Version v1.74.4

This commit is contained in:
Nick Craig-Wood
2026-07-08 17:18:57 +01:00
parent d9b28b9e7d
commit 5bc93a2a7a
15 changed files with 1441 additions and 130 deletions

367
MANUAL.html generated
View File

@@ -233,7 +233,7 @@
<header id="title-block-header">
<h1 class="title">rclone(1) User Manual</h1>
<p class="author">Nick Craig-Wood</p>
<p class="date">Jun 05, 2026</p>
<p class="date">Jul 08, 2026</p>
</header>
<h1 id="name">NAME</h1>
<p>rclone - manage files on cloud storage</p>
@@ -4575,9 +4575,9 @@ SquareBracket</code></pre>
<pre class="console"><code>rclone convmv &quot;stories/The Quick Brown Fox!.txt&quot; --name-transform &quot;all,command=echo&quot;
// Output: stories/The Quick Brown Fox!.txt</code></pre>
<pre class="console"><code>rclone convmv &quot;stories/The Quick Brown Fox!&quot; --name-transform &quot;date=-{YYYYMMDD}&quot;
// Output: stories/The Quick Brown Fox!-20260605</code></pre>
// Output: stories/The Quick Brown Fox!-20260708</code></pre>
<pre class="console"><code>rclone convmv &quot;stories/The Quick Brown Fox!&quot; --name-transform &quot;date=-{macfriendlytime}&quot;
// Output: stories/The Quick Brown Fox!-2026-06-05 0414PM</code></pre>
// Output: stories/The Quick Brown Fox!-2026-07-08 0504PM</code></pre>
<pre class="console"><code>rclone convmv &quot;stories/The Quick Brown Fox!.txt&quot; --name-transform &quot;all,regex=[\\.\\w]/ab&quot;
// Output: ababababababab/ababab ababababab ababababab ababab!abababab</code></pre>
<p>The regex command generally accepts Perl-style regular expressions,
@@ -4777,8 +4777,9 @@ for rclone commands, flags and backends.</li>
<h2 id="synopsis-47">Synopsis</h2>
<p>If source:path is a file or directory then it copies it to a file or
directory named dest:path.</p>
<p>This can be used to upload single files to other than their current
name. If the source is a directory then it acts exactly like the <a
<p>This can be used to copy a single file to a destination with a name
different from its source - for example, uploading and renaming in one
step. If the source is a directory then it acts exactly like the <a
href="https://rclone.org/commands/rclone_copy/">copy</a> command.</p>
<p>So</p>
<pre class="console"><code>rclone copyto src dst</code></pre>
@@ -11801,6 +11802,16 @@ backend, which can take some time.</p>
<p>Metadata will only be saved in memory other than the rclone
<code>mtime</code> metadata which will be set as the modification time
of the file.</p>
<h2 id="object-names">Object names</h2>
<p><code>serve s3</code> stores objects as files in the backend, so
object keys are mapped to file paths rather than treated as the opaque
strings AWS S3 allows. Keys must be in canonical path form: keys that
contain <code>..</code> or <code>.</code> path segments, repeated
slashes (<code>//</code>), or a leading or trailing slash are rejected
with a <code>400 Bad Request</code> (<code>InvalidArgument</code>)
instead of being normalised, since normalising them could alias two
distinct keys to the same file or resolve a key outside its bucket. This
matches the behaviour of other S3 servers such as MinIO.</p>
<h2 id="supported-operations">Supported operations</h2>
<p><code>serve s3</code> currently supports the following
operations.</p>
@@ -15630,7 +15641,8 @@ outputs warnings and significant events.</p>
<p><code>ERROR</code> is equivalent to <code>-q</code>. It only outputs
error messages.</p>
<p>See also the <a href="#logging">logging</a> section.</p>
<h3 id="windows-event-log-loglevel">--windows-event-log LogLevel</h3>
<h3 id="windows-event-log-level-loglevel">--windows-event-log-level
LogLevel</h3>
<p>If this is configured (the default is <code>OFF</code>) then logs of
this level and above will be logged to the Windows event log in
<strong>addition</strong> to the normal logs. These will be logged in
@@ -15649,13 +15661,13 @@ defined but not currently used).</li>
<p>Rclone will declare its log source as "rclone" if it is has enough
permissions to create the registry key needed. If not then logs will
appear as "Application". You can run
<code>rclone version --windows-event-log DEBUG</code> once as
<code>rclone version --windows-event-log-level DEBUG</code> once as
administrator to create the registry key in advance.</p>
<p><strong>Note</strong> that the <code>--windows-event-log</code> level
must be greater (more severe) than or equal to the
<p><strong>Note</strong> that the <code>--windows-event-log-level</code>
level must be greater (more severe) than or equal to the
<code>--log-level</code>. For example to log DEBUG to a log file but
ERRORs to the event log you would use</p>
<pre class="text"><code>--log-file rclone.log --log-level DEBUG --windows-event-log ERROR</code></pre>
<pre class="text"><code>--log-file rclone.log --log-level DEBUG --windows-event-log-level ERROR</code></pre>
<p>This option is only supported Windows platforms.</p>
<h3 id="use-json-log">--use-json-log</h3>
<p>This switches the log format to JSON. The log messages are then
@@ -17215,8 +17227,8 @@ y/e/d&gt;</code></pre>
<h2 id="configuring-by-copying-the-config-file">Configuring by copying
the config file</h2>
<p>Rclone stores all of its configuration in a single file. This can
easily be copied to configure a remote rclone (although some backends
does not support reusing the same configuration, consult your backend
easily be copied to configure a remote rclone (although some backends do
not support reusing the same configuration, consult your backend
documentation to be sure).</p>
<p>Start by running <a href="/commands/rclone_config">rclone config</a>
to create the configuration file on your desktop machine.</p>
@@ -18249,6 +18261,52 @@ API.</p>
API or <a href="#api-http">use HTTP directly</a>.</p>
<p>If you just want to run a remote control then see the <a
href="https://rclone.org/commands/rclone_rcd/">rcd</a> command.</p>
<h2 id="security">Security</h2>
<p><strong>Access to the rc API is equivalent to shell access as the
user running rclone.</strong> Treat the rc port as you would an
interactive login on the host.</p>
<p>Any caller who can reach the API (and pass authentication, if it is
enabled) can, among other things:</p>
<ul>
<li><strong>Run OS commands</strong> as the rclone user.
<code>core/command</code> re-executes the rclone binary with arbitrary
arguments, and several backend options shell out to programs, so even
creating a remote with <code>config/create</code> can lead to command
execution.</li>
<li><strong>Read and write any file</strong> reachable by the rclone
process, by pointing <code>operations/*</code> or <code>sync/*</code> at
a <code>local</code> remote (or via <code>--rc-files</code> /
<code>--rc-serve</code>). Writing arbitrary files as the rclone user is
itself a route to code execution.</li>
<li><strong>Read back stored credentials.</strong> rclone configs
routinely hold cloud-provider secrets. <code>config/dump</code> and
friends expose them, so a compromise of the rc reaches every configured
backend.</li>
<li><strong>Change rclone's runtime behaviour</strong> with
<code>options/set</code>, <strong>manage remotes</strong> with
<code>config/*</code>, and <strong>stop the process</strong> with
<code>core/quit</code>.</li>
</ul>
<p>There is currently no per-endpoint capability or scope system:
authentication is all-or-nothing. Granting any access grants all of the
above.</p>
<p>Consequently:</p>
<ul>
<li><strong>Do not bind the rc to a network address you do not
control.</strong> The default bind is loopback
(<code>localhost:5572</code>); keep it there unless you have a specific
reason to change it.</li>
<li><strong>Do not use <code>--rc-no-auth</code> on a non-loopback
bind.</strong> It disables authentication on the endpoints that access
remotes — see <a
href="#--rc-no-auth"><code>--rc-no-auth</code></a>.</li>
<li><strong>Use authentication and TLS</strong>
(<code>--rc-user</code>/<code>--rc-pass</code> or
<code>--rc-htpasswd</code>, plus
<code>--rc-cert</code>/<code>--rc-key</code>) whenever the port is
reachable by anyone you do not fully trust, and raise
<code>--rc-min-tls-version</code>.</li>
</ul>
<h2 id="supported-parameters">Supported parameters</h2>
<h3 id="rc">--rc</h3>
<p>Flag to start the http server listen on remote requests.</p>
@@ -21713,7 +21771,7 @@ split into groups.</p>
--tpslimit float Limit HTTP transactions per second to this
--tpslimit-burst int Max burst of transactions for --tpslimit (default 1)
--use-cookies Enable session cookiejar
--user-agent string Set the user-agent to a specified string (default &quot;rclone/v1.74.3&quot;)</code></pre>
--user-agent string Set the user-agent to a specified string (default &quot;rclone/v1.74.4&quot;)</code></pre>
<h2 id="performance">Performance</h2>
<p>Flags helpful for increasing performance.</p>
<pre><code> --buffer-size SizeSuffix In memory buffer size when reading files for each --transfer (default 16Mi)
@@ -22337,8 +22395,10 @@ split into groups.</p>
--local-case-sensitive Force the filesystem to report itself as case sensitive
--local-description string Description of the remote
--local-encoding Encoding The encoding for the backend (default Slash,Dot)
--local-fatal-if-no-space Make out-of-space errors fatal during transfers
--local-hashes CommaSepList Comma separated list of supported checksum types
--local-links Translate symlinks to/from regular files with a &#39;.rclonelink&#39; extension for the local backend
--local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata
--local-no-check-updated Don&#39;t check to see if the files change during upload
--local-no-clone Disable reflink cloning for server-side copies
--local-no-preallocate Disable preallocation of disk space for transferred files
@@ -24452,12 +24512,37 @@ disallowed special characters and filename encodings.)</p>
investigation:</p>
<!--- start list_failures - DO NOT EDIT THIS SECTION - use make commanddocs --->
<ul>
<li><code>TestFilen</code> (<code>filen</code>)
<li><code>TestGoogleCloudStorage,directory_markers</code>
(<code>googlecloudstorage</code>)
<ul>
<li><a
href="https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt"><code>TestBisyncRemoteRemote/resync_modes</code></a></li>
href="https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt"><code>TestBisyncRemoteLocal/all_changed</code></a></li>
<li><a
href="https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt"><code>TestBisyncRemoteRemote/rmdirs</code></a></li>
href="https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt"><code>TestBisyncRemoteLocal/backupdir</code></a></li>
<li><a
href="https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt"><code>TestBisyncRemoteLocal/basic</code></a></li>
<li><a
href="https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt"><code>TestBisyncRemoteLocal/changes</code></a></li>
<li><a
href="https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt"><code>TestBisyncRemoteLocal/check_access</code></a></li>
<li><a href="https://pub.rclone.org/integration-tests/current/">79
more</a></li>
</ul></li>
<li><code>TestGoogleCloudStorage</code>
(<code>googlecloudstorage</code>)
<ul>
<li><a
href="https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt"><code>TestBisyncRemoteLocal/all_changed</code></a></li>
<li><a
href="https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt"><code>TestBisyncRemoteLocal/backupdir</code></a></li>
<li><a
href="https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt"><code>TestBisyncRemoteLocal/basic</code></a></li>
<li><a
href="https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt"><code>TestBisyncRemoteLocal/changes</code></a></li>
<li><a
href="https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt"><code>TestBisyncRemoteLocal/check_access</code></a></li>
<li><a href="https://pub.rclone.org/integration-tests/current/">79
more</a></li>
</ul></li>
<li><code>TestHuaweiDrive</code> (<code>huaweidrive</code>)
<ul>
@@ -24474,12 +24559,7 @@ href="https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-Te
<li><a href="https://pub.rclone.org/integration-tests/current/">4
more</a></li>
</ul></li>
<li><code>TestSeafile</code> (<code>seafile</code>)
<ul>
<li><a
href="https://pub.rclone.org/integration-tests/current/seafile-cmd.bisync-TestSeafile-1.txt"><code>TestBisyncLocalRemote/rmdirs</code></a></li>
</ul></li>
<li>Updated: 2026-06-05-010010
<li>Updated: 2026-07-08-010014
<!--- end list_failures - DO NOT EDIT THIS SECTION - use make commanddocs ---></li>
</ul>
<p>The following backends either have not been tested recently or have
@@ -24597,6 +24677,11 @@ directory is to rename it to the same name on both sides. (As of
<code>rclone v1.64</code>, a <code>--resync</code> is no longer required
after doing so, as bisync will automatically detect that Path1 and Path2
are in agreement.)</p>
<p>Note that although the flag --track-renames ensures that
renamed/moved files won't be deleted and uploaded again, they are still
counted as deleted files for purposes of the --max-delete flag (as this
check happens before the rename detection operation). See <a
href="https://github.com/rclone/rclone/issues/8685">this issue</a>.</p>
<h3 id="fast-list-used-by-default"><code>--fast-list</code> used by
default</h3>
<p>Unlike most other rclone commands, bisync uses <a
@@ -30886,7 +30971,7 @@ limit.</p>
<p>Cutoff for switching to multipart copy.</p>
<p>Any files larger than this that need to be server-side copied will be
copied in chunks of this size.</p>
<p>The minimum is 0 and the maximum is 5 GiB.</p>
<p>The minimum is 1 byte and the maximum is 5 GiB.</p>
<p>Properties:</p>
<ul>
<li>Config: copy_cutoff</li>
@@ -40827,9 +40912,9 @@ password.</p>
<p>1 MiB (1048576 bytes) file will encrypt to</p>
<ul>
<li>32 bytes header</li>
<li>16 chunks of 65568 bytes</li>
<li>16 chunks of 65552 bytes</li>
</ul>
<p>1049120 bytes total (a 0.05% overhead). This is the overhead for big
<p>1048864 bytes total (a 0.03% overhead). This is the overhead for big
files.</p>
<h3 id="name-encryption">Name encryption</h3>
<p>File names are encrypted segment by segment - the path is broken up
@@ -44821,18 +44906,28 @@ correct root to use itself.</p>
<p>However you can set this to restrict rclone to a specific folder
hierarchy or to access data within the "Computers" tab on the drive web
interface (where files from Google's Backup and Sync desktop program
go).</p>
<p>In order to do this you will have to find the <code>Folder ID</code>
of the directory you wish rclone to display. This will be the last
segment of the URL when you open the relevant folder in the drive web
interface.</p>
go). However, this is not the easiest method. Instead, you can create a
shortcut to a folder in "Computers" and place it in "My Drive." To do
so, right-click the folder, select "Organize", and then choose "Add
shortcut" in the Google Drive web interface. Once you add the shortcut
to "My Drive," rclone will display the folder, allowing you to interact
with it. See also <a href="#shortcuts">Shortcuts</a>.</p>
<p>If, however, you choose to change your root folder, you will have to
find the <code>Folder ID</code> of the directory you wish rclone to
display. This will be the last segment of the URL when you open the
relevant folder in the drive web interface.</p>
<p>So if the folder you want rclone to use has a URL which looks like
<code>https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh</code>
in the browser, then you use
<code>1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh</code> as the
<code>root_folder_id</code> in the config.</p>
<p><strong>NB</strong> folders under the "Computers" tab seem to be read
only (drive gives a 500 error) when using rclone.</p>
only (drive gives a 500 error) when using rclone, but they are also
read-only in the Google Drive web interface, likely because this folder
is managed by the Google Drive Desktop tool. Top-level folders in
"Computers" are read-only, but you can interact with folders contained
within them using rclone. These are the folders for which you can create
a shortcut as well, as described above.</p>
<p>There doesn't appear to be an API to discover the folder IDs of the
"Computers" tab - please contact us if you know otherwise!</p>
<p>Note also that rclone can't access any data under the "Backups" tab
@@ -46636,6 +46731,23 @@ well, but the limitation is that any grants will expire after a week,
which can be annoying to refresh constantly. If, for whatever reason, a
short grant time is not a problem, then keeping the application in
testing mode would also be sufficient.</p>
<p>In most cases verification is not actually required. Google <a
href="https://support.google.com/cloud/answer/13464323">exempts a number
of app categories</a> from mandatory verification, including:</p>
<ul>
<li><strong>Personal Use apps</strong>: if the app is for your personal
use (fewer than 100 users), you and your limited number of users can
keep using it without verification - you will just need to click through
the "unverified app" warning screen during sign-in. Verification is only
required if you want to grow your user base beyond 100 users.</li>
<li><strong>Development/Testing/Staging apps</strong>: apps in
development, testing or staging mode are not subject to verification
(but are limited to the 100-user cap and the unverified-app warning
until verified).</li>
</ul>
<p>So for typical personal rclone use you can leave the app unverified,
accept the warning screen, and publish it (rather than leaving it in
"Testing") to avoid the weekly grant expiry described above.</p>
<p>(Thanks to <span class="citation"
data-cites="balazer">@balazer</span> on github for these
instructions.)</p>
@@ -64684,6 +64796,31 @@ the local backend. <code>--links</code> and <code>-l</code> enable the
feature for all supported backends and the VFS.</p>
<p>Note that this flag is incompatible with <code>-copy-links</code> /
<code>-L</code>.</p>
<h4 id="symlink-targets-and-the-destination">Symlink targets and the
destination</h4>
<p>When rclone recreates a <code>.rclonelink</code> file as a symlink on
local storage, the symlink can point anywhere - including, with an
absolute path or one using <code>../</code> - to a location outside the
directory you are copying into. This is normal - rclone reproduces
whatever target the link had, so backups round-trip faithfully.</p>
<p>What rclone will <strong>not</strong> do is <em>write through</em>
such a link. If a remote you are copying from contains both a symlink
and a file or directory that would be placed inside it - for example a
<code>dir.rclonelink</code> pointing somewhere outside the destination,
alongside a <code>dir/file.txt</code> - rclone refuses to follow the
symlink when writing <code>dir/file.txt</code>. The offending file is
skipped with an error, the rest of the transfer continues, and the
skipped file is counted in the error summary printed at the end of the
run.</p>
<p>This protects you from a malicious or compromised remote using
<code>-l</code> / <code>--links</code> to plant a symlink and then write
through it to somewhere outside your destination. Ordinary symlink
round-trips, and symlinks that stay inside the destination, are
unaffected.</p>
<p>If you have intentionally pre-created a symlinked directory inside
your destination and want rclone to write into the directory it points
at, do not use <code>-l</code> / <code>--links</code> for that copy, or
remove the symlink first.</p>
<h3 id="restricting-filesystems-with---one-file-system">Restricting
filesystems with --one-file-system</h3>
<p>Normally rclone will recurse through filesystems as mounted.</p>
@@ -64945,6 +65082,40 @@ file.</p>
<li>Type: bool</li>
<li>Default: false</li>
</ul>
<h4
id="local-metadata-restore-special-bits">--local-metadata-restore-special-bits</h4>
<p>Restore the setuid, setgid and sticky bits from metadata.</p>
<p>When restoring metadata with --metadata rclone applies the "mode"
from the source. By default rclone applies only the permission bits and
strips the setuid, setgid and sticky bits.</p>
<p>The "mode" comes from the source remote which may not be trusted.
Restoring a setuid or setgid bit onto freshly written, source-controlled
content can plant a setuid binary, which is dangerous in particular when
restoring from an untrusted source while running as root. For this
reason these bits are not restored by default.</p>
<p>If you trust the source and want the setuid, setgid and sticky bits
restored - for example when restoring a system backup made by rclone -
set this flag.</p>
<p>Properties:</p>
<ul>
<li>Config: metadata_restore_special_bits</li>
<li>Env Var: RCLONE_LOCAL_METADATA_RESTORE_SPECIAL_BITS</li>
<li>Type: bool</li>
<li>Default: false</li>
</ul>
<h4 id="local-fatal-if-no-space">--local-fatal-if-no-space</h4>
<p>Make out-of-space errors fatal during transfers.</p>
<p>When enabled, an ENOSPC error during a write returns a fatal error so
that rclone aborts rather than retrying the operation. Useful for backup
scripts that should halt loudly on a full disk rather than spin
retrying.</p>
<p>Properties:</p>
<ul>
<li>Config: fatal_if_no_space</li>
<li>Env Var: RCLONE_LOCAL_FATAL_IF_NO_SPACE</li>
<li>Type: bool</li>
<li>Default: false</li>
</ul>
<h4 id="local-time-type">--local-time-type</h4>
<p>Set what kind of time is returned.</p>
<p>Normally rclone does all operations on the mtime or Modification
@@ -65028,6 +65199,12 @@ pkg/attrs#47</a>).</p>
<p>User metadata is stored as extended attributes (which may not be
supported by all file systems) under the "user.*" prefix.</p>
<p>Metadata is supported on files and directories.</p>
<p>When restoring metadata with <code>--metadata</code> rclone applies
the "mode", "uid" and "gid" from the source. These come from the source
remote which may not be trusted, so restoring metadata as root from an
untrusted source can change file ownership and is not recommended. The
setuid, setgid and sticky bits are not restored by default - see the
<code>--local-metadata-restore-special-bits</code> flag.</p>
<p>Here are the possible system metadata items for the local
backend.</p>
<table>
@@ -65124,6 +65301,134 @@ the output.</p>
<!-- autogenerated options stop -->
<!-- markdownlint-disable line-length -->
<h1 id="changelog-1">Changelog</h1>
<h2 id="v1.74.4---2026-07-08">v1.74.4 - 2026-07-08</h2>
<p><a
href="https://github.com/rclone/rclone/compare/v1.74.3...v1.74.4">See
commits</a></p>
<ul>
<li>Bug Fixes
<ul>
<li>accounting
<ul>
<li>Fix goroutine leak in ResetCounters (Nick Craig-Wood)</li>
<li>Fix goroutine leak in NewStatsGroup for zero-transfer rc jobs
(Sanjays2402)</li>
</ul></li>
<li>archive extract: Fix path traversal letting archives escape the
destination CVE-2026-59732 (Nick Craig-Wood)</li>
<li>build
<ul>
<li>Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood)
<ul>
<li>CVE-2026-39822: os: Root escape via symlink plus trailing slash</li>
<li>CVE-2026-42505: crypto/tls: Encrypted Client Hello privacy leak</li>
</ul></li>
<li>Update golang.org/x/image to v0.43.0 to fix image decoding
vulnerabilities (Nick Craig-Wood)
<ul>
<li>CVE-2026-46604: panic decoding a TIFF image with an out-of-bounds
strip offset</li>
<li>CVE-2026-46602: unbounded memory use from lack of a limit on TIFF
tile sizes</li>
<li>CVE-2026-46601: panic on a WEBP VP8 alpha channel size mismatch</li>
<li>CVE-2026-33813: panic decoding a large WEBP image on 32-bit
platforms</li>
</ul></li>
</ul></li>
<li>cmd/mount2
<ul>
<li>Fix NFS file creation by implementing Mknod (Sandy Luppino)</li>
<li>Fix ESTALE over NFS by reporting stable inode numbers (Sandy
Luppino)</li>
<li>Fix NFS directory listings by supporting non-zero Seekdir offsets
(Sandy Luppino)</li>
</ul></li>
<li>completion: Fix powershell completion corrupting non-ASCII names
(Yash Anil)</li>
<li>doc fixes (Bryan Stenson, Castronaut, Filippo, Gaurav, happysnaker,
Jan-Philipp Reßler, Nick Craig-Wood, user77)</li>
<li>filter: Fix <code>--files-from</code> copy stopping at the first
unreadable file (Nick Craig-Wood)</li>
<li>fs
<ul>
<li>Fix command line flag being ignored when set to its default value
(Nick Craig-Wood)</li>
<li>Fix negative offset when a suffix Range request exceeds object size
(Amit Mishra)</li>
</ul></li>
<li>gui: Update embedded release to 1.1.10 (Nick Craig-Wood)</li>
<li>ncdu: Fix duplicated keystrokes on Windows by pinning tcell to
v2.9.0 (Nick Craig-Wood)</li>
<li>serve restic: Fix <code>--private-repos</code> isolation bypass
CVE-2026-59733 (Nick Craig-Wood)</li>
<li>serve s3
<ul>
<li>Fix spurious 404 on HEAD/GET during VFS writeback (max)</li>
<li>Fix path traversal letting clients see files in the root
GHSA-8v25-v8p6-qf7v (Nick Craig-Wood)</li>
</ul></li>
<li>serve webdav: Fix MOVE overwrite failing without Overwrite header
(Sanjay Santhanam)</li>
<li>serve/http: Fix <code>--disable-zip</code> so it works over rc (Nick
Craig-Wood)</li>
</ul></li>
<li>VFS
<ul>
<li>Fix hang reopening a file during the handle-caching grace period
(Nick Craig-Wood)</li>
</ul></li>
<li>Local
<ul>
<li>Stop <code>--links</code> symlinks escaping the destination
directory CVE-2026-54572 (Nick Craig-Wood)</li>
<li>Don't restore setuid/setgid/sticky bits from metadata by default
GHSA-945v-v9p3-v5xw (Nick Craig-Wood)</li>
</ul></li>
<li>Drive
<ul>
<li>Warn when non-exportable Google documents are skipped (Nick
Craig-Wood)</li>
<li>Fix stray %!(EXTRA) in unexportable google document log message
(Nick Craig-Wood)</li>
<li>Warn when using rclone's shared client_id (Nick Craig-Wood)</li>
</ul></li>
<li>Filelu
<ul>
<li>Fix recursive listing path handling and file filtering
(kingston125)</li>
</ul></li>
<li>Googlephotos
<ul>
<li>Warn when using rclone's shared client_id (Nick Craig-Wood)</li>
</ul></li>
<li>Mega
<ul>
<li>Wait for server events after upload, delete and move (Nick
Craig-Wood)</li>
<li>Fix hard deleted files reappearing in listings (Nick
Craig-Wood)</li>
</ul></li>
<li>S3
<ul>
<li>Remove session token on cross-host redirects (IceLocke)</li>
<li>Strip STS security token on same-host HTTPS-&gt;HTTP redirect
GHSA-cf44-9pgv-m4xc (Nick Craig-Wood)</li>
<li>Fix error mapping in GetObject to match HeadObject (lewoberst)</li>
<li>Correct documented <code>copy_cutoff</code> minimum to 1 byte
(max)</li>
<li>Fix mounting a prefix failing with 403 when HEAD is not permitted
(Nick Craig-Wood)</li>
</ul></li>
<li>Smb
<ul>
<li>Fix for IBM iSeries and signature verification (dithwick)</li>
</ul></li>
<li>WebDAV
<ul>
<li>Fix mixed property statuses in multi-status responses
(nako-ruru)</li>
</ul></li>
</ul>
<h2 id="v1.74.3---2026-06-05">v1.74.3 - 2026-06-05</h2>
<p><a
href="https://github.com/rclone/rclone/compare/v1.74.2...v1.74.3">See

277
MANUAL.md generated
View File

@@ -1,6 +1,6 @@
% rclone(1) User Manual
% Nick Craig-Wood
% Jun 05, 2026
% Jul 08, 2026
# NAME
@@ -5416,12 +5416,12 @@ rclone convmv "stories/The Quick Brown Fox!.txt" --name-transform "all,command=e
```console
rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{YYYYMMDD}"
// Output: stories/The Quick Brown Fox!-20260605
// Output: stories/The Quick Brown Fox!-20260708
```
```console
rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{macfriendlytime}"
// Output: stories/The Quick Brown Fox!-2026-06-05 0414PM
// Output: stories/The Quick Brown Fox!-2026-07-08 0504PM
```
```console
@@ -5631,8 +5631,9 @@ Copy files from source to dest, skipping identical files.
If source:path is a file or directory then it copies it to a file or
directory named dest:path.
This can be used to upload single files to other than their current
name. If the source is a directory then it acts exactly like the
This can be used to copy a single file to a destination with a name
different from its source - for example, uploading and renaming in one
step. If the source is a directory then it acts exactly like the
[copy](https://rclone.org/commands/rclone_copy/) command.
So
@@ -14066,6 +14067,17 @@ Versioning is not currently supported.
Metadata will only be saved in memory other than the rclone `mtime`
metadata which will be set as the modification time of the file.
## Object names
`serve s3` stores objects as files in the backend, so object keys are
mapped to file paths rather than treated as the opaque strings AWS S3
allows. Keys must be in canonical path form: keys that contain `..` or
`.` path segments, repeated slashes (`//`), or a leading or trailing
slash are rejected with a `400 Bad Request` (`InvalidArgument`)
instead of being normalised, since normalising them could alias two
distinct keys to the same file or resolve a key outside its bucket.
This matches the behaviour of other S3 servers such as MinIO.
## Supported operations
`serve s3` currently supports the following operations.
@@ -18664,7 +18676,7 @@ warnings and significant events.
See also the [logging](#logging) section.
### --windows-event-log LogLevel
### --windows-event-log-level LogLevel
If this is configured (the default is `OFF`) then logs of this level
and above will be logged to the Windows event log in **addition** to
@@ -18680,15 +18692,15 @@ and `Error`. If enabled we map rclone levels like this.
Rclone will declare its log source as "rclone" if it is has enough
permissions to create the registry key needed. If not then logs will
appear as "Application". You can run `rclone version --windows-event-log DEBUG`
appear as "Application". You can run `rclone version --windows-event-log-level DEBUG`
once as administrator to create the registry key in advance.
**Note** that the `--windows-event-log` level must be greater (more
**Note** that the `--windows-event-log-level` level must be greater (more
severe) than or equal to the `--log-level`. For example to log DEBUG
to a log file but ERRORs to the event log you would use
```text
--log-file rclone.log --log-level DEBUG --windows-event-log ERROR
--log-file rclone.log --log-level DEBUG --windows-event-log-level ERROR
```
This option is only supported Windows platforms.
@@ -20470,7 +20482,7 @@ y/e/d>
## Configuring by copying the config file
Rclone stores all of its configuration in a single file. This can easily be
copied to configure a remote rclone (although some backends does not support
copied to configure a remote rclone (although some backends do not support
reusing the same configuration, consult your backend documentation to be
sure).
@@ -21640,6 +21652,43 @@ or [use HTTP directly](#api-http).
If you just want to run a remote control then see the [rcd](https://rclone.org/commands/rclone_rcd/)
command.
## Security {#security}
**Access to the rc API is equivalent to shell access as the user running
rclone.** Treat the rc port as you would an interactive login on the host.
Any caller who can reach the API (and pass authentication, if it is enabled)
can, among other things:
- **Run OS commands** as the rclone user. `core/command` re-executes the rclone
binary with arbitrary arguments, and several backend options shell out to
programs, so even creating a remote with `config/create` can lead to command
execution.
- **Read and write any file** reachable by the rclone process, by pointing
`operations/*` or `sync/*` at a `local` remote (or via `--rc-files` /
`--rc-serve`). Writing arbitrary files as the rclone user is itself a route to
code execution.
- **Read back stored credentials.** rclone configs routinely hold cloud-provider
secrets. `config/dump` and friends expose them, so a compromise of the rc
reaches every configured backend.
- **Change rclone's runtime behaviour** with `options/set`, **manage remotes**
with `config/*`, and **stop the process** with `core/quit`.
There is currently no per-endpoint capability or scope system: authentication is
all-or-nothing. Granting any access grants all of the above.
Consequently:
- **Do not bind the rc to a network address you do not control.** The default
bind is loopback (`localhost:5572`); keep it there unless you have a specific
reason to change it.
- **Do not use `--rc-no-auth` on a non-loopback bind.** It disables
authentication on the endpoints that access remotes — see
[`--rc-no-auth`](#--rc-no-auth).
- **Use authentication and TLS** (`--rc-user`/`--rc-pass` or `--rc-htpasswd`,
plus `--rc-cert`/`--rc-key`) whenever the port is reachable by anyone you do
not fully trust, and raise `--rc-min-tls-version`.
## Supported parameters
### --rc
@@ -25003,7 +25052,7 @@ Flags for general networking and HTTP stuff.
--tpslimit float Limit HTTP transactions per second to this
--tpslimit-burst int Max burst of transactions for --tpslimit (default 1)
--use-cookies Enable session cookiejar
--user-agent string Set the user-agent to a specified string (default "rclone/v1.74.3")
--user-agent string Set the user-agent to a specified string (default "rclone/v1.74.4")
```
@@ -25687,8 +25736,10 @@ Backend-only flags (these can be set in the config file also).
--local-case-sensitive Force the filesystem to report itself as case sensitive
--local-description string Description of the remote
--local-encoding Encoding The encoding for the backend (default Slash,Dot)
--local-fatal-if-no-space Make out-of-space errors fatal during transfers
--local-hashes CommaSepList Comma separated list of supported checksum types
--local-links Translate symlinks to/from regular files with a '.rclonelink' extension for the local backend
--local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata
--local-no-check-updated Don't check to see if the files change during upload
--local-no-clone Disable reflink cloning for server-side copies
--local-no-preallocate Disable preallocation of disk space for transferred files
@@ -27215,8 +27266,8 @@ internals of the generated export file.) Therefore, bisync automatically skips
`--download-hash` for files with a size less than 0.
See also: [`Hasher`](https://rclone.org/hasher/) backend,
[`cryptcheck`](https://rclone.org/commands/rclone_cryptcheck/) command, [`rclone check
--download`](https://rclone.org/commands/rclone_check/) option,
[`cryptcheck`](https://rclone.org/commands/rclone_cryptcheck/) command,
[`rclone check --download`](https://rclone.org/commands/rclone_check/) option,
[`md5sum`](https://rclone.org/commands/rclone_md5sum/) command
### --max-delete
@@ -27790,9 +27841,20 @@ encodings.)
The following backends have known issues that need more investigation:
<!--- start list_failures - DO NOT EDIT THIS SECTION - use make commanddocs --->
- `TestFilen` (`filen`)
- [`TestBisyncRemoteRemote/resync_modes`](https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt)
- [`TestBisyncRemoteRemote/rmdirs`](https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt)
- `TestGoogleCloudStorage,directory_markers` (`googlecloudstorage`)
- [`TestBisyncRemoteLocal/all_changed`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
- [`TestBisyncRemoteLocal/backupdir`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
- [`TestBisyncRemoteLocal/basic`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
- [`TestBisyncRemoteLocal/changes`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
- [`TestBisyncRemoteLocal/check_access`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
- [79 more](https://pub.rclone.org/integration-tests/current/)
- `TestGoogleCloudStorage` (`googlecloudstorage`)
- [`TestBisyncRemoteLocal/all_changed`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
- [`TestBisyncRemoteLocal/backupdir`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
- [`TestBisyncRemoteLocal/basic`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
- [`TestBisyncRemoteLocal/changes`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
- [`TestBisyncRemoteLocal/check_access`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
- [79 more](https://pub.rclone.org/integration-tests/current/)
- `TestHuaweiDrive` (`huaweidrive`)
- [`TestBisyncRemoteLocal/ext_paths`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt)
- [`TestBisyncRemoteLocal/extended_filenames`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt)
@@ -27800,9 +27862,7 @@ The following backends have known issues that need more investigation:
- [`TestBisyncLocalRemote/ext_paths`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt)
- [`TestBisyncLocalRemote/extended_filenames`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt)
- [4 more](https://pub.rclone.org/integration-tests/current/)
- `TestSeafile` (`seafile`)
- [`TestBisyncLocalRemote/rmdirs`](https://pub.rclone.org/integration-tests/current/seafile-cmd.bisync-TestSeafile-1.txt)
- Updated: 2026-06-05-010010
- Updated: 2026-07-08-010014
<!--- end list_failures - DO NOT EDIT THIS SECTION - use make commanddocs --->
The following backends either have not been tested recently or have known issues
@@ -27908,6 +27968,11 @@ is to rename it to the same name on both sides. (As of `rclone v1.64`,
a `--resync` is no longer required after doing so, as bisync will automatically
detect that Path1 and Path2 are in agreement.)
Note that although the flag --track-renames ensures that renamed/moved files won't
be deleted and uploaded again, they are still counted as deleted files for purposes
of the --max-delete flag (as this check happens before the rename detection
operation). See [this issue](https://github.com/rclone/rclone/issues/8685).
### `--fast-list` used by default
Unlike most other rclone commands, bisync uses [`--fast-list`](https://rclone.org/docs/#fast-list)
@@ -32772,7 +32837,7 @@ Cutoff for switching to multipart copy.
Any files larger than this that need to be server-side copied will be
copied in chunks of this size.
The minimum is 0 and the maximum is 5 GiB.
The minimum is 1 byte and the maximum is 5 GiB.
Properties:
@@ -43990,9 +44055,9 @@ This uses a 32 byte (256 bit key) key derived from the user password.
1 MiB (1048576 bytes) file will encrypt to
- 32 bytes header
- 16 chunks of 65568 bytes
- 16 chunks of 65552 bytes
1049120 bytes total (a 0.05% overhead). This is the overhead for big
1048864 bytes total (a 0.03% overhead). This is the overhead for big
files.
### Name encryption
@@ -48515,9 +48580,14 @@ correct root to use itself.
However you can set this to restrict rclone to a specific folder
hierarchy or to access data within the "Computers" tab on the drive
web interface (where files from Google's Backup and Sync desktop
program go).
program go). However, this is not the easiest method.
Instead, you can create a shortcut to a folder in "Computers" and
place it in "My Drive." To do so, right-click the folder, select
"Organize", and then choose "Add shortcut" in the Google Drive web interface.
Once you add the shortcut to "My Drive," rclone will display the folder, allowing you to interact with it.
See also [Shortcuts](#shortcuts).
In order to do this you will have to find the `Folder ID` of the
If, however, you choose to change your root folder, you will have to find the `Folder ID` of the
directory you wish rclone to display. This will be the last segment
of the URL when you open the relevant folder in the drive web
interface.
@@ -48528,7 +48598,11 @@ in the browser, then you use `1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh` as
the `root_folder_id` in the config.
**NB** folders under the "Computers" tab seem to be read only (drive
gives a 500 error) when using rclone.
gives a 500 error) when using rclone, but they are also read-only in the Google Drive web interface,
likely because this folder is managed by the Google Drive Desktop tool.
Top-level folders in "Computers" are read-only, but you can interact
with folders contained within them using rclone.
These are the folders for which you can create a shortcut as well, as described above.
There doesn't appear to be an API to discover the folder IDs of the
"Computers" tab - please contact us if you know otherwise!
@@ -50352,6 +50426,23 @@ after a week, which can be annoying to refresh constantly. If, for whatever
reason, a short grant time is not a problem, then keeping the application in
testing mode would also be sufficient.
In most cases verification is not actually required. Google [exempts a number of
app categories](https://support.google.com/cloud/answer/13464323) from mandatory
verification, including:
- **Personal Use apps**: if the app is for your personal use (fewer than 100
users), you and your limited number of users can keep using it without
verification - you will just need to click through the "unverified app"
warning screen during sign-in. Verification is only required if you want to
grow your user base beyond 100 users.
- **Development/Testing/Staging apps**: apps in development, testing or staging
mode are not subject to verification (but are limited to the 100-user cap and
the unverified-app warning until verified).
So for typical personal rclone use you can leave the app unverified, accept the
warning screen, and publish it (rather than leaving it in "Testing") to avoid
the weekly grant expiry described above.
(Thanks to @balazer on github for these instructions.)
Sometimes, creation of an OAuth consent in Google API Console fails due to an
@@ -69864,6 +69955,31 @@ backends and the VFS.
Note that this flag is incompatible with `-copy-links` / `-L`.
#### Symlink targets and the destination
When rclone recreates a `.rclonelink` file as a symlink on local storage,
the symlink can point anywhere - including, with an absolute path or one
using `../` - to a location outside the directory you are copying into. This
is normal - rclone reproduces whatever target the link had, so backups
round-trip faithfully.
What rclone will **not** do is *write through* such a link. If a remote you
are copying from contains both a symlink and a file or directory that would
be placed inside it - for example a `dir.rclonelink` pointing somewhere
outside the destination, alongside a `dir/file.txt` - rclone refuses to
follow the symlink when writing `dir/file.txt`. The offending file is
skipped with an error, the rest of the transfer continues, and the skipped
file is counted in the error summary printed at the end of the run.
This protects you from a malicious or compromised remote using `-l` /
`--links` to plant a symlink and then write through it to somewhere outside
your destination. Ordinary symlink round-trips, and symlinks that stay
inside the destination, are unaffected.
If you have intentionally pre-created a symlinked directory inside your
destination and want rclone to write into the directory it points at, do
not use `-l` / `--links` for that copy, or remove the symlink first.
### Restricting filesystems with --one-file-system
Normally rclone will recurse through filesystems as mounted.
@@ -70180,6 +70296,47 @@ Properties:
- Type: bool
- Default: false
#### --local-metadata-restore-special-bits
Restore the setuid, setgid and sticky bits from metadata.
When restoring metadata with --metadata rclone applies the "mode" from
the source. By default rclone applies only the permission bits and
strips the setuid, setgid and sticky bits.
The "mode" comes from the source remote which may not be trusted.
Restoring a setuid or setgid bit onto freshly written,
source-controlled content can plant a setuid binary, which is dangerous
in particular when restoring from an untrusted source while running as
root. For this reason these bits are not restored by default.
If you trust the source and want the setuid, setgid and sticky bits
restored - for example when restoring a system backup made by rclone -
set this flag.
Properties:
- Config: metadata_restore_special_bits
- Env Var: RCLONE_LOCAL_METADATA_RESTORE_SPECIAL_BITS
- Type: bool
- Default: false
#### --local-fatal-if-no-space
Make out-of-space errors fatal during transfers.
When enabled, an ENOSPC error during a write returns a fatal error so
that rclone aborts rather than retrying the operation. Useful for
backup scripts that should halt loudly on a full disk rather than spin
retrying.
Properties:
- Config: fatal_if_no_space
- Env Var: RCLONE_LOCAL_FATAL_IF_NO_SPACE
- Type: bool
- Default: false
#### --local-time-type
Set what kind of time is returned.
@@ -70266,6 +70423,13 @@ supported by all file systems) under the "user.*" prefix.
Metadata is supported on files and directories.
When restoring metadata with `--metadata` rclone applies the
"mode", "uid" and "gid" from the source. These come from the source
remote which may not be trusted, so restoring metadata as root from an
untrusted source can change file ownership and is not recommended. The
setuid, setgid and sticky bits are not restored by default - see the
`--local-metadata-restore-special-bits` flag.
Here are the possible system metadata items for the local backend.
| Name | Help | Type | Example | Read Only |
@@ -70319,6 +70483,69 @@ Options:
# Changelog
## v1.74.4 - 2026-07-08
[See commits](https://github.com/rclone/rclone/compare/v1.74.3...v1.74.4)
- Bug Fixes
- accounting
- Fix goroutine leak in ResetCounters (Nick Craig-Wood)
- Fix goroutine leak in NewStatsGroup for zero-transfer rc jobs (Sanjays2402)
- archive extract: Fix path traversal letting archives escape the destination CVE-2026-59732 (Nick Craig-Wood)
- build
- Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood)
- CVE-2026-39822: os: Root escape via symlink plus trailing slash
- CVE-2026-42505: crypto/tls: Encrypted Client Hello privacy leak
- Update golang.org/x/image to v0.43.0 to fix image decoding vulnerabilities (Nick Craig-Wood)
- CVE-2026-46604: panic decoding a TIFF image with an out-of-bounds strip offset
- CVE-2026-46602: unbounded memory use from lack of a limit on TIFF tile sizes
- CVE-2026-46601: panic on a WEBP VP8 alpha channel size mismatch
- CVE-2026-33813: panic decoding a large WEBP image on 32-bit platforms
- cmd/mount2
- Fix NFS file creation by implementing Mknod (Sandy Luppino)
- Fix ESTALE over NFS by reporting stable inode numbers (Sandy Luppino)
- Fix NFS directory listings by supporting non-zero Seekdir offsets (Sandy Luppino)
- completion: Fix powershell completion corrupting non-ASCII names (Yash Anil)
- doc fixes (Bryan Stenson, Castronaut, Filippo, Gaurav, happysnaker, Jan-Philipp Reßler, Nick Craig-Wood, user77)
- filter: Fix `--files-from` copy stopping at the first unreadable file (Nick Craig-Wood)
- fs
- Fix command line flag being ignored when set to its default value (Nick Craig-Wood)
- Fix negative offset when a suffix Range request exceeds object size (Amit Mishra)
- gui: Update embedded release to 1.1.10 (Nick Craig-Wood)
- ncdu: Fix duplicated keystrokes on Windows by pinning tcell to v2.9.0 (Nick Craig-Wood)
- serve restic: Fix `--private-repos` isolation bypass CVE-2026-59733 (Nick Craig-Wood)
- serve s3
- Fix spurious 404 on HEAD/GET during VFS writeback (max)
- Fix path traversal letting clients see files in the root GHSA-8v25-v8p6-qf7v (Nick Craig-Wood)
- serve webdav: Fix MOVE overwrite failing without Overwrite header (Sanjay Santhanam)
- serve/http: Fix `--disable-zip` so it works over rc (Nick Craig-Wood)
- VFS
- Fix hang reopening a file during the handle-caching grace period (Nick Craig-Wood)
- Local
- Stop `--links` symlinks escaping the destination directory CVE-2026-54572 (Nick Craig-Wood)
- Don't restore setuid/setgid/sticky bits from metadata by default GHSA-945v-v9p3-v5xw (Nick Craig-Wood)
- Drive
- Warn when non-exportable Google documents are skipped (Nick Craig-Wood)
- Fix stray %!(EXTRA) in unexportable google document log message (Nick Craig-Wood)
- Warn when using rclone's shared client_id (Nick Craig-Wood)
- Filelu
- Fix recursive listing path handling and file filtering (kingston125)
- Googlephotos
- Warn when using rclone's shared client_id (Nick Craig-Wood)
- Mega
- Wait for server events after upload, delete and move (Nick Craig-Wood)
- Fix hard deleted files reappearing in listings (Nick Craig-Wood)
- S3
- Remove session token on cross-host redirects (IceLocke)
- Strip STS security token on same-host HTTPS->HTTP redirect GHSA-cf44-9pgv-m4xc (Nick Craig-Wood)
- Fix error mapping in GetObject to match HeadObject (lewoberst)
- Correct documented `copy_cutoff` minimum to 1 byte (max)
- Fix mounting a prefix failing with 403 when HEAD is not permitted (Nick Craig-Wood)
- Smb
- Fix for IBM iSeries and signature verification (dithwick)
- WebDAV
- Fix mixed property statuses in multi-status responses (nako-ruru)
## v1.74.3 - 2026-06-05
[See commits](https://github.com/rclone/rclone/compare/v1.74.2...v1.74.3)

317
MANUAL.txt generated
View File

@@ -1,6 +1,6 @@
rclone(1) User Manual
Nick Craig-Wood
Jun 05, 2026
Jul 08, 2026
NAME
@@ -4632,10 +4632,10 @@ Examples:
// Output: stories/The Quick Brown Fox!.txt
rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{YYYYMMDD}"
// Output: stories/The Quick Brown Fox!-20260605
// Output: stories/The Quick Brown Fox!-20260708
rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{macfriendlytime}"
// Output: stories/The Quick Brown Fox!-2026-06-05 0414PM
// Output: stories/The Quick Brown Fox!-2026-07-08 0504PM
rclone convmv "stories/The Quick Brown Fox!.txt" --name-transform "all,regex=[\\.\\w]/ab"
// Output: ababababababab/ababab ababababab ababababab ababab!abababab
@@ -4837,8 +4837,9 @@ Synopsis
If source:path is a file or directory then it copies it to a file or
directory named dest:path.
This can be used to upload single files to other than their current
name. If the source is a directory then it acts exactly like the copy
This can be used to copy a single file to a destination with a name
different from its source - for example, uploading and renaming in one
step. If the source is a directory then it acts exactly like the copy
command.
So
@@ -12661,6 +12662,17 @@ Versioning is not currently supported.
Metadata will only be saved in memory other than the rclone mtime
metadata which will be set as the modification time of the file.
Object names
serve s3 stores objects as files in the backend, so object keys are
mapped to file paths rather than treated as the opaque strings AWS S3
allows. Keys must be in canonical path form: keys that contain .. or .
path segments, repeated slashes (//), or a leading or trailing slash are
rejected with a 400 Bad Request (InvalidArgument) instead of being
normalised, since normalising them could alias two distinct keys to the
same file or resolve a key outside its bucket. This matches the
behaviour of other S3 servers such as MinIO.
Supported operations
serve s3 currently supports the following operations.
@@ -16947,7 +16959,7 @@ ERROR is equivalent to -q. It only outputs error messages.
See also the logging section.
--windows-event-log LogLevel
--windows-event-log-level LogLevel
If this is configured (the default is OFF) then logs of this level and
above will be logged to the Windows event log in addition to the normal
@@ -16965,14 +16977,14 @@ Error. If enabled we map rclone levels like this.
Rclone will declare its log source as "rclone" if it is has enough
permissions to create the registry key needed. If not then logs will
appear as "Application". You can run
rclone version --windows-event-log DEBUG once as administrator to create
the registry key in advance.
rclone version --windows-event-log-level DEBUG once as administrator to
create the registry key in advance.
Note that the --windows-event-log level must be greater (more severe)
than or equal to the --log-level. For example to log DEBUG to a log file
but ERRORs to the event log you would use
Note that the --windows-event-log-level level must be greater (more
severe) than or equal to the --log-level. For example to log DEBUG to a
log file but ERRORs to the event log you would use
--log-file rclone.log --log-level DEBUG --windows-event-log ERROR
--log-file rclone.log --log-level DEBUG --windows-event-log-level ERROR
This option is only supported Windows platforms.
@@ -18694,7 +18706,7 @@ Then back to the headless machine, paste in the code.
Configuring by copying the config file
Rclone stores all of its configuration in a single file. This can easily
be copied to configure a remote rclone (although some backends does not
be copied to configure a remote rclone (although some backends do not
support reusing the same configuration, consult your backend
documentation to be sure).
@@ -19775,6 +19787,44 @@ directly.
If you just want to run a remote control then see the rcd command.
Security
Access to the rc API is equivalent to shell access as the user running
rclone. Treat the rc port as you would an interactive login on the host.
Any caller who can reach the API (and pass authentication, if it is
enabled) can, among other things:
- Run OS commands as the rclone user. core/command re-executes the
rclone binary with arbitrary arguments, and several backend options
shell out to programs, so even creating a remote with config/create
can lead to command execution.
- Read and write any file reachable by the rclone process, by pointing
operations/* or sync/* at a local remote (or via --rc-files /
--rc-serve). Writing arbitrary files as the rclone user is itself a
route to code execution.
- Read back stored credentials. rclone configs routinely hold
cloud-provider secrets. config/dump and friends expose them, so a
compromise of the rc reaches every configured backend.
- Change rclone's runtime behaviour with options/set, manage remotes
with config/*, and stop the process with core/quit.
There is currently no per-endpoint capability or scope system:
authentication is all-or-nothing. Granting any access grants all of the
above.
Consequently:
- Do not bind the rc to a network address you do not control. The
default bind is loopback (localhost:5572); keep it there unless you
have a specific reason to change it.
- Do not use --rc-no-auth on a non-loopback bind. It disables
authentication on the endpoints that access remotes — see
--rc-no-auth.
- Use authentication and TLS (--rc-user/--rc-pass or --rc-htpasswd,
plus --rc-cert/--rc-key) whenever the port is reachable by anyone
you do not fully trust, and raise --rc-min-tls-version.
Supported parameters
--rc
@@ -23158,7 +23208,7 @@ Flags for general networking and HTTP stuff.
--tpslimit float Limit HTTP transactions per second to this
--tpslimit-burst int Max burst of transactions for --tpslimit (default 1)
--use-cookies Enable session cookiejar
--user-agent string Set the user-agent to a specified string (default "rclone/v1.74.3")
--user-agent string Set the user-agent to a specified string (default "rclone/v1.74.4")
Performance
@@ -23812,8 +23862,10 @@ Backend-only flags (these can be set in the config file also).
--local-case-sensitive Force the filesystem to report itself as case sensitive
--local-description string Description of the remote
--local-encoding Encoding The encoding for the backend (default Slash,Dot)
--local-fatal-if-no-space Make out-of-space errors fatal during transfers
--local-hashes CommaSepList Comma separated list of supported checksum types
--local-links Translate symlinks to/from regular files with a '.rclonelink' extension for the local backend
--local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata
--local-no-check-updated Don't check to see if the files change during upload
--local-no-clone Disable reflink cloning for server-side copies
--local-no-preallocate Disable preallocation of disk space for transferred files
@@ -25857,9 +25909,20 @@ disallowed special characters and filename encodings.)
The following backends have known issues that need more investigation:
- TestFilen (filen)
- TestBisyncRemoteRemote/resync_modes
- TestBisyncRemoteRemote/rmdirs
- TestGoogleCloudStorage,directory_markers (googlecloudstorage)
- TestBisyncRemoteLocal/all_changed
- TestBisyncRemoteLocal/backupdir
- TestBisyncRemoteLocal/basic
- TestBisyncRemoteLocal/changes
- TestBisyncRemoteLocal/check_access
- 79 more
- TestGoogleCloudStorage (googlecloudstorage)
- TestBisyncRemoteLocal/all_changed
- TestBisyncRemoteLocal/backupdir
- TestBisyncRemoteLocal/basic
- TestBisyncRemoteLocal/changes
- TestBisyncRemoteLocal/check_access
- 79 more
- TestHuaweiDrive (huaweidrive)
- TestBisyncRemoteLocal/ext_paths
- TestBisyncRemoteLocal/extended_filenames
@@ -25867,9 +25930,7 @@ The following backends have known issues that need more investigation:
- TestBisyncLocalRemote/ext_paths
- TestBisyncLocalRemote/extended_filenames
- 4 more
- TestSeafile (seafile)
- TestBisyncLocalRemote/rmdirs
- Updated: 2026-06-05-010010
- Updated: 2026-07-08-010014
The following backends either have not been tested recently or have
known issues that are deemed unfixable for the time being:
@@ -25972,6 +26033,11 @@ directory is to rename it to the same name on both sides. (As of
rclone v1.64, a --resync is no longer required after doing so, as bisync
will automatically detect that Path1 and Path2 are in agreement.)
Note that although the flag --track-renames ensures that renamed/moved
files won't be deleted and uploaded again, they are still counted as
deleted files for purposes of the --max-delete flag (as this check
happens before the rename detection operation). See this issue.
--fast-list used by default
Unlike most other rclone commands, bisync uses --fast-list by default,
@@ -30841,7 +30907,7 @@ Cutoff for switching to multipart copy.
Any files larger than this that need to be server-side copied will be
copied in chunks of this size.
The minimum is 0 and the maximum is 5 GiB.
The minimum is 1 byte and the maximum is 5 GiB.
Properties:
@@ -41650,9 +41716,9 @@ Examples
1 MiB (1048576 bytes) file will encrypt to
- 32 bytes header
- 16 chunks of 65568 bytes
- 16 chunks of 65552 bytes
1049120 bytes total (a 0.05% overhead). This is the overhead for big
1048864 bytes total (a 0.03% overhead). This is the overhead for big
files.
Name encryption
@@ -45955,11 +46021,17 @@ root to use itself.
However you can set this to restrict rclone to a specific folder
hierarchy or to access data within the "Computers" tab on the drive web
interface (where files from Google's Backup and Sync desktop program
go).
go). However, this is not the easiest method. Instead, you can create a
shortcut to a folder in "Computers" and place it in "My Drive." To do
so, right-click the folder, select "Organize", and then choose "Add
shortcut" in the Google Drive web interface. Once you add the shortcut
to "My Drive," rclone will display the folder, allowing you to interact
with it. See also Shortcuts.
In order to do this you will have to find the Folder ID of the directory
you wish rclone to display. This will be the last segment of the URL
when you open the relevant folder in the drive web interface.
If, however, you choose to change your root folder, you will have to
find the Folder ID of the directory you wish rclone to display. This
will be the last segment of the URL when you open the relevant folder in
the drive web interface.
So if the folder you want rclone to use has a URL which looks like
https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh
@@ -45967,7 +46039,12 @@ in the browser, then you use 1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh as the
root_folder_id in the config.
NB folders under the "Computers" tab seem to be read only (drive gives a
500 error) when using rclone.
500 error) when using rclone, but they are also read-only in the Google
Drive web interface, likely because this folder is managed by the Google
Drive Desktop tool. Top-level folders in "Computers" are read-only, but
you can interact with folders contained within them using rclone. These
are the folders for which you can create a shortcut as well, as
described above.
There doesn't appear to be an API to discover the folder IDs of the
"Computers" tab - please contact us if you know otherwise!
@@ -47804,6 +47881,22 @@ which can be annoying to refresh constantly. If, for whatever reason, a
short grant time is not a problem, then keeping the application in
testing mode would also be sufficient.
In most cases verification is not actually required. Google exempts a
number of app categories from mandatory verification, including:
- Personal Use apps: if the app is for your personal use (fewer than
100 users), you and your limited number of users can keep using it
without verification - you will just need to click through the
"unverified app" warning screen during sign-in. Verification is only
required if you want to grow your user base beyond 100 users.
- Development/Testing/Staging apps: apps in development, testing or
staging mode are not subject to verification (but are limited to the
100-user cap and the unverified-app warning until verified).
So for typical personal rclone use you can leave the app unverified,
accept the warning screen, and publish it (rather than leaving it in
"Testing") to avoid the weekly grant expiry described above.
(Thanks to @balazer on github for these instructions.)
Sometimes, creation of an OAuth consent in Google API Console fails due
@@ -66953,6 +67046,32 @@ VFS.
Note that this flag is incompatible with -copy-links / -L.
Symlink targets and the destination
When rclone recreates a .rclonelink file as a symlink on local storage,
the symlink can point anywhere - including, with an absolute path or one
using ../ - to a location outside the directory you are copying into.
This is normal - rclone reproduces whatever target the link had, so
backups round-trip faithfully.
What rclone will not do is write through such a link. If a remote you
are copying from contains both a symlink and a file or directory that
would be placed inside it - for example a dir.rclonelink pointing
somewhere outside the destination, alongside a dir/file.txt - rclone
refuses to follow the symlink when writing dir/file.txt. The offending
file is skipped with an error, the rest of the transfer continues, and
the skipped file is counted in the error summary printed at the end of
the run.
This protects you from a malicious or compromised remote using -l /
--links to plant a symlink and then write through it to somewhere
outside your destination. Ordinary symlink round-trips, and symlinks
that stay inside the destination, are unaffected.
If you have intentionally pre-created a symlinked directory inside your
destination and want rclone to write into the directory it points at, do
not use -l / --links for that copy, or remove the symlink first.
Restricting filesystems with --one-file-system
Normally rclone will recurse through filesystems as mounted.
@@ -67262,6 +67381,47 @@ Properties:
- Type: bool
- Default: false
--local-metadata-restore-special-bits
Restore the setuid, setgid and sticky bits from metadata.
When restoring metadata with --metadata rclone applies the "mode" from
the source. By default rclone applies only the permission bits and
strips the setuid, setgid and sticky bits.
The "mode" comes from the source remote which may not be trusted.
Restoring a setuid or setgid bit onto freshly written, source-controlled
content can plant a setuid binary, which is dangerous in particular when
restoring from an untrusted source while running as root. For this
reason these bits are not restored by default.
If you trust the source and want the setuid, setgid and sticky bits
restored - for example when restoring a system backup made by rclone -
set this flag.
Properties:
- Config: metadata_restore_special_bits
- Env Var: RCLONE_LOCAL_METADATA_RESTORE_SPECIAL_BITS
- Type: bool
- Default: false
--local-fatal-if-no-space
Make out-of-space errors fatal during transfers.
When enabled, an ENOSPC error during a write returns a fatal error so
that rclone aborts rather than retrying the operation. Useful for backup
scripts that should halt loudly on a full disk rather than spin
retrying.
Properties:
- Config: fatal_if_no_space
- Env Var: RCLONE_LOCAL_FATAL_IF_NO_SPACE
- Type: bool
- Default: false
--local-time-type
Set what kind of time is returned.
@@ -67348,6 +67508,13 @@ supported by all file systems) under the "user.*" prefix.
Metadata is supported on files and directories.
When restoring metadata with --metadata rclone applies the "mode", "uid"
and "gid" from the source. These come from the source remote which may
not be trusted, so restoring metadata as root from an untrusted source
can change file ownership and is not recommended. The setuid, setgid and
sticky bits are not restored by default - see the
--local-metadata-restore-special-bits flag.
Here are the possible system metadata items for the local backend.
---------------------------------------------------------------------------------------------------
@@ -67410,6 +67577,100 @@ Options:
Changelog
v1.74.4 - 2026-07-08
See commits
- Bug Fixes
- accounting
- Fix goroutine leak in ResetCounters (Nick Craig-Wood)
- Fix goroutine leak in NewStatsGroup for zero-transfer rc
jobs (Sanjays2402)
- archive extract: Fix path traversal letting archives escape the
destination CVE-2026-59732 (Nick Craig-Wood)
- build
- Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood)
- CVE-2026-39822: os: Root escape via symlink plus
trailing slash
- CVE-2026-42505: crypto/tls: Encrypted Client Hello
privacy leak
- Update golang.org/x/image to v0.43.0 to fix image decoding
vulnerabilities (Nick Craig-Wood)
- CVE-2026-46604: panic decoding a TIFF image with an
out-of-bounds strip offset
- CVE-2026-46602: unbounded memory use from lack of a
limit on TIFF tile sizes
- CVE-2026-46601: panic on a WEBP VP8 alpha channel size
mismatch
- CVE-2026-33813: panic decoding a large WEBP image on
32-bit platforms
- cmd/mount2
- Fix NFS file creation by implementing Mknod (Sandy Luppino)
- Fix ESTALE over NFS by reporting stable inode numbers (Sandy
Luppino)
- Fix NFS directory listings by supporting non-zero Seekdir
offsets (Sandy Luppino)
- completion: Fix powershell completion corrupting non-ASCII names
(Yash Anil)
- doc fixes (Bryan Stenson, Castronaut, Filippo, Gaurav,
happysnaker, Jan-Philipp Reßler, Nick Craig-Wood, user77)
- filter: Fix --files-from copy stopping at the first unreadable
file (Nick Craig-Wood)
- fs
- Fix command line flag being ignored when set to its default
value (Nick Craig-Wood)
- Fix negative offset when a suffix Range request exceeds
object size (Amit Mishra)
- gui: Update embedded release to 1.1.10 (Nick Craig-Wood)
- ncdu: Fix duplicated keystrokes on Windows by pinning tcell to
v2.9.0 (Nick Craig-Wood)
- serve restic: Fix --private-repos isolation bypass
CVE-2026-59733 (Nick Craig-Wood)
- serve s3
- Fix spurious 404 on HEAD/GET during VFS writeback (max)
- Fix path traversal letting clients see files in the root
GHSA-8v25-v8p6-qf7v (Nick Craig-Wood)
- serve webdav: Fix MOVE overwrite failing without Overwrite
header (Sanjay Santhanam)
- serve/http: Fix --disable-zip so it works over rc (Nick
Craig-Wood)
- VFS
- Fix hang reopening a file during the handle-caching grace period
(Nick Craig-Wood)
- Local
- Stop --links symlinks escaping the destination directory
CVE-2026-54572 (Nick Craig-Wood)
- Don't restore setuid/setgid/sticky bits from metadata by default
GHSA-945v-v9p3-v5xw (Nick Craig-Wood)
- Drive
- Warn when non-exportable Google documents are skipped (Nick
Craig-Wood)
- Fix stray %!(EXTRA) in unexportable google document log message
(Nick Craig-Wood)
- Warn when using rclone's shared client_id (Nick Craig-Wood)
- Filelu
- Fix recursive listing path handling and file filtering
(kingston125)
- Googlephotos
- Warn when using rclone's shared client_id (Nick Craig-Wood)
- Mega
- Wait for server events after upload, delete and move (Nick
Craig-Wood)
- Fix hard deleted files reappearing in listings (Nick Craig-Wood)
- S3
- Remove session token on cross-host redirects (IceLocke)
- Strip STS security token on same-host HTTPS->HTTP redirect
GHSA-cf44-9pgv-m4xc (Nick Craig-Wood)
- Fix error mapping in GetObject to match HeadObject (lewoberst)
- Correct documented copy_cutoff minimum to 1 byte (max)
- Fix mounting a prefix failing with 403 when HEAD is not
permitted (Nick Craig-Wood)
- Smb
- Fix for IBM iSeries and signature verification (dithwick)
- WebDAV
- Fix mixed property statuses in multi-status responses
(nako-ruru)
v1.74.3 - 2026-06-05
See commits

View File

@@ -1053,9 +1053,20 @@ encodings.)
The following backends have known issues that need more investigation:
<!--- start list_failures - DO NOT EDIT THIS SECTION - use make commanddocs --->
- `TestFilen` (`filen`)
- [`TestBisyncRemoteRemote/resync_modes`](https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt)
- [`TestBisyncRemoteRemote/rmdirs`](https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt)
- `TestGoogleCloudStorage,directory_markers` (`googlecloudstorage`)
- [`TestBisyncRemoteLocal/all_changed`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
- [`TestBisyncRemoteLocal/backupdir`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
- [`TestBisyncRemoteLocal/basic`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
- [`TestBisyncRemoteLocal/changes`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
- [`TestBisyncRemoteLocal/check_access`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
- [79 more](https://pub.rclone.org/integration-tests/current/)
- `TestGoogleCloudStorage` (`googlecloudstorage`)
- [`TestBisyncRemoteLocal/all_changed`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
- [`TestBisyncRemoteLocal/backupdir`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
- [`TestBisyncRemoteLocal/basic`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
- [`TestBisyncRemoteLocal/changes`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
- [`TestBisyncRemoteLocal/check_access`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
- [79 more](https://pub.rclone.org/integration-tests/current/)
- `TestHuaweiDrive` (`huaweidrive`)
- [`TestBisyncRemoteLocal/ext_paths`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt)
- [`TestBisyncRemoteLocal/extended_filenames`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt)
@@ -1063,9 +1074,7 @@ The following backends have known issues that need more investigation:
- [`TestBisyncLocalRemote/ext_paths`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt)
- [`TestBisyncLocalRemote/extended_filenames`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt)
- [4 more](https://pub.rclone.org/integration-tests/current/)
- `TestSeafile` (`seafile`)
- [`TestBisyncLocalRemote/rmdirs`](https://pub.rclone.org/integration-tests/current/seafile-cmd.bisync-TestSeafile-1.txt)
- Updated: 2026-06-05-010010
- Updated: 2026-07-08-010014
<!--- end list_failures - DO NOT EDIT THIS SECTION - use make commanddocs --->
The following backends either have not been tested recently or have known issues

View File

@@ -6,6 +6,69 @@ description: "Rclone Changelog"
# Changelog
## v1.74.4 - 2026-07-08
[See commits](https://github.com/rclone/rclone/compare/v1.74.3...v1.74.4)
- Bug Fixes
- accounting
- Fix goroutine leak in ResetCounters (Nick Craig-Wood)
- Fix goroutine leak in NewStatsGroup for zero-transfer rc jobs (Sanjays2402)
- archive extract: Fix path traversal letting archives escape the destination CVE-2026-59732 (Nick Craig-Wood)
- build
- Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood)
- CVE-2026-39822: os: Root escape via symlink plus trailing slash
- CVE-2026-42505: crypto/tls: Encrypted Client Hello privacy leak
- Update golang.org/x/image to v0.43.0 to fix image decoding vulnerabilities (Nick Craig-Wood)
- CVE-2026-46604: panic decoding a TIFF image with an out-of-bounds strip offset
- CVE-2026-46602: unbounded memory use from lack of a limit on TIFF tile sizes
- CVE-2026-46601: panic on a WEBP VP8 alpha channel size mismatch
- CVE-2026-33813: panic decoding a large WEBP image on 32-bit platforms
- cmd/mount2
- Fix NFS file creation by implementing Mknod (Sandy Luppino)
- Fix ESTALE over NFS by reporting stable inode numbers (Sandy Luppino)
- Fix NFS directory listings by supporting non-zero Seekdir offsets (Sandy Luppino)
- completion: Fix powershell completion corrupting non-ASCII names (Yash Anil)
- doc fixes (Bryan Stenson, Castronaut, Filippo, Gaurav, happysnaker, Jan-Philipp Reßler, Nick Craig-Wood, user77)
- filter: Fix `--files-from` copy stopping at the first unreadable file (Nick Craig-Wood)
- fs
- Fix command line flag being ignored when set to its default value (Nick Craig-Wood)
- Fix negative offset when a suffix Range request exceeds object size (Amit Mishra)
- gui: Update embedded release to 1.1.10 (Nick Craig-Wood)
- ncdu: Fix duplicated keystrokes on Windows by pinning tcell to v2.9.0 (Nick Craig-Wood)
- serve restic: Fix `--private-repos` isolation bypass CVE-2026-59733 (Nick Craig-Wood)
- serve s3
- Fix spurious 404 on HEAD/GET during VFS writeback (max)
- Fix path traversal letting clients see files in the root GHSA-8v25-v8p6-qf7v (Nick Craig-Wood)
- serve webdav: Fix MOVE overwrite failing without Overwrite header (Sanjay Santhanam)
- serve/http: Fix `--disable-zip` so it works over rc (Nick Craig-Wood)
- VFS
- Fix hang reopening a file during the handle-caching grace period (Nick Craig-Wood)
- Local
- Stop `--links` symlinks escaping the destination directory CVE-2026-54572 (Nick Craig-Wood)
- Don't restore setuid/setgid/sticky bits from metadata by default GHSA-945v-v9p3-v5xw (Nick Craig-Wood)
- Drive
- Warn when non-exportable Google documents are skipped (Nick Craig-Wood)
- Fix stray %!(EXTRA) in unexportable google document log message (Nick Craig-Wood)
- Warn when using rclone's shared client_id (Nick Craig-Wood)
- Filelu
- Fix recursive listing path handling and file filtering (kingston125)
- Googlephotos
- Warn when using rclone's shared client_id (Nick Craig-Wood)
- Mega
- Wait for server events after upload, delete and move (Nick Craig-Wood)
- Fix hard deleted files reappearing in listings (Nick Craig-Wood)
- S3
- Remove session token on cross-host redirects (IceLocke)
- Strip STS security token on same-host HTTPS->HTTP redirect GHSA-cf44-9pgv-m4xc (Nick Craig-Wood)
- Fix error mapping in GetObject to match HeadObject (lewoberst)
- Correct documented `copy_cutoff` minimum to 1 byte (max)
- Fix mounting a prefix failing with 403 when HEAD is not permitted (Nick Craig-Wood)
- Smb
- Fix for IBM iSeries and signature verification (dithwick)
- WebDAV
- Fix mixed property statuses in multi-status responses (nako-ruru)
## v1.74.3 - 2026-06-05
[See commits](https://github.com/rclone/rclone/compare/v1.74.2...v1.74.3)

View File

@@ -558,8 +558,10 @@ rclone [flags]
--local-case-sensitive Force the filesystem to report itself as case sensitive
--local-description string Description of the remote
--local-encoding Encoding The encoding for the backend (default Slash,Dot)
--local-fatal-if-no-space Make out-of-space errors fatal during transfers
--local-hashes CommaSepList Comma separated list of supported checksum types
--local-links Translate symlinks to/from regular files with a '.rclonelink' extension for the local backend
--local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata
--local-no-check-updated Don't check to see if the files change during upload
--local-no-clone Disable reflink cloning for server-side copies
--local-no-preallocate Disable preallocation of disk space for transferred files
@@ -1094,7 +1096,7 @@ rclone [flags]
--use-json-log Use json log format
--use-mmap Use mmap allocator (see docs)
--use-server-modtime Use server modified time instead of object metadata
--user-agent string Set the user-agent to a specified string (default "rclone/v1.74.3")
--user-agent string Set the user-agent to a specified string (default "rclone/v1.74.4")
-v, --verbose count Print lots more stuff (repeat for more)
-V, --version Print the version number
--webdav-auth-redirect Preserve authentication on redirect

View File

@@ -231,12 +231,12 @@ rclone convmv "stories/The Quick Brown Fox!.txt" --name-transform "all,command=e
```console
rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{YYYYMMDD}"
// Output: stories/The Quick Brown Fox!-20260605
// Output: stories/The Quick Brown Fox!-20260708
```
```console
rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{macfriendlytime}"
// Output: stories/The Quick Brown Fox!-2026-06-05 0414PM
// Output: stories/The Quick Brown Fox!-2026-07-08 0504PM
```
```console

View File

@@ -13,8 +13,9 @@ Copy files from source to dest, skipping identical files.
If source:path is a file or directory then it copies it to a file or
directory named dest:path.
This can be used to upload single files to other than their current
name. If the source is a directory then it acts exactly like the
This can be used to copy a single file to a destination with a name
different from its source - for example, uploading and renaming in one
step. If the source is a directory then it acts exactly like the
[copy](/commands/rclone_copy/) command.
So

View File

@@ -144,6 +144,17 @@ Versioning is not currently supported.
Metadata will only be saved in memory other than the rclone `mtime`
metadata which will be set as the modification time of the file.
## Object names
`serve s3` stores objects as files in the backend, so object keys are
mapped to file paths rather than treated as the opaque strings AWS S3
allows. Keys must be in canonical path form: keys that contain `..` or
`.` path segments, repeated slashes (`//`), or a leading or trailing
slash are rejected with a `400 Bad Request` (`InvalidArgument`)
instead of being normalised, since normalising them could alias two
distinct keys to the same file or resolve a key outside its bucket.
This matches the behaviour of other S3 servers such as MinIO.
## Supported operations
`serve s3` currently supports the following operations.

View File

@@ -121,7 +121,7 @@ Flags for general networking and HTTP stuff.
--tpslimit float Limit HTTP transactions per second to this
--tpslimit-burst int Max burst of transactions for --tpslimit (default 1)
--use-cookies Enable session cookiejar
--user-agent string Set the user-agent to a specified string (default "rclone/v1.74.3")
--user-agent string Set the user-agent to a specified string (default "rclone/v1.74.4")
```
@@ -805,8 +805,10 @@ Backend-only flags (these can be set in the config file also).
--local-case-sensitive Force the filesystem to report itself as case sensitive
--local-description string Description of the remote
--local-encoding Encoding The encoding for the backend (default Slash,Dot)
--local-fatal-if-no-space Make out-of-space errors fatal during transfers
--local-hashes CommaSepList Comma separated list of supported checksum types
--local-links Translate symlinks to/from regular files with a '.rclonelink' extension for the local backend
--local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata
--local-no-check-updated Don't check to see if the files change during upload
--local-no-clone Disable reflink cloning for server-side copies
--local-no-preallocate Disable preallocation of disk space for transferred files

View File

@@ -637,6 +637,47 @@ Properties:
- Type: bool
- Default: false
#### --local-metadata-restore-special-bits
Restore the setuid, setgid and sticky bits from metadata.
When restoring metadata with --metadata rclone applies the "mode" from
the source. By default rclone applies only the permission bits and
strips the setuid, setgid and sticky bits.
The "mode" comes from the source remote which may not be trusted.
Restoring a setuid or setgid bit onto freshly written,
source-controlled content can plant a setuid binary, which is dangerous
in particular when restoring from an untrusted source while running as
root. For this reason these bits are not restored by default.
If you trust the source and want the setuid, setgid and sticky bits
restored - for example when restoring a system backup made by rclone -
set this flag.
Properties:
- Config: metadata_restore_special_bits
- Env Var: RCLONE_LOCAL_METADATA_RESTORE_SPECIAL_BITS
- Type: bool
- Default: false
#### --local-fatal-if-no-space
Make out-of-space errors fatal during transfers.
When enabled, an ENOSPC error during a write returns a fatal error so
that rclone aborts rather than retrying the operation. Useful for
backup scripts that should halt loudly on a full disk rather than spin
retrying.
Properties:
- Config: fatal_if_no_space
- Env Var: RCLONE_LOCAL_FATAL_IF_NO_SPACE
- Type: bool
- Default: false
#### --local-time-type
Set what kind of time is returned.
@@ -723,6 +764,13 @@ supported by all file systems) under the "user.*" prefix.
Metadata is supported on files and directories.
When restoring metadata with `--metadata` rclone applies the
"mode", "uid" and "gid" from the source. These come from the source
remote which may not be trusted, so restoring metadata as root from an
untrusted source can change file ownership and is not recommended. The
setuid, setgid and sticky bits are not restored by default - see the
`--local-metadata-restore-special-bits` flag.
Here are the possible system metadata items for the local backend.
| Name | Help | Type | Example | Read Only |

View File

@@ -3512,7 +3512,7 @@ Cutoff for switching to multipart copy.
Any files larger than this that need to be server-side copied will be
copied in chunks of this size.
The minimum is 0 and the maximum is 5 GiB.
The minimum is 1 byte and the maximum is 5 GiB.
Properties:

2
go.sum
View File

@@ -204,8 +204,6 @@ github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg
github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=
github.com/cloudinary/cloudinary-go/v2 v2.15.0 h1:iLoIwb7BJECHTbNcmIhYDsQhoZiACWGNvEpyqQy97Dk=
github.com/cloudinary/cloudinary-go/v2 v2.15.0/go.mod h1:ireC4gqVetsjVhYlwjUJwKTbZuWjEIynbR9zQTlqsvo=
github.com/cloudsoda/go-smb2 v0.0.0-20250228001242-d4c70e6251cc h1:t8YjNUCt1DimB4HCIXBztwWMhgxr5yG5/YaRl9Afdfg=
github.com/cloudsoda/go-smb2 v0.0.0-20250228001242-d4c70e6251cc/go.mod h1:CgWpFCFWzzEA5hVkhAc6DZZzGd3czx+BblvOzjmg6KA=
github.com/cloudsoda/go-smb2 v0.0.0-20260701064823-d8c5600d73b8 h1:+KC2I+emnT6ccWmo7IHbtchGc/vFqAxUuovo2eUgMuM=
github.com/cloudsoda/go-smb2 v0.0.0-20260701064823-d8c5600d73b8/go.mod h1:1pQXB0vAlzRlqcY7LYKOOZMw0wKfJPFxTLsJRF2Gswo=
github.com/cloudsoda/sddl v0.0.0-20250224235906-926454e91efc h1:0xCWmFKBmarCqqqLeM7jFBSw/Or81UEElFqO8MY+GDs=

View File

@@ -218,12 +218,12 @@ rclone convmv "stories/The Quick Brown Fox!.txt" --name-transform "all,command=e
```console
rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{YYYYMMDD}"
// Output: stories/The Quick Brown Fox!-20260605
// Output: stories/The Quick Brown Fox!-20260708
```
```console
rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{macfriendlytime}"
// Output: stories/The Quick Brown Fox!-2026-06-05 0419PM
// Output: stories/The Quick Brown Fox!-2026-07-08 0517PM
```
```console

442
rclone.1 generated
View File

@@ -15,7 +15,7 @@
. ftr VB CB
. ftr VBI CBI
.\}
.TH "rclone" "1" "Jun 05, 2026" "User Manual" ""
.TH "rclone" "1" "Jul 08, 2026" "User Manual" ""
.hy
.SH NAME
.PP
@@ -6326,14 +6326,14 @@ rclone convmv \[dq]stories/The Quick Brown Fox!.txt\[dq] --name-transform \[dq]a
.nf
\f[C]
rclone convmv \[dq]stories/The Quick Brown Fox!\[dq] --name-transform \[dq]date=-{YYYYMMDD}\[dq]
// Output: stories/The Quick Brown Fox!-20260605
// Output: stories/The Quick Brown Fox!-20260708
\f[R]
.fi
.IP
.nf
\f[C]
rclone convmv \[dq]stories/The Quick Brown Fox!\[dq] --name-transform \[dq]date=-{macfriendlytime}\[dq]
// Output: stories/The Quick Brown Fox!-2026-06-05 0414PM
// Output: stories/The Quick Brown Fox!-2026-07-08 0504PM
\f[R]
.fi
.IP
@@ -6596,8 +6596,9 @@ Copy files from source to dest, skipping identical files.
If source:path is a file or directory then it copies it to a file or
directory named dest:path.
.PP
This can be used to upload single files to other than their current
name.
This can be used to copy a single file to a destination with a name
different from its source - for example, uploading and renaming in one
step.
If the source is a directory then it acts exactly like the
copy (https://rclone.org/commands/rclone_copy/) command.
.PP
@@ -16323,6 +16324,18 @@ Versioning is not currently supported.
Metadata will only be saved in memory other than the rclone
\f[V]mtime\f[R] metadata which will be set as the modification time of
the file.
.SS Object names
.PP
\f[V]serve s3\f[R] stores objects as files in the backend, so object
keys are mapped to file paths rather than treated as the opaque strings
AWS S3 allows.
Keys must be in canonical path form: keys that contain \f[V]..\f[R] or
\f[V].\f[R] path segments, repeated slashes (\f[V]//\f[R]), or a leading
or trailing slash are rejected with a \f[V]400 Bad Request\f[R]
(\f[V]InvalidArgument\f[R]) instead of being normalised, since
normalising them could alias two distinct keys to the same file or
resolve a key outside its bucket.
This matches the behaviour of other S3 servers such as MinIO.
.SS Supported operations
.PP
\f[V]serve s3\f[R] currently supports the following operations.
@@ -21747,7 +21760,7 @@ It outputs warnings and significant events.
It only outputs error messages.
.PP
See also the logging section.
.SS --windows-event-log LogLevel
.SS --windows-event-log-level LogLevel
.PP
If this is configured (the default is \f[V]OFF\f[R]) then logs of this
level and above will be logged to the Windows event log in
@@ -21769,17 +21782,17 @@ but not currently used).
Rclone will declare its log source as \[dq]rclone\[dq] if it is has
enough permissions to create the registry key needed.
If not then logs will appear as \[dq]Application\[dq].
You can run \f[V]rclone version --windows-event-log DEBUG\f[R] once as
administrator to create the registry key in advance.
You can run \f[V]rclone version --windows-event-log-level DEBUG\f[R]
once as administrator to create the registry key in advance.
.PP
\f[B]Note\f[R] that the \f[V]--windows-event-log\f[R] level must be
greater (more severe) than or equal to the \f[V]--log-level\f[R].
\f[B]Note\f[R] that the \f[V]--windows-event-log-level\f[R] level must
be greater (more severe) than or equal to the \f[V]--log-level\f[R].
For example to log DEBUG to a log file but ERRORs to the event log you
would use
.IP
.nf
\f[C]
--log-file rclone.log --log-level DEBUG --windows-event-log ERROR
--log-file rclone.log --log-level DEBUG --windows-event-log-level ERROR
\f[R]
.fi
.PP
@@ -23858,7 +23871,7 @@ y/e/d>
.PP
Rclone stores all of its configuration in a single file.
This can easily be copied to configure a remote rclone (although some
backends does not support reusing the same configuration, consult your
backends do not support reusing the same configuration, consult your
backend documentation to be sure).
.PP
Start by running rclone config to create the configuration file on your
@@ -25377,6 +25390,55 @@ directly.
.PP
If you just want to run a remote control then see the
rcd (https://rclone.org/commands/rclone_rcd/) command.
.SS Security
.PP
\f[B]Access to the rc API is equivalent to shell access as the user
running rclone.\f[R] Treat the rc port as you would an interactive login
on the host.
.PP
Any caller who can reach the API (and pass authentication, if it is
enabled) can, among other things:
.IP \[bu] 2
\f[B]Run OS commands\f[R] as the rclone user.
\f[V]core/command\f[R] re-executes the rclone binary with arbitrary
arguments, and several backend options shell out to programs, so even
creating a remote with \f[V]config/create\f[R] can lead to command
execution.
.IP \[bu] 2
\f[B]Read and write any file\f[R] reachable by the rclone process, by
pointing \f[V]operations/*\f[R] or \f[V]sync/*\f[R] at a \f[V]local\f[R]
remote (or via \f[V]--rc-files\f[R] / \f[V]--rc-serve\f[R]).
Writing arbitrary files as the rclone user is itself a route to code
execution.
.IP \[bu] 2
\f[B]Read back stored credentials.\f[R] rclone configs routinely hold
cloud-provider secrets.
\f[V]config/dump\f[R] and friends expose them, so a compromise of the rc
reaches every configured backend.
.IP \[bu] 2
\f[B]Change rclone\[aq]s runtime behaviour\f[R] with
\f[V]options/set\f[R], \f[B]manage remotes\f[R] with \f[V]config/*\f[R],
and \f[B]stop the process\f[R] with \f[V]core/quit\f[R].
.PP
There is currently no per-endpoint capability or scope system:
authentication is all-or-nothing.
Granting any access grants all of the above.
.PP
Consequently:
.IP \[bu] 2
\f[B]Do not bind the rc to a network address you do not control.\f[R]
The default bind is loopback (\f[V]localhost:5572\f[R]); keep it there
unless you have a specific reason to change it.
.IP \[bu] 2
\f[B]Do not use \f[VB]--rc-no-auth\f[B] on a non-loopback bind.\f[R] It
disables authentication on the endpoints that access remotes \[em] see
\f[V]--rc-no-auth\f[R].
.IP \[bu] 2
\f[B]Use authentication and TLS\f[R]
(\f[V]--rc-user\f[R]/\f[V]--rc-pass\f[R] or \f[V]--rc-htpasswd\f[R],
plus \f[V]--rc-cert\f[R]/\f[V]--rc-key\f[R]) whenever the port is
reachable by anyone you do not fully trust, and raise
\f[V]--rc-min-tls-version\f[R].
.SS Supported parameters
.SS --rc
.PP
@@ -30200,7 +30262,7 @@ Flags for general networking and HTTP stuff.
--tpslimit float Limit HTTP transactions per second to this
--tpslimit-burst int Max burst of transactions for --tpslimit (default 1)
--use-cookies Enable session cookiejar
--user-agent string Set the user-agent to a specified string (default \[dq]rclone/v1.74.3\[dq])
--user-agent string Set the user-agent to a specified string (default \[dq]rclone/v1.74.4\[dq])
\f[R]
.fi
.SS Performance
@@ -30884,8 +30946,10 @@ Backend-only flags (these can be set in the config file also).
--local-case-sensitive Force the filesystem to report itself as case sensitive
--local-description string Description of the remote
--local-encoding Encoding The encoding for the backend (default Slash,Dot)
--local-fatal-if-no-space Make out-of-space errors fatal during transfers
--local-hashes CommaSepList Comma separated list of supported checksum types
--local-links Translate symlinks to/from regular files with a \[aq].rclonelink\[aq] extension for the local backend
--local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata
--local-no-check-updated Don\[aq]t check to see if the files change during upload
--local-no-clone Disable reflink cloning for server-side copies
--local-no-preallocate Disable preallocation of disk space for transferred files
@@ -33498,12 +33562,37 @@ filename encodings.)
.PP
The following backends have known issues that need more investigation:
.IP \[bu] 2
\f[V]TestFilen\f[R] (\f[V]filen\f[R])
\f[V]TestGoogleCloudStorage,directory_markers\f[R]
(\f[V]googlecloudstorage\f[R])
.RS 2
.IP \[bu] 2
\f[V]TestBisyncRemoteRemote/resync_modes\f[R] (https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt)
\f[V]TestBisyncRemoteLocal/all_changed\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
.IP \[bu] 2
\f[V]TestBisyncRemoteRemote/rmdirs\f[R] (https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt)
\f[V]TestBisyncRemoteLocal/backupdir\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
.IP \[bu] 2
\f[V]TestBisyncRemoteLocal/basic\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
.IP \[bu] 2
\f[V]TestBisyncRemoteLocal/changes\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
.IP \[bu] 2
\f[V]TestBisyncRemoteLocal/check_access\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt)
.IP \[bu] 2
79 more (https://pub.rclone.org/integration-tests/current/)
.RE
.IP \[bu] 2
\f[V]TestGoogleCloudStorage\f[R] (\f[V]googlecloudstorage\f[R])
.RS 2
.IP \[bu] 2
\f[V]TestBisyncRemoteLocal/all_changed\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
.IP \[bu] 2
\f[V]TestBisyncRemoteLocal/backupdir\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
.IP \[bu] 2
\f[V]TestBisyncRemoteLocal/basic\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
.IP \[bu] 2
\f[V]TestBisyncRemoteLocal/changes\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
.IP \[bu] 2
\f[V]TestBisyncRemoteLocal/check_access\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt)
.IP \[bu] 2
79 more (https://pub.rclone.org/integration-tests/current/)
.RE
.IP \[bu] 2
\f[V]TestHuaweiDrive\f[R] (\f[V]huaweidrive\f[R])
@@ -33522,13 +33611,7 @@ The following backends have known issues that need more investigation:
4 more (https://pub.rclone.org/integration-tests/current/)
.RE
.IP \[bu] 2
\f[V]TestSeafile\f[R] (\f[V]seafile\f[R])
.RS 2
.IP \[bu] 2
\f[V]TestBisyncLocalRemote/rmdirs\f[R] (https://pub.rclone.org/integration-tests/current/seafile-cmd.bisync-TestSeafile-1.txt)
.RE
.IP \[bu] 2
Updated: 2026-06-05-010010
Updated: 2026-07-08-010014
.PP
The following backends either have not been tested recently or have
known issues that are deemed unfixable for the time being:
@@ -33675,6 +33758,12 @@ directory is to rename it to the same name on both sides.
(As of \f[V]rclone v1.64\f[R], a \f[V]--resync\f[R] is no longer
required after doing so, as bisync will automatically detect that Path1
and Path2 are in agreement.)
.PP
Note that although the flag --track-renames ensures that renamed/moved
files won\[aq]t be deleted and uploaded again, they are still counted as
deleted files for purposes of the --max-delete flag (as this check
happens before the rename detection operation).
See this issue (https://github.com/rclone/rclone/issues/8685).
.SS \f[V]--fast-list\f[R] used by default
.PP
Unlike most other rclone commands, bisync uses
@@ -42964,7 +43053,7 @@ Cutoff for switching to multipart copy.
Any files larger than this that need to be server-side copied will be
copied in chunks of this size.
.PP
The minimum is 0 and the maximum is 5 GiB.
The minimum is 1 byte and the maximum is 5 GiB.
.PP
Properties:
.IP \[bu] 2
@@ -56118,9 +56207,9 @@ This uses a 32 byte (256 bit key) key derived from the user password.
.IP \[bu] 2
32 bytes header
.IP \[bu] 2
16 chunks of 65568 bytes
16 chunks of 65552 bytes
.PP
1049120 bytes total (a 0.05% overhead).
1048864 bytes total (a 0.03% overhead).
This is the overhead for big files.
.SS Name encryption
.PP
@@ -61764,9 +61853,18 @@ However you can set this to restrict rclone to a specific folder
hierarchy or to access data within the \[dq]Computers\[dq] tab on the
drive web interface (where files from Google\[aq]s Backup and Sync
desktop program go).
However, this is not the easiest method.
Instead, you can create a shortcut to a folder in \[dq]Computers\[dq]
and place it in \[dq]My Drive.\[dq] To do so, right-click the folder,
select \[dq]Organize\[dq], and then choose \[dq]Add shortcut\[dq] in the
Google Drive web interface.
Once you add the shortcut to \[dq]My Drive,\[dq] rclone will display the
folder, allowing you to interact with it.
See also Shortcuts.
.PP
In order to do this you will have to find the \f[V]Folder ID\f[R] of the
directory you wish rclone to display.
If, however, you choose to change your root folder, you will have to
find the \f[V]Folder ID\f[R] of the directory you wish rclone to
display.
This will be the last segment of the URL when you open the relevant
folder in the drive web interface.
.PP
@@ -61776,7 +61874,13 @@ in the browser, then you use \f[V]1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh\f[R]
as the \f[V]root_folder_id\f[R] in the config.
.PP
\f[B]NB\f[R] folders under the \[dq]Computers\[dq] tab seem to be read
only (drive gives a 500 error) when using rclone.
only (drive gives a 500 error) when using rclone, but they are also
read-only in the Google Drive web interface, likely because this folder
is managed by the Google Drive Desktop tool.
Top-level folders in \[dq]Computers\[dq] are read-only, but you can
interact with folders contained within them using rclone.
These are the folders for which you can create a shortcut as well, as
described above.
.PP
There doesn\[aq]t appear to be an API to discover the folder IDs of the
\[dq]Computers\[dq] tab - please contact us if you know otherwise!
@@ -64385,6 +64489,26 @@ annoying to refresh constantly.
If, for whatever reason, a short grant time is not a problem, then
keeping the application in testing mode would also be sufficient.
.PP
In most cases verification is not actually required.
Google exempts a number of app
categories (https://support.google.com/cloud/answer/13464323) from
mandatory verification, including:
.IP \[bu] 2
\f[B]Personal Use apps\f[R]: if the app is for your personal use (fewer
than 100 users), you and your limited number of users can keep using it
without verification - you will just need to click through the
\[dq]unverified app\[dq] warning screen during sign-in.
Verification is only required if you want to grow your user base beyond
100 users.
.IP \[bu] 2
\f[B]Development/Testing/Staging apps\f[R]: apps in development, testing
or staging mode are not subject to verification (but are limited to the
100-user cap and the unverified-app warning until verified).
.PP
So for typical personal rclone use you can leave the app unverified,
accept the warning screen, and publish it (rather than leaving it in
\[dq]Testing\[dq]) to avoid the weekly grant expiry described above.
.PP
(Thanks to \[at]balazer on github for these instructions.)
.PP
Sometimes, creation of an OAuth consent in Google API Console fails due
@@ -89523,6 +89647,36 @@ backends and the VFS.
.PP
Note that this flag is incompatible with \f[V]-copy-links\f[R] /
\f[V]-L\f[R].
.SS Symlink targets and the destination
.PP
When rclone recreates a \f[V].rclonelink\f[R] file as a symlink on local
storage, the symlink can point anywhere - including, with an absolute
path or one using \f[V]../\f[R] - to a location outside the directory
you are copying into.
This is normal - rclone reproduces whatever target the link had, so
backups round-trip faithfully.
.PP
What rclone will \f[B]not\f[R] do is \f[I]write through\f[R] such a
link.
If a remote you are copying from contains both a symlink and a file or
directory that would be placed inside it - for example a
\f[V]dir.rclonelink\f[R] pointing somewhere outside the destination,
alongside a \f[V]dir/file.txt\f[R] - rclone refuses to follow the
symlink when writing \f[V]dir/file.txt\f[R].
The offending file is skipped with an error, the rest of the transfer
continues, and the skipped file is counted in the error summary printed
at the end of the run.
.PP
This protects you from a malicious or compromised remote using
\f[V]-l\f[R] / \f[V]--links\f[R] to plant a symlink and then write
through it to somewhere outside your destination.
Ordinary symlink round-trips, and symlinks that stay inside the
destination, are unaffected.
.PP
If you have intentionally pre-created a symlinked directory inside your
destination and want rclone to write into the directory it points at, do
not use \f[V]-l\f[R] / \f[V]--links\f[R] for that copy, or remove the
symlink first.
.SS Restricting filesystems with --one-file-system
.PP
Normally rclone will recurse through filesystems as mounted.
@@ -89896,6 +90050,53 @@ Env Var: RCLONE_LOCAL_NO_SET_MODTIME
Type: bool
.IP \[bu] 2
Default: false
.SS --local-metadata-restore-special-bits
.PP
Restore the setuid, setgid and sticky bits from metadata.
.PP
When restoring metadata with --metadata rclone applies the
\[dq]mode\[dq] from the source.
By default rclone applies only the permission bits and strips the
setuid, setgid and sticky bits.
.PP
The \[dq]mode\[dq] comes from the source remote which may not be
trusted.
Restoring a setuid or setgid bit onto freshly written, source-controlled
content can plant a setuid binary, which is dangerous in particular when
restoring from an untrusted source while running as root.
For this reason these bits are not restored by default.
.PP
If you trust the source and want the setuid, setgid and sticky bits
restored - for example when restoring a system backup made by rclone -
set this flag.
.PP
Properties:
.IP \[bu] 2
Config: metadata_restore_special_bits
.IP \[bu] 2
Env Var: RCLONE_LOCAL_METADATA_RESTORE_SPECIAL_BITS
.IP \[bu] 2
Type: bool
.IP \[bu] 2
Default: false
.SS --local-fatal-if-no-space
.PP
Make out-of-space errors fatal during transfers.
.PP
When enabled, an ENOSPC error during a write returns a fatal error so
that rclone aborts rather than retrying the operation.
Useful for backup scripts that should halt loudly on a full disk rather
than spin retrying.
.PP
Properties:
.IP \[bu] 2
Config: fatal_if_no_space
.IP \[bu] 2
Env Var: RCLONE_LOCAL_FATAL_IF_NO_SPACE
.IP \[bu] 2
Type: bool
.IP \[bu] 2
Default: false
.SS --local-time-type
.PP
Set what kind of time is returned.
@@ -90015,6 +90216,14 @@ supported by all file systems) under the \[dq]user.*\[dq] prefix.
.PP
Metadata is supported on files and directories.
.PP
When restoring metadata with \f[V]--metadata\f[R] rclone applies the
\[dq]mode\[dq], \[dq]uid\[dq] and \[dq]gid\[dq] from the source.
These come from the source remote which may not be trusted, so restoring
metadata as root from an untrusted source can change file ownership and
is not recommended.
The setuid, setgid and sticky bits are not restored by default - see the
\f[V]--local-metadata-restore-special-bits\f[R] flag.
.PP
Here are the possible system metadata items for the local backend.
.PP
.TS
@@ -90150,6 +90359,181 @@ Options:
.IP \[bu] 2
\[dq]error\[dq]: Return an error based on option value.
.SH Changelog
.SS v1.74.4 - 2026-07-08
.PP
See commits (https://github.com/rclone/rclone/compare/v1.74.3...v1.74.4)
.IP \[bu] 2
Bug Fixes
.RS 2
.IP \[bu] 2
accounting
.RS 2
.IP \[bu] 2
Fix goroutine leak in ResetCounters (Nick Craig-Wood)
.IP \[bu] 2
Fix goroutine leak in NewStatsGroup for zero-transfer rc jobs
(Sanjays2402)
.RE
.IP \[bu] 2
archive extract: Fix path traversal letting archives escape the
destination CVE-2026-59732 (Nick Craig-Wood)
.IP \[bu] 2
build
.RS 2
.IP \[bu] 2
Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood)
.RS 2
.IP \[bu] 2
CVE-2026-39822: os: Root escape via symlink plus trailing slash
.IP \[bu] 2
CVE-2026-42505: crypto/tls: Encrypted Client Hello privacy leak
.RE
.IP \[bu] 2
Update golang.org/x/image to v0.43.0 to fix image decoding
vulnerabilities (Nick Craig-Wood)
.RS 2
.IP \[bu] 2
CVE-2026-46604: panic decoding a TIFF image with an out-of-bounds strip
offset
.IP \[bu] 2
CVE-2026-46602: unbounded memory use from lack of a limit on TIFF tile
sizes
.IP \[bu] 2
CVE-2026-46601: panic on a WEBP VP8 alpha channel size mismatch
.IP \[bu] 2
CVE-2026-33813: panic decoding a large WEBP image on 32-bit platforms
.RE
.RE
.IP \[bu] 2
cmd/mount2
.RS 2
.IP \[bu] 2
Fix NFS file creation by implementing Mknod (Sandy Luppino)
.IP \[bu] 2
Fix ESTALE over NFS by reporting stable inode numbers (Sandy Luppino)
.IP \[bu] 2
Fix NFS directory listings by supporting non-zero Seekdir offsets (Sandy
Luppino)
.RE
.IP \[bu] 2
completion: Fix powershell completion corrupting non-ASCII names (Yash
Anil)
.IP \[bu] 2
doc fixes (Bryan Stenson, Castronaut, Filippo, Gaurav, happysnaker,
Jan-Philipp Reßler, Nick Craig-Wood, user77)
.IP \[bu] 2
filter: Fix \f[V]--files-from\f[R] copy stopping at the first unreadable
file (Nick Craig-Wood)
.IP \[bu] 2
fs
.RS 2
.IP \[bu] 2
Fix command line flag being ignored when set to its default value (Nick
Craig-Wood)
.IP \[bu] 2
Fix negative offset when a suffix Range request exceeds object size
(Amit Mishra)
.RE
.IP \[bu] 2
gui: Update embedded release to 1.1.10 (Nick Craig-Wood)
.IP \[bu] 2
ncdu: Fix duplicated keystrokes on Windows by pinning tcell to v2.9.0
(Nick Craig-Wood)
.IP \[bu] 2
serve restic: Fix \f[V]--private-repos\f[R] isolation bypass
CVE-2026-59733 (Nick Craig-Wood)
.IP \[bu] 2
serve s3
.RS 2
.IP \[bu] 2
Fix spurious 404 on HEAD/GET during VFS writeback (max)
.IP \[bu] 2
Fix path traversal letting clients see files in the root
GHSA-8v25-v8p6-qf7v (Nick Craig-Wood)
.RE
.IP \[bu] 2
serve webdav: Fix MOVE overwrite failing without Overwrite header
(Sanjay Santhanam)
.IP \[bu] 2
serve/http: Fix \f[V]--disable-zip\f[R] so it works over rc (Nick
Craig-Wood)
.RE
.IP \[bu] 2
VFS
.RS 2
.IP \[bu] 2
Fix hang reopening a file during the handle-caching grace period (Nick
Craig-Wood)
.RE
.IP \[bu] 2
Local
.RS 2
.IP \[bu] 2
Stop \f[V]--links\f[R] symlinks escaping the destination directory
CVE-2026-54572 (Nick Craig-Wood)
.IP \[bu] 2
Don\[aq]t restore setuid/setgid/sticky bits from metadata by default
GHSA-945v-v9p3-v5xw (Nick Craig-Wood)
.RE
.IP \[bu] 2
Drive
.RS 2
.IP \[bu] 2
Warn when non-exportable Google documents are skipped (Nick Craig-Wood)
.IP \[bu] 2
Fix stray %!(EXTRA) in unexportable google document log message (Nick
Craig-Wood)
.IP \[bu] 2
Warn when using rclone\[aq]s shared client_id (Nick Craig-Wood)
.RE
.IP \[bu] 2
Filelu
.RS 2
.IP \[bu] 2
Fix recursive listing path handling and file filtering (kingston125)
.RE
.IP \[bu] 2
Googlephotos
.RS 2
.IP \[bu] 2
Warn when using rclone\[aq]s shared client_id (Nick Craig-Wood)
.RE
.IP \[bu] 2
Mega
.RS 2
.IP \[bu] 2
Wait for server events after upload, delete and move (Nick Craig-Wood)
.IP \[bu] 2
Fix hard deleted files reappearing in listings (Nick Craig-Wood)
.RE
.IP \[bu] 2
S3
.RS 2
.IP \[bu] 2
Remove session token on cross-host redirects (IceLocke)
.IP \[bu] 2
Strip STS security token on same-host HTTPS->HTTP redirect
GHSA-cf44-9pgv-m4xc (Nick Craig-Wood)
.IP \[bu] 2
Fix error mapping in GetObject to match HeadObject (lewoberst)
.IP \[bu] 2
Correct documented \f[V]copy_cutoff\f[R] minimum to 1 byte (max)
.IP \[bu] 2
Fix mounting a prefix failing with 403 when HEAD is not permitted (Nick
Craig-Wood)
.RE
.IP \[bu] 2
Smb
.RS 2
.IP \[bu] 2
Fix for IBM iSeries and signature verification (dithwick)
.RE
.IP \[bu] 2
WebDAV
.RS 2
.IP \[bu] 2
Fix mixed property statuses in multi-status responses (nako-ruru)
.RE
.SS v1.74.3 - 2026-06-05
.PP
See commits (https://github.com/rclone/rclone/compare/v1.74.2...v1.74.3)