The test cases in LanguageSelectTest.php, HeaderMenuTest.php, MaxFilesTest.php, InvalidExtensionsTest.php, MaxUploadSizeTest.php, and TemplatingTest.php have been updated to work against the development3 branch and the bootstrap UI refresh.

This was introduced in filesender/filesender#1185.

An issue that was addressed post 1185 was the language selection on smaller displays and the new wait...() methods.
https://github.com/filesenderuici/filesender/runs/4746227552?check_suite_focus=true

The first sucessful run of the new tests
https://github.com/filesenderuici/filesender/runs/4746557771?check_suite_focus=true

One of the complicated interactions is updating the server configuration from a unit test. This can introduce complicated caching issues where the browser does not see the very latest data and so can introduce wait and force reload requirements.

With this milestone in place the UI test suite running against development3 will be the same or better than that running against the current FileSender 2.x releases.

This includes the changes in 2.43 and 2.44
https://github.com/filesender/filesender/releases/tag/filesender-2.43
https://github.com/filesender/filesender/releases/tag/filesender-2.44

And significant update to the 3.x beta series in Beta 4 and 5 to address many of the outstanding issues with the new UI.
Release 3.0.beta5 https://github.com/filesender/filesender/releases/tag/master3-filesender-release3.0.beta5
Release 3.0.beta4 https://github.com/filesender/filesender/releases/tag/master3-filesender-release3.0.beta4
Release 3.0.beta3 https://github.com/filesender/filesender/releases/tag/master3-filesender-release3.0.beta3

This milestone also includes updates to the upcoming nodejs command line client which allows for upload and download to encrypted transfers. The code has gone from proof of concept to something much closer to code which will form a pull request for merging.
https://github.com/monkeyiq/filesender/tree/2023/dec/jsrestclientpoc

Also some initial time for the current security audit.

This includes the changes in 2.38
https://github.com/filesender/filesender/releases/tag/filesender-2.38

and 2.39
https://github.com/filesender/filesender/releases/tag/filesender-2.39

Post 2.39 updates...

Review and merge: Concurency and resilience changes to filesender.py
filesender/filesender#1396

fix spelling
filesender/filesender#1397

encryption: new option to make generated password mandatory
filesender/filesender#1400

docs: update mailing list info
filesender/filesender#1401

i18n: auto import from poedtor on 2023-03-01-1677613593 #1402

security allow csrf check before doing a saml logout
filesender/filesender#1403

Together with a proposal to allow logout veto in SimpleSAMLPhp
simplesamlphp/simplesamlphp#1772

Trim off the template update, the setting is done in the js file
filesender/filesender#1405

fix the search URL in admin_transfers
filesender/filesender#1407

An issue on the regular FileSender issue tracker is asking about possibly changing the default values for email_from to a static no reply address. filesender/filesender#1820

I am happy to update these defaults for the 3.x series to allow less work for system admins who might otherwise have to try to workout ways for the system to allow emails from other domains or other issues.

Guido to work on "REFEDS-style" construction to have an easier and more consistent way to allow organisations for an easier and more consistent way to annually contribute funds

System maintenance tasks performed in the period September 7, 2021 to January 22, 2022.

Code was ported forward from the 2.x series to create 3.0 alpha release 3.

Review + Merge: Added in the list: Cyprus | Frederick University
filesender/filesender#1142

update key_version_kew_files docs
filesender/filesender#1144

build(deps): bump nokogiri from 1.11.7 to 1.12.5 in /docs
filesender/filesender#1147

ui: check that msg does not contain password on password entry too
filesender/filesender#1152

Review + Merge: Fixed bug of python script (filesize multiple of chunk size)
filesender/filesender#1153
filesender/filesender#1155

docs: add contributing info
filesender/filesender#1154

docs: update with more information about 3.x series
filesender/filesender#1170

Review + Update: clouds3: option to store everything in a single bucket
filesender/filesender#1175

update metadata that is shared in filesender-config.js.php
filesender/filesender#1176

some docs for crypto_crypt_name and update to fully set crypto_crypt_name from key version
filesender/filesender#1177

upload: show a very basic ETA
filesender/filesender#1178

ui: prevent upload page expires from becoming an empty string
filesender/filesender#1179

Review + Merge: Fixes to allow running under PHP8
filesender/filesender#1180

Review + Merge: Patch 1 [ed: setup scripts update]
filesender/filesender#1181

Review + Merge: url-encode email address in admin_transfers
filesender/filesender#1196

guest expires: allow selection below the default expire
filesender/filesender#1207

Review + Update: New Env class to allow getenv() to do more in some cases
filesender/filesender#1208
filesender/filesender#1209

New optional use of the Notification API to indicate upload complete
filesender/filesender#1210

Halt of Savage CI server while Log4j vulnerability was investigated.
Keys changed at this time as good security practice.

This was resolved with filesender/filesender#1260

The milestone text:

A security audit found that FileSender was missing rate limiting functionality for email as listing in section 5.1.2 of that report. The following actions Download file, Create guest voucher, Start guest upload, Request transfer logs, Send reminder to specific recipient.

Assisting AARNet with some user acceptance testing when updating
including an investigation into http/2 testing and how it may help or
possibly hinder download functionality and performance.

Discussion and investigation about streaming crypto (StreamSaver) with
Rick van Rein in July to assure functionality is as expected. One
outcome is PR 1070 cited below.

missing end of function added after acceptance of pr 987
filesender/filesender#989

review and merge of Chunked storage, crypto UX improvements
filesender/filesender#990

release 2.24
filesender/filesender#993

review and merge to menu and favicons update for bootstrap
filesender/filesender#994

review and merge of 4 new build options for docker
filesender/filesender#995

review and merge of Update build badge
filesender/filesender#996

Update to user_can_only_view_guest_transfers_shared_with_them for wider scope
filesender/filesender#1001

New languages added to auto import script
filesender/filesender#1010
filesender/filesender#1080
filesender/filesender#1081
filesender/filesender#1082
filesender/filesender#1083

i18n related
filesender/filesender#1034
filesender/filesender#1046
filesender/filesender#1079

review and merge of Cast anonymous recipient identity to string
filesender/filesender#1012

review and merge of
filesender/filesender#1014
filesender/filesender#1014

review and merge of dep update for docs
filesender/filesender#1015
filesender/filesender#1042

ui: feedback for bad characters in file names during adding
filesender/filesender#1033
filesender/filesender#1035
filesender/filesender#1036

review and merge of Add documentation for 7 config options
filesender/filesender#1037

deps: bump versions using scripts/dev/www-lib-update
filesender/filesender#1039

comments: zip64 handler call the sig a magic number instead
filesender/filesender#1041

release 2.25
filesender/filesender#1047

review and merge of fix documentation section about auth_remote_applications
config ref #1040
filesender/filesender#1048

update for docs
filesender/filesender#1053
filesender/filesender#1068
filesender/filesender#1109

This vacates the default URL for mitm in StreamSaver
filesender/filesender#1070

Some PBKDF2 dialog updates
filesender/filesender#1072
filesender/filesender#1073

review and merge of only show green graph when encryption_mandatory set
filesender/filesender#1074

review and merge of fix Chunked storage free space check, while not breaking
standard class
filesender/filesender#1075

show download progress as simple percentage again
filesender/filesender#1077

upload page and encryption password messages
filesender/filesender#1090
filesender/filesender#1103
filesender/filesender#1105

improvements to help S3 storage
filesender/filesender#1091
filesender/filesender#1108

bring back about and help page text
filesender/filesender#1095

release 2.27
filesender/filesender#1096

review and update to add a lock near transfer id for encrypted transfers
filesender/filesender#1101

review and merge of enable fill on graphs (lost/new setting when updated
chart.js)
filesender/filesender#1115

discussion about some language translations perhaps not being what
we might like

translate_email xss and mimetype attacks reported by SURFnet
filesender/filesender#1121

discussions on IPR

Some documentation and testing with PDO::ATTR_PERSISTENT for
persistent database connections and postgresql leading to improved
documentation.
filesender/filesender#1119

Release 2.29 and matching release 3.0alpha1 including some additional
integration testing and updates after merging 2.29 functionality into
3.0x series.
filesender/filesender#1122
https://github.com/filesender/filesender/releases/tag/master3-filesender-3.0alpha1

Upload page graph presentation improvements after updating chartjs
to allow the site to work with CSP inline with security audit (pr 1089).
filesender/filesender#1124

Ability to disable the guest system if desired including
some code to explicitly reject attempts to access it on a disabled system.
filesender/filesender#1125

A new option to allow download of files only from authenticated users
filesender/filesender#1126

Count every download regardless of if it comes from the same ipv4 address
filesender/filesender#1127

Service level AUP with basic versioning
filesender/filesender#1128

A new secondary index on transfers.expires to help cron execution times
filesender/filesender#1129

Some more of the configuration directives now have documentation
filesender/filesender#1130

Translation import
filesender/filesender#1131

3.x series: The buttons on the download page for each file are now
"primary" buttons to indicate that they are the main items to see on
the page.
filesender/filesender#1133

Release 3.30 with matching 3.0alpha2
filesender/filesender#1132
filesender/filesender#1135
https://github.com/filesender/filesender/releases/tag/master3-filesender-3.0alpha2

FileSender has options for which "crypto mode" to use which include AES-CBC and modes that do not use PBKDF2 hashing. These are modes 0, 1, and 2. This leaves mode 3 which is AES-GCM with PBKDF2.

Since we have moved FileSender 3.x to the most recent Bootstrap and removed IE11 support. With Edge moving to being Chromium backed we may consider only supporting mode 3 (AES-GCM with PBKDF2) in FileSender 3.x which works across Safari, Edge (Chromium), Firefox and Chrome.

The Selenium tests ConfigurationOptionsTest.php, EncryptionTest.php, TransferExpiredTest.php, and UploadAutoResumeTest.php have been updated and refreshed for the bootstrap UI in the development3 branch. New methods have been introduced to make the processing both faster and more robust by waiting for explicit elements to be displayed before progressing.

filesender/filesender#1157

A number of small updates to 1157 were also merged as well as a number of testing only CI PR runs created resulting in a final test run which passes on Sauce Labs (filesender/filesender#1174)

filesender/filesender#1158
filesender/filesender#1159
filesender/filesender#1160
filesender/filesender#1161
filesender/filesender#1162
filesender/filesender#1163
filesender/filesender#1164
filesender/filesender#1165
filesender/filesender#1166
filesender/filesender#1167
filesender/filesender#1168
filesender/filesender#1169
filesender/filesender#1171
filesender/filesender#1172
filesender/filesender#1173
filesender/filesender#1174

Do we wish to continue to try to support IE11 or should be retire that now and focus only on modern browsers?

System maintenance tasks performed in the period 23 January to 28 July 2022.

This includes time spent investigating the TCP_WAIT stalling issue that was reported on the mailing list and the TeraSender web workers issue that can effect some network confugrations filesender/filesender#1226. Unfortunately no decisive result has been found for either issue as yet.

Updates included in this milestone include:

Update to versions of javascript dependencies filesender/filesender#1239 filesender/filesender#1202

Bulk import of language translations from poeditor performed filesender/filesender#1243 filesender/filesender#1242

update for use_strict_csp=true configurations filesender/filesender#1247

Update docker images to newest releases filesender/filesender#1270

Update for service AUP translation string filesender/filesender#1280

GUI allowed pages update to move these settings to the config filesender/filesender#1282

documentation fixes filesender/filesender#1262
Adding documentation for 9 options filesender/filesender#1269
Update known-installs.md filesender/filesender#1263

update oldterms.txt filesender/filesender#1281

dev3

update popper.js handling code and version filesender/filesender#1252
update bootstrap and bootbox metadata filesender/filesender#1253
remove reset.css and cleanup border on transfers pager filesender/filesender#1254
update from deprecated flag-icon-css to newer flag-icons filesender/filesender#1255

deps

update composer.lock for optional dep directory filesender/filesender#1250
bump guzzlehttp/guzzle 7.4.5 filesender/filesender#1257 filesender/filesender#1258 filesender/filesender#1265 filesender/filesender#1266 filesender/filesender#1271 filesender/filesender#1272 filesender/filesender#1274

developers

a new dump method for debugging filesender/filesender#1256

This update changes some database numeric keys to larger types. It is recommended to make a database backup before running the database.php script. These keys have expanded in size in all database backends to avoid potential overflow issues.

For mysql/mariadb databases only, the size of meduimint has also changed from 24 to 32 bit. Some uses of mediumint have foreign keys so can not be directly updated. To help with this a new script scripts/upgrade/migration-drop-foreign-keys.php was created. The database.php script will ensure that foreign keys are created if they do not exist so explicitly dropping them before running database.php should be ok.

For this release, if you are using mysql or mariadb you will need to run the following to update the database. If there is a permission issue with the migration-drop-foreign-keys.php script the SQL commands are contained in the script and can be run directly from the mysql console.

cd scripts/upgrade
php migration-drop-foreign-keys.php
php database.php

If you are running PostgreSQL then expanding the size of the keys for files, guests etc should change with just the normal command:

php database.php

Database

convert files, filecollections, guests and transfer ids to bigints filesender/filesender#1294 filesender/filesender#1296
Only mysql/mariadb moved meduimint from 24 to 32 bit filesender/filesender#1295

General

Only send a single email with all downloaded files listed after encrypted download to zip filesender/filesender#1286

A new test for the character set encoding for mysql/mariadb with a warning and override if utf8mb4 is not in use filesender/filesender#1287

A new script to gather system information for issue reports filesender/filesender#1288

An update to upload page to convert blank expire time to original value. This appeared to happen before but the stored expire time was not correct. filesender/filesender#1289

i18n: import script update to better respect the context of a translation filesender/filesender#1291
i18n: auto import from poedtor on 2022-07-14-1657781263 filesender/filesender#1290

build(deps): bump tzinfo from 1.2.9 to 1.2.10 in /docs filesender/filesender#1298

Lead dev Ben Martin reports:

"I have asked the FileSender board how they wish to progress with this. I
floated the options (a) through (d) mentioned below. The version 2.25 could be
a later point release, it is just used for a placeholder.

a) Switch to bootstrap with a minor point release. For example 2.25 introduces
the bootstrap UI and we just deprecate the old UI.

b) Run a few releases in parallel. So 2.25 is release both using the old UI
and also a bootstrap release with the new UI is made as well. Sites are
encouraged to use the bootstrap UI if possible but can fall back to the same
functionality and security updates if something doesn't currently meet their
needs. This might be done for 2-3 point releases or longer if desired.

c) A series of prereleases to FileSender 3 which uses the bootstrap UI.

d) Something the board [or community] wants but wasn't mentioned above."

The docs.filesender.org site is currently generated from two github repositories. The landing page comes from
https://github.com/filesender/filesender.github.io
which makes the default
http://docs.filesender.org

The pages under that site are generated from the below site with their own index page:
https://github.com/filesender/filesender/blob/development/docs/index.md

That site is written to http://docs.filesender.org/filesender/

The links in the former filesender.github.io are to for example,
https://docs.filesender.org/v2.0/
instead of
https://docs.filesender.org/filesender/v2.0/

Since filesender.github.io is only a single page I am wondering if we should merge that index and the index from https://github.com/filesender/filesender/blob/development/docs/index.md and make a single source for the entire site at docs.filesender.org

The other option is to update the links from filesender.github.io to include the /filesender/ prefix so they work again which I might do as a first measure so things work again while we decide if a merge is desired.

Community asked for a decision on potentially using Weblate for automated translation and localisation:
https://weblate.org

Ticket in dev repo: filesender/filesender#1336

Ben Martin reports MoU11 M4: Convert upload page to using multiple stages is completed and requests board acceptance.

As there are many options available for uploading files it is very possible for casual users to become overwhelmed by the choices and find the software difficult to use.
This milestone will split the upload process into stages 1-4. The first stage will allow file and directory selection and the possibility to encrypt the files using a supplied or generated passphrase. Stage 2 will primarily allow the user select if they want to either get a URL to download the files or send an email directly from the server to the recipient(s). Other less needed options are also presented in this stage. Stage 3 will track the progress of the upload resulting in a movement to stage 4 with details of the upload on success.
In order to allow designers to update this process the user interface elements are shown based on CSS classes applied in the HTML for their stage which the element should be shown in.

Updates to address M3 "Address the issues from the Secura security audit" have been committed to github development.

This includes the changes in 2.40. Some of the early changes in 2.40 were listed in the m1 so are not applicable to this list.
https://github.com/filesender/filesender/releases/tag/filesender-2.40

Updates up to 2.40 have been merged into the 3.x alpha series and a beta1 was made. This is the first significant update to the 3.x series in a while.
https://github.com/filesender/filesender/releases/tag/master3-filesender-release3.0.beta1
The bootstrap and bootbox versions have been updated and improvements to the custom logout button when using POST to logout. filesender/filesender#1460
This includes a few post validation PRs to update some minor issues found by community members filesender/filesender#1471 filesender/filesender#1472.

Ignore NoSuchBucket exception in deleteFile (StorageCloudS3 class)
filesender/filesender#1469

Validation against SimpleSAMLphp 2.x was done and an update produced to allow FileSender to work against both 1.x and 2.x filesender/filesender#1473

docs: docuemnt valid_filename_regex and add an example from makinog3
filesender/filesender#1476

convert unicode surrogate pairs for use in javascript (from makinog3)
filesender/filesender#1477

A new transfer option has been worked on and largely tested to allow one time verification codes to be sent to people prior to download to verify that they have control of an email account. This turned out to be a larger update than I had expected.
filesender/filesender#1480

One outstanding issue was discovered and investigated for recent Safari and cookie handling:
filesender/filesender#1439

Use enterprise CLA

This was resolved with filesender/filesender#1268

This requires a vid to be sent with guest requests and forces both roundtriptoken and owasp csrf to be on for guest interactions. This means that the vid would need to be known or guessed and that the two tokens would have to be leaked from an active browser session for possible attack. The roundtriptoken is unique for each new transfer created, the owasp csrf is a session based token.

This is described in detail in section 5.1.7 of the recent security audit.

The development3 branch has been updated to use Bootstrap 5.
filesender/filesender#1116

And make use of Sass
filesender/filesender#1117

Some time in the next week or so there will be a new 2.x series release with some updates which I will merge into the development3 branch before making a 3.0alpha1 release from development3.

To facilitate "Geant inside" on sponsorship agreement + invoice

In filesender/filesender#1156 a new TeraReceiver mode is introduced and optionally used to download encrypted files using a single web worker. The core of this milestone is moving from the callback style to using the TeraSender manager object to administer a web worker to perform the actual chunk download. This required update to not only the callback flow but also to progress and error handling to work from a web worker context rather than the primary browser thread.

The FileSender pages on the Commons Conservancy should be updated to reflect 6323477 ..
Nicole is still mentioned in numerous places

This includes the changes in 2.45, 2.46, 2.47, and 2.48:
https://github.com/filesender/filesender/releases/tag/filesender-2.45
https://github.com/filesender/filesender/releases/tag/filesender-2.46
https://github.com/filesender/filesender/releases/tag/filesender-2.47
https://github.com/filesender/filesender/releases/tag/filesender-2.48

And merging updates into the 3.x series and the two beta releases. Some of the work contained in beta6 was completed in m1 and only released in this time frame (That committed in December).
Release 3.0.beta5 https://github.com/filesender/filesender/releases/tag/master3-filesender-release3.0.beta6
Release 3.0.beta4 https://github.com/filesender/filesender/releases/tag/master3-filesender-release3.0.beta7

What sort of account should the project use on dockerhub for image uploads?

It seems that Docker Personal works for FileSender's needs.

In particular this PR add support for building docker images and uploading them but that does need credentials during upload filesender/filesender#956

Use individual CLA

Organise that Uninett signs enterprise CLA for its contributions to FileSender

There is one pending task for this milestone: to move the Savage process to
a virtual machine on the Internet. This VM is kindly being provided by aarnet
and I will move the process to that VM from my desktop machine once it is
available. In the meantime I may run the Savage task on my desktop machine.

I have brought up my local selenium test vm to run things against and
updated the tests to all run again and updated the test suite itself to be
more robust against subtle timing issues which were causing a false failure to
be reported in the suite run.

filesender/filesender#1016
filesender/filesender#1004
filesender/filesender#1005
filesender/filesender#1006
filesender/filesender#1007

The tests are also a little more resilient to recent menu changes, for
example:
filesender/filesender#1003

I also updated the main CI github actions job file to be able to work on the
main repository and on the filesenderuici repository used by savage. The later
repository selects the jobs to run only the UI tests with the sauce tunnel.

filesender/filesender#1017
filesender/filesender#1018

There were are series of tests of the web hooks that start savage, for
example:
filesender/filesender#1023

Rather than allow savage or the filesenderuici user to make comments on the
main repository I setup a github action to create a comment on PRs in the main
repository with a link to the filesenderuici repository where selenium test
results would be if the run was executed there. Not allowing such write access
helps to mitigate issues if the savage/filesenderuici is somehow compromised.
filesender/filesender#1027

This resulted in a test of the linking in
filesender/filesender#1031

I may disable (or greatly extend the time frame for) the branch deletion in
savage to ensure that test results stay around indefinitely on the
filesenderuici repository.

Although it was not in the milestone itself, I played around for a while
trying to run selenium in docker through github actions. This is recorded in
PR 1002.
filesender/filesender#1002

The advantage of the setup in 1002 is that there would be no secret sauce
labs key to protect as the test would run entirely in the same github actions
virtual environment. The downside is that sauce labs have a nice web interface
and none of that would be available from the base selenium docker vm in github
actions. The closest I found was being able to perhaps capture video files and
save them as artifacts in github actions. That would result in a huge amount
of data on github actions which might not be too welcome there.

Longer term I think perhaps having both selenium in docker and the savage run
sauce labs testing (using the same suite) would be handy. The docker run could
always execute and would tell if none of the tests failed with the proposed
change in the PR. The savage run could be used to investigate failed tests
with nice video and interaction history. Though the savage run might not
execute all the time because of 'risky' changes (relative to leaking the sauce
labs secret) that were made.

This is one of the tests for the setup. The main PR on the primary filesender
github repo
filesender/filesender#1044

which has a link to the push on the filesenderuici repo which itself links to
the github actions on there with the selenium build
https://github.com/filesenderuici/filesender/actions/runs/859064989

more explicitly
https://github.com/filesenderuici/filesender/runs/2626423153?check_suite_focus=true

This includes the changes in 2.41. Some of the early changes in 2.41 were listed in the m2 so are not applicable to this list.
https://github.com/filesender/filesender/releases/tag/filesender-2.41

The major new feature in 2.41 which is attributable to this milestone is the new option to use File System Access API on Chromium browsers filesender/filesender#1499

Updates up to 2.41 have been merged into the 3.x alpha series and a beta2 was made.

The language import scripts have been updated to use the new API key for the FileSender organization on poeditor.
filesender/filesender#1526

The diagnosis and merge of an update to the guzzle library version. As mentioned in a comment on github this has very limited exposure as both ends of the session are under the complete control of the site admin.
filesender/filesender#1525

Information leading to the update on mail handling for better container deployment
filesender/filesender#1520

organise signed contributor license agreement for Chris Richter's contributions to FileSender. Should be enterprise CLA, as contract was signed with Ricoshea Ltd.

This milestone is resolved in the following updates:

Update some versions filesender/filesender#1239
Those updates are available in release 2.32 filesender/filesender#1241
Cookies: override the cookie_domain with settings from config.php filesender/filesender#1248

MoU14 m4:

A restrictive (sub)domain should be defined when setting a session cookie. If a too generic domain is defined, for instance example.com, the cookie is transmitted to other applications on every other subdomain as well. The browser will send the session cookie to all subdomains of the specified domain. This allows an attacker with access to a system that runs under a subdomain to obtain the value of the user’s session cookie.

Some libraries that are included with a FileSender release need to have their versions updated.

NLnet provides certain financial-administrative services to FileSender, as a programme in TCC. It'll be beneficial if TCC's scalability and sustainability (and hence for FileSender) if NLNet has a clear catalogue of services for programmes in TCC, and a clear business model around that.

The review is at filesender/filesender#1530 (comment)

test policy

This includes the changes in 2.42.
https://github.com/filesender/filesender/releases/tag/filesender-2.42

The discovery and mitigation of the memory leak in encrypted file upload in chrome was a major part of this work filesender/filesender#1564 That has been confirmed to allow continued upload by an NREN.

Some investigation into using Domain Sharding https://developer.mozilla.org/en-US/docs/Glossary/Domain_sharding was also performed with good initial results. This is done to circumvent the 6 active http request boundary in some modern browsers and thus allow 12 or 16 terasender workers to do their thing without being strangled by the browser. A number of HTTP headers are required for this to work and a final (and secure) guidance for that update has not been formulated as yet.