8112 Commits
Author SHA1 Message Date
mattnandGitHub 8ca3cca0a0 chore: use path/filepath for local file system paths (#10705)
Build Syncthing / Gather common facts (push) Successful in 32s
Build Syncthing / Build and test (~1.25.0, macos-latest) (push) Has been cancelled
Build Syncthing / Build and test (~1.25.0, windows-latest) (push) Has been cancelled
Build Syncthing / Build and test (~1.26.0, macos-latest) (push) Has been cancelled
Build Syncthing / Build and test (~1.26.0, ubuntu-latest) (push) Has been cancelled
Build Syncthing / Build and test (~1.26.0, windows-latest) (push) Has been cancelled
Build Syncthing / Basic checks passed (push) Has been cancelled
Build Syncthing / Package for Windows (push) Has been cancelled
Build Syncthing / Build and test (~1.25.0, ubuntu-latest) (push) Has been cancelled
Build Syncthing / Codesign for Windows (push) Has been cancelled
Build Syncthing / Package for Linux (common) (push) Has been cancelled
Mirrors / Mirror to Codeberg (push) Has been cancelled
Build Syncthing / Package for Linux (other) (push) Has been cancelled
Build Syncthing / Package for Linux (mips) (push) Has been cancelled
Build Syncthing / Package for illumos (push) Has been cancelled
Build Syncthing / Package for macOS (push) Has been cancelled
Build Syncthing / Notarize for macOS (push) Has been cancelled
Build Syncthing / Package cross compiled (push) Has been cancelled
Build Syncthing / Package source code (push) Has been cancelled
Build Syncthing / Sign for upgrade (push) Has been cancelled
Build Syncthing / Package for Debian (push) Has been cancelled
Build Syncthing / Publish nightly build (push) Has been cancelled
Build Syncthing / Publish release files (push) Has been cancelled
Build Syncthing / Publish APT (push) Has been cancelled
Build Syncthing / Build and push Docker images (GHCR) (Dockerfile, syncthing, syncthing) (push) Has been cancelled
Build Syncthing / Build and push Docker images (GHCR) (Dockerfile.stdiscosrv, discosrv, stdiscosrv) (push) Has been cancelled
Build Syncthing / Build and push Docker images (GHCR) (Dockerfile.strelaysrv, relaysrv, strelaysrv) (push) Has been cancelled
Build Syncthing / Sync images to Docker hub (push) Has been cancelled
Build Syncthing / Run govulncheck (push) Has been cancelled
Build Syncthing / Run golangci-lint (push) Has been cancelled
Build Syncthing / Run meta checks (push) Has been cancelled
### Purpose

`path` is for slash-separated paths (URLs, BEP protocol); local file
system paths should use `path/filepath`. Fixed in
`cmd/stdiscosrv/database.go` (3 sites) and
`internal/db/sqlite/db_test.go` (1 site).

### Testing

`go build ./cmd/stdiscosrv/...` and `go vet` pass.

Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
2026-05-23 22:31:33 +02:00
mattnandGitHub 0c489f4ae2 fix(stcrashreceiver): close source loader responses on errors (#10704)
Fix a response body leak in `githubSourceCodeLoader.Load` where the body
was not closed when the HTTP status was non-200.

Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
2026-05-23 13:50:03 +00:00
Jakob Borg deb1e5b38a Revert "build: temporarily disable illumos for release"
This reverts commit c0c401efeb.
2026-05-23 12:00:07 +02:00
Jakob Borg 49a2688caa Merge branch 'infrastructure'
* infrastructure:
  build: let infra containers builds fail individually
  chore(ur): move structs to reduce dependency chain
  chore(stcrashreceiver): add profiler on metrics port
  chore(stcrashreceiver): compact diskstore in-memory representation
  chore(stcrashreceiver): better source cache & metrics
  chore(stcrashreceiver): metrics on ignore matches
2026-05-23 09:36:25 +02:00
Jakob Borg 05b4f6abda build: let infra containers builds fail individually
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-23 09:18:15 +02:00
Jakob Borg 9152d7fb2f chore(ur): move structs to reduce dependency chain
lib/ur brings in a lot of dependencies we don't need in e.g.
stcrashreceiver, who only needs the small failure reporting structs.
Make those part of the lean `contract` package instead.

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-23 09:13:47 +02:00
Jakob Borg 4404b4dfb4 chore(stcrashreceiver): add profiler on metrics port
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-23 08:51:34 +02:00
Jakob Borg b537090d91 chore(stcrashreceiver): compact diskstore in-memory representation
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-23 08:51:34 +02:00
Jakob Borg 79423edbdf chore(stcrashreceiver): better source cache & metrics
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-23 08:51:34 +02:00
Jakob Borg 33075974cb chore(stcrashreceiver): metrics on ignore matches
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-23 08:51:32 +02:00
Jakob BorgandGitHub 8a3a06f7ca build(deps): x/net for govulncheck (#10703)
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-23 06:48:21 +00:00
Jakob BorgandGitHub d0b35021c6 chore(syncthing): include runtime context in GC crashes (#10702)
The runtime prints a lot of context for crashes due to bad pointers etc,
which is required to understand the crash, but this context comes before
the `fatal error: ...` line. Currently those lines get filtered out and
not included in the crash report. This change modifies the criteria so
that we start collecting crash data also at a line that begins with
`runtime:`, and tweaks the parsing later to look for the specific
`panic:` or `fatal error:` which may come later as the subject.

---------

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-23 08:40:43 +02:00
Jakob BorgandGitHub 6322091462 fix(discover): only announce wildcard for TCP punching when listening on wildcard address (fixes #10503) (#10691)
If we aren't announcing e.g. tcp://0.0.0.0:22000 then also do not
announce tcp://0.0.0.0:0.

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-23 06:37:48 +00:00
Jakob BorgandGitHub 5464970c5d fix(versioner): ensure user read/write/execute on archived dirs (fixes #10532) (#10696)
This makes sure the user running Syncthing, and hence Synchting itself,
has read/write/execute on directories in .stversions. The other
permission bits remain copied from the source directory, ensuring
whatever group and other permissions were set remain in effect.

Closes #10695.

---------

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-23 06:21:04 +00:00
Jakob BorgandGitHub 3962a23723 fix(syncthing): properly upgrade via REST when Syncthing is running (fixes #10697) (#10699)
The locking logic for upgrades got inverted in the lockfile changes. If
we got the lock it means Syncthing wasn't already running, so we can do
a direct upgrade. If we failed to get the lock it means Syncthing was
running and we should tell the REST interface to do the upgrade.

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-21 10:15:18 +02:00
Jakob Borg feaa90408e Merge branch 'infrastructure'
* infrastructure:
  fix(stcrashreceiver): allow extra pre/post data in version line
  chore(stcrashreceiver): improve logging
  chore(stdiscosrv): prewarm counters at startup
2026-05-21 09:57:46 +02:00
Jakob Borg a8ed6e4855 fix(stcrashreceiver): allow extra pre/post data in version line
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-19 08:46:22 +02:00
Jakob Borg 5b1e1c0520 chore(stcrashreceiver): improve logging
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-19 08:46:21 +02:00
Jakob Borg c17be06192 chore(stdiscosrv): prewarm counters at startup
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-18 23:40:38 +02:00
Syncthing Release Automation 4ba01b05a1 chore(gui, man, authors): update docs, translations, and contributors 2026-05-18 05:06:12 +00:00
Jakob Borg 14c4ad3af2 build: remove environment annotations
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-12 15:44:51 +02:00
Jakob BorgandGitHub 08036b1d87 build: be explicit about workflow permissions (#10690)
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-12 15:36:20 +02:00
Jakob Borg c0c401efeb build: temporarily disable illumos for release
They let the domain/DNSSEC expire, I need the build to pass.

Signed-off-by: Jakob Borg <jakob@kastelo.net>
v2.1.0
2026-05-12 07:59:47 +02:00
Jakob Borg 658ea62052 build: fix draft/published status for new releases
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-12 07:34:50 +02:00
Syncthing Release Automation 7435e762fb chore(gui, man, authors): update docs, translations, and contributors 2026-05-11 05:04:32 +00:00
Jakob BorgandGitHub f6c551fe87 chore(fs): remove unused SymlinksSupported() method (#10684)
💀

Signed-off-by: Jakob Borg <jakob@kastelo.net>
v2.1.0-rc.2
2026-05-09 10:48:53 +00:00
f3a9ee8ed6 chore(gui): upgrade jQuery to 3.7.1 to fix CVE-2020-11022, CVE-2020-11023, CVE-2015-9251 (#10673)
## Summary

- Replace vendored `jquery-2.2.2.js` with `jquery-3.7.1.js` in
`gui/default/vendor/jquery/`
- Update script reference in `gui/default/index.html` to point to the
new file
- Update CDN reference in `cmd/infra/strelaypoolsrv/gui/index.html` from
`jquery-2.1.4.min.js` to `jquery-3.7.1.min.js`

## Why

The previously used jQuery versions (2.2.2 and 2.1.4) are vulnerable to
three known CVEs:

| CVE | Description | Fixed in |
|-----|-------------|----------|
| CVE-2015-9251 | XSS via cross-domain Ajax requests with non-text
content types | jQuery 3.0.0 |
| CVE-2020-11022 | XSS when passing HTML containing `<option>` elements
to manipulation methods | jQuery 3.5.0 |
| CVE-2020-11023 | XSS via passing HTML from untrusted sources to
manipulation methods | jQuery 3.5.0 |

jQuery 3.7.1 is the latest stable release and resolves all three.

## Compatibility notes

The GUI code was audited for jQuery 2→3 breaking changes. No removed
APIs are used:
- `.success()` / `.error()` calls throughout the codebase are
**AngularJS `$http`** promise methods, not jQuery — unaffected
- `.bind('beforeunload', ...)` is deprecated in jQuery 3 but not removed
— still works
- No usage of `.size()`, `.load()` event shorthand, `jQuery.isFunction`,
or `$.type()`

---------

Signed-off-by: Umer Azaz <umer_azaz@yahoo.com>
Co-authored-by: Jakob Borg <jakob@kastelo.net>
2026-05-09 10:30:18 +00:00
Jakob BorgandGitHub f538b47070 chore(model): slightly improve handling of pulling empty blocks (#10679)
In the common case (sparse files enabled, not reusing old data) we'd
optimise away pulling & writing zero blocks. However in the corner cases
we'd go through the whole processing of pulling the block over the
network which is of course entirely unnecessary.

Now, instead, always take an optimised path for all-zeroes blocks. In
the clean case we do nothing, otherwise we materialise a block of zeroes
and write it directly.

---------

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-09 12:15:18 +02:00
Jakob BorgandGitHub 3709174a86 build(deps): update dependencies (#10683)
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-09 06:49:34 +00:00
Jakob Borg 5dd22cfd85 Merge branch 'infrastructure'
* infrastructure:
  fix(stdiscosrv): do graceful shutdown on SIGTERM
2026-05-04 09:54:04 +02:00
Syncthing Release Automation cf5ea40b1a chore(gui, man, authors): update docs, translations, and contributors 2026-05-04 04:54:00 +00:00
Jakob Borg 6c51a59c52 fix(stdiscosrv): do graceful shutdown on SIGTERM
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-05-02 17:26:37 +02:00
Jakob BorgandGitHub 1919c89de4 build: only run the periodic build jobs in the syncthing org (#10675) 2026-05-01 05:09:14 +00:00
Jakob BorgandGitHub 774aa11795 fix(stdiscosrv): only read certificate proxy headers with --http (#10674)
These headers should not be inspected when running with a TLS listener.

Additionally, we should really enable them individually instead of
trusting the proxy to filter out the unused variants, but baby steps.

Reported by multiple AI vuln scanners.

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-30 18:44:28 +00:00
Jakob BorgandGitHub 44abd15162 chore(api): use ldap package escape functions (#10672)
Instead of our own variants, which were mostly but not 100% identical.

---------

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-29 12:06:12 +02:00
Syncthing Release Automation 0372a79986 chore(gui, man, authors): update docs, translations, and contributors 2026-04-27 04:51:44 +00:00
Jakob Borg 531d7f1a9a build: create GH release as draft, then publish
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-26 12:43:45 +02:00
Jakob Borg 6bff89a618 docs: release notes for 2.1
Signed-off-by: Jakob Borg <jakob@kastelo.net>
v2.1.0-rc.1
2026-04-26 12:23:35 +02:00
Jakob BorgandGitHub 86ac4e5017 feat: make block indexing configurable (#10608)
This adds a new folder-level configuration `FullBlockIndex`. It controls
whether we maintain the block index for a given folder -- currently
that's always true, now it becomes possible to turn off. The block index
is used for lookup of blocks across files and folders. Effectively, when
syncing a change, for each block, we check:

1. Is the block already present in the old version of the file? If so,
we can reuse (copy) it without network transfer. **This check is always
possible.**
2. Is the block already present in any other file in this folder or
other folders? If so we can copy it. **This check is only possible with
the full block index.**
3. We must transfer the block over the network.

Maintaining the full block index is costly in time, I/O and database
size. With this PR, maintaining the full block index becomes the default
for send-receive and receive-only folders only, with it disabled for
send-only and receive-encrypted folders. The block index is never useful
for encrypted folders, as blocks are encrypted separate for each file.
It is also not useful for send-only folders by themselves, though the
data in the send-only folder could be reused by other receive-type
folders if it were enabled.

For very large folders it may make sense to disable the full block index
regardless of folder type and just accept the resulting decrease in data
reuse.

Disabling or enabling the option in the GUI causes the index to be
destroyed or rebuilt accordingly.

https://github.com/syncthing/docs/pull/1005

---------

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-26 11:58:09 +02:00
84c6b37913 feat(dialer): add HTTP/HTTPS proxy support via CONNECT (#10572)
Register HTTP and HTTPS proxy dialers and implement CONNECT-based
tunneling for HTTP proxies.

The new dialer supports:
- Plain HTTP proxies using CONNECT
- HTTPS proxies by performing a TLS handshake before CONNECT
- Optional basic authentication via Proxy-Authorization (with a warning
when creds are used over cleartext HTTP)

This allows all_proxy to be set to http:// or https:// URLs, enabling
data transfer through HTTP(S) proxies.

### Purpose

Allow peers to connect using HTTP Proxies (CONNECT)

### Testing

Tested with both HTTP and HTTPS proxy connection, using both no auth and
plain authentication.

### Screenshots

No visual change

### Documentation

https://github.com/syncthing/docs/pull/987

## Authorship

Your name and email will be added automatically to the AUTHORS file
based on the commit metadata.

---------

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Jakob Borg <jakob@kastelo.net>
Co-authored-by: Jakob Borg <jakob@kastelo.net>
2026-04-26 09:31:40 +00:00
987e631176 feat: make http session cookie path & duration configurable (fixes #10522) (#10632)
Signed-off-by: Vikram Vaswani <2571660+vvaswani@users.noreply.github.com>
Signed-off-by: Jakob Borg <jakob@kastelo.net>
Co-authored-by: Jakob Borg <jakob@kastelo.net>
2026-04-26 07:59:24 +00:00
Jakob Borg 1f57187461 fix(strelaypoolsrv): retry "not found" errors in registration check
We presumably always intended to retry these, but we didn't.

Relates to #10658.

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-24 15:19:48 +02:00
Jakob Borg a7f47d381e fix(strelaypoolsrv): correct remote address logging
Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-24 15:19:48 +02:00
Jakob BorgandGitHub 1a7825c7ec fix(strelaysrv): properly use bind address for outgoing requests (fixes #10658) (#10659)
This was lost in #7217 a while back.

---------

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-24 15:18:18 +02:00
Jakob BorgandGitHub 97fb677887 chore(api): deflake TestHTTPLogin on Windows (#10667)
Hopefully deflakes TestHTTPLogin on Windows, where it currently often
times out, presumably in the config saving stage after already having
started a shutdown of the API and being CPU constrained due to password
hashing.

---------

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-24 15:07:16 +02:00
Jakob BorgandGitHub 124f6979a4 build: parallelise linux builds slightly (#10666)
They currently take like 25 minutes. This reduces that to approximately
a third, wall-clock wise.

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-24 13:16:12 +02:00
39778de04b fix(gui): fix tabs visually disabled but still clickable during ignore patterns setup (fixes #10634) (#10651)
### Purpose

Fixes issue #10634.

### Testing

Manually tested by reproducing the issue:

- Created a new folder with "Add ignore patterns" enabled
- Verified that after saving, only the "Ignore Patterns" tab remains
accessible
- Confirmed that other tabs are visually disabled and no longer
clickable

### Screenshots

No visible UI changes.

### Explanation of the Fix

**Cause**

The issue was caused by only visually disabling tabs in the UI by
setting
their `href` attribute to an empty string (`href=""`). This made the
tabs
appear disabled, but they were still clickable, leading to confusing
behavior
where users could interact with the tabs without any actual navigation.

**Fix**

- Introduced `isFolderTabDisabled` to centralize the logic for
determining
  whether a tab should be disabled
- Added `onFolderTabClick` to prevent interaction with disabled tabs
- Updated the HTML to remove tab behavior (such as `data-toggle="tab"`
and
  `href`) when a tab is disabled

### Documentation

No documentation changes required.

Signed-off-by: JRNitre <nichinichisou67@outlook.com>
Co-authored-by: Jakob Borg <jakob@kastelo.net>
2026-04-24 09:53:35 +02:00
Jakob BorgandGitHub bcaabedc8e chore(scanner): deflake TestStopWalk (#10664)
The test expected the stopped scanner to produce at most numHashers
additional results, but there's also the case where a directory is
encountered (which doesn't require hashing) and sent directly.

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-24 09:52:50 +02:00
Jakob BorgandGitHub 46fb888ea3 chore(model): deflake TestCompletionEmptyGlobal (#10663)
There was a race condition where using IndexUpdate would trigger a pull,
which would sync the delete we are looking for, making the completion
100%. By doing the insert directly into the database we are not
triggering these things and get the expected completion percentage
always.

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-24 09:52:27 +02:00
Jakob BorgandGitHub 36c3331696 chore(model): deflake cluster config tests (#10662)
These have been flaky for a long time, seemingly because the multiple
connection code slightly changed the timing of cluster config sending by
moving them to the connection promotion loop. This adds some resiliency
to that, instead of assuming that the CC:s will be immediately available
after adding the connection.

---------

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-04-24 07:41:17 +00:00