4.7.0 (October 9, 2021)

• Display total size by tag or tracker of torrents on sidebar (#369, @sabersalv)
• Improve memoization of "TorrentListRow" and "ProgressBar" components
• Fix loading indicator bar alignment (#396, @DopyConqueror)
• New translations
  • Arabic, thanks to yngams
  • Chinese Simplified, thanks to @davidxuang
  • Czech, thanks to @Kedlub
  • Italian, thanks to @GiorgioBrux
  • German, thanks to @Kiina
  • Japanese, thanks to @Kuri0421 and @Kiina
  • Korean, thanks to @Kiina
  • Polish, thanks to @retmas-gh
  • Spanish, thanks to @oaknuggins
  • Norwegian, thanks to Daddie0
• Bump dependencies

4.6.1 (July 5, 2021)

• DiskUsage: skip mount points of "overlayfs" type (#341, @Trim21)
• Deluge:
  • Avoid crashing Flood when there is a connection error
  • Note again that Deluge support is still experimental
• Bug fixes:
  • Cleanup synchronous patterns (#340)
  • AuthForm: add missing i18n for "Username" and "Password" (#336)
  • server: destroy user services before cleaning up data
  • TorrentListCell: passthrough clicks
• New translations
  • French, thanks to @foXaCe
  • German, thanks to @chint95
  • Korean, thanks to @Kiina
  • Romanian, thanks to @T-z3P
• Bump dependencies

4.6.0 (May 28, 2021)

• Experimental Deluge support
  • caveat: tags are not supported at the moment
• Add "last active date" and "finished date" to the torrent properties
• Migrate stylesheets to SCSS module system
• Ditch inefficient "TRANSFER_SUMMARY_DIFF_CHANGE" SSE event
• Allow to download contents of multiple selected torrents
• Update base Node.js versions of single-executable builds
• rTorrent:
  • Add torrents to rTorrent via socket
• qBittorrent:
  • Improve performance by throttling concurrent requests
• Bug fixes:
  • Fix memory leak and unreliability when the settings of a user is updated by simplifying service manager
  • Pipe created torrent to response directly
• Security enhancements:
  • Forbid non-owner access to runtime directory by default
• New translations
  • Chinese (Simplified), thanks to @coxde
  • Czech, thanks to @brezinajn
  • German, thanks to @chint95
  • Hungarian, thanks to @m3r3nix
  • Korean, thanks to @Kiina
  • Spanish, thanks to Zagon
• Bump dependencies

4.5.4 (April 24, 2021)

• Bug fixes:
  • "Torrents with long names get truncated in torrent detail modal (#273)" on Safari
• New translations
  • Chinese (Simplified), thanks to @coxde
  • Dutch, thanks to John Willemsen
  • Italian, thanks to Simone De Nadai
• Bump dependencies

4.5.3 (April 10, 2021)

• Bug fixes:
  • Tags need a F5 refresh to be displayed after being set (#266)
  • Torrents with long names get truncated in torrent detail modal (#273)
  • qBittorrent: allow .torrent download with new session directory path (#275, @angristan)
• New translations
  • French, thanks to @foXaCe
  • Hungarian, thanks to @m3r3nix
  • Japanese, thanks to @Kiina
  • Korean, thanks to @Kiina
  • Spanish, thanks to @Shutruk
• Bump dependencies

4.5.2 (April 4, 2021)

• Add "Log Out" button to connection interrupted page
• Add "tini" init process to containers (#260, @onedr0p)
• Bug fixes:
  • No longer fails to add some URLs to rTorrent with XMLRPC
  • Fix Connection settings can not be empty. after submit
• Bump dependencies

4.5.1 (March 31, 2021)

• Allow to press Ctrl-A or Command-A to select all torrents (#253, @sabersalv)
• Enlarge width of "Torrent Details" modal (#250, @RoroTiti)
• Bug fixes:
  • Fix multi-file "Move torrents" of rTorrent (XMLRPC)
  • Don't close the notification panel when a button is clicked
• New translations
  • Czech, thanks to @brezinajn
  • Italian, thanks to @gmcinalli
  • Korean, thanks to @Kiina and @m4ximuel
• Bump dependencies

4.5.0 (March 14, 2021)

• Reannounce. Typically torrent clients do that automatically, but in some cases you may want to do it manually. It is available as a context menu action.
• Redesigned filesystem browser. Allow searching in the current directory and eliminate unnecessary requests sent to server. Additionally, navigation via arrow keys is implemented (mainly for accessibility but could be useful for anyone).
• Major accessibility enhancements. All elements are now navigable by keyboard.
• Improve scrolling performance by overscanning 30 rows.
• rTorrent:
  • JSON-RPC support for eligible versions. Preliminary tests showed that, when compared with XMLRPC, JSON-RPC yields 2x performance, 15% lower total CPU time in rTorrent process, 33% lower total CPU time in Flood process.
  • load.throw command support for eligible versions. Definitive response when you add torrents, so Flood won't display success when the operation actually fails.
  • Better handle command failures.
  • Verify filesystem access and respond with errors when necessary.
• Bug fixes:
  • Fix French mistranslation
  • Fix button location in download rules tab of feed modal
  • Fix "Set tracker" of single tracker torrents in rTorrent
  • Fix "Checking" bar selected style for dark color scheme
  • Recognize qBittorrent's "Forced" state
  • Disk usage service errors are no longer fatal
• New translations
  • Chinese (Simplified), thanks to @MeetWq
  • Chinese (Traditional), thanks to @vongola12324
  • Czech, thanks to @brezinajn
  • French, thanks to @Carryozor and @foXaCe
  • German, thanks to @chint95
  • Hungarian, thanks to @m3r3nix
  • Romanian, thanks to @T-z3P
• Bump dependencies

• Better handle tracker domain conversion and grouping
• Wrap texts (e.g. long IPv6 addresses and peer client versions) in tables of torrent details if necessary
• Distribution:
  • CI now publishes releases to AUR (Arch Linux User Repository)
  • CI now publishes Debian (.deb) packages to Github Releases
  • Contributions are welcome. See distribution/README.md.
• rTorrent fixes:
  • Remove [] from IPv6 addresses in peer list
• Bug fixes:
  • Remove ugly outline and highlight of focused button caused by an a11y change
  • Try to workaround potential index.html caching issues
    • Browser uses a fully cached asset tree in some cases, which defeats cache busting by asset hashes
• New translations
  • Finnish, thanks to @hyvamiesh
  • German, thanks to @chint95
• Bump dependencies

4.4.0 (February 2, 2021)

• Return a portable link when torrent content is requested
  • Allow sharing of links to other people
  • Allow casting (Chromecast, Airplay) of content to devices which can't authenticate with Flood
  • Allow copying the link and paste it to a player application so more formats can be streamed
  • Allow external downloaders to use the link
• Allow to register to handle magnet links in "Add by URL" panel
  • Support for "add-urls" frontend query action is added
  • e.g. http://localhost:3000/?action=add-urls&url=magnet:?xt=
• Allow to download .torrent file of a torrent
• Add sequential downloading support for applicable clients
  • rTorrent: requires "d.down.sequential(.set)" commands, see jesec/[email protected]
  • qBittorrent: supported
  • Transmission: rejected, see https://trac.transmissionbt.com/ticket/452
• Add initial seeding (aka superseeding) support for applicable clients
  • BEP16
    • Saves bandwidth for initial seeder and quickly kicks off a healthy swarm
    • NOT recommended for non-initial seeders
  • rTorrent: not exposed to RPC interface, requires jesec/[email protected]
  • qBittorrent: supported
  • Transmission: not supported, see https://trac.transmissionbt.com/ticket/1691
• Display existing tags in alphabetical order in tag selector
• Optionally skip assets serving with --assets=false
  • May be useful for users who serve static assets from their own servers
  • Or developers who don't want to build assets before starting a server instance
• Refresh manifest and assets related to PWA (Progressive Web Application) support
• Separate locale and language when using "Automatic" language setting
  • Deal with minor locale differences (e.g. date formats) between language variants
  • See #123
• Remove inconsistency of clients by normalizing hashes in API responses to upper case
• Explicitly pass paths of contents to mediainfo
  • So unrelated files in the same folder won't be processed by mediainfo
• Remove dependency on shell in disk usage functions
  • New distribution-less (distroless) Docker image is now available, which has smaller size and allows maximum security
• Standalone executable:
  • Now available for linux-arm64 and win-arm64
  • Bundled Node.js runtime bumped to 14.15.4
  • Linux binaries are now fully static
  • Customized Node.js runtime with smaller size and memory consumption
• rTorrent fixes:
  • Create destination directory structure before moving torrent
  • Flood API responses no longer mixes with unprocessed rTorrent method call responses
  • Properly handle multi tags while adding
  • Remove torrents (with data) can delete empty directories
• qBittorrent fixes:
  • Fix "isBasePath" for newer versions
  • Implement "isCompleted" (skip_checking)
  • Trim whitespace in tags property
  • Optionally set website cookie for torrent fetching (add by URL)
• Security enhancements:
  • Don't leak details of internal errors
  • Rate limits /data API endpoint
• Bug fixes:
  • Pack torrent contents one by one to avoid out-of-memory during batch downloading
  • Potential crashes related to disk usage functions in rare Docker environments
  • Disallow comma in tag
• New translations
  • Chinese (Traditional), thanks to @vongola12324
  • Czech, thanks to @brezinajn
  • Dutch, thanks to @vain4us
  • French, thanks to @Carryozor
  • German, thanks to @Ben-Wallner
  • Hungarian, thanks to @sfu420
  • Romanian, thanks to @T-z3P
  • Spanish, thanks to @almontegil
• Bump dependencies

Additionally, Sonarr #4159 and Radarr #5552 now supports Flood natively.

Notes about sequential downloading:

Drawbacks:

• https://wiki.vuze.com/w/Sequential_downloading_is_bad

Benefits:

• Sequential downloading helps with I/O performance and lowers resource consumption and cost of hardware. It enables predictable I/O patterns and efficient caching. My hard disk is really noisy while downloading a torrent. But with sequential downloading, it does not make a sound. Speed is much better as well. Sequential I/O patterns also eliminate disk fragmentation problem that damages performance/lifespan of hard disks in long-term, which is a headache for long seeders.
• "It is bad for swarms." That's correct for unhealthy swarms. However, for private torrent users, in most cases, the seeder/leecher relationship is "many seeder, single/little leecher". Plus, with the incentives/punishments of tracker sites, there is little to no risk of "draining". As such, it makes more sense to protect hardware of everyone in the swarm. Predictable I/O patterns also allow seeders to seed many torrents more efficiently: if leechers use sequential download, the read patterns become predictably sequential, which allows better I/O performance and reduces the failure rate of hard disks.
• For seedbox users: seedboxes are virtual machines. That means many users share the same physical machine. Random chunk downloading is extremely taxing on disks. As a result, usually the speeds are limited by I/O more than bandwidth. If the swarm pattern is usually "many seeder, single leecher", sequential downloading can help a lot.
• Widely known "self" benefits: stream early, stream while downloading, organize episodes quick and unpack some files before finish, etc.

• Make theme button always at the bottom of sidebar
• Remove legacy font formats from static assets
• Slightly tweak styles of country flags in peer list
  • Better accommodate longer flags
  • Display country code on hover
• qBittorrent fixes:
  • Attach cookies to URL downloads
  • Set trackers
• Transmission fixes:
  • Percentage downloaded of contents of a torrent
• Bug fixes:
  • API call to get peer list of a non-existent torrent no longer crash Flood server
  • Handle file not exist and access denied cases in content download
  • Properly handle API call to update password of a user
• Security enhancements:
  • Rate limit resource-intensive mediainfo request
  • Ensure path is allowed for mediainfo request
  • API call to list users no longer receive hashed passwords and client connection settings
    • Note: only an authenticated admin user may list users
• New translations
  • Czech, thanks to @brezinajn
  • Romanian, thanks to @T-z3P
• Bump dependencies

• Generate magnet link from torrent
• Add a button to allow user to switch color scheme
• Multi architecture Docker images
  • linux/amd64
  • linux/arm64 (new)
  • linux/arm/v7 (new)
• Allow to display precise percentage
  • Expanded view: 1 decimal place
  • Details: 3 decimal places
• Mountpoints with very long paths are ignored by disk usage
• Tags can be attached while adding torrents to qBittorrent (needs qbittorrent/qBittorrent#13882)
• Bug fixes:
  • Download destination fallback to rTorrent default destination (Mika-/torrent-control#105)
  • Properly catch errors of AddFiles and AddURLs when using qBittorrent
  • Display existing trackers in set trackers modal
• New translations
  • Spanish, thanks to @vain4us
• Bump dependencies

Side note:

I am starting to maintain a distribution of rTorrent, available at jesec/rtorrent. It is optimized and small. It uses modern CMake and Bazel build systems. Bazel can also be used for dependency management and to produce statically linked reproducible builds.

Static binaries (amd64, arm64) can be downloaded via Github Actions. Docker images are also available at jesec/rtorrent.

I made a simple Dockerfile to demonstrate how to integrate rTorrent with Flood.

flood.js.org/Changelog-4.2

• Allow content of a torrent to be streamed directly if supported by browser
• New translations
  • Chinese (Traditional), thanks to @vongola12324
  • Dutch, thanks to @vain4us
  • French, thanks to @Coosos
• Bump dependencies

• qBittorrent fixes:
  • Remove existing tags
• New translations
  • Dutch, thanks to @vain4us
  • German, thanks to @chint95

• Transmission fixes:
  • Set tags while adding torrents
  • Set trackers
• New translations
  • Czech, thanks to Jan Březina
  • French, thanks to @Carryozor
  • German, thanks to @chint95
  • Romanian, thanks to @T-z3P

flood.js.org/Changelog-4.1

⚠️ Changes that may require manual attention: ⚠️

• Configuration is now schema validated before the start of Flood server
  • No action required if you use (preferred and default) CLI configuration interface
  • This ensures that when the config.js needs to be updated, the failure happens loud and early
  • Check shared/schema/Config.ts for more details
• Enforces that the length of secret must be larger than 30
  • Secret can be brute forced locally without interaction with the server
    • However, an attacker must get a valid token (generated by proper authentication) first
      • If all users are trusted, attackers have no way to get a valid token
  • Secret is used to sign authentication tokens but it is NOT linked to the password
    • Attacker may log into Flood as any user if they have the secret
      • However, they are still constrained by capabilities and settings (such as --allowedpath) of Flood

Other changes:

• Tag selector preference:
  • Single selection
  • Multi selection
• UX enhancements to tag selector
• Suggest destination based on selected tag
• add-urls and add-files API endpoints no longer fail if destination property is not provided
  • Download destination fallback has been implemented:
    • Tag-specific preferred download destination
    • Last used download destination
    • Default download destination of connected torrent client
  • This makes things easier for API users
  • No direct impact on Flood itself
• Remember last used "Add Torrents" tab
• Remove center alignment of certain modals to align with global styles
• Disallow browser's input suggestion when tag selector or folder browser is open
• Don't pop up the browser menu on right click while context menu is open
• Experimental standalone (single-executable) builds
• New translations
  • German, thanks to @chint95
  • Romanian, thanks to @T-z3P
• Bump dependencies
• Bug fixes:
  • Properly handle "error" alerts (display "❗" icon instead of "✅" icon)

• New translations

  • German, thanks to @chint95
  • Romanian, thanks to @T-z3P

• Experimental multi-client support
  • qBittorrent
  • Transmission
• Stabilized and documented public API endpoints
• Defined and documented internal interfaces, data structures and APIs
• Better documentation for users and developers
• Full migration to TypeScript
• Reasonable test coverages for API endpoints
• Torrent creation support
• Add torrents as completed
• Dropdown selector for existing tags
• Seeding status in status filter
• Set tracker URLs of torrents
• Improved handling of rendering, updating and scrolling of torrent list
  • Preliminary tests show that Flood can now handle 500,000 torrents at least in the frontend.
  • Note: real-world performance depends on other factors such as method call and deserialization operations in the backend and data transfer between backend and frontend.
• Better performance, less memory and CPU consumption in both frontend and backend
• New translations
  • Chinese (Traditional), thanks to @vongola12324
  • Czech, thanks to Jan Březina
  • French, thanks to @Zopieux and @Mystere98
  • German, thanks to @chint95
• Bug fixes
• Security enhancements
• Dockerfile revamp
• Native build tools no longer needed as native dependency is replaced with WebAssembly variant
• Server is packed before distribution, reduced number of dependencies in production, faster installation

-----BEGIN PGP SIGNATURE-----

iQFBBAABCgArFiEElsZPMCZQTUzZLTai0uSYfcYwogQFAl+pCwYNHGpjQGxpbnV4 LmNvbQAKCRDS5Jh9xjCiBOEXB/4rJpAlosbFPg6cZEzn94CQk17qSJKKh8lHfWrv CwS2hN2rZ/2/eazQNc9VzbvKfN9tlNXbPEx2RtRheqPVDbchh0Kd9cR/F91AzUvk 8X656iSLt6PwmjWfrES9MbwHcH4uOImjLt1tWKvTNFCtjj0Rff6YytQEBG2dATwu NhtS7f/T31vXNkvmTAmK/mjeMU5v8uJhXuRRTQgLL7Mh3CXcINNNJZ3XPMOpmt1Y UQ57tSSdPQlnj/ZFyHH+VjLFuofV6k5gsj0Ymu+NSH7cC0hGNme6hAt8yEdwkeCS 419UUOYNZqZ2xV8i1ph/S6Wn+l1OCfAF3753oAxmZF4pdqaT =ugQL -----END PGP SIGNATURE-----