| CARVIEW |
Select Language
HTTP/2 200
date: Wed, 23 Jul 2025 22:55:08 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"f404e0fcc81f298cd13e97addbaf10bc"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=HGY5oqv%2FftQoJo8393KtExAGmWSZzlFWUHn%2FYO2AaRU7Vft7%2FBy4fjTQQe5cB0hF1uMwA3GMif48VunvOefdDtCV4YwyETtIlT9QIYXOvat0O5TBiNi8sD1z3Qx1KCPTbSdT4I7ZaCpjMEpHo%2BJMlWOMWWq21UfshNRBmPO9LdLhvUlqmP5VQHRFSKVTnuEzufq8ziaXwEjlGxjCr7FWEE35LTc7gYGJjZNeAQlsI0vlQzGrGgSCgA7nB2hG8yNSfx1tA4oke6Sf79NizHt37A%3D%3D--w5CEPWenFLyHhJoA--NKSX9jH2k3LhLgv23qrppA%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1295883688.1753311307; Path=/; Domain=github.com; Expires=Thu, 23 Jul 2026 22:55:07 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Thu, 23 Jul 2026 22:55:07 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: DD3E:941DF:11372A8:14A3EAB:6881684B
Releases · Studio-42/elFinder · GitHub
20 Dec 07:46
Loading
13 Jun 16:42
Loading
14 Mar 12:31
Loading
14 Mar 12:30
Loading
13 Jun 15:07
Loading
09 Jun 08:28
Loading
05 Jun 08:10
Loading
09 Apr 02:35
Loading
18 Mar 11:39
Loading
14 Mar 14:05
Loading
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Releases: Studio-42/elFinder
Releases · Studio-42/elFinder
Version 2.1.64
Compare
Changes form previous version
Version 2.1.64
- [css] re-fix #3584 css error and CI
Version 2.1.63
- [php:core] fix download a file via context menu the windows download popup don't close (#3619)
- [VD:MySQL] Use prepared statements instead of escaping when saving file (#3604)
- [VD:core] fix #3617 Filename Restriction Bypass Leading To Persistent Cross-site Scripting
- [js] fix #3614 $.isFunction() is deprecated in jQuery
- [js] Update to jQuery 3.7.1 and Jquery UI 1.13.2
- [VD:LocalFileSystem] fix #3615 Using .php8 in PHP handler leading to RCE
- [cmd:upload] fix #3575 Drag&Drop Upload Issue with Firefox
Assets 2
3 people reacted
Version 2.1.62
Compare
Changes form previous version
- [php:core] prevent garbled file name when URL upload
- [js:core,upload] fixed DnD in-browser image upload in Chrome
- [js:options] update CDNs
- [js:core,upload] fixed DnD in-browser image upload in Chrome
- [php] Update elFinderVolumeSFTPphpseclib.class.php (#3483)
- [mime.types] Update mime.types to allow MS outlook message files (#3499)
- [js:cmd:resize] fix #3513 rotate bug on Chrome
- [VD:LocalFileSystem] Security fixes, directory traversal vulnerability fixes
- Awaiting CVE ID.
- This issue was found by Michał Majchrowicz & Livio Victoriano AFINE Team.
- Correctly urlencode path in setcookie(); fix #3538 (#3561)
- [js:core] fix #3572 Useless backend request during elFinder.sync()
- [VD:LocalFileSystem] fix #3543 Can't download folder in PHP 8.1
- [php:core] fix #3546 Use elFinder::getCmdOfBind instead of self::getCmdOfBind which is deprecated in PHP v8.2
- [VD:SFTP] fix SFTP driver fatal error, cleanup (#3574)
- And some minor bug fixes
Assets 2
4 people reacted
Version 2.1.61
Compare
Changes form previous version
- [security] Fixed #3458 filename bypass leading to RCE on Windows server
- [security:CVE-2022-26960] Fixed a path traversal issue
- [i18n] Updated ru and fr
- [js] Updated CDNs of external libs
- And some minor bug fixes
Assets 2
12 people reacted
Version 2.1.60
Compare
Changes form previous version
- [VD:OneDrive] show error on _od_obtainAccessToken()
- [ui:cwd] make easily able to mapping mimetype to the kind (#3375)
- [cmd:rm] Fixed an issue that sometime ignore the delete button and into the trash
- [VD:LocalFileSystem] Fixed #3429 RCE on Windows server
- [js:core,options] Fixed #3401 add an option workerBaseUrl
Assets 2
Version 2.1.59
Compare
Changes form previous version
- [Security:php] Fixed multiple vulnerabilities leading to RCE
- [php:session] Fixed #3278 wrong code of typo
- [js:core] #3351 allow columnsCustomName[x] to be a function
- [css:quicklook] Fixed #3240 remove unnecessary color specifications
- [cmd:extract] Fixed #3252 for checking the existence of existing files
- [js:core] Fixed #3359 add an option "noResizeBySelf"
- [VD:abstract] Fixed #3216 missing url option on upload into root
- And some minor bug fixes
Assets 2
Version 2.1.58
Compare
Changes form previous version
- [VD:abstract] Fixed #3151 support RAR5 lib
- [cmd:fullscreen] Fixed #3177 wrong fullscreen button caption
- [js:core] Supports cookie samesite attribute
- [VD:SFTP] Add new SFTP driver, via phpseclib library
- [js:core] Fixed #3193 auto-detection of baseUrl
- [js:upload] Fixed upload bug (#3264)
- [VD:abstract,php] make the thumbnail support webp (#3265)
- [php:core] Fixed #3250 error only variables can be passed by reference
- [VD:abstract] add 'phar:*' => 'text/x-php' into 'staticMineMap'
- [VD:abstract] Fixed #3181 add an option uploadMaxMkdirs
- [php:core] Add cwd param to proc_open (#3281)
- [VD:abstract] Bugfix of an option mimeDetect (#3291)
- [UI] Fixed #3302 problem of d&d when copy of UI command is disabled
- And some minor bug fixes
Assets 2
1 person reacted
Version 2.1.57
Compare
Changes form previous version
- [js] Fixed #3148 to support jQuery 3.5.0 update
- [php:core] Fixed #3154 volume that require online access cannot be specified
- [VD:abstract] Fixed #3161 fix option data of cwd results on after change files
- [VD:abstract] Fixed #3167 added "none" (no image library check) to
imgLib - [cmd:resize] Fixed #3158 to make able to change quality without changing dimensions
- And some minor bug fixes
Assets 2
Version 2.1.56
Compare
Changes form previous version
- [js:extras:editors.default] remove Pixlr editor it is no longer possible to display in IFRAME
- [php:core] Fixed #3134 close file pointer before deleting temporary file on shutdown
- [VD:abstract] change prefix of zipdl temp file
- [php:core] Fixed #3136 zipdl fails on Chrome on iOS / iPadOS
- [cmd:netmount] Fixed #3138 OAuth not possible with CORS due to new ITP
- [VD:MySQL,OneDrive] Fixed #3142 remove debug code
- [i18n:pl,ko] Updated translations
- And some minor bug fixes
Assets 2
Version 2.1.55
Compare
Changes form previous version
Assets 2
Version 2.1.54
Compare
Changes form previous version
- [cmd:edit,quicklook] adjustment about select encoding function
- [php:core] add
toastErrorHandlerfor send toast message to client side - [cmd:resize] to allow image resize more image type with the ImageMagick
- [php:session] Fixed #3103 WARNING: setcookie(): Unrecognized key 'lifetime'
- [php:session] Fixed #2857 warning error on start()
- [ui:dialog] delete an option
flexibleHeightso it works well by option `height: "auto"`` - [cmd:edit] bugfix of save as on the serach results
- [php:core] add a public method
utf8Encode()and make new main optionutf8Encoder@callable - [VD:abstract] Fixed #3104 Fixed as much as possible the differences in encoding of archive file names
- [php:plugins:Watermark] repeated use of Imagick::compositeImage() may cause PHP to hang, so disable it
- [js:core] Fixed #3106 enable to specify header name of parrot return to enable ITP measures
- [php:Connector] add a public method
setHeader($value) - [js:core] support fake progress bar
- [VD:OneDrive] bugfix of large file uploading
- [VD:Box] Fixed problem where access token could be lost
- [VD:Box] Fixed processing of
getSharedWebContentLink() - [js:core] if the file URL is public, use it as onetime url
- [php:plugins:Normalizer] support "caron" with option "umlauts"
- [js:core:notify] Fixed #3111 add minimize, close(option) button into notify dialog
- [ja:extars:editors.default] Fixed #2600 remove Creative Cloud Image Editor UI
- [php] Fixed #3114 stream proxy function using the
filecmd corresponds to range request - [js:extras:efitors.default] to show color slider of TUI Image Editor
- [cmd:edit] error handling of ta.getContent()
- [cmd:edit] bugfix of savecl() edit dialog may not re-open in case of error
- [js:core] Fixed #3118 web worker does not work when elfinder.js is cross-site loaded
- [php:core,VD] Fixed #3119 disallow extract of uncompressed size larger than option "maxArcFilesSize"
- [php:core] Fixed #3120 allow plugins (Sanitizer etc) to be applied when pasting from another volume
- [php:plugins:Normlizer,Sanitizer] update example commentation, recommend to bind to action "paste.copyfrom"
- [VD:FTP] Fixed stat() of root on server with no supports "MLST"
- [ui:cwd] Fixed a bug that thumbnails might not be displayed after editing image
- And some minor bug fixes
Assets 2
Previous Next
You can’t perform that action at this time.