Rclone 1.68.2 has been released. Find it in the rclone downloads or use rclone selfupdate to upgrade.
This is a security and bug fix release.
Security fixes
- local backend: CVE-2024-52522: fix permission and ownership on symlinks with
--links
and--metadata
- Only affects users using
--metadata
and--links
and copying files to the local backend - See Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata · Advisory · rclone/rclone · GitHub
- Only affects users using
Most important bug fixes
- s3: Fix crash when using
--s3-download-url
after migration to SDKv2 - s3: Fix multitenant multipart uploads with CEPH
If you’re working in the industry and you feel your company could benefit from a support contract please get in touch at sales@rclone.com or if you’re interested in advertising with us then please drop us a message to sponsorship@rclone.com.
Please consider donating or sponsoring to keep the project sustainable and a big thank you to our existing sponsors.
v1.68.2 - 2024-11-15
- Security fixes
- local backend: CVE-2024-52522: fix permission and ownership on symlinks with
--links
and--metadata
(Nick Craig-Wood)- Only affects users using
--metadata
and--links
and copying files to the local backend - See Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata · Advisory · rclone/rclone · GitHub
- Only affects users using
- build: bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (dependabot)
- This is an issue in a dependency which is used for JWT certificates
- See Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations · Advisory · golang-jwt/jwt · GitHub
- local backend: CVE-2024-52522: fix permission and ownership on symlinks with
- Bug Fixes
- accounting: Fix wrong message on SIGUSR2 to enable/disable bwlimit (Nick Craig-Wood)
- bisync: Fix output capture restoring the wrong output for logrus (Dimitrios Slamaris)
- dlna: Fix loggingResponseWriter disregarding log level (Simon Bos)
- serve s3: Fix excess locking which was making serve s3 single threaded (Nick Craig-Wood)
- doc fixes (Nick Craig-Wood, tgfisher, Alexandre Hamez, Randy Bush)
- Local
- Fix permission and ownership on symlinks with
--links
and--metadata
(Nick Craig-Wood) - Fix
--copy-links
on macOS when cloning (nielash)
- Fix permission and ownership on symlinks with
- Onedrive
- Fix Retry-After handling to look at 503 errors also (Nick Craig-Wood)
- Pikpak
- Fix cid/gcid calculations for fs.OverrideRemote (wiserain)
- Fix fatal crash on startup with token that can't be refreshed (Nick Craig-Wood)
- S3
- Fix crash when using
--s3-download-url
after migration to SDKv2 (Nick Craig-Wood) - Storj provider: fix server-side copy of files bigger than 5GB (Kaloyan Raev)
- Fix multitenant multipart uploads with CEPH (Nick Craig-Wood)
- Fix crash when using