-Release

    kqjy released this 2026-02-26 09:55:34 +00:00 | 70 commits to main since this release

    Bug Fixes

    List Performance for Large Buckets

    • Implemented delimiter-aware shallow listing for improved performance
    • Increased cache TTL to reduce redundant fetches
    • Added UI delimiter streaming for smoother rendering
    • Header badge now displays total bucket object count
    • Fixed status bar text concatenation issue

    UI: Versioning & Object Browser

    • Fixed versioning modals displaying null values
    • Fixed object browser panel showing null
    • Fixed version panel showing null instead of timestamp
    • Excluded current version from the version list
    • Added auto-refresh of versions after upload
    Downloads
  • v0.3.0 0462a7b62e
    Compare

    MyFSIO v0.3.0 Beta Pre-Release

    kqjy released this 2026-02-23 09:01:14 +00:00 | 78 commits to main since this release

    Breaking Changes

    • Security hardening — Policies now fail-closed, presigned URL time/expiry validation enforced, SSRF DNS pinning enabled, lockout cap applied, and proxy trust config introduced.

      Note: A backwards-compatible mode for proxy trust config is available during this transition period.

    UI/UX Improvements

    • Web UI: Added sort/search/context menu; fixed various security and UX bugs.
    • Metrics: General UI/UX enhancements.
    • IAM: Added role badges, search, and copy keys; improved policy display.
    • Domain Mapping:
      • Fixed bugs (normalization, deletion).
      • Added validation and search functionality.
    • Sites: Improved UI/UX with dropdown actions, collapsible forms, AJAX submissions, "Check All Health", and safer selectors.

    S3 API

    • New Operations: Added DeleteBucketEncryption, GetObjectAcl, PutObjectAcl, GetObjectAttributes, and GetBucketPolicyStatus.

    Performance & Rust Integration

    • Extension Module: Added Rust extension (myfsio_core) for SigV4, hashing, and validation hot paths.
    • Optimization:
      • Added Rust index reader, metadata read cache, and 256KB stream chunks.
      • Moved index JSON parsing to Rust (using GIL-released serde_json).
      • Moved SigV4 canonical request construction to the unified Rust verify function.
      • Now uses cached ETag in HEAD requests instead of re-hashing the entire file.

    Bug Fixes

    • Fixed domain mapping cross-process staleness.
    • Filtered bucket dropdown to show website-enabled buckets only.
    Downloads
  • v0.2.9 52660570c1
    Compare

    MyFSIO v0.2.9 Beta Pre-Release

    kqjy released this 2026-02-15 14:26:45 +00:00 | 94 commits to main since this release

    New feature:

    • Added static website hosting (API & UI)
    Downloads
  • v0.2.8 35f61313e0
    Compare

    MyFSIO v0.2.8 Beta Pre-Release

    kqjy released this 2026-02-10 14:19:15 +00:00 | 96 commits to main since this release

    Security

    • Fixed XSS vulnerability via inline HTML/SVG preview
    • Fixed Content-Disposition header injection vulnerability
    • Fixed cross-bucket upload registry bypass
    • Fixed move partial failure handling vulnerabilities

    Changed

    • Migrated UI backend from direct storage calls to S3 API proxy via boto3
      • Refactored ~42 UI routes to proxy through S3 API using boto3 with SigV4 signing
      • Added S3ProxyClient, response translators, NDJSON streaming, and upload registry
      • Added input validation (key length, null bytes, part numbers)
      • Added PermissionError handling and connection error catches
      • Implemented per-object bulk delete authorization and tag limit enforcement
      • Updated UI integration tests to use live API server pattern

    Fixed

    • Bucket dashboard search textbox functionality

    Performance

    • Cache ETag on GET requests
    • Fixed gzip buffering issues
    • Batch metadata into directory indexes
    Downloads
  • v0.2.7 c470cfb576
    Compare

    MyFSIO v0.2.7 Beta Pre-Release

    kqjy released this 2026-02-09 15:51:34 +00:00 | 99 commits to main since this release

    Fixes

    • Fix Content-Length mismatch on range requests (206 Partial Content)
    • Fix empty UI on large bucket first load: keep loading row during streaming, add progress indicator, throttle renders

    Performance

    • Optimize KMS: cache AESGCM instance, remove duplicate get_provider calls
    • Optimize replication failure caching and batch UI auth checks
    • Add bulk download size limit
    • Add background parent cleanup for bucket operations
    Downloads
  • v0.2.6 d96955deee
    Compare

    MyFSIO v0.2.6 Beta Pre-Release

    kqjy released this 2026-02-05 16:22:05 +00:00 | 104 commits to main since this release

    Breaking changes

    • Generate random IAM credentials on first run instead of fixed localadmin
    • First-time IAM setup will be randomly generated and output via the console logs

    Security

    • Move session credentials to server-side EphemeralSecretStore
    • Sanitize metadata header values to prevent CRLF injection
    • Default redirect host to request.host when ALLOWED_REDIRECT_HOSTS is empty

    Bugs

    • Add try/except for max_keys int conversion in UI pagination
    • Add missing json import in admin_api.py
    • Validate connection_id in update_peer_site
    • Fix bucket stats version_count and version_bytes drift when archiving versions
    • Fix UI object browser not showing objects uploaded via S3 API

    Performance

    • Replace unsafe @lru_cache on signing key with TTL-based cache (60s) + invalidation
    • Add cache invalidation in rotate_secret() and delete_user() for immediate key revocation
    • Make IAM cache TTL configurable via IAM_CACHE_TTL_SECONDS (default 5s)
    • Add lru_cache for compiled regex patterns in bucket policy evaluation
    • Reduce ThreadPoolExecutor workers to min(CPU×2, 16) to prevent context switching
    • CRITICAL: Replace bucket stats cache invalidation with incremental updates
      • Previously every PUT/DELETE caused full rglob() scan of entire bucket
      • Now updates cached stats atomically: +/- bytes, +/- objects
    • Add OSError fallback to stale cache in bucket_stats
    • Cache sorted keys with bisect for prefix filtering in list_objects
    • Implement true lazy folder loading (reload on navigation instead of client-side filter)
    • Memoize computeVisibleItems to avoid O(n) recomputation on scroll
    • Add X-Stream-Response header to bypass compression middleware buffering

    Added

    • Add configurable data points limit to metrics UI dashboard

    Changed

    • Upgrade Python runtime to 3.14.3
    Downloads
  • v0.2.5 85181f0be6
    Compare

    MyFSIO v0.2.5 Beta Pre-Release

    kqjy released this 2026-02-02 05:37:22 +00:00 | 119 commits to main since this release

    Security

    • Replace unsafe @lru_cache on signing key with TTL-based cache (60s) + invalidation
    • Add cache invalidation in rotate_secret() and delete_user() for immediate revocation

    Added

    • Make IAM cache TTL configurable via IAM_CACHE_TTL_SECONDS (default: 5s)
    • Add lru_cache for compiled regex patterns in bucket policy evaluation

    Changed

    • Reduce ThreadPoolExecutor workers to prevent CPU saturation
    Downloads
  • v0.2.4 d5ca7a8be1
    Compare

    MyFSIO v0.2.4 Beta Pre-Release

    kqjy released this 2026-02-01 10:36:38 +00:00 | 121 commits to main since this release

    Added

    • Configurable rate limits for S3 API endpoints with SlowDown error code tracking for 429 responses
    • Environment variables for configuring previously hardcoded timeouts and limits
    • Site registry UI and documentation for geo-distributed deployments
      • Replication setup wizard and site-level sync dashboard
      • Bidirectional replication setup verification and improved UX warnings
    • ALLOW_INTERNAL_ENDPOINTS configuration for self-hosted internal network deployments
    • New S3 API implementations:
      • UploadPartCopy: Copy existing object range as multipart part
      • Bucket Replication (GET/PUT/DELETE /<bucket>?replication): Standard AWS S3 replication config API
      • PostObject: Browser-based form uploads with policy signing
      • SelectObjectContent: SQL queries on CSV/JSON/Parquet using DuckDB
    • Restrictive file permissions (0o600) for master key files on Unix and Windows ACLs for encryption keys
    • AAD (Additional Authenticated Data) to all AES-GCM encryption operations
    • Constant-time comparison for credentials and session tokens
    • CORS origin and HTTP method validation
    • HKDF for streaming encryption nonce derivation
    • Support for AES_128 and AES_256 key_spec in KMS data key generation
    • File locking for atomic master key creation
    • Persistent authentication lockout state to disk
    • Input validation for admin API endpoints and remote JSON schema in bidirectional checks

    Changed

    • Reduced credential cache TTL from 60s to 10s
    • Improved KMS error handling with structured logging
    • Updated documentation for site registry and geo-distribution features

    Fixed

    • Bidirectional-status 404 when UI runs separately from API
    • 403 auth error on bidirectional-status endpoint by adding dedicated UI endpoint
    • Bidirectional sync UI issues
    • Auth bypass and user enumeration vulnerabilities
    • XML entity DoS (Denial of Service) vulnerabilities
    • Multipart upload race conditions
    • Unicode path traversal issues
    • Silent permission failures (now return explicit errors instead of falling back)
    • Data key operations without AAD
    • KMS streaming weaknesses
    • Credential cache storing plaintext secrets (now properly encrypted/hashed)
    • Thread safety issues in session token validation
    • Cache invalidation on credential rotation
    • list_objects pagination silently ignoring exceptions (now returns error on invalid continuation tokens)
    • Bucket policy enforcement for POST object uploads
    • Open redirects via URL whitelist validation
    • SSRF (Server-Side Request Forgery) in webhooks and admin API endpoints
    • X-Forwarded-For spoofing via trusted proxy configuration
    • Information leakage through error message sanitization
    Downloads
  • v0.2.3 476dc79e42
    Compare

    MyFSIO v0.2.3 Beta Pre-Release

    kqjy released this 2026-01-25 06:08:27 +00:00 | 137 commits to main since this release

    New Features

    • Configurable server threads and connections
    • Background collection for system metrics
    • Dynamic updates to System Health section on metrics page
    • Missing lifecycle and CORS actions to Full control template
    • Bi-directional site replication with LWW conflict resolution
    • Bidirectional mode option to replication panel UI
    Downloads