Skip to content

2.0.4

Latest
Latest
Compare
Choose a tag to compare
@PlusOne PlusOne released this 29 Oct 15:52
· 21 commits to main since this release
2.0.4
ab3e5a7

HMAC File Server - Release Notes for v2.0.4

Release Date: October 29, 2024

Overview

The v2.0.4 release of the HMAC File Server builds upon the configurability, security, and performance advancements introduced in previous versions. This update further refines the server’s robustness, scalability, and ease of deployment. New features and enhancements in this release empower administrators with additional control over server interactions, improving the handling of resumable uploads, optimizing memory usage, and streamlining logging configurations. Furthermore, security measures have been strengthened to protect against common vulnerabilities such as path traversal attacks, ensuring the integrity and safety of file operations. The HMAC File Server remains committed to providing secure, efficient, and customizable file handling solutions that meet modern network and security demands.

New Features

  1. Advanced Logging Configuration

    • Dynamic Log Level Control: Administrators can now specify the logging level in config.toml to dynamically control verbosity (e.g., debug, info, warn, error). This update allows for quick adjustments without code changes.
    • Configurable Log Path and Rotation: Enhanced log management with support for log rotation and path customization, ensuring efficient log storage management and clearer audit trails.
    • Reintegrated Logging: Ensured that all necessary imports are included, and logging configurations are properly set up to capture detailed server events.
    • Debug Settings: Added trace-level logging for enhanced debugging capabilities.

  2. Enhanced Resumable Uploads and Chunked Upload Support

    • Resumable Upload Optimization: Improved handling for interrupted uploads, with resumable capabilities tuned for efficiency on both mobile and desktop environments.
    • Customizable Chunk Size: Added the ability to define ChunkSize in config.toml, supporting optimized file transfer for varied network conditions and device types.
    • Fix Chunked Uploads with ClamAV Socket Option: Addressed issues with chunked uploads when ClamAV socket integration is enabled.

  3. Extended NGINX/Apache Integration Support

    • In-Depth Configuration Guidance: Updated documentation provides specific settings for optimizing NGINX/Apache to support large file uploads seamlessly with the HMAC server, ensuring compatibility for files up to and exceeding 1 GB.
    • Automated CORS and Buffer Management: Simplified configuration options ensure smooth handling of cross-origin requests (CORS) and manage buffering requirements efficiently.
    • Event-Based Attributes: Integrated additional attributes from NGINX/Apache for better event handling.

  4. Security Enhancements

    • Path Traversal Prevention: Implemented checks to ensure that all file paths reside within the designated StoreDir, preventing unauthorized file access via path traversal attacks.
    • URL Path Decoding: Added support for decoding URL-encoded fileStorePath to accurately handle file paths and prevent misinterpretation.
    • Enhanced HMAC Validation: Strengthened HMAC validation across v, v2, and token protocols to ensure consistent integrity checks, providing robust protection against unauthorized file transfers.
    • Correct Mimetype Handling: Improved MIME type detection to ensure accurate content type headers during file downloads.

  5. ClamAV Integration Enhancements

    • Configurable ClamAV Socket Support: Administrators can now choose between TCP or UNIX socket connections for ClamAV, ensuring secure and efficient virus scans in environments with diverse configurations.
    • Improved Virus Scan Management: Enhanced handling of scan errors and queue management, providing robust protections against potential file-based threats.

  6. File Management Improvements

    • FileTTL Bug Fix: Resolved issues where FileTTL deletions were based solely on timestamp, ensuring deletions consider both upload time and timestamp for accurate file expiration.
    • Versioning Enhancements: Improved file versioning by ensuring versioned directories are preserved during cleanup operations, preventing inadvertent deletions.

Performance and Reliability Enhancements

  1. Optimized Memory Management

    • Efficient Buffering for Large File Transfers: Improved buffer allocation with support for 4 MB default buffer size during file reads/writes to enhance memory efficiency and reduce CPU usage.
    • Resource Cleanup: Enhanced memory management to ensure resources are freed after file transfers, further strengthening performance on resource-limited systems.

  2. Expanded Timeout Configuration

    • Granular Timeout Settings: Additional granularity for ReadTimeout, WriteTimeout, and IdleTimeout settings, ensuring adaptable server behavior across a variety of network scenarios.
    • User-Friendly Configuration: Duration-based timeouts support intuitive entries such as "5m" or "2h" to simplify configuration and allow administrators to tailor settings for their environments.

  3. Refined Worker Pool and Queues

    • Scalable Upload Queue Size: Increased UploadQueueSize to handle more concurrent uploads, improving throughput under heavy loads.
    • Dynamic Worker Scaling: Added scaling for upload and ClamAV scan workers, with performance tuning based on observed load for seamless operation under fluctuating workloads.

  4. Range Header Handling

    • Multiple Range Requests Rejection: Enhanced the resumable download handler to detect and reject requests containing multiple byte ranges, responding with 416 Requested Range Not Satisfiable for unsupported range formats.

Security and Compliance

  1. Enhanced HMAC Validation

    • Protocol Consistency: Strengthened validation across v, v2, and token protocols to ensure consistent integrity checks, providing robust protection against unauthorized file transfers.
    • Granular Access Controls: Detailed logging for validation events to aid compliance with security monitoring policies.

  2. Extended ClamAV Integration

    • Configurable ClamAV Socket Support: Administrators can now choose between TCP or UNIX socket connections for ClamAV, ensuring secure and efficient virus scans in environments with diverse configurations.
    • Improved Virus Scan Management: Enhanced handling of scan errors and queue management, providing robust protections against potential file-based threats.

  3. Path Traversal and URL Decoding

    • Path Traversal Prevention: Ensured that file operations are confined within the designated storage directory, mitigating unauthorized file access.
    • URL Path Decoding: Handled URL-encoded paths correctly to prevent misinterpretation and potential security issues.

Miscellaneous

  1. Documentation and Usability Improvements

    • Detailed Setup and Configuration: Expanded documentation on config.toml settings, including examples for timeout settings, chunk size, and ClamAV configuration.
    • User-Friendly Error Messages: Enhanced clarity in client error responses, improving troubleshooting and providing helpful information on file transfer errors.
    • Example Configurations: Included sample config.toml files for typical deployment scenarios, aiding administrators in setup and customization.

  2. Refined Code Structure and Modularity

    • Improved Readability: Code refactoring for modularity and readability, making maintenance and future updates easier.
    • Enhanced Documentation: Added function-level documentation to guide developers through core components, easing custom integrations and debugging.

  3. Dashboard Update

    • Updated Dashboard to v2.0.4: Implemented virus detection features and reordered dashboard elements for improved usability.

Conclusion

The v2.0.4 release of the HMAC File Server demonstrates continued progress in scalability, configurability, and security. This update empowers administrators with improved tools for fine-tuning server operations, facilitating flexible and high-performance file handling across various environments. The enhancements in resumable uploads, ClamAV integration, path traversal prevention, and logging configurability reinforce the server's commitment to efficient, secure, and compliant file management solutions.

Note: The HMAC File Server’s secure validation and integrity protocols continue to align with XMPP integration requirements, safeguarding data integrity and authenticity in diverse network environments.

Assets 4
Loading