CHANGELOG.md

Changelog

4.3.1 (December 10, 2020)

• Make theme button always at the bottom of sidebar
• Remove legacy font formats from static assets
• Slightly tweak styles of country flags in peer list
  • Better accommodate longer flags
  • Display country code on hover
• qBittorrent fixes:
  • Attach cookies to URL downloads
  • Set trackers
• Transmission fixes:
  • Percentage downloaded of contents of a torrent
• Bug fixes:
  • API call to get peer list of a non-existent torrent no longer crash Flood server
  • Handle file not exist and access denied cases in content download
  • Properly handle API call to update password of a user
• Security enhancements:
  • Rate limit resource-intensive mediainfo request
  • Ensure path is allowed for mediainfo request
  • API call to list users no longer receive hashed passwords and client connection settings
    • Note: only an authenticated admin user may list users
• New translations
  • Czech, thanks to @brezinajn
  • Romanian, thanks to @T-z3P
• Bump dependencies

4.3.0 (December 1, 2020)

• Generate magnet link from torrent
• Add a button to allow user to switch color scheme
• Multi architecture Docker images
  • linux/amd64
  • linux/arm64 (new)
  • linux/arm/v7 (new)
• Allow to display precise percentage
  • Expanded view: 1 decimal place
  • Details: 3 decimal places
• Mountpoints with very long paths are ignored by disk usage
• Tags can be attached while adding torrents to qBittorrent (needs qbittorrent/qBittorrent#13882)
• Bug fixes:
  • Download destination fallback to rTorrent default destination (Mika-/torrent-control#105)
  • Properly catch errors of AddFiles and AddURLs when using qBittorrent
  • Display existing trackers in set trackers modal
• New translations
  • Spanish, thanks to @vain4us
• Bump dependencies

Side note:

I am starting to maintain a distribution of rTorrent, available at jesec/rtorrent. It is optimized and small. It uses modern CMake and Bazel build systems. Bazel can also be used for dependency management and to produce statically linked reproducible builds.

Static binaries (amd64, arm64) can be downloaded via Github Actions. Docker images are also available at jesec/rtorrent.

I made a simple Dockerfile to demonstrate how to integrate rTorrent with Flood.

4.2.0 (November 25, 2020)

• Allow content of a torrent to be streamed directly if supported by browser
• New translations
  • Chinese (Traditional), thanks to @vongola12324
  • Dutch, thanks to @vain4us
  • French, thanks to @Coosos
• Bump dependencies

4.1.2 (November 21, 2020)

• qBittorrent fixes:
  • Remove existing tags
• New translations
  • Dutch, thanks to @vain4us
  • German, thanks to @chint95

4.1.1 (November 18, 2020)

• Transmission fixes:
  • Set tags while adding torrents
  • Set trackers
• New translations
  • Czech, thanks to Jan Březina
  • French, thanks to @Carryozor
  • German, thanks to @chint95
  • Romanian, thanks to @T-z3P

4.1.0 (November 17, 2020)

⚠️ Changes that may require manual attention: ⚠️

• Configuration is now schema validated before the start of Flood server
  • No action required if you use (preferred and default) CLI configuration interface
  • This ensures that when the config.js needs to be updated, the failure happens loud and early
  • Check shared/schema/Config.ts for more details
• Enforces that the length of secret must be larger than 30
  • Secret can be brute forced locally without interaction with the server
    • However, an attacker must get a valid token (generated by proper authentication) first
      • If all users are trusted, attackers have no way to get a valid token
  • Secret is used to sign authentication tokens but it is NOT linked to the password
    • Attacker may log into Flood as any user if they have the secret
      • However, they are still constrained by capabilities and settings (such as --allowedpath) of Flood

Other changes:

• Tag selector preference:
  • Single selection
  • Multi selection
• UX enhancements to tag selector
• Suggest destination based on selected tag
• add-urls and add-files API endpoints no longer fail if destination property is not provided
  • Download destination fallback has been implemented:
    • Tag-specific preferred download destination
    • Last used download destination
    • Default download destination of connected torrent client
  • This makes things easier for API users
  • No direct impact on Flood itself
• Remember last used "Add Torrents" tab
• Remove center alignment of certain modals to align with global styles
• Disallow browser's input suggestion when tag selector or folder browser is open
• Don't pop up the browser menu on right click while context menu is open
• Experimental standalone (single-executable) builds
• New translations
  • German, thanks to @chint95
  • Romanian, thanks to @T-z3P
• Bump dependencies
• Bug fixes:
  • Properly handle "error" alerts (display "❗" icon instead of "✅" icon)

4.0.2 (November 11, 2020)

• New translations
  • German, thanks to @chint95
  • Romanian, thanks to @T-z3P

4.0.1 (November 10, 2020)

• Fix the unreliable clear all notification button
• Bump dependencies

4.0.0 (November 9, 2020)

• Experimental multi-client support
  • qBittorrent
  • Transmission
• Stabilized and documented public API endpoints
• Defined and documented internal interfaces, data structures and APIs
• Better documentation for users and developers
• Full migration to TypeScript
• Reasonable test coverages for API endpoints
• Torrent creation support
• Add torrents as completed
• Dropdown selector for existing tags
• Seeding status in status filter
• Set tracker URLs of torrents
• Improved handling of rendering, updating and scrolling of torrent list
  • Preliminary tests show that Flood can now handle 500,000 torrents at least in the frontend.
  • Note: real-world performance depends on other factors such as method call and deserialization operations in the backend and data transfer between backend and frontend.
• Better performance, less memory and CPU consumption in both frontend and backend
• New translations
  • Chinese (Traditional), thanks to @vongola12324
  • Czech, thanks to Jan Březina
  • French, thanks to @Zopieux and @Mystere98
  • German, thanks to @chint95
• Bug fixes
• Security enhancements
• Dockerfile revamp
• Native build tools no longer needed as native dependency is replaced with WebAssembly variant
• Server is packed before distribution, reduced number of dependencies in production, faster installation

3.1.0 (September 4, 2020)

• Allow to replace main tracker of torrents
• Allow adjustment of visible context menu items
• config.cli: make all configs configurable by options and env
• styles: properly set width of clipboard icon (fixes #26)
• client: hide logout button when auth is disabled
• Hungarian support (#21), thanks to @sfu420
• New translations:
  • Chinese Traditional, thanks to @vongola12324
  • Czech, thanks to @brezina.jn
  • Portuguese, thanks to @Zamalor
• Security enhancements:
  • Allow restriction on file operations by paths
  • Do not bypass authentication token validation with disableUsersAndAuth
  • server: prohibit Cross-Origin Resource Sharing
  • server: auth: strictly prohibit cross-site cookie
• Minor security fixes:
  • rTorrentDeserializer: avoid double unescaping
  • SettingsModal: mergeObjects: prevent prototype pollution
  • server: setSettings: turn inboundTransformations into a Map to validate dynamic call
  • server: be explicit about client app routes
  • server: cache index.html into memory
• Minor refactoring and other changes
• Bump dependencies to the latest revisions

3.0.0 (August 25, 2020)

• BREAKING CHANGES:
  • If baseURI is set, server will only respond to requests with baseURI. For instance, if you use location /flood {proxy_pass http://127.0.0.1:3000;}, you would have to change it to location /flood {proxy_pass http://127.0.0.1:3000/flood;}.
  • Static assets now use relative paths only. It is no longer needed to recompile after baseURI change.
  • Location of runtime files are rearranged. New default location for runtime files is ./run folder. tempPath is now made configurable.
  • Static assets are relocated to ./dist folder. You have to change the path from ./server/assets to ./dist/assets if you serve static assets from web server.
  • Flood will refuse to start if secrets are detected in static assets. Former default secret flood and some other weak secrets are no longer accepted.
• A command line interface is added as config.cli.js. Rename it to config.js and run npm run start -- --help for more details.
• With some changes, Flood is now ready for publish to npm. You can now use sudo npm install -g flood to get a ready-to-use copy of Flood, then run flood. It is even easier with npx, try npx flood --help now.
• Better localization:
  • Flood project is now integrated with Crowdin, a renowned translation management system. It is now easier than ever to contribute your translations to Flood.
  • Language will now be automatically detected from your browser by default.
  • New languages are supported: Čeština, Deutsch, italiano, norsk, Polskie, русский язык, Romanian, svenska, українська мова, 日本語 and اَلْعَرَبِيَّةُ thanks to Crowdin Machine Translation.
  • New translations for Chinese (Traditional) thanks to @vongola12324.
  • New translations for Dutch thanks to @NLxDoDge.
  • New translations for Portuguese thanks to @MiguelNdeCarvalho.
• Support for touch and smaller screen devices:
  • Sidebar is able to be collapsed via a button. It is collapsed by default when screen width is lower than 720px.
  • Modals (Settings, Torrent Details, Add Torrent, etc.) are tuned for smaller screen devices.
  • It is now possible to open context (right click) menu on iOS/Safari devices by long pressing the item.
  • Drag and drop is now possible for touch devices. You can now adjust the order of columns in Settings on touch devices.
  • Widths of columns are now adjustable on touch devices. (condensed view)
• Dark color scheme support:
  • Flood now automatically switches between light and dark color scheme based on your system settings.
• XML special chars (&, <, >, ', ") are properly handled. For instance, escaped chars like & will be properly displayed as & instead of &. File operations on torrent with special chars no longer fail.
• squashfs and tmpfs mount points are now excluded by default in disk usage. This hopefully makes sure that useless system mounts won't spam the list.
• More Info button in expanded view is removed.
• More dependencies are bumped to the latest revisions.

2.0.0 (August 5, 2020)

• BREAKING CHANGES:
  • Bump dependencies to the latest version if possible
  • Node 12 or later is now required
• Supports connecting to multiple rtorrent instances (one per user)
  • Moved rtorrent configuration to user database
  • Prompts user for connection details in UI when can't connect to rtorrent
• Changed /list/ route to /overview/
• Reorganized and renamed component source files
• Removed verbose logging from HistoryEra
• Check existing feed items against new download rules
• Switch URL and Label textboxes in Add Feed form to match the Download Rules form
• Rate-limit the SCGI calls to rTorrent
  • Sends only one call at a time
  • Sends at most one call every 250 miliseconds
• Implement "actity stream"
  • The Flood client no longer polls the Flood server on an interval. Instead, the Flood server polls rTorrent on a more regular interval and emits changes via an event-stream. This significantly reduces data usage on the Flood client
  • Stream covers torrent list, transfer rate summary & history, torrent taxonomy, and notification count.
• Close event stream after the window/tab has been inactive for 30 seconds
• Refactor development experience, using Webpack & WebpackDevServer
• Require users to build static assets again
• Simplify peer geo flag handling
  • Flag images now serves as static asset
• moveTorrents: Allow hash check to be skipped by user
• Add an option to completely disable users and authentication
• server: Takes baseURI into account for routes and assets
• torrentListPropMap: use d.hashing= instead of d.is_hash_checking=
  • Torrents queued for checking are now shown
• sidebar: Add Checking filter view

1.0.0 (April 21, 2017)

• First "official" release
• Change log and semver versioning (finally)
• Control basic rTorrent settings via web UI
  • Transfer rate limiting
  • Connection settings
  • Resource utilization
• Add torrents via URLs or files
• User authentication
• UI translations (only en, fr, and nl)
• Custom torrent tags
• Customizable torrent list
  • "Expanded" and "condensed" views
  • Customizable torrent detail columns
• Basic torrent list filtering (by status, tag, and tracker)
• Auto-download torrents from RSS feeds