Description:
This update for rclone fixes the following issues:
- Update to version 1.74.1:
* Version v1.74.1
* build: update golang.org/x/net to v0.53.0 to fix CVE-2026-33814
* build: fix multiple CVEs by upgrading to go1.26.3
* drime: fix uploads of 100..200M files
* drime: fix large file uploads landing in drive root instead of configured folder
* docs: sponsor updates
* s3: add new Fastly Object Storage regions
* cloudinary: fix retrying every error and fix pacer sleep units
* s3: fix STS call per request by caching AssumeRole credentials
* protondrive: fix segfault when copying files missing revision metadata
* protondrive: route library logging through rclone's logger
* protondrive: route HTTP through rclone's transport
* bisync: fix retryable without --resync error message when --resync has a critical failure
* cmd/serve/s3: return object listings in key order
* Start v1.74.1-DEV development
- Update to version 1.74.0:
* Version v1.74.0
* docs: add missing Huawei Drive docs
* Add Huawei Drive support
* s3: add Impossible Cloud as a new S3 provider
* build: add `make fetch-gui-and-commit` to fetch and commit the embedded GUI
* gui: embed compressed dist.zip in the binary for smaller, reproducible builds
* docs: update the GUI docs to reflect the new `rclone gui`
* Add John Volk to contributors
* drime: fix listings of large directories
* docs: fix iCloud docs after website update (missed in the merge)
* protondrive: fix server-side moveto and DirMove against current API
* build: Update all packages with pseudo versions which aren't v0.0.0
* Add Chris Coughlan to contributors
* Add Yakov Till to contributors
* iclouddrive: add read only iCloud Photos support and SRP authentication
* mountlib: rc: fix mounts created with mountPoint "*" overwriting each other
* vfs/vfscache/downloaders: kick waiters periodically, not just once
* rc: add user directories to core/disks and filter mounts better
* docs: notes on how to update pseudo versions
* Add dlaumen to contributors
* Add Luke Cyca to contributors
* Add mathieulongtin to contributors
* protondrive: update to latest go-proton-api to use new host
* docs: amend Google Drive client_id instructions to include running web-based auth flow
* azureblob,azurefile: fix documentation about federated identity
* internxt: implement multi-part uploads
* serve dlna: remove file extensions from titles to prevent Samsung TV duplication
* serve dlna: fix XML quote escaping for Samsung TV compatibility
* serve dlna: handle empty ObjectID from Samsung TVs
* serve dlna: add Samsung-specific XML namespace
* serve dlna: fix invalid dc:date for containers
* serve dlna: fix container childCount to reflect actual contents
* serve dlna: fix SOAP response argument ordering for Samsung TV compatibility
* Add Anton Bordwine to contributors
* listremotes: add --exact flag for filtering - fixes #9076
* build: bump github.com/Azure/go-ntlmssp to 0.1.1 to fix CVE-2026-32952
* azurefiles: fix missing x-ms-file-request-intent header with OAuth - fixes #9367
* Add tdawe to contributors
* Add Jan Heylen to contributors
* protondrive: align backend with newer Proton SDK stack
* s3: fix bucket creation failing on Ceph/radosgw
* rc: add core/disks to enumerate attached disks
* build: update golang.org/x/image/webp to v0.39.0 to fix CVE-2026-33813
* Add SyoBoN to contributors
* docs: fix typo
* docs: fix code comment regarding cmount tag
* s3: add HCP provider and list_versions_oldest_first quirk
* mega: fix crash when logging in with previous auth keys fails
* pcloud: fix recursive listing from the root - fixes #9315
* rc: flip auth default so all endpoints require auth unless opted out
* Changelog updates from Version v1.73.5
* operations: add AuthRequired to operations/fsinfo to prevent backend creation CVE-2026-41179
* rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41176
* rc: add AuthRequired to options/set to prevent auth bypass CVE-2026-41176
* accounting: fix rcat/copyurl for files.com
* bisync: fix integration tests after sftp log changes
* build: bump actions/github-script from 8 to 9
* fstest/test_all: stop test servers on signal, panic, or exit
* fstest/testserver: add CleanupAll for end-of-run server sweep
* fstest/testserver: add force-stop and reconcile stale refcounts
* fshttp: add --dump curl for dumping HTTP requests as curl commands
* s3: fix empty delimiter parameter rejected by Archiware P5 server
* serve nfs: fix EOF flag in READ response not being set when read reaches end of file
* webdav: optimize performance by using Depth=0 for metadata requests
* bisync: fix flaky TestBisyncConcurrent by increasing random name entropy
* azureblob: add --azureblob-decompress flag to download gzip-encoded files
* docs: serve backend metadata as JSON on the website
* azureblob/auth: add Microsoft Partner Network User-Agent prefix
* vfs: add context parameter to New() for config propagation
* vfs: replace context.TODO/Background with stored VFS context
* build: fix `make fetch-gui` in CI workflow - it was in the wrong place
* gui: join Wait goroutines on shutdown
* gui: remove flag.Lookup test guard around browser open
* gui: drop freePort helper, use libhttp port binding for the RC server
* gui: allow serving from a local zip file or an unpacked directory
* gui: don't run fetch-gui on make
* build: fix GitHub API rate limit errors when fetching GUI dist in CI
* drime: fix User.EntryPermissions JSON unmarshalling
* filen: make multi-threaded upload chunks individually retryable
* chore: add Enduriel as filen backend maintainer
* filter: fix debug logs that fire before logger is configured - fixes #9291
* Add Mozi to contributors
* Add Brais Couce to contributors
* gui: new command to launch the https://github.com/rclone/rclone-web/ GUI
* s3: fix TencentCOS CDN endpoint failing on bucket check
* s3: fix --s3-versions flag ignored by cleanup-hidden when GetBucketVersioning fails
* iclouddrive: fix 'directory not found' error when the directory contains accent marks
* downloaders: fix flaky TestDownloaders/EnsureDownloader test
* sftp: warn the user if no host key validation is configured
* Add TheBabu to contributors
* lib/http: Add HTTP/2 cleartext support in server configuration
* build: add explicit permissions to GitHub Actions workflows
* vfscache: fix grace timer reusing stale fd after _checkObject removes cache file
* webdav: Add a section on symlink/junction points in the help
* Changelog updates from Version v1.73.4
* build: update all dependencies
* docs: fix XSS vulnerability in dropdown mobile header
* build: fix Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder
* linkbox: fix downloading files by using web API - fixes #8665
* vfs: fix tests after --vfs-handle-caching
* Add Suyun to contributors
* build: fix loong64 and s390x build
* jottacloud: add encoding of percent character to default backend encoding
* docs: fix markdown issues in mount docs
* docs: fix header level for metadata option
* vfs: fix slow nfs serve by adding --vfs-handle-caching
* Add Xiangzhe to contributors
* Add Mike GIllan to contributors
* fix(docs): Fix link to not be language specific
* iclouddrive: lowercase Apple ID for SRP authentication
* iclouddrive: use dynamic origin for SRP auth headers
* iclouddrive: replace plaintext signin with SRP authentication
* docs: modernize rclone.org site design
* Add Andriy Senyshyn to contributors
* Add Claude Opus 4.6 to contributors
* Add jinyu.han to contributors
* Add jinkeyuu to contributors
* Add lif to contributors
* Add BizaNator to contributors
* Add Patrick Farrell to contributors
* Add Jason to contributors
* Add ZRHan to contributors
* Add Andrew Furman to contributors
* Add Andriy Senyshyn to contributors
* Add Bhagyashreek8 to contributors
* s3: add UCloud Object Storage provider (#9230)
* bisync: fix handling of unreadable lockfiles - fixes #9290
* librclone/ctest: add Windows support and fix memory management
* s3: fix regression where PutObject fails with non-seekable readers
* filen: update SDK version
* build(deps): bump golang.org/x/image from 0.36.0 to 0.38.0
* docs: note macOS 10.15 (Catalina) support with version v1.70.3
* Add OVHcloud storage classes
* local: remove fadvise calls that cause spinlock contention
* Changelog updates from Version v1.73.3
* build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2
* docs/jottacloud: fix broken link
* docs: clarify Filen password change requires updating both password and API key in rclone config
* docs: note that Filen API key changes on password change
* build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3
* webdav: request only required properties in listAll to improve performance
* s3: fix Content-MD5 for Object Lock uploads and add GCS quirk
* s3: add multi tenant support for Cubbit
* lib/rest: fix URLPathEscapeAll breaking WebDAV servers (eg nzbdav) with strict path matching
* copyurl: fix ignored --upload-headers and --download-headers
* s3: IBM COS: provide ibm_iam_endpoint as a configurable param for IBM IAM-based auth
* list: fix nil pointer panic in Sorter when temp file creation fails
* docs: update RELEASE procedure to avoid mistakes
* Add Billy Hughes to contributors
* accounting: Add deletedDirs stat to core/stats help output
* docs: added text to the label showing version-introduced info
* Changelog updates from Version v1.73.2
* fs/log: fix data race on OutputHandler.format field
* build(deps): bump docker/build-push-action from 6 to 7
* build(deps): bump docker/setup-buildx-action from 3 to 4
* build(deps): bump docker/metadata-action from 5 to 6
* build(deps): bump docker/setup-qemu-action from 3 to 4
* build(deps): bump docker/login-action from 3 to 4
* bisync: update changelog
* bisync: auto-generate rc help docs
* bisync: add more structured info to rc output
* bisync: add missing rc params - fixes #7799
* operations: multithread copy: grab memory before making go routines
* b2: add server side copy real time accounting
* s3: add server side copy real time accounting
* azureblob: add server side copy real time accounting
* operations: add method to real time account server side copy
* Add Duncan F to contributors
* azureblob: add --azureblob-copy-total-concurrency to limit total multipart copy concurrency
* Add razorloves to contributors
* docs: fix new drive flag typo in changelog
* build: update to golang.org/x/net v0.51.0 to fix CVE-2026-27141 #9220
* Add Bjoern Franke to contributors
* Add Brian Bockelman to contributors
* Add Romāns Potašovs to contributors
* Add Adam Kasztenny to contributors
* Add hxnd to contributors
* Add Bjoern Franke to contributors
* Add FTCHD to contributors
* build(deps): bump actions/upload-artifact from 6 to 7
* build(deps): bump actions/download-artifact from 7 to 8
* serve http: add gzip compression
* webdav: permit redirects on PROPFIND for metadata
* webdav: add missing headers for CORS
* docs: Document unsupported S3 object keys with double slashes
* touch: add metadata when using `--metadata-set`
* s3: ionos: updated regions & endpoints
* s3: scaleway: ONEZONE_IA is available in all zones, GLACIER only in FR-PAR
* drive: add integration test for handling folder names with single quotes
* http: dark mode for browser
* docs: note that --use-server-modtime only works on some backends
* Add a1pcm to contributors
* Add Leon Brocard to contributors
* Add Dark Dragon to contributors
* internxt: fix Entry doesn't belong in directory errors on windows
* drime: fix chunk-uploaded files ignoring workspace ID
* s3: add new Fastly Object Storage regions
* docs: Fix headers hierarchy for mount.md
* serve http: add fallback embedded favicon
* graphics: optimise images losslessly with ImageOptim
* docs: update sponsors
* Add Jan-Philipp Reßler to contributors
* Add Chris to contributors
* Add Shlomi Avihou to contributors
* Add Jan-Philipp Reßler to contributors
* Add Varun Chawla to contributors
* Add Prakhar Chhalotre to contributors
* s3: add Object Lock support
* webdav: escape reserved characters in URL path segments
* s3: add Zadara Object Storage provider
* bisync: add group Sync to the bisync command
* archive: extract: strip "./" prefix from tar entry paths
* accounting: update String method output format for clarity in transfer rate representation - fixes #9129
* docs: add instructions on how to update Go version
* build: modernize Go code with go fix for go1.25
* build: update all dependencies
* lib/rest: remove go1.24 workaround now go1.25 is the minimum
* build: update to go1.26 and make go1.25 the minimum required version
* Add Jack Kelly to contributors
* Changelog updates from Version v1.73.1
* build: fix build using go 1.26.0 instead of go 1.25.7
* fs/march: fix runtime: program exceeds 10000-thread limit
* accounting: fix missing server side stats from core/stats rc
* pacer: re-read the sleep time as it may be stale
* pacer: fix deadlock between pacer token and --max-connections
* test_all: increase retries for Internxt eventual consistency
* build: fix CVE-2025-68121 by updating go to 1.25.7 or later - fixes #9167
* drime: fix files and directories being created in the default workspace
* docs: update sponsors
* Add kingston125 to contributors
* copyurl: Extend copyurl docs with an example of CSV FILENAMEs starting with a path.
* filelu: migrate API calls to lib/rest
* internxt: implement re-login under refresh logic, improve retry logic - fixes #9174
* docs: add ExchangeRate-API as a sponsor
* Add Cohinem to contributors
* Add Leon Brocard to contributors
* s3: remove StackPath Object Storage provider
* drime: implement About
* build: bump github.com/go-chi/chi/v5 from 5.2.3 to 5.2.5 to fix GO-2026-4316
* Set list_version to 2 for FileLu S3 configuration
* filelu: add multipart upload support with configurable cutoff
* filelu: add multipart init response type
* filelu: add comment for response body wrapping
* filelu: avoid buffering entire file in memory
* docs: update sponsor logos
* s3: add Fastly Object Storage provider
* filen: fix potential panic in case of error during upload
* filen: fix 32 bit targets not being able to list directories Fixes #9142
* pikpak: support custom filenames for addurl backend command - fixes #9111
* Start v1.74.0-DEV development