chore(release): 2.36.2

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -20,22 +20,32 @@ body:
       render: Text
       description: |
         Enter the version of FileBrowser you are using.
+    validations:
+      required: true
   - type: textarea
     attributes:
       label: Description
       description: |
         A clear and concise description of what the issue is about. What are you trying to do?
+    validations:
+      required: true
   - type: textarea
     attributes:
       label: What did you expect to happen?
+    validations:
+      required: true
   - type: textarea
     attributes:
       label: What actually happened?
+    validations:
+      required: true
   - type: textarea
     attributes:
       label: Reproduction Steps
       description: |
         Tell us how to reproduce this issue. How can someone who is starting from scratch reproduce this behavior as minimally as possible?
+    validations:
+      required: true
   - type: textarea
     attributes:
       label: Files

.goreleaser.yml

@@ -131,7 +131,7 @@ dockers:
       - "filebrowser/filebrowser:v{{ .Major }}-amd64-s6"
     extra_files:
       - docker
-  - dockerfile: Dockerfile.s6.aarch64
+  - dockerfile: Dockerfile.s6
     use: buildx
     build_flag_templates:
       - "--pull"

CHANGELOG.md

@@ -2,6 +2,55 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [2.36.2](https://github.com/filebrowser/filebrowser/compare/v2.36.1...v2.36.2) (2025-07-06)
+
+
+### Bug Fixes
+
+* lookup directory name if blank when downloading shared directory ([046d619](https://github.com/filebrowser/filebrowser/commit/046d6193c57b4df0e3dc583b6518b43d29d302c9))
+
+### [2.36.1](https://github.com/filebrowser/filebrowser/compare/v2.36.0...v2.36.1) (2025-07-03)
+
+
+### Bug Fixes
+
+* remove associated shares when deleting file/folder ([e99e0b3](https://github.com/filebrowser/filebrowser/commit/e99e0b3028e1c8a50e1744bb07ecc8e809bdb8e6))
+
+## [2.36.0](https://github.com/filebrowser/filebrowser/compare/v2.35.0...v2.36.0) (2025-07-02)
+
+
+### Features
+
+* update icons, remove deprecated Microsoft Tiles ([04166e8](https://github.com/filebrowser/filebrowser/commit/04166e81e52d38b1f66ba3313ccb1291c239eea2))
+
+## [2.35.0](https://github.com/filebrowser/filebrowser/compare/v2.34.2...v2.35.0) (2025-06-30)
+
+
+### Features
+
+* Long press selects item in single click mode ([8d75220](https://github.com/filebrowser/filebrowser/commit/8d7522049ced83f28f0933b55772c32e3ad04627))
+
+
+### Bug Fixes
+
+* shell value must be joined by blank space ([4403cd3](https://github.com/filebrowser/filebrowser/commit/4403cd35720dbda5a8bb1013b92582accf3317bc))
+* update documentation links ([38d0366](https://github.com/filebrowser/filebrowser/commit/38d0366acf88352b5a9a97c45837b0f865efae0b))
+
+### [2.34.2](https://github.com/filebrowser/filebrowser/compare/v2.34.1...v2.34.2) (2025-06-29)
+
+
+### Bug Fixes
+
+* mitigate unprotected shares ([2b5d6cb](https://github.com/filebrowser/filebrowser/commit/2b5d6cbb996a61a769acc56af0acc12eec2d8d8f))
+
+### [2.34.1](https://github.com/filebrowser/filebrowser/compare/v2.34.0...v2.34.1) (2025-06-29)
+
+
+### Bug Fixes
+
+* exclude to-be-moved folder from move dialog ([#5235](https://github.com/filebrowser/filebrowser/issues/5235)) ([7354eb6](https://github.com/filebrowser/filebrowser/commit/7354eb6cf966244141277c2808988855c004f908))
+* passthrough the minimum password length ([#5236](https://github.com/filebrowser/filebrowser/issues/5236)) ([bf37f88](https://github.com/filebrowser/filebrowser/commit/bf37f88c32222ad9c186482bb97338a9c9b4a93c))
+
 ## [2.34.0](https://github.com/filebrowser/filebrowser/compare/v2.33.10...v2.34.0) (2025-06-29)
 
 

Dockerfile.s6.aarch64

@@ -1,23 +0,0 @@
-FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.22
-
-RUN apk update && \
-  apk --no-cache add ca-certificates mailcap curl jq
-
-# Make user and create necessary directories
-RUN mkdir -p /config /database /srv && \
-  chown -R abc:abc /config /database /srv
-
-# Copy files and set permissions
-COPY filebrowser /bin/filebrowser
-COPY docker/common/ /
-COPY docker/s6/ /
-
-RUN chown -R abc:abc /bin/filebrowser /defaults healthcheck.sh
-
-# Define healthcheck script
-HEALTHCHECK --start-period=2s --interval=5s --timeout=3s CMD /healthcheck.sh
-
-# Set the volumes and exposed ports
-VOLUME /srv /config /database
-
-EXPOSE 80

LICENSE

@@ -187,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2018 File Browser contributors
+   Copyright 2018 File Browser Contributors
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -28,3 +28,11 @@ Documentation on how to install, configure, and contribute to this project is ho
 
 [issues]: https://github.com/filebrowser/filebrowser/issues
 [discussions]: https://github.com/filebrowser/filebrowser/discussions
+
+## Contributing
+
+Contributions are always welcome. To start contributing to this project, read our [guidelines](CONTRIBUTING.md) first.
+
+## License
+
+[Apache License 2.0](LICENSE) © File Browser Contributors

auth/hook.go

@@ -150,7 +150,7 @@ func (a *HookAuth) SaveUser() (*users.User, error) {
 	}
 
 	if u == nil {
-		pass, err := users.HashAndValidatePwd(a.Cred.Password, a.Settings.MinimumPasswordLength)
+		pass, err := users.ValidateAndHashPwd(a.Cred.Password, a.Settings.MinimumPasswordLength)
 		if err != nil {
 			return nil, err
 		}
@@ -186,7 +186,7 @@ func (a *HookAuth) SaveUser() (*users.User, error) {
 
 		// update the password when it doesn't match the current
 		if p {
-			pass, err := users.HashAndValidatePwd(a.Cred.Password, a.Settings.MinimumPasswordLength)
+			pass, err := users.ValidateAndHashPwd(a.Cred.Password, a.Settings.MinimumPasswordLength)
 			if err != nil {
 				return nil, err
 			}

auth/proxy.go

@@ -35,7 +35,7 @@ func (a ProxyAuth) createUser(usr users.Store, setting *settings.Settings, srv *
 	}
 
 	var hashedRandomPassword string
-	hashedRandomPassword, err = users.HashAndValidatePwd(pwd, setting.MinimumPasswordLength)
+	hashedRandomPassword, err = users.ValidateAndHashPwd(pwd, setting.MinimumPasswordLength)
 	if err != nil {
 		return nil, err
 	}

cmd/root.go

@@ -432,7 +432,7 @@ func quickSetup(flags *pflag.FlagSet, d pythonData) {
 
 		log.Println("Randomly generated password for user 'admin':", pwd)
 
-		password, err = users.HashAndValidatePwd(pwd, set.MinimumPasswordLength)
+		password, err = users.ValidateAndHashPwd(pwd, set.MinimumPasswordLength)
 		checkErr(err)
 	}
 

cmd/users_add.go

@@ -21,7 +21,7 @@ var usersAddCmd = &cobra.Command{
 		checkErr(err)
 		getUserDefaults(cmd.Flags(), &s.Defaults, false)
 
-		password, err := users.HashAndValidatePwd(args[1], s.MinimumPasswordLength)
+		password, err := users.ValidateAndHashPwd(args[1], s.MinimumPasswordLength)
 		checkErr(err)
 
 		user := &users.User{

cmd/users_update.go

@@ -66,7 +66,7 @@ options you want to change.`,
 		}
 
 		if password != "" {
-			user.Password, err = users.HashAndValidatePwd(password, s.MinimumPasswordLength)
+			user.Password, err = users.ValidateAndHashPwd(password, s.MinimumPasswordLength)
 			checkErr(err)
 		}
 

docker/alpine/init.sh

@@ -2,37 +2,6 @@
 
 set -e
 
-# Backwards compatibility for old Docker image
-if [ -f "/.filebrowser.json" ]; then
-  ln -s /.filebrowser.json /config/settings.json
-
-  echo ""
-  echo "!!!!!!!!!!!!!!!!!!!!! IMPORTANT INFORMATION !!!!!!!!!!!!!!!!!!!!!"
-  echo "Symlinking /.filebrowser.json to /config/settings.json for backwards compatibility."
-  echo ""
-  echo "The volume mount configuration has changed in the latest release."
-  echo "Please rename .filebrowser.json to settings.json and mount the parent directory to /config".
-  echo "Read more on https://github.com/filebrowser/filebrowser/blob/master/docs/installation.md#docker"
-  echo ""
-  echo "This workaround will be removed in a future release."
-  echo ""
-fi
-
-# Backwards compatibility for old Docker image
-if [ -f "/database.db" ]; then
-  ln -s /database.db /database/filebrowser.db
-  
-  echo ""
-  echo "!!!!!!!!!!!!!!!!!!!!! IMPORTANT INFORMATION !!!!!!!!!!!!!!!!!!!!!"
-  echo ""
-  echo "The volume mount configuration has changed in the latest release."
-  echo "Please rename database.db to filebrowser.db and mount the parent directory to /database".
-  echo "Read more on https://github.com/filebrowser/filebrowser/blob/master/docs/installation.md#docker"
-  echo ""
-  echo "This workaround will be removed in a future release."
-  echo ""
-fi
-
 # Ensure configuration exists
 if [ ! -f "/config/settings.json" ]; then
   cp -a /defaults/settings.json /config/settings.json

errors/errors.go

@@ -1,13 +1,16 @@
 package errors
 
-import "errors"
+import (
+	"errors"
+	"fmt"
+)
 
 var (
 	ErrEmptyKey             = errors.New("empty key")
 	ErrExist                = errors.New("the resource already exists")
 	ErrNotExist             = errors.New("the resource does not exist")
 	ErrEmptyPassword        = errors.New("password is empty")
-	ErrShortPassword        = errors.New("password is too short")
+	ErrEasyPassword         = errors.New("password is too easy")
 	ErrEmptyUsername        = errors.New("username is empty")
 	ErrEmptyRequest         = errors.New("empty request")
 	ErrScopeIsRelative      = errors.New("scope is a relative path")
@@ -20,3 +23,11 @@ var (
 	ErrSourceIsParent       = errors.New("source is parent")
 	ErrRootUserDeletion     = errors.New("user with id 1 can't be deleted")
 )
+
+type ErrShortPassword struct {
+	MinimumLength uint
+}
+
+func (e ErrShortPassword) Error() string {
+	return fmt.Sprintf("password is too short, minimum length is %d", e.MinimumLength)
+}

frontend/index.html

@@ -10,18 +10,10 @@
 
     <title>File Browser</title>
 
-    <link
-      rel="icon"
-      type="image/png"
-      sizes="32x32"
-      href="/img/icons/favicon-32x32.png"
-    />
-    <link
-      rel="icon"
-      type="image/png"
-      sizes="16x16"
-      href="/img/icons/favicon-16x16.png"
-    />
+    <link rel="icon" type="image/svg+xml" href="/img/icons/favicon.svg" />
+    <link rel="shortcut icon" href="/img/icons/favicon.ico" />
+    <link rel="apple-touch-icon" sizes="180x180" href="/img/icons/apple-touch-icon.png" />
+    <meta name="apple-mobile-web-app-title" content="File Browser" />
 
     <!-- Add to home screen for Android and modern mobile browsers -->
     <link
@@ -31,19 +23,6 @@
     />
     <meta name="theme-color" content="#2979ff" />
 
-    <!-- Add to home screen for Safari on iOS/iPadOS -->
-    <meta name="apple-mobile-web-app-capable" content="yes" />
-    <meta name="apple-mobile-web-app-status-bar-style" content="black" />
-    <meta name="apple-mobile-web-app-title" content="assets" />
-    <link rel="apple-touch-icon" href="/img/icons/apple-touch-icon.png" />
-
-    <!-- Add to home screen for Windows -->
-    <meta
-      name="msapplication-TileImage"
-      content="/img/icons/mstile-144x144.png"
-    />
-    <meta name="msapplication-TileColor" content="#2979ff" />
-
     <!-- Inject Some Variables and generate the manifest json -->
     <script>
       // We can assign JSON directly

frontend/public/img/icons/browserconfig.xml

@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<browserconfig>
-    <msapplication>
-        <tile>
-            <square150x150logo src="/mstile-150x150.png"/>
-            <TileColor>#455a64</TileColor>
-        </tile>
-    </msapplication>
-</browserconfig>

frontend/public/img/icons/safari-pinned-tab.svg

@@ -1,42 +0,0 @@
-<?xml version="1.0" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
- "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
-<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
- width="700.000000pt" height="700.000000pt" viewBox="0 0 700.000000 700.000000"
- preserveAspectRatio="xMidYMid meet">
-<metadata>
-Created by potrace 1.11, written by Peter Selinger 2001-2013
-</metadata>
-<g transform="translate(0.000000,700.000000) scale(0.100000,-0.100000)"
-fill="#000000" stroke="none">
-<path d="M3245 6989 c-522 -39 -1042 -197 -1480 -449 -849 -488 -1459 -1308
--1673 -2250 -177 -776 -89 -1582 250 -2301 368 -778 1052 -1418 1857 -1739
-903 -359 1927 -325 2812 92 778 368 1418 1052 1739 1857 359 903 325 1927 -92
-2812 -296 627 -806 1175 -1423 1529 -587 338 -1308 500 -1990 449z m555 -580
-c519 -51 1018 -245 1446 -565 788 -588 1229 -1526 1174 -2496 -16 -277 -58
--500 -145 -763 -144 -440 -378 -819 -710 -1150 -452 -452 -1005 -730 -1655
--832 -91 -14 -175 -18 -405 -18 -304 0 -369 6 -595 51 -1105 223 -1999 1092
--2259 2197 -52 221 -73 412 -73 667 0 397 64 732 204 1080 304 752 886 1334
-1638 1638 431 174 895 238 1380 191z"/>
-<path d="M2670 5215 c0 -13 -44 -15 -335 -15 -352 0 -383 -3 -399 -45 -3 -9
--6 -758 -6 -1663 0 -1168 -3 -1643 -11 -1632 -8 11 -9 8 -4 -15 3 -16 17 -41
-31 -55 l24 -25 1530 0 1530 0 24 25 c14 14 26 36 27 50 1 14 1 711 1 1550 l-2
-1526 -228 142 -229 142 -136 0 -137 0 0 -600 0 -600 -705 0 -705 0 0 615 0
-615 -135 0 c-113 0 -135 -2 -135 -15z m-264 -190 c57 -29 89 -71 103 -137 35
--154 -98 -282 -258 -247 -55 12 -122 62 -148 113 -36 69 -12 186 49 243 62 58
-170 70 254 28z m2316 -1702 c17 -15 18 -49 18 -670 l0 -653 -1245 0 -1245 0 0
-654 c0 582 2 656 16 670 14 14 139 16 1226 16 1113 0 1213 -1 1230 -17z
-m-2602 -1363 c40 -40 13 -100 -43 -100 -60 0 -88 59 -47 100 11 11 31 20 45
-20 14 0 34 -9 45 -20z m2840 0 c41 -41 11 -100 -52 -100 -35 0 -58 24 -58 60
-0 54 71 79 110 40z"/>
-<path d="M2431 3091 c-7 -13 -7 -23 2 -35 11 -15 97 -16 1067 -14 l1055 3 0
-30 0 30 -1057 3 c-1023 2 -1058 1 -1067 -17z"/>
-<path d="M2436 2675 c-19 -19 -11 -41 17 -49 41 -11 2067 -7 2088 4 23 13 25
-46 3 54 -9 3 -483 6 -1054 6 -919 0 -1040 -2 -1054 -15z"/>
-<path d="M2447 2273 c-14 -4 -17 -13 -15 -36 l3 -32 1049 -3 c767 -1 1052 1
-1062 9 20 16 17 47 -5 59 -20 10 -2055 13 -2094 3z"/>
-<path d="M3822 5027 c-21 -23 -22 -30 -22 -293 0 -258 1 -271 20 -292 27 -29
-56 -35 140 -30 56 3 75 8 93 26 22 22 22 26 22 298 l0 276 -24 19 c-19 16 -40
-19 -115 19 -84 0 -95 -2 -114 -23z"/>
-</g>
-</svg>

frontend/public/index.html

@@ -18,18 +18,10 @@
 
     <meta name="robots" content="noindex,nofollow" />
 
-    <link
-      rel="icon"
-      type="image/png"
-      sizes="32x32"
-      href="[{[ .StaticURL ]}]/img/icons/favicon-32x32.png"
-    />
-    <link
-      rel="icon"
-      type="image/png"
-      sizes="16x16"
-      href="[{[ .StaticURL ]}]/img/icons/favicon-16x16.png"
-    />
+    <link rel="icon" type="image/svg+xml" href="[{[ .StaticURL ]}]/img/icons/favicon.svg" />
+    <link rel="shortcut icon" href="[{[ .StaticURL ]}]/img/icons/favicon.ico" />
+    <link rel="apple-touch-icon" sizes="180x180" href="[{[ .StaticURL ]}]/img/icons/apple-touch-icon.png" />
+    <meta name="apple-mobile-web-app-title" content="File Browser" />
 
     <!-- Add to home screen for Android and modern mobile browsers -->
     <link
@@ -42,25 +34,6 @@
       content="[{[ if .Color -]}][{[ .Color ]}][{[ else ]}]#2979ff[{[ end ]}]"
     />
 
-    <!-- Add to home screen for Safari on iOS/iPadOS -->
-    <meta name="apple-mobile-web-app-capable" content="yes" />
-    <meta name="apple-mobile-web-app-status-bar-style" content="black" />
-    <meta name="apple-mobile-web-app-title" content="assets" />
-    <link
-      rel="apple-touch-icon"
-      href="[{[ .StaticURL ]}]/img/icons/apple-touch-icon.png"
-    />
-
-    <!-- Add to home screen for Windows -->
-    <meta
-      name="msapplication-TileImage"
-      content="[{[ .StaticURL ]}]/img/icons/mstile-144x144.png"
-    />
-    <meta
-      name="msapplication-TileColor"
-      content="[{[ if .Color -]}][{[ .Color ]}][{[ else ]}]#2979ff[{[ end ]}]"
-    />
-
     <!-- Inject Some Variables and generate the manifest json -->
     <script>
       // We can assign JSON directly

frontend/src/components/files/ListingItem.vue

@@ -8,6 +8,13 @@
     @dragover="dragOver"
     @drop="drop"
     @click="itemClick"
+    @mousedown="handleMouseDown"
+    @mouseup="handleMouseUp"
+    @mouseleave="handleMouseLeave"
+    @touchstart="handleTouchStart"
+    @touchend="handleTouchEnd"
+    @touchcancel="handleTouchCancel"
+    @touchmove="handleTouchMove"
     :data-dir="isDir"
     :data-type="type"
     :aria-label="name"
@@ -50,6 +57,12 @@ import { useRouter } from "vue-router";
 
 const touches = ref<number>(0);
 
+const longPressTimer = ref<number | null>(null);
+const longPressTriggered = ref<boolean>(false);
+const longPressDelay = ref<number>(500);
+const startPosition = ref<{ x: number; y: number } | null>(null);
+const moveThreshold = ref<number>(10);
+
 const $showError = inject<IToastError>("$showError")!;
 const router = useRouter();
 
@@ -209,6 +222,12 @@ const drop = async (event: Event) => {
 };
 
 const itemClick = (event: Event | KeyboardEvent) => {
+  // If long press was triggered, prevent normal click behavior
+  if (longPressTriggered.value) {
+    longPressTriggered.value = false;
+    return;
+  }
+
   if (
     singleClick.value &&
     !(event as KeyboardEvent).ctrlKey &&
@@ -281,4 +300,76 @@ const getExtension = (fileName: string): string => {
   }
   return fileName.substring(lastDotIndex);
 };
+
+// Long-press helper functions
+const startLongPress = (clientX: number, clientY: number) => {
+  startPosition.value = { x: clientX, y: clientY };
+  longPressTimer.value = window.setTimeout(() => {
+    handleLongPress();
+  }, longPressDelay.value);
+};
+
+const cancelLongPress = () => {
+  if (longPressTimer.value !== null) {
+    window.clearTimeout(longPressTimer.value);
+    longPressTimer.value = null;
+  }
+  startPosition.value = null;
+};
+
+const handleLongPress = () => {
+  if (singleClick.value) {
+    longPressTriggered.value = true;
+    click(new Event("longpress"));
+  }
+  cancelLongPress();
+};
+
+const checkMovement = (clientX: number, clientY: number): boolean => {
+  if (!startPosition.value) return false;
+
+  const deltaX = Math.abs(clientX - startPosition.value.x);
+  const deltaY = Math.abs(clientY - startPosition.value.y);
+
+  return deltaX > moveThreshold.value || deltaY > moveThreshold.value;
+};
+
+// Event handlers
+const handleMouseDown = (event: MouseEvent) => {
+  if (event.button === 0) {
+    startLongPress(event.clientX, event.clientY);
+  }
+};
+
+const handleMouseUp = () => {
+  cancelLongPress();
+};
+
+const handleMouseLeave = () => {
+  cancelLongPress();
+};
+
+const handleTouchStart = (event: TouchEvent) => {
+  if (event.touches.length === 1) {
+    const touch = event.touches[0];
+    startLongPress(touch.clientX, touch.clientY);
+  }
+};
+
+const handleTouchEnd = () => {
+  cancelLongPress();
+};
+
+const handleTouchCancel = () => {
+  cancelLongPress();
+};
+
+const handleTouchMove = (event: TouchEvent) => {
+  if (event.touches.length === 1 && startPosition.value) {
+    const touch = event.touches[0];
+    if (checkMovement(touch.clientX, touch.clientY)) {
+      cancelLongPress();
+    }
+  }
+};
 </script>

frontend/src/components/prompts/FileList.vue

@@ -35,6 +35,12 @@ import { StatusError } from "@/api/utils.js";
 
 export default {
   name: "file-list",
+  props: {
+    exclude: {
+      type: Array,
+      default: () => [],
+    },
+  },
   data: function () {
     return {
       items: [],
@@ -90,6 +96,7 @@ export default {
       // move options.
       for (const item of req.items) {
         if (!item.isDir) continue;
+        if (this.exclude?.includes(item.url)) continue;
 
         this.items.push({
           name: item.name,

frontend/src/components/prompts/Move.vue

@@ -8,6 +8,7 @@
       <file-list
         ref="fileList"
         @update:selected="(val) => (dest = val)"
+        :exclude="excludedFolders"
         tabindex="1"
       />
     </div>
@@ -76,6 +77,11 @@ export default {
   computed: {
     ...mapState(useFileStore, ["req", "selected"]),
     ...mapState(useAuthStore, ["user"]),
+    excludedFolders() {
+      return this.selected
+        .filter((idx) => this.req.items[idx].isDir)
+        .map((idx) => this.req.items[idx].url);
+    },
   },
   methods: {
     ...mapActions(useLayoutStore, ["showHover", "closeHovers"]),

frontend/src/components/prompts/Share.vue

@@ -32,16 +32,6 @@
                 <i class="material-icons">content_paste</i>
               </button>
             </td>
-            <td class="small" v-if="hasDownloadLink()">
-              <button
-                class="action copy-clipboard"
-                :aria-label="$t('buttons.copyDownloadLinkToClipboard')"
-                :title="$t('buttons.copyDownloadLinkToClipboard')"
-                @click="copyToClipboard(buildDownloadLink(link))"
-              >
-                <i class="material-icons">content_paste_go</i>
-              </button>
-            </td>
             <td class="small">
               <button
                 class="action"
@@ -142,7 +132,7 @@
 <script>
 import { mapActions, mapState } from "pinia";
 import { useFileStore } from "@/stores/file";
-import { share as api, pub as pub_api } from "@/api";
+import { share as api } from "@/api";
 import dayjs from "dayjs";
 import { useLayoutStore } from "@/stores/layout";
 import { copy } from "@/utils/clipboard";
@@ -257,14 +247,6 @@ export default {
     buildLink(share) {
       return api.getShareURL(share);
     },
-    hasDownloadLink() {
-      return (
-        this.selected.length === 1 && !this.req.items[this.selected[0]].isDir
-      );
-    },
-    buildDownloadLink(share) {
-      return pub_api.getDownloadURL(share);
-    },
     sort() {
       this.links = this.links.sort((a, b) => {
         if (a.expire === 0) return -1;

frontend/src/views/settings/Global.vue

@@ -65,7 +65,7 @@
             <a
               class="link"
               target="_blank"
-              href="https://github.com/filebrowser/filebrowser/blob/master/docs/configuration.md#custom-branding"
+              href="https://filebrowser.org/configuration.html#command-runner"
               >{{ t("settings.documentation") }}</a
             >
           </i18n-t>
@@ -204,7 +204,7 @@
             <a
               class="link"
               target="_blank"
-              href="https://github.com/filebrowser/filebrowser/blob/master/docs/configuration.md#command-runner"
+              href="https://filebrowser.org/configuration.html#command-runner"
               >{{ t("settings.documentation") }}</a
             >
           </i18n-t>
@@ -401,7 +401,7 @@ onMounted(async () => {
 
     originalSettings.value = original;
     settings.value = newSettings;
-    shellValue.value = newSettings.shell.join("\n");
+    shellValue.value = newSettings.shell.join(" ");
   } catch (err) {
     if (err instanceof Error) {
       error.value = err;

http/auth.go

@@ -151,9 +151,9 @@ var signupHandler = func(_ http.ResponseWriter, r *http.Request, d *data) (int,
 
 	d.settings.Defaults.Apply(user)
 
-	pwd, err := users.HashAndValidatePwd(info.Password, d.settings.MinimumPasswordLength)
+	pwd, err := users.ValidateAndHashPwd(info.Password, d.settings.MinimumPasswordLength)
 	if err != nil {
-		return http.StatusInternalServerError, err
+		return http.StatusBadRequest, err
 	}
 
 	user.Password = pwd

http/raw.go

@@ -177,7 +177,18 @@ func rawDirHandler(w http.ResponseWriter, r *http.Request, d *data, file *files.
 
 	name := filepath.Base(commonDir)
 	if name == "." || name == "" || name == string(filepath.Separator) {
+		// Not sure when/if this will ever be true, though kept incase there is an edge-case where it is
+		if file.Name != "" {
 			name = file.Name
+		} else {
+			// This should indicate that the fs root is the directory being downloaded, lookup its name
+
+			actual, statErr := file.Fs.Stat(".")
+			if statErr != nil {
+				return http.StatusInternalServerError, statErr
+			}
+			name = actual.Name()
+		}
 	}
 	// Prefix used to distinguish a filelist generated
 	// archive from the full directory archive

http/resource.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"log"
 	"net/http"
 	"net/url"
 	"os"
@@ -73,6 +74,11 @@ func resourceDeleteHandler(fileCache FileCache) handleFunc {
 			return errToStatus(err), err
 		}
 
+		err = d.store.Share.DeleteWithPathPrefix(file.Path)
+		if err != nil {
+			log.Printf("WARNING: Error(s) occurred while deleting associated shares with file: %s", err)
+		}
+
 		// delete thumbnails
 		err = delThumbs(r.Context(), fileCache, file)
 		if err != nil {

http/users.go

@@ -125,13 +125,9 @@ var userPostHandler = withAdmin(func(w http.ResponseWriter, r *http.Request, d *
 		return http.StatusBadRequest, fbErrors.ErrEmptyPassword
 	}
 
-	if len(req.Data.Password) < int(d.settings.MinimumPasswordLength) {
-		return http.StatusBadRequest, fbErrors.ErrShortPassword
-	}
-
-	req.Data.Password, err = users.HashAndValidatePwd(req.Data.Password, d.settings.MinimumPasswordLength)
+	req.Data.Password, err = users.ValidateAndHashPwd(req.Data.Password, d.settings.MinimumPasswordLength)
 	if err != nil {
-		return http.StatusInternalServerError, err
+		return http.StatusBadRequest, err
 	}
 
 	userHome, err := d.settings.MakeUserDir(req.Data.Username, req.Data.Scope, d.server.Root)
@@ -167,16 +163,18 @@ var userPutHandler = withSelfOrAdmin(func(w http.ResponseWriter, r *http.Request
 		}
 
 		if req.Data.Password != "" {
-			req.Data.Password, err = users.HashAndValidatePwd(req.Data.Password, d.settings.MinimumPasswordLength)
+			req.Data.Password, err = users.ValidateAndHashPwd(req.Data.Password, d.settings.MinimumPasswordLength)
+			if err != nil {
+				return http.StatusBadRequest, err
+			}
 		} else {
 			var suser *users.User
 			suser, err = d.store.Users.Get(d.server.Root, d.raw.(uint))
-			req.Data.Password = suser.Password
-		}
-
 			if err != nil {
 				return http.StatusInternalServerError, err
 			}
+			req.Data.Password = suser.Password
+		}
 
 		req.Which = []string{}
 	}
@@ -190,13 +188,9 @@ var userPutHandler = withSelfOrAdmin(func(w http.ResponseWriter, r *http.Request
 				return http.StatusForbidden, nil
 			}
 
-			if len(req.Data.Password) < int(d.settings.MinimumPasswordLength) {
-				return http.StatusBadRequest, fbErrors.ErrShortPassword
-			}
-
-			req.Data.Password, err = users.HashAndValidatePwd(req.Data.Password, d.settings.MinimumPasswordLength)
+			req.Data.Password, err = users.ValidateAndHashPwd(req.Data.Password, d.settings.MinimumPasswordLength)
 			if err != nil {
-				return http.StatusInternalServerError, err
+				return http.StatusBadRequest, err
 			}
 		}
 

share/storage.go

@@ -15,6 +15,7 @@ type StorageBackend interface {
 	Gets(path string, id uint) ([]*Link, error)
 	Save(s *Link) error
 	Delete(hash string) error
+	DeleteWithPathPrefix(path string) error
 }
 
 // Storage is a storage.
@@ -118,3 +119,7 @@ func (s *Storage) Save(l *Link) error {
 func (s *Storage) Delete(hash string) error {
 	return s.back.Delete(hash)
 }
+
+func (s *Storage) DeleteWithPathPrefix(path string) error {
+	return s.back.DeleteWithPathPrefix(path)
+}

storage/bolt/share.go

@@ -75,3 +75,16 @@ func (s shareBackend) Delete(hash string) error {
 	}
 	return err
 }
+
+func (s shareBackend) DeleteWithPathPrefix(pathPrefix string) error {
+	var links []share.Link
+	if err := s.db.Prefix("Path", pathPrefix, &links); err != nil {
+		return err
+	}
+
+	var err error
+	for _, link := range links {
+		err = errors.Join(err, s.db.DeleteStruct(&share.Link{Hash: link.Hash}))
+	}
+	return err
+}

users/assets.go

@@ -0,0 +1,26 @@
+package users
+
+import (
+	"embed"
+	"strings"
+)
+
+//go:embed assets
+var assets embed.FS
+var commonPasswords map[string]struct{}
+
+//nolint:gochecknoinits
+func init() {
+	// Password list sourced from:
+	// https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/100k-most-used-passwords-NCSC.txt
+	data, err := assets.ReadFile("assets/common-passwords.txt")
+	if err != nil {
+		panic(err)
+	}
+
+	passwords := strings.Split(strings.TrimSpace(string(data)), "\n")
+	commonPasswords = make(map[string]struct{}, len(passwords))
+	for _, password := range passwords {
+		commonPasswords[strings.TrimSpace(password)] = struct{}{}
+	}
+}

users/password.go

@@ -9,10 +9,14 @@ import (
 	fbErrors "github.com/filebrowser/filebrowser/v2/errors"
 )
 
-// HashPwd hashes a password.
-func HashAndValidatePwd(password string, minimumLength uint) (string, error) {
+// ValidateAndHashPwd validates and hashes a password.
+func ValidateAndHashPwd(password string, minimumLength uint) (string, error) {
 	if uint(len(password)) < minimumLength {
-		return "", fbErrors.ErrShortPassword
+		return "", fbErrors.ErrShortPassword{MinimumLength: minimumLength}
+	}
+
+	if _, ok := commonPasswords[password]; ok {
+		return "", fbErrors.ErrEasyPassword
 	}
 
 	return HashPwd(password)

www/docs/configuration.md

@@ -4,41 +4,45 @@ Most of the configuration can be understood through our Command Line Interface d
 
 ## Custom Branding
 
-You are able to customize your File Browser installation by changing its name to any other you want, by adding a global custom style sheet and by using your own logotype if you want. To address this, there are three configuration options that can be changed:
+You can customize File Browser to use your own branding. This includes the following:
 
-* **Name:** which is the instance name that will show up on login and signup pages. This won't replace the version message in the sidebar.
-* **Disable external links:** this will disable any external links (except the ones to this documentation).
-* **Folder:** is the path to a directory that can contain two items:
-  * **custom.css**, containing the styles you want to apply to your installation.
-  * **img** a directory whose files can replace the [default logotypes](https://github.com/filebrowser/filebrowser/tree/master/frontend/public/img) in the application.
+- **Name**: the name of the instance that shows up on the tab title, login pages, and some other places.
+- **Disable External Links**: disables all external links, except to the documentation.
+- **Disable Used Percentage**: disables the disk usage information on the sidebar.
+- **Branding Folder**: directory which can contain two items:
+    - `custom.css`, containing a global stylesheet to apply to all users.
+    - `img`, a directory which can replace all the [default logotypes](https://github.com/filebrowser/filebrowser/tree/master/frontend/public/img) from the application.
 
-These options can be either set via the CLI interface using the following command:
+This can be configured by the administrator user, under **Settings → Global Settings**. You can also update the configuration directly using the CLI:
 
 ```sh
 filebrowser config set --branding.name "My Name" \
   --branding.files "/abs/path/to/my/dir" \
   --branding.disableExternal
 ```
-Or can be set under 'Branding directory path' in **Settings → Global Settings**. 
 
 > [!NOTE] 
 >
-> If using Docker then remember to bind this directory, for example as `/home/username/containers/filebrowser/branding:/branding`
+> If you are using Docker, you need to mount a volume with the `branding` directory in order for it to be accessible from within the container.
 
-For custom icons to be recognized you need to create `img` and `img/icons` directories and place the svg in the `branding/img` directory:
+### Custom Icons
+
+To replace the default logotype and favicons, you need to create an `img` directory under the branding directory. The structure of this directory must mimic the one from the [default logotypes](https://github.com/filebrowser/filebrowser/tree/master/frontend/public/img):
 
 ```
-- filebrowser
-  - branding
-    - img
-      - icons
-      - logo.svg
-  - filebrowser.db
+img/
+  logo.svg
+  icons/
+    favicon.ico
+    favicon.svg
+    (...)
 ```
 
-To replace the favicon you need to place this in the `img/icons` directory but also note that some of the other PNG icon types will be required too (see the default logotypes link above) as the browser will normally use the highest resolution option available (at a minimum the 16x16 and 32x32 options). You can use the [Real Favicon Generator](https://realfavicongenerator.net/) to generate these for you from your base image.  
+Note that there are different versions of the same favicon in multiple sizes. To replace all of them, you need to add versions for all of them. You can use the [Real Favicon Generator](https://realfavicongenerator.net/) to generate these for you from your base image. 
 
-The icons are cached, to make the new ones appear more quickly open developer tools in your browser, then click on the Application tab, then Storage and then 'Clear Site Data'.
+> [!NOTE]
+>
+> The icons are cached by the browser, so you may not see your changes immediately. You can address this by clearing your browser's cache.
 
 ## Authentication Method
 
@@ -68,11 +72,6 @@ filebrowser config set --recaptcha.host https://recaptcha.net
 
 Where `https://recaptcha.net` is any provider you want.
 
-
-> [!CAUTION]
-> 
-> Note that you **always** need to set the `--auth.method` flag when changing authentication configurations and that it will completely overwrite your current settings. [This is a known issue.](https://github.com/filebrowser/filebrowser/issues/715)
-
 ### Proxy Header
 
 If you have a reverse proxy you want to use to login your users, you do it via our `proxy` authentication method. To configure this method, your proxy must send an HTTP header containing the username of the logged in user:
@@ -97,6 +96,10 @@ filebrowser config set --auth.method=noauth
 
 ## Command Runner
 
+> [!CAUTION]
+>
+> The **command execution** functionality has been disabled for all existent and new installations by default from version v2.33.8 and onwards, due to continuous and known security vulnerabilities. You should only use this feature if you are aware of all of the security risks involved. For more up to date information, consult issue [#5199](https://github.com/filebrowser/filebrowser/issues/5199).
+
 The command runner is a feature that enables you to execute any shell command you want before or after a certain event. Right now, these are the events:
 
 * Copy

www/docs/deployment.md

@@ -0,0 +1,34 @@
+## Fail2ban
+
+File Browser does not natively support protection against brute force attacks. Therefore, we suggest using something like [fail2ban](https://github.com/fail2ban/fail2ban), which takes care of that by tracking the logs of your File Browser instance. For more information on how fail2ban works, please refer to their [wiki](https://github.com/fail2ban/fail2ban/wiki).
+
+### Filter Configuration
+
+An example filter configuration targeted at matching File Browser's logs.
+
+```ini
+[INCLUDES]
+before = common.conf
+
+[Definition]
+datepattern = `^%%Y\/%%m\/%%d %%H:%%M:%%S`
+failregex   = `\/api\/login: 403 <HOST> *`
+```
+
+### Jail Configuration
+
+An example jail configuration. You should fill it with the path of the logs of File Browser, as well as the port where it is running at.
+
+```ini
+[filebrowser]
+
+enabled = true
+port = [your_port]
+filter = filebrowser
+logpath = [your_log_path]
+maxretry = 10
+bantime = 10m
+findtime = 10m
+banaction = iptables-allports
+banaction_allports = iptables-allports
+```

www/docs/index.md

@@ -8,12 +8,12 @@
   <img src="https://raw.githubusercontent.com/filebrowser/logo/master/banner.png" width="550"/>
 </p>
 
-![Preview](static/example.gif)
-
 > [!WARNING]
 >
 > This project is currently on **maintenance-only** mode. For more information, read the information on [GitHub](https://github.com/filebrowser/filebrowser#project-status).
 
+![Preview](static/example.gif)
+
 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview and edit your files. It is a **create-your-own-cloud**-kind of software where you can just install it on your server, direct it to a path and access your files through a nice web interface.
 
 ## Features

www/docs/installation.md

@@ -1,12 +1,12 @@
 # Installation
 
-File Browser is a single binary and can be used as a standalone executable. Although, some might prefer to use it with [Docker](https://www.docker.com) or [Caddy](https://caddyserver.com), which is a fantastic web server that enables HTTPS by default. Its installation is quite straightforward independently on which system you want to use.
+File Browser is a single binary and can be used as standalone executable. However, it is also available as a [Docker](https://www.docker.com) image. The installation and first time setup is quite straightforward independently of which system you use.
 
-## Quick Setup
+## Binary
 
-The quickest way for beginners to start using File Browser is by opening your terminal and executing the following commands:
+The quickest and easiest way to install File Browser is to use a package manager, or our download script, which automatically fetches the latest version of File Browser for your platform.
 
-### Brew
+=== "Brew"
 
     ```sh
     brew tap filebrowser/tap
@@ -14,47 +14,48 @@ brew install filebrowser
     filebrowser -r /path/to/your/files
     ```
 
-### Unix
+=== "Unix"
 
     ```sh
     curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bash
     filebrowser -r /path/to/your/files
     ```
 
-### Windows
+=== "Windows"
 
     ```sh
     iwr -useb https://raw.githubusercontent.com/filebrowser/get/master/get.ps1 | iex
     filebrowser -r /path/to/your/files
     ```
 
-### Configuring
-
-Done! It will bootstrap a database in which all the configurations and users are stored. Now, you can see on your command line the address in which your instance is running. You just need to go to that URL and use the following credentials:
-
-* Username: `admin`
-* Password: (printed in your console)
-
-Although this is the fastest way to bootstrap an instance, we recommend you to take a look at other possible options, by checking `config init --help` and `config set --help`, to make the installation as safe and customized as it can be.
+File Browser is now up and running. Read some [first boot](#first-boot) for more information.
 
 ## Docker
 
-File Browser is available as two different Docker images, which can be found on [Docker Hub](https://hub.docker.com/r/filebrowser/filebrowser).
+File Browser is available as two different Docker images, which can be found on [Docker Hub](https://hub.docker.com/r/filebrowser/filebrowser): a [bare Alpine image](#bare-alpine-image) and an [S6 Overlay image](#s6-overlay-image).
 
-### Alpine
+### Bare Alpine Image
 
 ```sh
 docker run \
-  -v /path/to/srv:/srv \
-  -v /path/to/database:/database \
-  -v /path/to/config:/config \
+    -v filebrowser_data:/srv \
+    -v filebrowser_database:/database \
+    -v filebrowser_config:/config \
     -p 8080:80 \
     filebrowser/filebrowser
 ```
 
-The default user has PID 1000 and GID 1000. Please make sure that this user has access to the different mounted volumes. To change the user running inside the Docker image, you need to use the [`--user` flag](https://docs.docker.com/engine/containers/run/#user).
+Where `filebrowser_data`, `filebrowser_database` and `filebrowser_config` are Docker [volumes](https://docs.docker.com/engine/storage/volumes/), where the data, database and configuration will be stored, respectively. The default configuration and database will be automatically initialized.
 
-### s6 overlay
+The default user that runs File Browser inside the container has PID 1000 and GID 1000. If, for one reason or another, you want to run the Docker container with a different user, please consult Docker's [user documentation](https://docs.docker.com/engine/containers/run/#user).
+
+> [!NOTE]
+>
+> When using [bind mounts](https://docs.docker.com/engine/storage/bind-mounts/), that is, when you mount a path on the host in the container, you must manually ensure that they have the correct **permissions**. Docker does not do this automatically for you. The host directories must be readable and writable by the user running inside the container. You can use the [`chown`](https://linux.die.net/man/1/chown) command to change the owner of those paths.
+
+File Browser is now up and running. Read the ["First Boot"](#first-boot) section for more information.
+
+### S6 Overlay Image
 
 The `s6` image is based on LinuxServer and leverages the [s6-overlay](https://github.com/just-containers/s6-overlay) system for a standard, highly customizable image. It should be used as follows:
 
@@ -69,8 +70,6 @@ docker run \
     filebrowser/filebrowser:s6
 ```
 
-### Notes
-
 Where:
 
 - `/path/to/srv` contains the files root directory for File Browser
@@ -78,3 +77,17 @@ Where:
 - `/path/to/database` contains a `filebrowser.db` file
 
 Both `settings.json` and `filebrowser.db` will automatically be initialized if they don't exist.
+
+File Browser is now up and running. Read the ["First Boot"](#first-boot) section for more information.
+
+## First Boot
+
+Your instance is now up and running. File Browser will automatically bootstrap a database, in which the configuration and the users are stored. You can find the address in which your instance is running, as well as the randomly generated password for the user `admin`, in the console logs.
+
+> [!WARNING]
+>
+> The automatically generated password for the user `admin` is only displayed once. If you fail to remember it, you will need to manually delete the database and start File Browser again.
+
+Although this is the fastest way to bootstrap an instance, we recommend you to take a look at other possible options, by checking `config init --help` and `config set --help`, to make the installation as safe and customized as it can be.
+
+If your goal is to have a public-facing deployment, we recommend taking a look at the [deployment](deployment.md) page for more information on how you can secure your installation.

www/mkdocs.yml

@@ -1,12 +1,12 @@
 site_name: File Browser
 site_description: 'A web-based file browser and manager for your files'
-site_author: 'File Browser Community'
+site_author: 'File Browser Contributors'
 site_url: 'https://filebrowser.org'
 
 repo_name: 'filebrowser/filebrowser'
 repo_url: 'https://github.com/filebrowser/filebrowser'
 
-copyright: 'Copyright © 2025 File Browser Community'
+copyright: 'Copyright © 2025 File Browser Contributors'
 
 theme:
   name: material
@@ -97,8 +97,10 @@ extra:
 
 nav:
   - Home: index.md
+  - Getting Started:
     - Installation: installation.md
     - Configuration: configuration.md
+    - Deployment: deployment.md
   - Contributing:
     - Contributing: contributing.md
     - Code of Conduct: code-of-conduct.md