Releases: manyfold3d/manyfold
v0.73.0
A mixed bag this week; GLTF support, more icon choices, and better password rules, along with a pile of bugfixes. Enjoy!
What's Changed
✨ New Features ✨
- Add index and render support for GLTF (and GLB) files by @Floppy in #2406
- Add RPG-awesome icon support by @Floppy in #2411
- Improve password security with a proper strength check by zxcvbn by @Floppy in #2417
🐛 Bug Fixes 🐛
- Fix incorrect surface materials in renderer by @Floppy in #2408
- Use correct MIME type for .rar files by @Floppy in #2407
- Fix broken default settings (e.g. render style) by @Floppy in #2409
- Fix broken multiuser mode setup (no autologin) by @Floppy in #2410
- Fix up asset paths for fonts by @Floppy in #2415
- fix font paths when using RAILS_RELATIVE_URL_ROOT by @Floppy in #2421
- Use fonts from CDN instead of local to avoid asset path problems by @Floppy in #2422
🛠️ Other Improvements 🛠️
Full Changelog: v0.72.2...v0.73.0
v0.72.2
Another bugfix release, fixing a bug in the last bugfix release! Also resolves some database concurrency issues for the solo image.
What's Changed
🐛 Bug Fixes 🐛
- Fix db:chown task by @Floppy in #2396
- Set the default worker concurrency to 1 in solo by @Floppy in #2397
Full Changelog: v0.72.1...v0.72.2
v0.72.1
A quick bugfix release to fix file permissions when using SQLite databases. If you were having trouble with the solo image, this should help!
What's Changed
🐛 Bug Fixes 🐛
- Make sure SQLite database file permissions are correct on startup by @Floppy in #2392
- Add Rake task for db:chown by @Floppy in #2393
🛠️ Other Improvements 🛠️
- Fix broken NLnet project link in README.md by @neographophobic in #2389
New Contributors
- @neographophobic made their first contribution in #2389
Full Changelog: v0.72.0...v0.72.1
v0.72.0
This release focuses on the deployment and sysadmin aspects of running Manyfold. We've added in support for MySQL / MariaDB database servers, as well as the ability to use SQLite's file-based database if you don't want to run a separate database server.
And at long last, by using SQLite, we've created a new "solo" image, which by default integrates everything into a single container - no need for a separate database or Redis server at all! Just pull manyfold-solo
instead of manyfold
, mount a persistent volume at /config
for the database, and you're up and running!
Bonus feature: we've also cut the size of the docker image down, from 1.5GB to around 250MB, by removing all the build-time stuff that wasn't needed at runtime.
What's Changed
✨ New Features ✨
- Support SQLite databases in production by @Floppy in #2364
- Add support for MySQL database servers by @Floppy in #2366
- Add "solo", a fully standalone container which doesn't need external database or redis by @Floppy in #2374
🐛 Bug Fixes 🐛
- Fix admin filters by @Floppy in #2365
- Fix storage_service bug when migrating database from zero by @Floppy in #2370
- Fix app version strings in Dockerfile by @Floppy in #2371
- Fix s6 readonly filesystem compatibility by @Floppy in #2377
🛠️ Other Improvements 🛠️
- Add security section to release notes by @Floppy in #2368
- Reduce size of docker container using multistage build by @Floppy in #2369
- Improve database configuration options, examples, and docs by @Floppy in #2372
- Run main docker image application using s6 service by @Floppy in #2375
Full Changelog: v0.71.0...v0.72.0
v0.71.0
Not got enough disk space? Now you can create a library that uses S3-compatible cloud storage instead of local disk! This could be from any of a large number of open source or commercial services - either out on the public Internet, or self-hosted!
What's Changed
✨ New Features ✨
🐛 Bug Fixes 🐛
- FIx deletion bug caused by presupported model links by @Floppy in #2355
- Fix storage registration during migrations by @Floppy in #2357
🛠️ Other Improvements 🛠️
- Add ability to set storage engine for library by @Floppy in #2345
- Refactor file access so that everything goes through Shrine by @Floppy in #2351
- Improve library creation and edit forms by @Floppy in #2359
- Hide unused storage service options on page load by @Floppy in #2361
Full Changelog: v0.70.3...v0.71.0
v0.70.3
Another bug fix release, mainly for people with libraries with IDs of 10 or over, plus a bonus fix for extraneous MeshLoadErrors (because it was trying to load images not meshes)
What's Changed
🐛 Bug Fixes 🐛
- Check if a file is 3d before trying to do geometric analysis by @Floppy in #2343
- Fix incorrect library fetching when ID has >1 digit by @Floppy in #2344
Full Changelog: v0.70.2...v0.70.3
v0.70.2
FIxing a couple of bugs in the recent release, mainly around ever-increasing cache folder size (which should now be automatically cleaned up) and some subtle background errors at first startup and library creation.
What's Changed
🐛 Bug Fixes 🐛
- Automatically update workers with new libraries before jobs start by @Floppy in #2341
- Avoid copying and caches when organizing files by @Floppy in #2342
🛠️ Other Improvements 🛠️
Full Changelog: v0.70.1...v0.70.2
v0.70.1
v0.70.0
This releases brings BIG changes to the upload process. Firstly, file upload progress is shown as it happens, so you can see what's going on; then, the extraction of zip files happens in the background, so you can carry on using Manyfold while it happens. Models are created straight away, without the need for a full scan, so the "scan after upload" button has gone away. And finally, perhaps our single most popular feature request - you can now upload individual files as new models! So, no need to zip up a single STL any more.
We're certainly going to build on this more, with options like uploading files into an existing model, and renaming models during the upload process, which you can see on the feature roadmap.
We've also made changes to the way the background processing works. Expensive jobs like geometric analysis and file conversion may now take a little longer to work through by default, but they shouldn't saturate the server and stop other things happening in the meantime. You can control the concurrency of the background runners using the new DEFAULT_WORKER_CONCURRENCY
and PERFORMANCE_WORKER_CONCURRENCY
options, which are set to 4 and 1 by default. If you have lots of CPU and memory on your server, you can bump those up.
The underlying change that's enabled all of this is a big rewrite of the actual file storage engine. You shouldn't notice any difference, although this enables some great stuff in future, like support for cloud storage.
NOTE: it may take a long time to migrate data during the upgrade, depending on the size of your library, perhaps in the region of 10-20 seconds per gigabyte.
If you have any problems, as always, come say hi in our very helpful support chat or file a bug report on GitHub.
What's Changed
✨ New Features ✨
- Upload single 3d or image files as new models by @Floppy in #2323
- Improved uploader using Shrine and Uppy by @Floppy in #2315
- Automatically scan uploaded files, and more efficiently by @Floppy in #2320
- Change default upload size limit to 1GiB by @Floppy in #2319
- Add environment variable for database pool size by @aneurinprice in #2293
🐛 Bug Fixes 🐛
- Use new Rails 7.1 Redis connection pool by @Floppy in #2298
- Fix potential file access error when using read-only container filesystem by @Floppy in #2313
- Renormalize i18n file by @Floppy in #2321
- Fix CSS import for Uppy by @Floppy in #2326
- Fix tag 404 error when deleting models by @Floppy in #2327
🛠️ Other Improvements 🛠️
- Use our own fork of sqlite3_ar_regexp to get Rails 7.1 support by @Floppy in #2294
- Update to Ruby 3.3.1 by @Floppy in #2296
- Update donate link to go to website donate page by @Floppy in #2300
- Create security reporting policy by @Floppy in #2304
- Add Shrine storage engine by @Floppy in #2198
- Set connection pool size for ActiveJob::Status to same as DB by @Floppy in #2310
- Improve behaviour of background workers by @Floppy in #2312
- Move uploading into ModelsController by @Floppy in #2314
- Move archive decompression into a background job by @Floppy in #2322
Full Changelog: v0.69.0...v0.70.0
v0.69.0
We had a security audit recently, thanks to NLNet / NGI Zero and Radically Open Security. This release fixes a load of security issues that were found in the audit, many of which fix other bugs at the same time.
The biggest obvious change is that you should now set PUID
and PGID
environment variables to specify which user and group Manyfold should run as - before, it would run as root because that's what Docker does by default, and that's obviously a security risk. If you don't set those variables, it will continue to run as root, but it will warn you loudly until you change it! Don't forget to make sure that your libraries are writable by the user you choose!
Visit our new Security page for more details on these and other new options to make your instances more secure!
What's Changed
✨ New Features ✨
- Show admins a security alert if container is being run as root by @Floppy in #2252
- Add PUID and PGID env vars to control which user the app runs as by @Floppy in #2253
- Lock accounts temporarily after too many failed login attempts by @Floppy in #2254
- Show free space in upload selector and library details (for admins only) by @Floppy in #2260
- Limit file upload size by @Floppy in #2266
- Add HTTPS_ONLY env option to force secure-only connections by @Floppy in #2275
- Limit size of extracted files on upload by @Floppy in #2281
🐛 Bug Fixes 🐛
- Restrict problem viewing to contributors, not viewers by @Floppy in #2257
- Set secure flags on libarchive extraction to avoid "Zip Slip" exploits by @Floppy in #2258
- Fix upload file filter on Windows machines by @Floppy in #2261
- Fix translation linter error by @Floppy in #2262
- Avoid naming race condition on upload by @Floppy in #2268
- Stop username enumeration through password reset form by @Floppy in #2283
- Check problematic item exists when rendering problem list by @Floppy in #2289
- Allow inline style attributes in Content-Security-Policy by @Floppy in #2290
🛠️ Other Improvements 🛠️
- Check file extension before unzipping uploads by @Floppy in #2267
- Make the "remember me" cookie HTTPS-only if appropriate by @Floppy in #2276
- Completely reset user session on logout by @Floppy in #2279
- Add session timeouts to reduce session fixation/hijacking by @Floppy in #2280
- Mitigate timing attacks on user lookups by @Floppy in #2282
- Change from cocoon to cocooned by @Floppy in #2259
- Remove external jQuery and selectize scripts by @Floppy in #2285
- Reduce javascript payload with tree-shaking by @Floppy in #2286
- Add Content-Security-Policy to increase security by @Floppy in #2287
Full Changelog: v0.68.0...v0.69.0