v0.14.2

What's Changed

Added

• Playwright E2E test suite — Replaced legacy Protractor tests with Playwright; 55 tests covering all pages, navigation, themes, and settings (#250)
• Pyright type checking enforced in CI — Completed Pyright phases 3 & 4, fixing 166 type errors to reach 0 errors in basic mode; Pyright check is now required in CI (#249)

Fixed

• ModelFile nullable size fields — local_size and remote_size are now correctly typed as number | null to match the Python backend JSON contract

Security

• Reject control characters in filenames — Decoded filenames containing control characters are now rejected to prevent corrupted file entries and queue command injection (#300)
• Redact sensitive credentials from API — SSH password and key passphrase are no longer exposed in API responses; set handler rejects the redacted sentinel value (#257)

Changed

• Angular dependency updates — Bumped Angular group to latest, jsdom to 29.0.1 (#307, #308)
• CI: actions/setup-python v6 — Bumped setup-python action from v5 to v6 (#306)

Removed

• Legacy Docker E2E infrastructure — Cleaned up Protractor Docker Compose files, test images, and fixture data

Docker Pull

docker pull ghcr.io/nitrobass24/seedsync:0.14.2

Full Changelog: v0.14.1...v0.14.2

v0.14.1

What's Changed

Fixed

• Parser crash on long filenames — Chunk progress lines that wrap across PTY boundaries no longer crash the controller; unrecognized lines inside a job context are skipped with a warning (#290, #293)
• False download completion on parser error — Parser failures no longer trigger false "download completed" signals that left files stuck in staging at partial progress (#296)
• Progress tracking with .lftp temp naming — ActiveScanner now recognizes .lftp-suffixed temp files in staging, fixing 0% progress display for single-file downloads when temp naming is enabled (#298)
• Remote scanner compatibility — Fixed Python 3.8+ compatibility for scan_fs.py which runs on remote seedbox servers

Changed

• PEP 621 pyproject.toml — Consolidated Python dependencies from Poetry format to PEP 621 with proper dependency groups (runtime, test, dev); removed dead dependencies (#287)
• Ruff linting and formatting — Added Ruff as Python linter/formatter with CI enforcement; applied auto-fixes across 99 files (#288)
• Pyright type checking — Added Pyright in basic mode with CI reporting; fixed 91 type errors across 26 modules (#292, #295)
• Python unit tests in CI — Python tests now run in CI alongside Angular tests (#287)
• Angular dependency updates — Bumped Angular group to 21.2.4, vitest to 4.1.0, jsdom to 29.0.0 (#282, #283, #284)

Docker Pull

docker pull ghcr.io/nitrobass24/seedsync:0.14.1

Full Changelog: v0.14.0...v0.14.1

v0.14.0

What's Changed

Added

• Inline transfer verification — LFTP's xfer:verify checksums files during download, catching corruption in real-time; enabled by default (#242)
• Post-download integrity checking — Optional validation step that compares local and remote checksums via SSH after download, with per-file Validate button and Validated/Corrupt status indicators (#125, #276)
• File list pair label column — File list shows which path pair each file belongs to (#156)
• Accessibility — All file action buttons converted to native <button> elements (#241)
• Comprehensive test coverage — 287 unit tests across Angular (Vitest) and Python (pytest) (#225)

Changed

• Alpine-only Docker image — Removed Debian variant; all images are now Alpine-based (~45 MB), multi-arch (amd64/arm64) (#231, #244)
• Multiprocessing fork to spawn — Fixes Python 3.12 deprecation warnings (#228)
• Verbose logging in web UI — Verbose LFTP logging setting exposed in Settings > Logging (#266)
• CI deduplication — Eliminated redundant amd64 Docker build; publish triggers now build, test, and push in a single job (#274)

Fixed

• Stopped download delete stuck — Deleting local files for a stopped download no longer leaves the UI spinner and ActiveScanner polling forever (#271, #272, #273)
• File descriptor leak on restart — Multiprocessing Event/Queue references released in close_queues() to prevent FD exhaustion across restarts (#265)
• Model rebuild log noise — Temporary model objects no longer emit "Adding file" log messages every controller loop iteration (#267)

Docker Pull

docker pull ghcr.io/nitrobass24/seedsync:0.14.0

Full Changelog: v0.13.5...v0.14.0

v0.13.5

What's Changed

Fixed

• Exclude patterns use wrong LFTP flag — Changed --exclude (regex) to --exclude-glob (glob) so patterns like *.nfo work correctly instead of being silently misinterpreted as regex (#271)

Changed

• LFTP queue command logging — Log LFTP queue commands at INFO level (previously DEBUG) for easier troubleshooting without enabling verbose mode
• CI workflow_dispatch support — Allow manual Docker image publishing via GitHub Actions workflow_dispatch trigger

Docker Pull

docker pull ghcr.io/nitrobass24/seedsync:0.13.5

Full Changelog: v0.13.4...v0.13.5

v0.13.4

What's Changed

Fixed

• Exclude patterns not passed to LFTP — Exclude patterns were only filtering the UI display model but were never passed to LFTP's mirror command, causing all files to be downloaded regardless of configured exclusions (#259)
• Parser crash on Unraid PTY line-wrap fragments — Unraid's Docker PTY handling wraps long LFTP progress lines, producing tail fragments that crashed the parser and stopped the container (#260)
• Parser error threshold too aggressive — Bumped consecutive status error threshold so persistent parse issues don't crash the app within seconds
• PTY width override on Unraid — Set COLUMNS=10000 in pexpect spawn environment to prevent Unraid from overriding PTY dimensions

Docker Pull

docker pull ghcr.io/nitrobass24/seedsync:0.13.4

Full Changelog: v0.13.3...v0.13.4

v0.13.3

What's Changed

• chore(deps-dev): bump hono from 4.12.5 to 4.12.7 in /src/angular by @dependabot[bot] in #237
• chore(deps-dev): bump tar from 7.5.9 to 7.5.11 in /src/angular by @dependabot[bot] in #238
• Fix parser crash on unrecognized lftp status lines (#253) by @nitrobass24 in #258

Full Changelog: v0.13.2...v0.13.3

v0.13.2

What's Changed

Fixed

• Recursive exclude filtering — Exclude patterns now filter through nested children, not just top-level files (#158, #217)
• Persist key separator — Replace colon separator with non-printable unit separator (\x1f) to avoid conflicts with filenames containing colons; includes backward-compatible migration of existing persist data (#221)
• Default-pair filenames with colons — Fix _sync_persist_to_all_builders incorrectly excluding filenames like Show 01:02.mkv from default pair contexts (#221)
• Python version check placement — Move version guard above project imports so the friendly error message displays on older Python versions (#224)
• Angular memory leaks — Fix 6 leaked subscriptions in header and sidebar components (#220)
• Shared file key helper — Unify key generation across ModelFileService, ViewFileService, and FileListComponent to prevent separator mismatches (#230)

Added

• LZIP archive detection — is_archive() now recognizes LZIP format with 5-byte magic signature (#218)
• Plain gzip/bzip2 extraction — Support extraction of standalone .gz and .bz2 files (not just .tar.gz/.tar.bz2) (#219)
• Webhook graceful shutdown — WebhookNotifier.shutdown() drains in-flight webhook threads with a configurable timeout, preventing lost notifications on exit (#222)
• 67 new tests — Unit tests for extraction, exclude patterns, webhook drain, persist migration, file-list component, bulk-action-bar component, and path pairs CRUD handler (#219, #226, #227)

Changed

• Angular subscription cleanup — Migrate 6 components from manual Subscription[]/ngOnDestroy to takeUntilDestroyed pattern (#220)
• Shared form template — Extract duplicated path-pairs form fields into ng-template with *ngTemplateOutlet (#223)
• Defensive copy for path pairs — PathPairsConfig.get_pair() returns deep copies to prevent external mutation of internal state (#221)
• Dependency cleanup — Move timeout-decorator from runtime to test-only; remove unused localization strings (#224)
• Angular dependency updates — Bump Angular group dependencies (#213)

Docker Pull

docker pull ghcr.io/nitrobass24/seedsync:0.13.2

Full Changelog: v0.13.1...v0.13.2

v0.13.1

What's Changed

Fixed

• RAR archive extraction — Use source-built 7-Zip 26.00 with RAR codec support; distro packages strip the proprietary RAR codec (#204, #210, #212)
• Extract/move pipeline stall — Fix pending_completion never clearing for files in EXTRACTED or EXTRACT_FAILED state when staging is enabled (#208)
• Auto-delete with path pairs — Fix auto-queue commands missing pair_id for path pair configurations (#205)
• Pre-extraction false negatives — Remove redundant archive verification that rejected valid archives (#207)

Changed

• Pre-built 7-Zip Docker image — Extract 7zz binary from ghcr.io/nitrobass24/docker-7zip instead of compiling from source during CI (#212)

Security

• CodeQL alerts resolved — Fix code scanning alerts identified by GitHub CodeQL (#197)

Docker Pull

docker pull ghcr.io/nitrobass24/seedsync:0.13.1

Full Changelog: v0.13.0...v0.13.1

v0.13.0

What's Changed

Added

• Multiple path pairs — Configure multiple remote/local directory pairs, each with independent LFTP and scanner instances (#122, #149, #155, #161)
• Path pairs settings UI — Full CRUD interface for managing path pairs in Settings, with per-pair enable/disable and auto-queue toggles (#160, #162, #163)
• Exclude patterns — Filter out unwanted remote files using glob patterns (e.g. *.nfo, Sample/), configurable per path pair (#26, #146)
• Multi-select and bulk operations — Select multiple files and apply queue/stop/delete actions in bulk (#123)
• Webhook notifications — HTTP POST notifications on file download/extract events (#128)
• Historical log query — /server/logs endpoint with search, filter, and level controls; accessible from the UI (#124)
• Structured JSON logging — Optional JSON log format for log aggregation tools (#127)
• Alpine Docker image — Lightweight Alpine variant alongside the Debian image, published as *-alpine tags (#164)
• Docker HEALTHCHECK — Built-in health check for container orchestrators with WEB_PORT env var support (#164, #180)

Changed

• Python scanfs replaces PyInstaller binary — Remote scanner is now a plain Python script, eliminating glibc compatibility issues with seedbox servers (#80, #148)
• JSON serialization for scanfs — Scanner uses JSON instead of legacy serialization for safer, more debuggable output (#129)
• Consolidated extraction to 7z — All archive extraction (zip, rar, 7z, tar, gz, bz2, xz) now uses the single 7z binary, removing the unrar dependency and reducing image size (#178)
• Dual-image CI pipeline — CI builds and tests both Debian and Alpine variants on every push, with parallel arm64 builds on develop (#164, #175, #176)
• Startup log improvements — Path pairs dumped at startup for debugging; model logs show short pair ID instead of full GUID (#165)

Fixed

• Per-pair extraction pipeline — Extraction now uses the correct path pair's filesystem paths instead of always using the first pair (#167, #173)
• Per-pair staging subdirectories — Each path pair gets its own staging subdirectory, preventing filename collisions (#168, #173)
• Unique pair name enforcement — Duplicate pair names are now rejected on create/update (#169, #172)
• Graceful pause when all pairs disabled — Controller idles cleanly and the UI shows an informational banner instead of falling back to legacy behavior (#170, #174)
• Spurious staging moves on restart — Files already moved to their final location are no longer re-queued for move on container restart (#177, #179)
• Healthcheck IPv6 resolution — Healthcheck uses 127.0.0.1 explicitly instead of localhost, which resolved to IPv6 ::1 on Alpine (#180)

Removed

• paste WSGI server — Replaced with Bottle's built-in multithreaded server (#140)
• patool dependency — Archive extraction consolidated to 7z (#141, #145, #178)
• unrar dependency — Removed in favor of 7z which handles all RAR formats (#178)

Docker Pull

docker pull ghcr.io/nitrobass24/seedsync:0.13.0

Alpine variant:

docker pull ghcr.io/nitrobass24/seedsync:0.13.0-alpine

Full Changelog: v0.12.10...v0.13.0

v0.12.10

What's Changed

Added

• API key authentication — Optional API key protects all /server/* endpoints. Set via Settings > Web > API Key. SSE stream accepts key as query parameter; config GET is exempt for frontend bootstrapping (#130)
• Security response headers — Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy on all responses (#130)
• CSRF protection — Origin/Referer validation on state-changing requests with loopback exemption (#130)
• Rate limiting — Per-IP sliding window (120 requests/60s) on all endpoints except SSE stream (#130)
• Config file backup — Automatic backup before each config save, keeps last 10 with ISO timestamps (#130)
• Scanner home directory fallback — Automatically retries scanner installation to ~/ when /tmp is restricted on the remote server (#114)
• Server Script Path documentation — README troubleshooting, configuration docs, and FAQ entries for common scanner installation issues (#114, #115)

Fixed

• CSP blocks inline scripts — Moved inline theme detection to external theme-init.js and disabled Beasties critical CSS inlining to comply with script-src 'self' (#134)
• Settings page not loading — Eagerly initialize ConfigService and AutoQueueService in APP_INITIALIZER to ensure config loads on first connection (#136)
• SSE API key state mismatch — Clear SSE stream API key at all config-reset paths (disconnect, parse failure, fetch failure) to prevent stale auth (#136)
• SFTP permission preservation overrides umask — Disabled lftp sftp:set-permissions so local umask applies to downloaded files (#115)
• Scanner path traversal in delete endpoints — Validate filenames and check path containment before local/remote delete operations (#130)
• Zip-slip extraction protection — Pre-validate archive members for zip/tar; post-extraction walk for RAR/7z (#130)
• API key interceptor scope — Scoped to /server/ URLs only, preventing key leakage to external services (#137)
• Rate limiter memory — Periodic sweep evicts stale one-off IP entries (#137)

Docker Pull

docker pull ghcr.io/nitrobass24/seedsync:0.12.10

Full Changelog: v0.12.9...v0.12.10