From 5bc93a2a7ab0ebd0a11352bc4968eabeffb18027 Mon Sep 17 00:00:00 2001 From: Nick Craig-Wood Date: Wed, 8 Jul 2026 17:18:57 +0100 Subject: [PATCH] Version v1.74.4 --- MANUAL.html | 367 +++++++++++++++++-- MANUAL.md | 277 ++++++++++++-- MANUAL.txt | 317 ++++++++++++++-- docs/content/bisync.md | 21 +- docs/content/changelog.md | 63 ++++ docs/content/commands/rclone.md | 4 +- docs/content/commands/rclone_convmv.md | 4 +- docs/content/commands/rclone_copyto.md | 5 +- docs/content/commands/rclone_serve_s3.md | 11 + docs/content/flags.md | 4 +- docs/content/local.md | 48 +++ docs/content/s3.md | 2 +- go.sum | 2 - lib/transform/transform.md | 4 +- rclone.1 | 442 +++++++++++++++++++++-- 15 files changed, 1441 insertions(+), 130 deletions(-) diff --git a/MANUAL.html b/MANUAL.html index edd1caabb..b044e20a1 100644 --- a/MANUAL.html +++ b/MANUAL.html @@ -233,7 +233,7 @@

rclone(1) User Manual

Nick Craig-Wood

-

Jun 05, 2026

+

Jul 08, 2026

NAME

rclone - manage files on cloud storage

@@ -4575,9 +4575,9 @@ SquareBracket
rclone convmv "stories/The Quick Brown Fox!.txt" --name-transform "all,command=echo"
 // Output: stories/The Quick Brown Fox!.txt
rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{YYYYMMDD}"
-// Output: stories/The Quick Brown Fox!-20260605
+// Output: stories/The Quick Brown Fox!-20260708
rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{macfriendlytime}"
-// Output: stories/The Quick Brown Fox!-2026-06-05 0414PM
+// Output: stories/The Quick Brown Fox!-2026-07-08 0504PM
rclone convmv "stories/The Quick Brown Fox!.txt" --name-transform "all,regex=[\\.\\w]/ab"
 // Output: ababababababab/ababab ababababab ababababab ababab!abababab

The regex command generally accepts Perl-style regular expressions, @@ -4777,8 +4777,9 @@ for rclone commands, flags and backends.

Synopsis

If source:path is a file or directory then it copies it to a file or directory named dest:path.

-

This can be used to upload single files to other than their current -name. If the source is a directory then it acts exactly like the This can be used to copy a single file to a destination with a name +different from its source - for example, uploading and renaming in one +step. If the source is a directory then it acts exactly like the copy command.

So

rclone copyto src dst
@@ -11801,6 +11802,16 @@ backend, which can take some time.

Metadata will only be saved in memory other than the rclone mtime metadata which will be set as the modification time of the file.

+

Object names

+

serve s3 stores objects as files in the backend, so +object keys are mapped to file paths rather than treated as the opaque +strings AWS S3 allows. Keys must be in canonical path form: keys that +contain .. or . path segments, repeated +slashes (//), or a leading or trailing slash are rejected +with a 400 Bad Request (InvalidArgument) +instead of being normalised, since normalising them could alias two +distinct keys to the same file or resolve a key outside its bucket. This +matches the behaviour of other S3 servers such as MinIO.

Supported operations

serve s3 currently supports the following operations.

@@ -15630,7 +15641,8 @@ outputs warnings and significant events.

ERROR is equivalent to -q. It only outputs error messages.

See also the logging section.

-

--windows-event-log LogLevel

+

--windows-event-log-level +LogLevel

If this is configured (the default is OFF) then logs of this level and above will be logged to the Windows event log in addition to the normal logs. These will be logged in @@ -15649,13 +15661,13 @@ defined but not currently used).

Rclone will declare its log source as "rclone" if it is has enough permissions to create the registry key needed. If not then logs will appear as "Application". You can run -rclone version --windows-event-log DEBUG once as +rclone version --windows-event-log-level DEBUG once as administrator to create the registry key in advance.

-

Note that the --windows-event-log level -must be greater (more severe) than or equal to the +

Note that the --windows-event-log-level +level must be greater (more severe) than or equal to the --log-level. For example to log DEBUG to a log file but ERRORs to the event log you would use

-
--log-file rclone.log --log-level DEBUG --windows-event-log ERROR
+
--log-file rclone.log --log-level DEBUG --windows-event-log-level ERROR

This option is only supported Windows platforms.

--use-json-log

This switches the log format to JSON. The log messages are then @@ -17215,8 +17227,8 @@ y/e/d>

Configuring by copying the config file

Rclone stores all of its configuration in a single file. This can -easily be copied to configure a remote rclone (although some backends -does not support reusing the same configuration, consult your backend +easily be copied to configure a remote rclone (although some backends do +not support reusing the same configuration, consult your backend documentation to be sure).

Start by running rclone config to create the configuration file on your desktop machine.

@@ -18249,6 +18261,52 @@ API.

API or use HTTP directly.

If you just want to run a remote control then see the rcd command.

+

Security

+

Access to the rc API is equivalent to shell access as the +user running rclone. Treat the rc port as you would an +interactive login on the host.

+

Any caller who can reach the API (and pass authentication, if it is +enabled) can, among other things:

+ +

There is currently no per-endpoint capability or scope system: +authentication is all-or-nothing. Granting any access grants all of the +above.

+

Consequently:

+

Supported parameters

--rc

Flag to start the http server listen on remote requests.

@@ -21713,7 +21771,7 @@ split into groups.

--tpslimit float Limit HTTP transactions per second to this --tpslimit-burst int Max burst of transactions for --tpslimit (default 1) --use-cookies Enable session cookiejar - --user-agent string Set the user-agent to a specified string (default "rclone/v1.74.3") + --user-agent string Set the user-agent to a specified string (default "rclone/v1.74.4")

Performance

Flags helpful for increasing performance.

      --buffer-size SizeSuffix   In memory buffer size when reading files for each --transfer (default 16Mi)
@@ -22337,8 +22395,10 @@ split into groups.

--local-case-sensitive Force the filesystem to report itself as case sensitive --local-description string Description of the remote --local-encoding Encoding The encoding for the backend (default Slash,Dot) + --local-fatal-if-no-space Make out-of-space errors fatal during transfers --local-hashes CommaSepList Comma separated list of supported checksum types --local-links Translate symlinks to/from regular files with a '.rclonelink' extension for the local backend + --local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata --local-no-check-updated Don't check to see if the files change during upload --local-no-clone Disable reflink cloning for server-side copies --local-no-preallocate Disable preallocation of disk space for transferred files @@ -24452,12 +24512,37 @@ disallowed special characters and filename encodings.)

investigation:

The following backends either have not been tested recently or have @@ -24597,6 +24677,11 @@ directory is to rename it to the same name on both sides. (As of rclone v1.64, a --resync is no longer required after doing so, as bisync will automatically detect that Path1 and Path2 are in agreement.)

+

Note that although the flag --track-renames ensures that +renamed/moved files won't be deleted and uploaded again, they are still +counted as deleted files for purposes of the --max-delete flag (as this +check happens before the rename detection operation). See this issue.

--fast-list used by default

Unlike most other rclone commands, bisync uses

Cutoff for switching to multipart copy.

Any files larger than this that need to be server-side copied will be copied in chunks of this size.

-

The minimum is 0 and the maximum is 5 GiB.

+

The minimum is 1 byte and the maximum is 5 GiB.

Properties:

+

--local-metadata-restore-special-bits

+

Restore the setuid, setgid and sticky bits from metadata.

+

When restoring metadata with --metadata rclone applies the "mode" +from the source. By default rclone applies only the permission bits and +strips the setuid, setgid and sticky bits.

+

The "mode" comes from the source remote which may not be trusted. +Restoring a setuid or setgid bit onto freshly written, source-controlled +content can plant a setuid binary, which is dangerous in particular when +restoring from an untrusted source while running as root. For this +reason these bits are not restored by default.

+

If you trust the source and want the setuid, setgid and sticky bits +restored - for example when restoring a system backup made by rclone - +set this flag.

+

Properties:

+
    +
  • Config: metadata_restore_special_bits
  • +
  • Env Var: RCLONE_LOCAL_METADATA_RESTORE_SPECIAL_BITS
  • +
  • Type: bool
  • +
  • Default: false
  • +
+

--local-fatal-if-no-space

+

Make out-of-space errors fatal during transfers.

+

When enabled, an ENOSPC error during a write returns a fatal error so +that rclone aborts rather than retrying the operation. Useful for backup +scripts that should halt loudly on a full disk rather than spin +retrying.

+

Properties:

+
    +
  • Config: fatal_if_no_space
  • +
  • Env Var: RCLONE_LOCAL_FATAL_IF_NO_SPACE
  • +
  • Type: bool
  • +
  • Default: false
  • +

--local-time-type

Set what kind of time is returned.

Normally rclone does all operations on the mtime or Modification @@ -65028,6 +65199,12 @@ pkg/attrs#47).

User metadata is stored as extended attributes (which may not be supported by all file systems) under the "user.*" prefix.

Metadata is supported on files and directories.

+

When restoring metadata with --metadata rclone applies +the "mode", "uid" and "gid" from the source. These come from the source +remote which may not be trusted, so restoring metadata as root from an +untrusted source can change file ownership and is not recommended. The +setuid, setgid and sticky bits are not restored by default - see the +--local-metadata-restore-special-bits flag.

Here are the possible system metadata items for the local backend.

@@ -65124,6 +65301,134 @@ the output.

Changelog

+

v1.74.4 - 2026-07-08

+

See +commits

+
    +
  • Bug Fixes +
      +
    • accounting +
        +
      • Fix goroutine leak in ResetCounters (Nick Craig-Wood)
      • +
      • Fix goroutine leak in NewStatsGroup for zero-transfer rc jobs +(Sanjays2402)
      • +
    • +
    • archive extract: Fix path traversal letting archives escape the +destination CVE-2026-59732 (Nick Craig-Wood)
    • +
    • build +
        +
      • Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood) +
          +
        • CVE-2026-39822: os: Root escape via symlink plus trailing slash
        • +
        • CVE-2026-42505: crypto/tls: Encrypted Client Hello privacy leak
        • +
      • +
      • Update golang.org/x/image to v0.43.0 to fix image decoding +vulnerabilities (Nick Craig-Wood) +
          +
        • CVE-2026-46604: panic decoding a TIFF image with an out-of-bounds +strip offset
        • +
        • CVE-2026-46602: unbounded memory use from lack of a limit on TIFF +tile sizes
        • +
        • CVE-2026-46601: panic on a WEBP VP8 alpha channel size mismatch
        • +
        • CVE-2026-33813: panic decoding a large WEBP image on 32-bit +platforms
        • +
      • +
    • +
    • cmd/mount2 +
        +
      • Fix NFS file creation by implementing Mknod (Sandy Luppino)
      • +
      • Fix ESTALE over NFS by reporting stable inode numbers (Sandy +Luppino)
      • +
      • Fix NFS directory listings by supporting non-zero Seekdir offsets +(Sandy Luppino)
      • +
    • +
    • completion: Fix powershell completion corrupting non-ASCII names +(Yash Anil)
    • +
    • doc fixes (Bryan Stenson, Castronaut, Filippo, Gaurav, happysnaker, +Jan-Philipp Reßler, Nick Craig-Wood, user77)
    • +
    • filter: Fix --files-from copy stopping at the first +unreadable file (Nick Craig-Wood)
    • +
    • fs +
        +
      • Fix command line flag being ignored when set to its default value +(Nick Craig-Wood)
      • +
      • Fix negative offset when a suffix Range request exceeds object size +(Amit Mishra)
      • +
    • +
    • gui: Update embedded release to 1.1.10 (Nick Craig-Wood)
    • +
    • ncdu: Fix duplicated keystrokes on Windows by pinning tcell to +v2.9.0 (Nick Craig-Wood)
    • +
    • serve restic: Fix --private-repos isolation bypass +CVE-2026-59733 (Nick Craig-Wood)
    • +
    • serve s3 +
        +
      • Fix spurious 404 on HEAD/GET during VFS writeback (max)
      • +
      • Fix path traversal letting clients see files in the root +GHSA-8v25-v8p6-qf7v (Nick Craig-Wood)
      • +
    • +
    • serve webdav: Fix MOVE overwrite failing without Overwrite header +(Sanjay Santhanam)
    • +
    • serve/http: Fix --disable-zip so it works over rc (Nick +Craig-Wood)
    • +
  • +
  • VFS +
      +
    • Fix hang reopening a file during the handle-caching grace period +(Nick Craig-Wood)
    • +
  • +
  • Local +
      +
    • Stop --links symlinks escaping the destination +directory CVE-2026-54572 (Nick Craig-Wood)
    • +
    • Don't restore setuid/setgid/sticky bits from metadata by default +GHSA-945v-v9p3-v5xw (Nick Craig-Wood)
    • +
  • +
  • Drive +
      +
    • Warn when non-exportable Google documents are skipped (Nick +Craig-Wood)
    • +
    • Fix stray %!(EXTRA) in unexportable google document log message +(Nick Craig-Wood)
    • +
    • Warn when using rclone's shared client_id (Nick Craig-Wood)
    • +
  • +
  • Filelu +
      +
    • Fix recursive listing path handling and file filtering +(kingston125)
    • +
  • +
  • Googlephotos +
      +
    • Warn when using rclone's shared client_id (Nick Craig-Wood)
    • +
  • +
  • Mega +
      +
    • Wait for server events after upload, delete and move (Nick +Craig-Wood)
    • +
    • Fix hard deleted files reappearing in listings (Nick +Craig-Wood)
    • +
  • +
  • S3 +
      +
    • Remove session token on cross-host redirects (IceLocke)
    • +
    • Strip STS security token on same-host HTTPS->HTTP redirect +GHSA-cf44-9pgv-m4xc (Nick Craig-Wood)
    • +
    • Fix error mapping in GetObject to match HeadObject (lewoberst)
    • +
    • Correct documented copy_cutoff minimum to 1 byte +(max)
    • +
    • Fix mounting a prefix failing with 403 when HEAD is not permitted +(Nick Craig-Wood)
    • +
  • +
  • Smb +
      +
    • Fix for IBM iSeries and signature verification (dithwick)
    • +
  • +
  • WebDAV +
      +
    • Fix mixed property statuses in multi-status responses +(nako-ruru)
    • +
  • +

v1.74.3 - 2026-06-05

See diff --git a/MANUAL.md b/MANUAL.md index 0ce53f91b..18c598972 100644 --- a/MANUAL.md +++ b/MANUAL.md @@ -1,6 +1,6 @@ % rclone(1) User Manual % Nick Craig-Wood -% Jun 05, 2026 +% Jul 08, 2026 # NAME @@ -5416,12 +5416,12 @@ rclone convmv "stories/The Quick Brown Fox!.txt" --name-transform "all,command=e ```console rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{YYYYMMDD}" -// Output: stories/The Quick Brown Fox!-20260605 +// Output: stories/The Quick Brown Fox!-20260708 ``` ```console rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{macfriendlytime}" -// Output: stories/The Quick Brown Fox!-2026-06-05 0414PM +// Output: stories/The Quick Brown Fox!-2026-07-08 0504PM ``` ```console @@ -5631,8 +5631,9 @@ Copy files from source to dest, skipping identical files. If source:path is a file or directory then it copies it to a file or directory named dest:path. -This can be used to upload single files to other than their current -name. If the source is a directory then it acts exactly like the +This can be used to copy a single file to a destination with a name +different from its source - for example, uploading and renaming in one +step. If the source is a directory then it acts exactly like the [copy](https://rclone.org/commands/rclone_copy/) command. So @@ -14066,6 +14067,17 @@ Versioning is not currently supported. Metadata will only be saved in memory other than the rclone `mtime` metadata which will be set as the modification time of the file. +## Object names + +`serve s3` stores objects as files in the backend, so object keys are +mapped to file paths rather than treated as the opaque strings AWS S3 +allows. Keys must be in canonical path form: keys that contain `..` or +`.` path segments, repeated slashes (`//`), or a leading or trailing +slash are rejected with a `400 Bad Request` (`InvalidArgument`) +instead of being normalised, since normalising them could alias two +distinct keys to the same file or resolve a key outside its bucket. +This matches the behaviour of other S3 servers such as MinIO. + ## Supported operations `serve s3` currently supports the following operations. @@ -18664,7 +18676,7 @@ warnings and significant events. See also the [logging](#logging) section. -### --windows-event-log LogLevel +### --windows-event-log-level LogLevel If this is configured (the default is `OFF`) then logs of this level and above will be logged to the Windows event log in **addition** to @@ -18680,15 +18692,15 @@ and `Error`. If enabled we map rclone levels like this. Rclone will declare its log source as "rclone" if it is has enough permissions to create the registry key needed. If not then logs will -appear as "Application". You can run `rclone version --windows-event-log DEBUG` +appear as "Application". You can run `rclone version --windows-event-log-level DEBUG` once as administrator to create the registry key in advance. -**Note** that the `--windows-event-log` level must be greater (more +**Note** that the `--windows-event-log-level` level must be greater (more severe) than or equal to the `--log-level`. For example to log DEBUG to a log file but ERRORs to the event log you would use ```text ---log-file rclone.log --log-level DEBUG --windows-event-log ERROR +--log-file rclone.log --log-level DEBUG --windows-event-log-level ERROR ``` This option is only supported Windows platforms. @@ -20470,7 +20482,7 @@ y/e/d> ## Configuring by copying the config file Rclone stores all of its configuration in a single file. This can easily be -copied to configure a remote rclone (although some backends does not support +copied to configure a remote rclone (although some backends do not support reusing the same configuration, consult your backend documentation to be sure). @@ -21640,6 +21652,43 @@ or [use HTTP directly](#api-http). If you just want to run a remote control then see the [rcd](https://rclone.org/commands/rclone_rcd/) command. +## Security {#security} + +**Access to the rc API is equivalent to shell access as the user running +rclone.** Treat the rc port as you would an interactive login on the host. + +Any caller who can reach the API (and pass authentication, if it is enabled) +can, among other things: + +- **Run OS commands** as the rclone user. `core/command` re-executes the rclone + binary with arbitrary arguments, and several backend options shell out to + programs, so even creating a remote with `config/create` can lead to command + execution. +- **Read and write any file** reachable by the rclone process, by pointing + `operations/*` or `sync/*` at a `local` remote (or via `--rc-files` / + `--rc-serve`). Writing arbitrary files as the rclone user is itself a route to + code execution. +- **Read back stored credentials.** rclone configs routinely hold cloud-provider + secrets. `config/dump` and friends expose them, so a compromise of the rc + reaches every configured backend. +- **Change rclone's runtime behaviour** with `options/set`, **manage remotes** + with `config/*`, and **stop the process** with `core/quit`. + +There is currently no per-endpoint capability or scope system: authentication is +all-or-nothing. Granting any access grants all of the above. + +Consequently: + +- **Do not bind the rc to a network address you do not control.** The default + bind is loopback (`localhost:5572`); keep it there unless you have a specific + reason to change it. +- **Do not use `--rc-no-auth` on a non-loopback bind.** It disables + authentication on the endpoints that access remotes — see + [`--rc-no-auth`](#--rc-no-auth). +- **Use authentication and TLS** (`--rc-user`/`--rc-pass` or `--rc-htpasswd`, + plus `--rc-cert`/`--rc-key`) whenever the port is reachable by anyone you do + not fully trust, and raise `--rc-min-tls-version`. + ## Supported parameters ### --rc @@ -25003,7 +25052,7 @@ Flags for general networking and HTTP stuff. --tpslimit float Limit HTTP transactions per second to this --tpslimit-burst int Max burst of transactions for --tpslimit (default 1) --use-cookies Enable session cookiejar - --user-agent string Set the user-agent to a specified string (default "rclone/v1.74.3") + --user-agent string Set the user-agent to a specified string (default "rclone/v1.74.4") ``` @@ -25687,8 +25736,10 @@ Backend-only flags (these can be set in the config file also). --local-case-sensitive Force the filesystem to report itself as case sensitive --local-description string Description of the remote --local-encoding Encoding The encoding for the backend (default Slash,Dot) + --local-fatal-if-no-space Make out-of-space errors fatal during transfers --local-hashes CommaSepList Comma separated list of supported checksum types --local-links Translate symlinks to/from regular files with a '.rclonelink' extension for the local backend + --local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata --local-no-check-updated Don't check to see if the files change during upload --local-no-clone Disable reflink cloning for server-side copies --local-no-preallocate Disable preallocation of disk space for transferred files @@ -27215,8 +27266,8 @@ internals of the generated export file.) Therefore, bisync automatically skips `--download-hash` for files with a size less than 0. See also: [`Hasher`](https://rclone.org/hasher/) backend, -[`cryptcheck`](https://rclone.org/commands/rclone_cryptcheck/) command, [`rclone check ---download`](https://rclone.org/commands/rclone_check/) option, +[`cryptcheck`](https://rclone.org/commands/rclone_cryptcheck/) command, +[`rclone check --download`](https://rclone.org/commands/rclone_check/) option, [`md5sum`](https://rclone.org/commands/rclone_md5sum/) command ### --max-delete @@ -27790,9 +27841,20 @@ encodings.) The following backends have known issues that need more investigation: -- `TestFilen` (`filen`) - - [`TestBisyncRemoteRemote/resync_modes`](https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt) - - [`TestBisyncRemoteRemote/rmdirs`](https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt) +- `TestGoogleCloudStorage,directory_markers` (`googlecloudstorage`) + - [`TestBisyncRemoteLocal/all_changed`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) + - [`TestBisyncRemoteLocal/backupdir`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) + - [`TestBisyncRemoteLocal/basic`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) + - [`TestBisyncRemoteLocal/changes`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) + - [`TestBisyncRemoteLocal/check_access`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) + - [79 more](https://pub.rclone.org/integration-tests/current/) +- `TestGoogleCloudStorage` (`googlecloudstorage`) + - [`TestBisyncRemoteLocal/all_changed`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) + - [`TestBisyncRemoteLocal/backupdir`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) + - [`TestBisyncRemoteLocal/basic`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) + - [`TestBisyncRemoteLocal/changes`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) + - [`TestBisyncRemoteLocal/check_access`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) + - [79 more](https://pub.rclone.org/integration-tests/current/) - `TestHuaweiDrive` (`huaweidrive`) - [`TestBisyncRemoteLocal/ext_paths`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt) - [`TestBisyncRemoteLocal/extended_filenames`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt) @@ -27800,9 +27862,7 @@ The following backends have known issues that need more investigation: - [`TestBisyncLocalRemote/ext_paths`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt) - [`TestBisyncLocalRemote/extended_filenames`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt) - [4 more](https://pub.rclone.org/integration-tests/current/) -- `TestSeafile` (`seafile`) - - [`TestBisyncLocalRemote/rmdirs`](https://pub.rclone.org/integration-tests/current/seafile-cmd.bisync-TestSeafile-1.txt) -- Updated: 2026-06-05-010010 +- Updated: 2026-07-08-010014 The following backends either have not been tested recently or have known issues @@ -27908,6 +27968,11 @@ is to rename it to the same name on both sides. (As of `rclone v1.64`, a `--resync` is no longer required after doing so, as bisync will automatically detect that Path1 and Path2 are in agreement.) +Note that although the flag --track-renames ensures that renamed/moved files won't +be deleted and uploaded again, they are still counted as deleted files for purposes +of the --max-delete flag (as this check happens before the rename detection +operation). See [this issue](https://github.com/rclone/rclone/issues/8685). + ### `--fast-list` used by default Unlike most other rclone commands, bisync uses [`--fast-list`](https://rclone.org/docs/#fast-list) @@ -32772,7 +32837,7 @@ Cutoff for switching to multipart copy. Any files larger than this that need to be server-side copied will be copied in chunks of this size. -The minimum is 0 and the maximum is 5 GiB. +The minimum is 1 byte and the maximum is 5 GiB. Properties: @@ -43990,9 +44055,9 @@ This uses a 32 byte (256 bit key) key derived from the user password. 1 MiB (1048576 bytes) file will encrypt to - 32 bytes header -- 16 chunks of 65568 bytes +- 16 chunks of 65552 bytes -1049120 bytes total (a 0.05% overhead). This is the overhead for big +1048864 bytes total (a 0.03% overhead). This is the overhead for big files. ### Name encryption @@ -48515,9 +48580,14 @@ correct root to use itself. However you can set this to restrict rclone to a specific folder hierarchy or to access data within the "Computers" tab on the drive web interface (where files from Google's Backup and Sync desktop -program go). +program go). However, this is not the easiest method. +Instead, you can create a shortcut to a folder in "Computers" and +place it in "My Drive." To do so, right-click the folder, select +"Organize", and then choose "Add shortcut" in the Google Drive web interface. +Once you add the shortcut to "My Drive," rclone will display the folder, allowing you to interact with it. +See also [Shortcuts](#shortcuts). -In order to do this you will have to find the `Folder ID` of the +If, however, you choose to change your root folder, you will have to find the `Folder ID` of the directory you wish rclone to display. This will be the last segment of the URL when you open the relevant folder in the drive web interface. @@ -48528,7 +48598,11 @@ in the browser, then you use `1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh` as the `root_folder_id` in the config. **NB** folders under the "Computers" tab seem to be read only (drive -gives a 500 error) when using rclone. +gives a 500 error) when using rclone, but they are also read-only in the Google Drive web interface, +likely because this folder is managed by the Google Drive Desktop tool. +Top-level folders in "Computers" are read-only, but you can interact +with folders contained within them using rclone. +These are the folders for which you can create a shortcut as well, as described above. There doesn't appear to be an API to discover the folder IDs of the "Computers" tab - please contact us if you know otherwise! @@ -50352,6 +50426,23 @@ after a week, which can be annoying to refresh constantly. If, for whatever reason, a short grant time is not a problem, then keeping the application in testing mode would also be sufficient. +In most cases verification is not actually required. Google [exempts a number of +app categories](https://support.google.com/cloud/answer/13464323) from mandatory +verification, including: + +- **Personal Use apps**: if the app is for your personal use (fewer than 100 + users), you and your limited number of users can keep using it without + verification - you will just need to click through the "unverified app" + warning screen during sign-in. Verification is only required if you want to + grow your user base beyond 100 users. +- **Development/Testing/Staging apps**: apps in development, testing or staging + mode are not subject to verification (but are limited to the 100-user cap and + the unverified-app warning until verified). + +So for typical personal rclone use you can leave the app unverified, accept the +warning screen, and publish it (rather than leaving it in "Testing") to avoid +the weekly grant expiry described above. + (Thanks to @balazer on github for these instructions.) Sometimes, creation of an OAuth consent in Google API Console fails due to an @@ -69864,6 +69955,31 @@ backends and the VFS. Note that this flag is incompatible with `-copy-links` / `-L`. +#### Symlink targets and the destination + +When rclone recreates a `.rclonelink` file as a symlink on local storage, +the symlink can point anywhere - including, with an absolute path or one +using `../` - to a location outside the directory you are copying into. This +is normal - rclone reproduces whatever target the link had, so backups +round-trip faithfully. + +What rclone will **not** do is *write through* such a link. If a remote you +are copying from contains both a symlink and a file or directory that would +be placed inside it - for example a `dir.rclonelink` pointing somewhere +outside the destination, alongside a `dir/file.txt` - rclone refuses to +follow the symlink when writing `dir/file.txt`. The offending file is +skipped with an error, the rest of the transfer continues, and the skipped +file is counted in the error summary printed at the end of the run. + +This protects you from a malicious or compromised remote using `-l` / +`--links` to plant a symlink and then write through it to somewhere outside +your destination. Ordinary symlink round-trips, and symlinks that stay +inside the destination, are unaffected. + +If you have intentionally pre-created a symlinked directory inside your +destination and want rclone to write into the directory it points at, do +not use `-l` / `--links` for that copy, or remove the symlink first. + ### Restricting filesystems with --one-file-system Normally rclone will recurse through filesystems as mounted. @@ -70180,6 +70296,47 @@ Properties: - Type: bool - Default: false +#### --local-metadata-restore-special-bits + +Restore the setuid, setgid and sticky bits from metadata. + +When restoring metadata with --metadata rclone applies the "mode" from +the source. By default rclone applies only the permission bits and +strips the setuid, setgid and sticky bits. + +The "mode" comes from the source remote which may not be trusted. +Restoring a setuid or setgid bit onto freshly written, +source-controlled content can plant a setuid binary, which is dangerous +in particular when restoring from an untrusted source while running as +root. For this reason these bits are not restored by default. + +If you trust the source and want the setuid, setgid and sticky bits +restored - for example when restoring a system backup made by rclone - +set this flag. + +Properties: + +- Config: metadata_restore_special_bits +- Env Var: RCLONE_LOCAL_METADATA_RESTORE_SPECIAL_BITS +- Type: bool +- Default: false + +#### --local-fatal-if-no-space + +Make out-of-space errors fatal during transfers. + +When enabled, an ENOSPC error during a write returns a fatal error so +that rclone aborts rather than retrying the operation. Useful for +backup scripts that should halt loudly on a full disk rather than spin +retrying. + +Properties: + +- Config: fatal_if_no_space +- Env Var: RCLONE_LOCAL_FATAL_IF_NO_SPACE +- Type: bool +- Default: false + #### --local-time-type Set what kind of time is returned. @@ -70266,6 +70423,13 @@ supported by all file systems) under the "user.*" prefix. Metadata is supported on files and directories. +When restoring metadata with `--metadata` rclone applies the +"mode", "uid" and "gid" from the source. These come from the source +remote which may not be trusted, so restoring metadata as root from an +untrusted source can change file ownership and is not recommended. The +setuid, setgid and sticky bits are not restored by default - see the +`--local-metadata-restore-special-bits` flag. + Here are the possible system metadata items for the local backend. | Name | Help | Type | Example | Read Only | @@ -70319,6 +70483,69 @@ Options: # Changelog +## v1.74.4 - 2026-07-08 + +[See commits](https://github.com/rclone/rclone/compare/v1.74.3...v1.74.4) + +- Bug Fixes + - accounting + - Fix goroutine leak in ResetCounters (Nick Craig-Wood) + - Fix goroutine leak in NewStatsGroup for zero-transfer rc jobs (Sanjays2402) + - archive extract: Fix path traversal letting archives escape the destination CVE-2026-59732 (Nick Craig-Wood) + - build + - Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood) + - CVE-2026-39822: os: Root escape via symlink plus trailing slash + - CVE-2026-42505: crypto/tls: Encrypted Client Hello privacy leak + - Update golang.org/x/image to v0.43.0 to fix image decoding vulnerabilities (Nick Craig-Wood) + - CVE-2026-46604: panic decoding a TIFF image with an out-of-bounds strip offset + - CVE-2026-46602: unbounded memory use from lack of a limit on TIFF tile sizes + - CVE-2026-46601: panic on a WEBP VP8 alpha channel size mismatch + - CVE-2026-33813: panic decoding a large WEBP image on 32-bit platforms + - cmd/mount2 + - Fix NFS file creation by implementing Mknod (Sandy Luppino) + - Fix ESTALE over NFS by reporting stable inode numbers (Sandy Luppino) + - Fix NFS directory listings by supporting non-zero Seekdir offsets (Sandy Luppino) + - completion: Fix powershell completion corrupting non-ASCII names (Yash Anil) + - doc fixes (Bryan Stenson, Castronaut, Filippo, Gaurav, happysnaker, Jan-Philipp Reßler, Nick Craig-Wood, user77) + - filter: Fix `--files-from` copy stopping at the first unreadable file (Nick Craig-Wood) + - fs + - Fix command line flag being ignored when set to its default value (Nick Craig-Wood) + - Fix negative offset when a suffix Range request exceeds object size (Amit Mishra) + - gui: Update embedded release to 1.1.10 (Nick Craig-Wood) + - ncdu: Fix duplicated keystrokes on Windows by pinning tcell to v2.9.0 (Nick Craig-Wood) + - serve restic: Fix `--private-repos` isolation bypass CVE-2026-59733 (Nick Craig-Wood) + - serve s3 + - Fix spurious 404 on HEAD/GET during VFS writeback (max) + - Fix path traversal letting clients see files in the root GHSA-8v25-v8p6-qf7v (Nick Craig-Wood) + - serve webdav: Fix MOVE overwrite failing without Overwrite header (Sanjay Santhanam) + - serve/http: Fix `--disable-zip` so it works over rc (Nick Craig-Wood) +- VFS + - Fix hang reopening a file during the handle-caching grace period (Nick Craig-Wood) +- Local + - Stop `--links` symlinks escaping the destination directory CVE-2026-54572 (Nick Craig-Wood) + - Don't restore setuid/setgid/sticky bits from metadata by default GHSA-945v-v9p3-v5xw (Nick Craig-Wood) +- Drive + - Warn when non-exportable Google documents are skipped (Nick Craig-Wood) + - Fix stray %!(EXTRA) in unexportable google document log message (Nick Craig-Wood) + - Warn when using rclone's shared client_id (Nick Craig-Wood) +- Filelu + - Fix recursive listing path handling and file filtering (kingston125) +- Googlephotos + - Warn when using rclone's shared client_id (Nick Craig-Wood) +- Mega + - Wait for server events after upload, delete and move (Nick Craig-Wood) + - Fix hard deleted files reappearing in listings (Nick Craig-Wood) +- S3 + - Remove session token on cross-host redirects (IceLocke) + - Strip STS security token on same-host HTTPS->HTTP redirect GHSA-cf44-9pgv-m4xc (Nick Craig-Wood) + - Fix error mapping in GetObject to match HeadObject (lewoberst) + - Correct documented `copy_cutoff` minimum to 1 byte (max) + - Fix mounting a prefix failing with 403 when HEAD is not permitted (Nick Craig-Wood) +- Smb + - Fix for IBM iSeries and signature verification (dithwick) +- WebDAV + - Fix mixed property statuses in multi-status responses (nako-ruru) + ## v1.74.3 - 2026-06-05 [See commits](https://github.com/rclone/rclone/compare/v1.74.2...v1.74.3) diff --git a/MANUAL.txt b/MANUAL.txt index 78d1315ea..cec206bf4 100644 --- a/MANUAL.txt +++ b/MANUAL.txt @@ -1,6 +1,6 @@ rclone(1) User Manual Nick Craig-Wood -Jun 05, 2026 +Jul 08, 2026 NAME @@ -4632,10 +4632,10 @@ Examples: // Output: stories/The Quick Brown Fox!.txt rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{YYYYMMDD}" - // Output: stories/The Quick Brown Fox!-20260605 + // Output: stories/The Quick Brown Fox!-20260708 rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{macfriendlytime}" - // Output: stories/The Quick Brown Fox!-2026-06-05 0414PM + // Output: stories/The Quick Brown Fox!-2026-07-08 0504PM rclone convmv "stories/The Quick Brown Fox!.txt" --name-transform "all,regex=[\\.\\w]/ab" // Output: ababababababab/ababab ababababab ababababab ababab!abababab @@ -4837,8 +4837,9 @@ Synopsis If source:path is a file or directory then it copies it to a file or directory named dest:path. -This can be used to upload single files to other than their current -name. If the source is a directory then it acts exactly like the copy +This can be used to copy a single file to a destination with a name +different from its source - for example, uploading and renaming in one +step. If the source is a directory then it acts exactly like the copy command. So @@ -12661,6 +12662,17 @@ Versioning is not currently supported. Metadata will only be saved in memory other than the rclone mtime metadata which will be set as the modification time of the file. +Object names + +serve s3 stores objects as files in the backend, so object keys are +mapped to file paths rather than treated as the opaque strings AWS S3 +allows. Keys must be in canonical path form: keys that contain .. or . +path segments, repeated slashes (//), or a leading or trailing slash are +rejected with a 400 Bad Request (InvalidArgument) instead of being +normalised, since normalising them could alias two distinct keys to the +same file or resolve a key outside its bucket. This matches the +behaviour of other S3 servers such as MinIO. + Supported operations serve s3 currently supports the following operations. @@ -16947,7 +16959,7 @@ ERROR is equivalent to -q. It only outputs error messages. See also the logging section. ---windows-event-log LogLevel +--windows-event-log-level LogLevel If this is configured (the default is OFF) then logs of this level and above will be logged to the Windows event log in addition to the normal @@ -16965,14 +16977,14 @@ Error. If enabled we map rclone levels like this. Rclone will declare its log source as "rclone" if it is has enough permissions to create the registry key needed. If not then logs will appear as "Application". You can run -rclone version --windows-event-log DEBUG once as administrator to create -the registry key in advance. +rclone version --windows-event-log-level DEBUG once as administrator to +create the registry key in advance. -Note that the --windows-event-log level must be greater (more severe) -than or equal to the --log-level. For example to log DEBUG to a log file -but ERRORs to the event log you would use +Note that the --windows-event-log-level level must be greater (more +severe) than or equal to the --log-level. For example to log DEBUG to a +log file but ERRORs to the event log you would use - --log-file rclone.log --log-level DEBUG --windows-event-log ERROR + --log-file rclone.log --log-level DEBUG --windows-event-log-level ERROR This option is only supported Windows platforms. @@ -18694,7 +18706,7 @@ Then back to the headless machine, paste in the code. Configuring by copying the config file Rclone stores all of its configuration in a single file. This can easily -be copied to configure a remote rclone (although some backends does not +be copied to configure a remote rclone (although some backends do not support reusing the same configuration, consult your backend documentation to be sure). @@ -19775,6 +19787,44 @@ directly. If you just want to run a remote control then see the rcd command. +Security + +Access to the rc API is equivalent to shell access as the user running +rclone. Treat the rc port as you would an interactive login on the host. + +Any caller who can reach the API (and pass authentication, if it is +enabled) can, among other things: + +- Run OS commands as the rclone user. core/command re-executes the + rclone binary with arbitrary arguments, and several backend options + shell out to programs, so even creating a remote with config/create + can lead to command execution. +- Read and write any file reachable by the rclone process, by pointing + operations/* or sync/* at a local remote (or via --rc-files / + --rc-serve). Writing arbitrary files as the rclone user is itself a + route to code execution. +- Read back stored credentials. rclone configs routinely hold + cloud-provider secrets. config/dump and friends expose them, so a + compromise of the rc reaches every configured backend. +- Change rclone's runtime behaviour with options/set, manage remotes + with config/*, and stop the process with core/quit. + +There is currently no per-endpoint capability or scope system: +authentication is all-or-nothing. Granting any access grants all of the +above. + +Consequently: + +- Do not bind the rc to a network address you do not control. The + default bind is loopback (localhost:5572); keep it there unless you + have a specific reason to change it. +- Do not use --rc-no-auth on a non-loopback bind. It disables + authentication on the endpoints that access remotes — see + --rc-no-auth. +- Use authentication and TLS (--rc-user/--rc-pass or --rc-htpasswd, + plus --rc-cert/--rc-key) whenever the port is reachable by anyone + you do not fully trust, and raise --rc-min-tls-version. + Supported parameters --rc @@ -23158,7 +23208,7 @@ Flags for general networking and HTTP stuff. --tpslimit float Limit HTTP transactions per second to this --tpslimit-burst int Max burst of transactions for --tpslimit (default 1) --use-cookies Enable session cookiejar - --user-agent string Set the user-agent to a specified string (default "rclone/v1.74.3") + --user-agent string Set the user-agent to a specified string (default "rclone/v1.74.4") Performance @@ -23812,8 +23862,10 @@ Backend-only flags (these can be set in the config file also). --local-case-sensitive Force the filesystem to report itself as case sensitive --local-description string Description of the remote --local-encoding Encoding The encoding for the backend (default Slash,Dot) + --local-fatal-if-no-space Make out-of-space errors fatal during transfers --local-hashes CommaSepList Comma separated list of supported checksum types --local-links Translate symlinks to/from regular files with a '.rclonelink' extension for the local backend + --local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata --local-no-check-updated Don't check to see if the files change during upload --local-no-clone Disable reflink cloning for server-side copies --local-no-preallocate Disable preallocation of disk space for transferred files @@ -25857,9 +25909,20 @@ disallowed special characters and filename encodings.) The following backends have known issues that need more investigation: -- TestFilen (filen) - - TestBisyncRemoteRemote/resync_modes - - TestBisyncRemoteRemote/rmdirs +- TestGoogleCloudStorage,directory_markers (googlecloudstorage) + - TestBisyncRemoteLocal/all_changed + - TestBisyncRemoteLocal/backupdir + - TestBisyncRemoteLocal/basic + - TestBisyncRemoteLocal/changes + - TestBisyncRemoteLocal/check_access + - 79 more +- TestGoogleCloudStorage (googlecloudstorage) + - TestBisyncRemoteLocal/all_changed + - TestBisyncRemoteLocal/backupdir + - TestBisyncRemoteLocal/basic + - TestBisyncRemoteLocal/changes + - TestBisyncRemoteLocal/check_access + - 79 more - TestHuaweiDrive (huaweidrive) - TestBisyncRemoteLocal/ext_paths - TestBisyncRemoteLocal/extended_filenames @@ -25867,9 +25930,7 @@ The following backends have known issues that need more investigation: - TestBisyncLocalRemote/ext_paths - TestBisyncLocalRemote/extended_filenames - 4 more -- TestSeafile (seafile) - - TestBisyncLocalRemote/rmdirs -- Updated: 2026-06-05-010010 +- Updated: 2026-07-08-010014 The following backends either have not been tested recently or have known issues that are deemed unfixable for the time being: @@ -25972,6 +26033,11 @@ directory is to rename it to the same name on both sides. (As of rclone v1.64, a --resync is no longer required after doing so, as bisync will automatically detect that Path1 and Path2 are in agreement.) +Note that although the flag --track-renames ensures that renamed/moved +files won't be deleted and uploaded again, they are still counted as +deleted files for purposes of the --max-delete flag (as this check +happens before the rename detection operation). See this issue. + --fast-list used by default Unlike most other rclone commands, bisync uses --fast-list by default, @@ -30841,7 +30907,7 @@ Cutoff for switching to multipart copy. Any files larger than this that need to be server-side copied will be copied in chunks of this size. -The minimum is 0 and the maximum is 5 GiB. +The minimum is 1 byte and the maximum is 5 GiB. Properties: @@ -41650,9 +41716,9 @@ Examples 1 MiB (1048576 bytes) file will encrypt to - 32 bytes header -- 16 chunks of 65568 bytes +- 16 chunks of 65552 bytes -1049120 bytes total (a 0.05% overhead). This is the overhead for big +1048864 bytes total (a 0.03% overhead). This is the overhead for big files. Name encryption @@ -45955,11 +46021,17 @@ root to use itself. However you can set this to restrict rclone to a specific folder hierarchy or to access data within the "Computers" tab on the drive web interface (where files from Google's Backup and Sync desktop program -go). +go). However, this is not the easiest method. Instead, you can create a +shortcut to a folder in "Computers" and place it in "My Drive." To do +so, right-click the folder, select "Organize", and then choose "Add +shortcut" in the Google Drive web interface. Once you add the shortcut +to "My Drive," rclone will display the folder, allowing you to interact +with it. See also Shortcuts. -In order to do this you will have to find the Folder ID of the directory -you wish rclone to display. This will be the last segment of the URL -when you open the relevant folder in the drive web interface. +If, however, you choose to change your root folder, you will have to +find the Folder ID of the directory you wish rclone to display. This +will be the last segment of the URL when you open the relevant folder in +the drive web interface. So if the folder you want rclone to use has a URL which looks like https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh @@ -45967,7 +46039,12 @@ in the browser, then you use 1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh as the root_folder_id in the config. NB folders under the "Computers" tab seem to be read only (drive gives a -500 error) when using rclone. +500 error) when using rclone, but they are also read-only in the Google +Drive web interface, likely because this folder is managed by the Google +Drive Desktop tool. Top-level folders in "Computers" are read-only, but +you can interact with folders contained within them using rclone. These +are the folders for which you can create a shortcut as well, as +described above. There doesn't appear to be an API to discover the folder IDs of the "Computers" tab - please contact us if you know otherwise! @@ -47804,6 +47881,22 @@ which can be annoying to refresh constantly. If, for whatever reason, a short grant time is not a problem, then keeping the application in testing mode would also be sufficient. +In most cases verification is not actually required. Google exempts a +number of app categories from mandatory verification, including: + +- Personal Use apps: if the app is for your personal use (fewer than + 100 users), you and your limited number of users can keep using it + without verification - you will just need to click through the + "unverified app" warning screen during sign-in. Verification is only + required if you want to grow your user base beyond 100 users. +- Development/Testing/Staging apps: apps in development, testing or + staging mode are not subject to verification (but are limited to the + 100-user cap and the unverified-app warning until verified). + +So for typical personal rclone use you can leave the app unverified, +accept the warning screen, and publish it (rather than leaving it in +"Testing") to avoid the weekly grant expiry described above. + (Thanks to @balazer on github for these instructions.) Sometimes, creation of an OAuth consent in Google API Console fails due @@ -66953,6 +67046,32 @@ VFS. Note that this flag is incompatible with -copy-links / -L. +Symlink targets and the destination + +When rclone recreates a .rclonelink file as a symlink on local storage, +the symlink can point anywhere - including, with an absolute path or one +using ../ - to a location outside the directory you are copying into. +This is normal - rclone reproduces whatever target the link had, so +backups round-trip faithfully. + +What rclone will not do is write through such a link. If a remote you +are copying from contains both a symlink and a file or directory that +would be placed inside it - for example a dir.rclonelink pointing +somewhere outside the destination, alongside a dir/file.txt - rclone +refuses to follow the symlink when writing dir/file.txt. The offending +file is skipped with an error, the rest of the transfer continues, and +the skipped file is counted in the error summary printed at the end of +the run. + +This protects you from a malicious or compromised remote using -l / +--links to plant a symlink and then write through it to somewhere +outside your destination. Ordinary symlink round-trips, and symlinks +that stay inside the destination, are unaffected. + +If you have intentionally pre-created a symlinked directory inside your +destination and want rclone to write into the directory it points at, do +not use -l / --links for that copy, or remove the symlink first. + Restricting filesystems with --one-file-system Normally rclone will recurse through filesystems as mounted. @@ -67262,6 +67381,47 @@ Properties: - Type: bool - Default: false +--local-metadata-restore-special-bits + +Restore the setuid, setgid and sticky bits from metadata. + +When restoring metadata with --metadata rclone applies the "mode" from +the source. By default rclone applies only the permission bits and +strips the setuid, setgid and sticky bits. + +The "mode" comes from the source remote which may not be trusted. +Restoring a setuid or setgid bit onto freshly written, source-controlled +content can plant a setuid binary, which is dangerous in particular when +restoring from an untrusted source while running as root. For this +reason these bits are not restored by default. + +If you trust the source and want the setuid, setgid and sticky bits +restored - for example when restoring a system backup made by rclone - +set this flag. + +Properties: + +- Config: metadata_restore_special_bits +- Env Var: RCLONE_LOCAL_METADATA_RESTORE_SPECIAL_BITS +- Type: bool +- Default: false + +--local-fatal-if-no-space + +Make out-of-space errors fatal during transfers. + +When enabled, an ENOSPC error during a write returns a fatal error so +that rclone aborts rather than retrying the operation. Useful for backup +scripts that should halt loudly on a full disk rather than spin +retrying. + +Properties: + +- Config: fatal_if_no_space +- Env Var: RCLONE_LOCAL_FATAL_IF_NO_SPACE +- Type: bool +- Default: false + --local-time-type Set what kind of time is returned. @@ -67348,6 +67508,13 @@ supported by all file systems) under the "user.*" prefix. Metadata is supported on files and directories. +When restoring metadata with --metadata rclone applies the "mode", "uid" +and "gid" from the source. These come from the source remote which may +not be trusted, so restoring metadata as root from an untrusted source +can change file ownership and is not recommended. The setuid, setgid and +sticky bits are not restored by default - see the +--local-metadata-restore-special-bits flag. + Here are the possible system metadata items for the local backend. --------------------------------------------------------------------------------------------------- @@ -67410,6 +67577,100 @@ Options: Changelog +v1.74.4 - 2026-07-08 + +See commits + +- Bug Fixes + - accounting + - Fix goroutine leak in ResetCounters (Nick Craig-Wood) + - Fix goroutine leak in NewStatsGroup for zero-transfer rc + jobs (Sanjays2402) + - archive extract: Fix path traversal letting archives escape the + destination CVE-2026-59732 (Nick Craig-Wood) + - build + - Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood) + - CVE-2026-39822: os: Root escape via symlink plus + trailing slash + - CVE-2026-42505: crypto/tls: Encrypted Client Hello + privacy leak + - Update golang.org/x/image to v0.43.0 to fix image decoding + vulnerabilities (Nick Craig-Wood) + - CVE-2026-46604: panic decoding a TIFF image with an + out-of-bounds strip offset + - CVE-2026-46602: unbounded memory use from lack of a + limit on TIFF tile sizes + - CVE-2026-46601: panic on a WEBP VP8 alpha channel size + mismatch + - CVE-2026-33813: panic decoding a large WEBP image on + 32-bit platforms + - cmd/mount2 + - Fix NFS file creation by implementing Mknod (Sandy Luppino) + - Fix ESTALE over NFS by reporting stable inode numbers (Sandy + Luppino) + - Fix NFS directory listings by supporting non-zero Seekdir + offsets (Sandy Luppino) + - completion: Fix powershell completion corrupting non-ASCII names + (Yash Anil) + - doc fixes (Bryan Stenson, Castronaut, Filippo, Gaurav, + happysnaker, Jan-Philipp Reßler, Nick Craig-Wood, user77) + - filter: Fix --files-from copy stopping at the first unreadable + file (Nick Craig-Wood) + - fs + - Fix command line flag being ignored when set to its default + value (Nick Craig-Wood) + - Fix negative offset when a suffix Range request exceeds + object size (Amit Mishra) + - gui: Update embedded release to 1.1.10 (Nick Craig-Wood) + - ncdu: Fix duplicated keystrokes on Windows by pinning tcell to + v2.9.0 (Nick Craig-Wood) + - serve restic: Fix --private-repos isolation bypass + CVE-2026-59733 (Nick Craig-Wood) + - serve s3 + - Fix spurious 404 on HEAD/GET during VFS writeback (max) + - Fix path traversal letting clients see files in the root + GHSA-8v25-v8p6-qf7v (Nick Craig-Wood) + - serve webdav: Fix MOVE overwrite failing without Overwrite + header (Sanjay Santhanam) + - serve/http: Fix --disable-zip so it works over rc (Nick + Craig-Wood) +- VFS + - Fix hang reopening a file during the handle-caching grace period + (Nick Craig-Wood) +- Local + - Stop --links symlinks escaping the destination directory + CVE-2026-54572 (Nick Craig-Wood) + - Don't restore setuid/setgid/sticky bits from metadata by default + GHSA-945v-v9p3-v5xw (Nick Craig-Wood) +- Drive + - Warn when non-exportable Google documents are skipped (Nick + Craig-Wood) + - Fix stray %!(EXTRA) in unexportable google document log message + (Nick Craig-Wood) + - Warn when using rclone's shared client_id (Nick Craig-Wood) +- Filelu + - Fix recursive listing path handling and file filtering + (kingston125) +- Googlephotos + - Warn when using rclone's shared client_id (Nick Craig-Wood) +- Mega + - Wait for server events after upload, delete and move (Nick + Craig-Wood) + - Fix hard deleted files reappearing in listings (Nick Craig-Wood) +- S3 + - Remove session token on cross-host redirects (IceLocke) + - Strip STS security token on same-host HTTPS->HTTP redirect + GHSA-cf44-9pgv-m4xc (Nick Craig-Wood) + - Fix error mapping in GetObject to match HeadObject (lewoberst) + - Correct documented copy_cutoff minimum to 1 byte (max) + - Fix mounting a prefix failing with 403 when HEAD is not + permitted (Nick Craig-Wood) +- Smb + - Fix for IBM iSeries and signature verification (dithwick) +- WebDAV + - Fix mixed property statuses in multi-status responses + (nako-ruru) + v1.74.3 - 2026-06-05 See commits diff --git a/docs/content/bisync.md b/docs/content/bisync.md index 8968ca7b1..d4660d8a8 100644 --- a/docs/content/bisync.md +++ b/docs/content/bisync.md @@ -1053,9 +1053,20 @@ encodings.) The following backends have known issues that need more investigation: -- `TestFilen` (`filen`) - - [`TestBisyncRemoteRemote/resync_modes`](https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt) - - [`TestBisyncRemoteRemote/rmdirs`](https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt) +- `TestGoogleCloudStorage,directory_markers` (`googlecloudstorage`) + - [`TestBisyncRemoteLocal/all_changed`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) + - [`TestBisyncRemoteLocal/backupdir`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) + - [`TestBisyncRemoteLocal/basic`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) + - [`TestBisyncRemoteLocal/changes`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) + - [`TestBisyncRemoteLocal/check_access`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) + - [79 more](https://pub.rclone.org/integration-tests/current/) +- `TestGoogleCloudStorage` (`googlecloudstorage`) + - [`TestBisyncRemoteLocal/all_changed`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) + - [`TestBisyncRemoteLocal/backupdir`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) + - [`TestBisyncRemoteLocal/basic`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) + - [`TestBisyncRemoteLocal/changes`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) + - [`TestBisyncRemoteLocal/check_access`](https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) + - [79 more](https://pub.rclone.org/integration-tests/current/) - `TestHuaweiDrive` (`huaweidrive`) - [`TestBisyncRemoteLocal/ext_paths`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt) - [`TestBisyncRemoteLocal/extended_filenames`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt) @@ -1063,9 +1074,7 @@ The following backends have known issues that need more investigation: - [`TestBisyncLocalRemote/ext_paths`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt) - [`TestBisyncLocalRemote/extended_filenames`](https://pub.rclone.org/integration-tests/current/huaweidrive-cmd.bisync-TestHuaweiDrive-1.txt) - [4 more](https://pub.rclone.org/integration-tests/current/) -- `TestSeafile` (`seafile`) - - [`TestBisyncLocalRemote/rmdirs`](https://pub.rclone.org/integration-tests/current/seafile-cmd.bisync-TestSeafile-1.txt) -- Updated: 2026-06-05-010010 +- Updated: 2026-07-08-010014 The following backends either have not been tested recently or have known issues diff --git a/docs/content/changelog.md b/docs/content/changelog.md index 08d73df2a..0cf4f19fd 100644 --- a/docs/content/changelog.md +++ b/docs/content/changelog.md @@ -6,6 +6,69 @@ description: "Rclone Changelog" # Changelog +## v1.74.4 - 2026-07-08 + +[See commits](https://github.com/rclone/rclone/compare/v1.74.3...v1.74.4) + +- Bug Fixes + - accounting + - Fix goroutine leak in ResetCounters (Nick Craig-Wood) + - Fix goroutine leak in NewStatsGroup for zero-transfer rc jobs (Sanjays2402) + - archive extract: Fix path traversal letting archives escape the destination CVE-2026-59732 (Nick Craig-Wood) + - build + - Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood) + - CVE-2026-39822: os: Root escape via symlink plus trailing slash + - CVE-2026-42505: crypto/tls: Encrypted Client Hello privacy leak + - Update golang.org/x/image to v0.43.0 to fix image decoding vulnerabilities (Nick Craig-Wood) + - CVE-2026-46604: panic decoding a TIFF image with an out-of-bounds strip offset + - CVE-2026-46602: unbounded memory use from lack of a limit on TIFF tile sizes + - CVE-2026-46601: panic on a WEBP VP8 alpha channel size mismatch + - CVE-2026-33813: panic decoding a large WEBP image on 32-bit platforms + - cmd/mount2 + - Fix NFS file creation by implementing Mknod (Sandy Luppino) + - Fix ESTALE over NFS by reporting stable inode numbers (Sandy Luppino) + - Fix NFS directory listings by supporting non-zero Seekdir offsets (Sandy Luppino) + - completion: Fix powershell completion corrupting non-ASCII names (Yash Anil) + - doc fixes (Bryan Stenson, Castronaut, Filippo, Gaurav, happysnaker, Jan-Philipp Reßler, Nick Craig-Wood, user77) + - filter: Fix `--files-from` copy stopping at the first unreadable file (Nick Craig-Wood) + - fs + - Fix command line flag being ignored when set to its default value (Nick Craig-Wood) + - Fix negative offset when a suffix Range request exceeds object size (Amit Mishra) + - gui: Update embedded release to 1.1.10 (Nick Craig-Wood) + - ncdu: Fix duplicated keystrokes on Windows by pinning tcell to v2.9.0 (Nick Craig-Wood) + - serve restic: Fix `--private-repos` isolation bypass CVE-2026-59733 (Nick Craig-Wood) + - serve s3 + - Fix spurious 404 on HEAD/GET during VFS writeback (max) + - Fix path traversal letting clients see files in the root GHSA-8v25-v8p6-qf7v (Nick Craig-Wood) + - serve webdav: Fix MOVE overwrite failing without Overwrite header (Sanjay Santhanam) + - serve/http: Fix `--disable-zip` so it works over rc (Nick Craig-Wood) +- VFS + - Fix hang reopening a file during the handle-caching grace period (Nick Craig-Wood) +- Local + - Stop `--links` symlinks escaping the destination directory CVE-2026-54572 (Nick Craig-Wood) + - Don't restore setuid/setgid/sticky bits from metadata by default GHSA-945v-v9p3-v5xw (Nick Craig-Wood) +- Drive + - Warn when non-exportable Google documents are skipped (Nick Craig-Wood) + - Fix stray %!(EXTRA) in unexportable google document log message (Nick Craig-Wood) + - Warn when using rclone's shared client_id (Nick Craig-Wood) +- Filelu + - Fix recursive listing path handling and file filtering (kingston125) +- Googlephotos + - Warn when using rclone's shared client_id (Nick Craig-Wood) +- Mega + - Wait for server events after upload, delete and move (Nick Craig-Wood) + - Fix hard deleted files reappearing in listings (Nick Craig-Wood) +- S3 + - Remove session token on cross-host redirects (IceLocke) + - Strip STS security token on same-host HTTPS->HTTP redirect GHSA-cf44-9pgv-m4xc (Nick Craig-Wood) + - Fix error mapping in GetObject to match HeadObject (lewoberst) + - Correct documented `copy_cutoff` minimum to 1 byte (max) + - Fix mounting a prefix failing with 403 when HEAD is not permitted (Nick Craig-Wood) +- Smb + - Fix for IBM iSeries and signature verification (dithwick) +- WebDAV + - Fix mixed property statuses in multi-status responses (nako-ruru) + ## v1.74.3 - 2026-06-05 [See commits](https://github.com/rclone/rclone/compare/v1.74.2...v1.74.3) diff --git a/docs/content/commands/rclone.md b/docs/content/commands/rclone.md index 2b8668586..d64d2f9a6 100644 --- a/docs/content/commands/rclone.md +++ b/docs/content/commands/rclone.md @@ -558,8 +558,10 @@ rclone [flags] --local-case-sensitive Force the filesystem to report itself as case sensitive --local-description string Description of the remote --local-encoding Encoding The encoding for the backend (default Slash,Dot) + --local-fatal-if-no-space Make out-of-space errors fatal during transfers --local-hashes CommaSepList Comma separated list of supported checksum types --local-links Translate symlinks to/from regular files with a '.rclonelink' extension for the local backend + --local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata --local-no-check-updated Don't check to see if the files change during upload --local-no-clone Disable reflink cloning for server-side copies --local-no-preallocate Disable preallocation of disk space for transferred files @@ -1094,7 +1096,7 @@ rclone [flags] --use-json-log Use json log format --use-mmap Use mmap allocator (see docs) --use-server-modtime Use server modified time instead of object metadata - --user-agent string Set the user-agent to a specified string (default "rclone/v1.74.3") + --user-agent string Set the user-agent to a specified string (default "rclone/v1.74.4") -v, --verbose count Print lots more stuff (repeat for more) -V, --version Print the version number --webdav-auth-redirect Preserve authentication on redirect diff --git a/docs/content/commands/rclone_convmv.md b/docs/content/commands/rclone_convmv.md index b8407615f..3da6da40b 100644 --- a/docs/content/commands/rclone_convmv.md +++ b/docs/content/commands/rclone_convmv.md @@ -231,12 +231,12 @@ rclone convmv "stories/The Quick Brown Fox!.txt" --name-transform "all,command=e ```console rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{YYYYMMDD}" -// Output: stories/The Quick Brown Fox!-20260605 +// Output: stories/The Quick Brown Fox!-20260708 ``` ```console rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{macfriendlytime}" -// Output: stories/The Quick Brown Fox!-2026-06-05 0414PM +// Output: stories/The Quick Brown Fox!-2026-07-08 0504PM ``` ```console diff --git a/docs/content/commands/rclone_copyto.md b/docs/content/commands/rclone_copyto.md index 9afce1ad2..19b8d8a82 100644 --- a/docs/content/commands/rclone_copyto.md +++ b/docs/content/commands/rclone_copyto.md @@ -13,8 +13,9 @@ Copy files from source to dest, skipping identical files. If source:path is a file or directory then it copies it to a file or directory named dest:path. -This can be used to upload single files to other than their current -name. If the source is a directory then it acts exactly like the +This can be used to copy a single file to a destination with a name +different from its source - for example, uploading and renaming in one +step. If the source is a directory then it acts exactly like the [copy](/commands/rclone_copy/) command. So diff --git a/docs/content/commands/rclone_serve_s3.md b/docs/content/commands/rclone_serve_s3.md index 712c16496..3aeb5ce72 100644 --- a/docs/content/commands/rclone_serve_s3.md +++ b/docs/content/commands/rclone_serve_s3.md @@ -144,6 +144,17 @@ Versioning is not currently supported. Metadata will only be saved in memory other than the rclone `mtime` metadata which will be set as the modification time of the file. +## Object names + +`serve s3` stores objects as files in the backend, so object keys are +mapped to file paths rather than treated as the opaque strings AWS S3 +allows. Keys must be in canonical path form: keys that contain `..` or +`.` path segments, repeated slashes (`//`), or a leading or trailing +slash are rejected with a `400 Bad Request` (`InvalidArgument`) +instead of being normalised, since normalising them could alias two +distinct keys to the same file or resolve a key outside its bucket. +This matches the behaviour of other S3 servers such as MinIO. + ## Supported operations `serve s3` currently supports the following operations. diff --git a/docs/content/flags.md b/docs/content/flags.md index 14ff9fd42..af37dcf37 100644 --- a/docs/content/flags.md +++ b/docs/content/flags.md @@ -121,7 +121,7 @@ Flags for general networking and HTTP stuff. --tpslimit float Limit HTTP transactions per second to this --tpslimit-burst int Max burst of transactions for --tpslimit (default 1) --use-cookies Enable session cookiejar - --user-agent string Set the user-agent to a specified string (default "rclone/v1.74.3") + --user-agent string Set the user-agent to a specified string (default "rclone/v1.74.4") ``` @@ -805,8 +805,10 @@ Backend-only flags (these can be set in the config file also). --local-case-sensitive Force the filesystem to report itself as case sensitive --local-description string Description of the remote --local-encoding Encoding The encoding for the backend (default Slash,Dot) + --local-fatal-if-no-space Make out-of-space errors fatal during transfers --local-hashes CommaSepList Comma separated list of supported checksum types --local-links Translate symlinks to/from regular files with a '.rclonelink' extension for the local backend + --local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata --local-no-check-updated Don't check to see if the files change during upload --local-no-clone Disable reflink cloning for server-side copies --local-no-preallocate Disable preallocation of disk space for transferred files diff --git a/docs/content/local.md b/docs/content/local.md index 5f480dd19..5f2ecdeca 100644 --- a/docs/content/local.md +++ b/docs/content/local.md @@ -637,6 +637,47 @@ Properties: - Type: bool - Default: false +#### --local-metadata-restore-special-bits + +Restore the setuid, setgid and sticky bits from metadata. + +When restoring metadata with --metadata rclone applies the "mode" from +the source. By default rclone applies only the permission bits and +strips the setuid, setgid and sticky bits. + +The "mode" comes from the source remote which may not be trusted. +Restoring a setuid or setgid bit onto freshly written, +source-controlled content can plant a setuid binary, which is dangerous +in particular when restoring from an untrusted source while running as +root. For this reason these bits are not restored by default. + +If you trust the source and want the setuid, setgid and sticky bits +restored - for example when restoring a system backup made by rclone - +set this flag. + +Properties: + +- Config: metadata_restore_special_bits +- Env Var: RCLONE_LOCAL_METADATA_RESTORE_SPECIAL_BITS +- Type: bool +- Default: false + +#### --local-fatal-if-no-space + +Make out-of-space errors fatal during transfers. + +When enabled, an ENOSPC error during a write returns a fatal error so +that rclone aborts rather than retrying the operation. Useful for +backup scripts that should halt loudly on a full disk rather than spin +retrying. + +Properties: + +- Config: fatal_if_no_space +- Env Var: RCLONE_LOCAL_FATAL_IF_NO_SPACE +- Type: bool +- Default: false + #### --local-time-type Set what kind of time is returned. @@ -723,6 +764,13 @@ supported by all file systems) under the "user.*" prefix. Metadata is supported on files and directories. +When restoring metadata with `--metadata` rclone applies the +"mode", "uid" and "gid" from the source. These come from the source +remote which may not be trusted, so restoring metadata as root from an +untrusted source can change file ownership and is not recommended. The +setuid, setgid and sticky bits are not restored by default - see the +`--local-metadata-restore-special-bits` flag. + Here are the possible system metadata items for the local backend. | Name | Help | Type | Example | Read Only | diff --git a/docs/content/s3.md b/docs/content/s3.md index ac5366283..17dd49ada 100644 --- a/docs/content/s3.md +++ b/docs/content/s3.md @@ -3512,7 +3512,7 @@ Cutoff for switching to multipart copy. Any files larger than this that need to be server-side copied will be copied in chunks of this size. -The minimum is 0 and the maximum is 5 GiB. +The minimum is 1 byte and the maximum is 5 GiB. Properties: diff --git a/go.sum b/go.sum index edb58598c..76a852422 100644 --- a/go.sum +++ b/go.sum @@ -204,8 +204,6 @@ github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4= github.com/cloudinary/cloudinary-go/v2 v2.15.0 h1:iLoIwb7BJECHTbNcmIhYDsQhoZiACWGNvEpyqQy97Dk= github.com/cloudinary/cloudinary-go/v2 v2.15.0/go.mod h1:ireC4gqVetsjVhYlwjUJwKTbZuWjEIynbR9zQTlqsvo= -github.com/cloudsoda/go-smb2 v0.0.0-20250228001242-d4c70e6251cc h1:t8YjNUCt1DimB4HCIXBztwWMhgxr5yG5/YaRl9Afdfg= -github.com/cloudsoda/go-smb2 v0.0.0-20250228001242-d4c70e6251cc/go.mod h1:CgWpFCFWzzEA5hVkhAc6DZZzGd3czx+BblvOzjmg6KA= github.com/cloudsoda/go-smb2 v0.0.0-20260701064823-d8c5600d73b8 h1:+KC2I+emnT6ccWmo7IHbtchGc/vFqAxUuovo2eUgMuM= github.com/cloudsoda/go-smb2 v0.0.0-20260701064823-d8c5600d73b8/go.mod h1:1pQXB0vAlzRlqcY7LYKOOZMw0wKfJPFxTLsJRF2Gswo= github.com/cloudsoda/sddl v0.0.0-20250224235906-926454e91efc h1:0xCWmFKBmarCqqqLeM7jFBSw/Or81UEElFqO8MY+GDs= diff --git a/lib/transform/transform.md b/lib/transform/transform.md index 8d8236202..9a9d3cb21 100644 --- a/lib/transform/transform.md +++ b/lib/transform/transform.md @@ -218,12 +218,12 @@ rclone convmv "stories/The Quick Brown Fox!.txt" --name-transform "all,command=e ```console rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{YYYYMMDD}" -// Output: stories/The Quick Brown Fox!-20260605 +// Output: stories/The Quick Brown Fox!-20260708 ``` ```console rclone convmv "stories/The Quick Brown Fox!" --name-transform "date=-{macfriendlytime}" -// Output: stories/The Quick Brown Fox!-2026-06-05 0419PM +// Output: stories/The Quick Brown Fox!-2026-07-08 0517PM ``` ```console diff --git a/rclone.1 b/rclone.1 index 0ba91684d..cc8636398 100644 --- a/rclone.1 +++ b/rclone.1 @@ -15,7 +15,7 @@ . ftr VB CB . ftr VBI CBI .\} -.TH "rclone" "1" "Jun 05, 2026" "User Manual" "" +.TH "rclone" "1" "Jul 08, 2026" "User Manual" "" .hy .SH NAME .PP @@ -6326,14 +6326,14 @@ rclone convmv \[dq]stories/The Quick Brown Fox!.txt\[dq] --name-transform \[dq]a .nf \f[C] rclone convmv \[dq]stories/The Quick Brown Fox!\[dq] --name-transform \[dq]date=-{YYYYMMDD}\[dq] -// Output: stories/The Quick Brown Fox!-20260605 +// Output: stories/The Quick Brown Fox!-20260708 \f[R] .fi .IP .nf \f[C] rclone convmv \[dq]stories/The Quick Brown Fox!\[dq] --name-transform \[dq]date=-{macfriendlytime}\[dq] -// Output: stories/The Quick Brown Fox!-2026-06-05 0414PM +// Output: stories/The Quick Brown Fox!-2026-07-08 0504PM \f[R] .fi .IP @@ -6596,8 +6596,9 @@ Copy files from source to dest, skipping identical files. If source:path is a file or directory then it copies it to a file or directory named dest:path. .PP -This can be used to upload single files to other than their current -name. +This can be used to copy a single file to a destination with a name +different from its source - for example, uploading and renaming in one +step. If the source is a directory then it acts exactly like the copy (https://rclone.org/commands/rclone_copy/) command. .PP @@ -16323,6 +16324,18 @@ Versioning is not currently supported. Metadata will only be saved in memory other than the rclone \f[V]mtime\f[R] metadata which will be set as the modification time of the file. +.SS Object names +.PP +\f[V]serve s3\f[R] stores objects as files in the backend, so object +keys are mapped to file paths rather than treated as the opaque strings +AWS S3 allows. +Keys must be in canonical path form: keys that contain \f[V]..\f[R] or +\f[V].\f[R] path segments, repeated slashes (\f[V]//\f[R]), or a leading +or trailing slash are rejected with a \f[V]400 Bad Request\f[R] +(\f[V]InvalidArgument\f[R]) instead of being normalised, since +normalising them could alias two distinct keys to the same file or +resolve a key outside its bucket. +This matches the behaviour of other S3 servers such as MinIO. .SS Supported operations .PP \f[V]serve s3\f[R] currently supports the following operations. @@ -21747,7 +21760,7 @@ It outputs warnings and significant events. It only outputs error messages. .PP See also the logging section. -.SS --windows-event-log LogLevel +.SS --windows-event-log-level LogLevel .PP If this is configured (the default is \f[V]OFF\f[R]) then logs of this level and above will be logged to the Windows event log in @@ -21769,17 +21782,17 @@ but not currently used). Rclone will declare its log source as \[dq]rclone\[dq] if it is has enough permissions to create the registry key needed. If not then logs will appear as \[dq]Application\[dq]. -You can run \f[V]rclone version --windows-event-log DEBUG\f[R] once as -administrator to create the registry key in advance. +You can run \f[V]rclone version --windows-event-log-level DEBUG\f[R] +once as administrator to create the registry key in advance. .PP -\f[B]Note\f[R] that the \f[V]--windows-event-log\f[R] level must be -greater (more severe) than or equal to the \f[V]--log-level\f[R]. +\f[B]Note\f[R] that the \f[V]--windows-event-log-level\f[R] level must +be greater (more severe) than or equal to the \f[V]--log-level\f[R]. For example to log DEBUG to a log file but ERRORs to the event log you would use .IP .nf \f[C] ---log-file rclone.log --log-level DEBUG --windows-event-log ERROR +--log-file rclone.log --log-level DEBUG --windows-event-log-level ERROR \f[R] .fi .PP @@ -23858,7 +23871,7 @@ y/e/d> .PP Rclone stores all of its configuration in a single file. This can easily be copied to configure a remote rclone (although some -backends does not support reusing the same configuration, consult your +backends do not support reusing the same configuration, consult your backend documentation to be sure). .PP Start by running rclone config to create the configuration file on your @@ -25377,6 +25390,55 @@ directly. .PP If you just want to run a remote control then see the rcd (https://rclone.org/commands/rclone_rcd/) command. +.SS Security +.PP +\f[B]Access to the rc API is equivalent to shell access as the user +running rclone.\f[R] Treat the rc port as you would an interactive login +on the host. +.PP +Any caller who can reach the API (and pass authentication, if it is +enabled) can, among other things: +.IP \[bu] 2 +\f[B]Run OS commands\f[R] as the rclone user. +\f[V]core/command\f[R] re-executes the rclone binary with arbitrary +arguments, and several backend options shell out to programs, so even +creating a remote with \f[V]config/create\f[R] can lead to command +execution. +.IP \[bu] 2 +\f[B]Read and write any file\f[R] reachable by the rclone process, by +pointing \f[V]operations/*\f[R] or \f[V]sync/*\f[R] at a \f[V]local\f[R] +remote (or via \f[V]--rc-files\f[R] / \f[V]--rc-serve\f[R]). +Writing arbitrary files as the rclone user is itself a route to code +execution. +.IP \[bu] 2 +\f[B]Read back stored credentials.\f[R] rclone configs routinely hold +cloud-provider secrets. +\f[V]config/dump\f[R] and friends expose them, so a compromise of the rc +reaches every configured backend. +.IP \[bu] 2 +\f[B]Change rclone\[aq]s runtime behaviour\f[R] with +\f[V]options/set\f[R], \f[B]manage remotes\f[R] with \f[V]config/*\f[R], +and \f[B]stop the process\f[R] with \f[V]core/quit\f[R]. +.PP +There is currently no per-endpoint capability or scope system: +authentication is all-or-nothing. +Granting any access grants all of the above. +.PP +Consequently: +.IP \[bu] 2 +\f[B]Do not bind the rc to a network address you do not control.\f[R] +The default bind is loopback (\f[V]localhost:5572\f[R]); keep it there +unless you have a specific reason to change it. +.IP \[bu] 2 +\f[B]Do not use \f[VB]--rc-no-auth\f[B] on a non-loopback bind.\f[R] It +disables authentication on the endpoints that access remotes \[em] see +\f[V]--rc-no-auth\f[R]. +.IP \[bu] 2 +\f[B]Use authentication and TLS\f[R] +(\f[V]--rc-user\f[R]/\f[V]--rc-pass\f[R] or \f[V]--rc-htpasswd\f[R], +plus \f[V]--rc-cert\f[R]/\f[V]--rc-key\f[R]) whenever the port is +reachable by anyone you do not fully trust, and raise +\f[V]--rc-min-tls-version\f[R]. .SS Supported parameters .SS --rc .PP @@ -30200,7 +30262,7 @@ Flags for general networking and HTTP stuff. --tpslimit float Limit HTTP transactions per second to this --tpslimit-burst int Max burst of transactions for --tpslimit (default 1) --use-cookies Enable session cookiejar - --user-agent string Set the user-agent to a specified string (default \[dq]rclone/v1.74.3\[dq]) + --user-agent string Set the user-agent to a specified string (default \[dq]rclone/v1.74.4\[dq]) \f[R] .fi .SS Performance @@ -30884,8 +30946,10 @@ Backend-only flags (these can be set in the config file also). --local-case-sensitive Force the filesystem to report itself as case sensitive --local-description string Description of the remote --local-encoding Encoding The encoding for the backend (default Slash,Dot) + --local-fatal-if-no-space Make out-of-space errors fatal during transfers --local-hashes CommaSepList Comma separated list of supported checksum types --local-links Translate symlinks to/from regular files with a \[aq].rclonelink\[aq] extension for the local backend + --local-metadata-restore-special-bits Restore the setuid, setgid and sticky bits from metadata --local-no-check-updated Don\[aq]t check to see if the files change during upload --local-no-clone Disable reflink cloning for server-side copies --local-no-preallocate Disable preallocation of disk space for transferred files @@ -33498,12 +33562,37 @@ filename encodings.) .PP The following backends have known issues that need more investigation: .IP \[bu] 2 -\f[V]TestFilen\f[R] (\f[V]filen\f[R]) +\f[V]TestGoogleCloudStorage,directory_markers\f[R] +(\f[V]googlecloudstorage\f[R]) .RS 2 .IP \[bu] 2 -\f[V]TestBisyncRemoteRemote/resync_modes\f[R] (https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt) +\f[V]TestBisyncRemoteLocal/all_changed\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) .IP \[bu] 2 -\f[V]TestBisyncRemoteRemote/rmdirs\f[R] (https://pub.rclone.org/integration-tests/current/filen-cmd.bisync-TestFilen-1.txt) +\f[V]TestBisyncRemoteLocal/backupdir\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) +.IP \[bu] 2 +\f[V]TestBisyncRemoteLocal/basic\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) +.IP \[bu] 2 +\f[V]TestBisyncRemoteLocal/changes\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) +.IP \[bu] 2 +\f[V]TestBisyncRemoteLocal/check_access\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage,directory_markers-1.txt) +.IP \[bu] 2 +79 more (https://pub.rclone.org/integration-tests/current/) +.RE +.IP \[bu] 2 +\f[V]TestGoogleCloudStorage\f[R] (\f[V]googlecloudstorage\f[R]) +.RS 2 +.IP \[bu] 2 +\f[V]TestBisyncRemoteLocal/all_changed\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) +.IP \[bu] 2 +\f[V]TestBisyncRemoteLocal/backupdir\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) +.IP \[bu] 2 +\f[V]TestBisyncRemoteLocal/basic\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) +.IP \[bu] 2 +\f[V]TestBisyncRemoteLocal/changes\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) +.IP \[bu] 2 +\f[V]TestBisyncRemoteLocal/check_access\f[R] (https://pub.rclone.org/integration-tests/current/googlecloudstorage-cmd.bisync-TestGoogleCloudStorage-1.txt) +.IP \[bu] 2 +79 more (https://pub.rclone.org/integration-tests/current/) .RE .IP \[bu] 2 \f[V]TestHuaweiDrive\f[R] (\f[V]huaweidrive\f[R]) @@ -33522,13 +33611,7 @@ The following backends have known issues that need more investigation: 4 more (https://pub.rclone.org/integration-tests/current/) .RE .IP \[bu] 2 -\f[V]TestSeafile\f[R] (\f[V]seafile\f[R]) -.RS 2 -.IP \[bu] 2 -\f[V]TestBisyncLocalRemote/rmdirs\f[R] (https://pub.rclone.org/integration-tests/current/seafile-cmd.bisync-TestSeafile-1.txt) -.RE -.IP \[bu] 2 -Updated: 2026-06-05-010010 +Updated: 2026-07-08-010014 .PP The following backends either have not been tested recently or have known issues that are deemed unfixable for the time being: @@ -33675,6 +33758,12 @@ directory is to rename it to the same name on both sides. (As of \f[V]rclone v1.64\f[R], a \f[V]--resync\f[R] is no longer required after doing so, as bisync will automatically detect that Path1 and Path2 are in agreement.) +.PP +Note that although the flag --track-renames ensures that renamed/moved +files won\[aq]t be deleted and uploaded again, they are still counted as +deleted files for purposes of the --max-delete flag (as this check +happens before the rename detection operation). +See this issue (https://github.com/rclone/rclone/issues/8685). .SS \f[V]--fast-list\f[R] used by default .PP Unlike most other rclone commands, bisync uses @@ -42964,7 +43053,7 @@ Cutoff for switching to multipart copy. Any files larger than this that need to be server-side copied will be copied in chunks of this size. .PP -The minimum is 0 and the maximum is 5 GiB. +The minimum is 1 byte and the maximum is 5 GiB. .PP Properties: .IP \[bu] 2 @@ -56118,9 +56207,9 @@ This uses a 32 byte (256 bit key) key derived from the user password. .IP \[bu] 2 32 bytes header .IP \[bu] 2 -16 chunks of 65568 bytes +16 chunks of 65552 bytes .PP -1049120 bytes total (a 0.05% overhead). +1048864 bytes total (a 0.03% overhead). This is the overhead for big files. .SS Name encryption .PP @@ -61764,9 +61853,18 @@ However you can set this to restrict rclone to a specific folder hierarchy or to access data within the \[dq]Computers\[dq] tab on the drive web interface (where files from Google\[aq]s Backup and Sync desktop program go). +However, this is not the easiest method. +Instead, you can create a shortcut to a folder in \[dq]Computers\[dq] +and place it in \[dq]My Drive.\[dq] To do so, right-click the folder, +select \[dq]Organize\[dq], and then choose \[dq]Add shortcut\[dq] in the +Google Drive web interface. +Once you add the shortcut to \[dq]My Drive,\[dq] rclone will display the +folder, allowing you to interact with it. +See also Shortcuts. .PP -In order to do this you will have to find the \f[V]Folder ID\f[R] of the -directory you wish rclone to display. +If, however, you choose to change your root folder, you will have to +find the \f[V]Folder ID\f[R] of the directory you wish rclone to +display. This will be the last segment of the URL when you open the relevant folder in the drive web interface. .PP @@ -61776,7 +61874,13 @@ in the browser, then you use \f[V]1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh\f[R] as the \f[V]root_folder_id\f[R] in the config. .PP \f[B]NB\f[R] folders under the \[dq]Computers\[dq] tab seem to be read -only (drive gives a 500 error) when using rclone. +only (drive gives a 500 error) when using rclone, but they are also +read-only in the Google Drive web interface, likely because this folder +is managed by the Google Drive Desktop tool. +Top-level folders in \[dq]Computers\[dq] are read-only, but you can +interact with folders contained within them using rclone. +These are the folders for which you can create a shortcut as well, as +described above. .PP There doesn\[aq]t appear to be an API to discover the folder IDs of the \[dq]Computers\[dq] tab - please contact us if you know otherwise! @@ -64385,6 +64489,26 @@ annoying to refresh constantly. If, for whatever reason, a short grant time is not a problem, then keeping the application in testing mode would also be sufficient. .PP +In most cases verification is not actually required. +Google exempts a number of app +categories (https://support.google.com/cloud/answer/13464323) from +mandatory verification, including: +.IP \[bu] 2 +\f[B]Personal Use apps\f[R]: if the app is for your personal use (fewer +than 100 users), you and your limited number of users can keep using it +without verification - you will just need to click through the +\[dq]unverified app\[dq] warning screen during sign-in. +Verification is only required if you want to grow your user base beyond +100 users. +.IP \[bu] 2 +\f[B]Development/Testing/Staging apps\f[R]: apps in development, testing +or staging mode are not subject to verification (but are limited to the +100-user cap and the unverified-app warning until verified). +.PP +So for typical personal rclone use you can leave the app unverified, +accept the warning screen, and publish it (rather than leaving it in +\[dq]Testing\[dq]) to avoid the weekly grant expiry described above. +.PP (Thanks to \[at]balazer on github for these instructions.) .PP Sometimes, creation of an OAuth consent in Google API Console fails due @@ -89523,6 +89647,36 @@ backends and the VFS. .PP Note that this flag is incompatible with \f[V]-copy-links\f[R] / \f[V]-L\f[R]. +.SS Symlink targets and the destination +.PP +When rclone recreates a \f[V].rclonelink\f[R] file as a symlink on local +storage, the symlink can point anywhere - including, with an absolute +path or one using \f[V]../\f[R] - to a location outside the directory +you are copying into. +This is normal - rclone reproduces whatever target the link had, so +backups round-trip faithfully. +.PP +What rclone will \f[B]not\f[R] do is \f[I]write through\f[R] such a +link. +If a remote you are copying from contains both a symlink and a file or +directory that would be placed inside it - for example a +\f[V]dir.rclonelink\f[R] pointing somewhere outside the destination, +alongside a \f[V]dir/file.txt\f[R] - rclone refuses to follow the +symlink when writing \f[V]dir/file.txt\f[R]. +The offending file is skipped with an error, the rest of the transfer +continues, and the skipped file is counted in the error summary printed +at the end of the run. +.PP +This protects you from a malicious or compromised remote using +\f[V]-l\f[R] / \f[V]--links\f[R] to plant a symlink and then write +through it to somewhere outside your destination. +Ordinary symlink round-trips, and symlinks that stay inside the +destination, are unaffected. +.PP +If you have intentionally pre-created a symlinked directory inside your +destination and want rclone to write into the directory it points at, do +not use \f[V]-l\f[R] / \f[V]--links\f[R] for that copy, or remove the +symlink first. .SS Restricting filesystems with --one-file-system .PP Normally rclone will recurse through filesystems as mounted. @@ -89896,6 +90050,53 @@ Env Var: RCLONE_LOCAL_NO_SET_MODTIME Type: bool .IP \[bu] 2 Default: false +.SS --local-metadata-restore-special-bits +.PP +Restore the setuid, setgid and sticky bits from metadata. +.PP +When restoring metadata with --metadata rclone applies the +\[dq]mode\[dq] from the source. +By default rclone applies only the permission bits and strips the +setuid, setgid and sticky bits. +.PP +The \[dq]mode\[dq] comes from the source remote which may not be +trusted. +Restoring a setuid or setgid bit onto freshly written, source-controlled +content can plant a setuid binary, which is dangerous in particular when +restoring from an untrusted source while running as root. +For this reason these bits are not restored by default. +.PP +If you trust the source and want the setuid, setgid and sticky bits +restored - for example when restoring a system backup made by rclone - +set this flag. +.PP +Properties: +.IP \[bu] 2 +Config: metadata_restore_special_bits +.IP \[bu] 2 +Env Var: RCLONE_LOCAL_METADATA_RESTORE_SPECIAL_BITS +.IP \[bu] 2 +Type: bool +.IP \[bu] 2 +Default: false +.SS --local-fatal-if-no-space +.PP +Make out-of-space errors fatal during transfers. +.PP +When enabled, an ENOSPC error during a write returns a fatal error so +that rclone aborts rather than retrying the operation. +Useful for backup scripts that should halt loudly on a full disk rather +than spin retrying. +.PP +Properties: +.IP \[bu] 2 +Config: fatal_if_no_space +.IP \[bu] 2 +Env Var: RCLONE_LOCAL_FATAL_IF_NO_SPACE +.IP \[bu] 2 +Type: bool +.IP \[bu] 2 +Default: false .SS --local-time-type .PP Set what kind of time is returned. @@ -90015,6 +90216,14 @@ supported by all file systems) under the \[dq]user.*\[dq] prefix. .PP Metadata is supported on files and directories. .PP +When restoring metadata with \f[V]--metadata\f[R] rclone applies the +\[dq]mode\[dq], \[dq]uid\[dq] and \[dq]gid\[dq] from the source. +These come from the source remote which may not be trusted, so restoring +metadata as root from an untrusted source can change file ownership and +is not recommended. +The setuid, setgid and sticky bits are not restored by default - see the +\f[V]--local-metadata-restore-special-bits\f[R] flag. +.PP Here are the possible system metadata items for the local backend. .PP .TS @@ -90150,6 +90359,181 @@ Options: .IP \[bu] 2 \[dq]error\[dq]: Return an error based on option value. .SH Changelog +.SS v1.74.4 - 2026-07-08 +.PP +See commits (https://github.com/rclone/rclone/compare/v1.74.3...v1.74.4) +.IP \[bu] 2 +Bug Fixes +.RS 2 +.IP \[bu] 2 +accounting +.RS 2 +.IP \[bu] 2 +Fix goroutine leak in ResetCounters (Nick Craig-Wood) +.IP \[bu] 2 +Fix goroutine leak in NewStatsGroup for zero-transfer rc jobs +(Sanjays2402) +.RE +.IP \[bu] 2 +archive extract: Fix path traversal letting archives escape the +destination CVE-2026-59732 (Nick Craig-Wood) +.IP \[bu] 2 +build +.RS 2 +.IP \[bu] 2 +Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood) +.RS 2 +.IP \[bu] 2 +CVE-2026-39822: os: Root escape via symlink plus trailing slash +.IP \[bu] 2 +CVE-2026-42505: crypto/tls: Encrypted Client Hello privacy leak +.RE +.IP \[bu] 2 +Update golang.org/x/image to v0.43.0 to fix image decoding +vulnerabilities (Nick Craig-Wood) +.RS 2 +.IP \[bu] 2 +CVE-2026-46604: panic decoding a TIFF image with an out-of-bounds strip +offset +.IP \[bu] 2 +CVE-2026-46602: unbounded memory use from lack of a limit on TIFF tile +sizes +.IP \[bu] 2 +CVE-2026-46601: panic on a WEBP VP8 alpha channel size mismatch +.IP \[bu] 2 +CVE-2026-33813: panic decoding a large WEBP image on 32-bit platforms +.RE +.RE +.IP \[bu] 2 +cmd/mount2 +.RS 2 +.IP \[bu] 2 +Fix NFS file creation by implementing Mknod (Sandy Luppino) +.IP \[bu] 2 +Fix ESTALE over NFS by reporting stable inode numbers (Sandy Luppino) +.IP \[bu] 2 +Fix NFS directory listings by supporting non-zero Seekdir offsets (Sandy +Luppino) +.RE +.IP \[bu] 2 +completion: Fix powershell completion corrupting non-ASCII names (Yash +Anil) +.IP \[bu] 2 +doc fixes (Bryan Stenson, Castronaut, Filippo, Gaurav, happysnaker, +Jan-Philipp Reßler, Nick Craig-Wood, user77) +.IP \[bu] 2 +filter: Fix \f[V]--files-from\f[R] copy stopping at the first unreadable +file (Nick Craig-Wood) +.IP \[bu] 2 +fs +.RS 2 +.IP \[bu] 2 +Fix command line flag being ignored when set to its default value (Nick +Craig-Wood) +.IP \[bu] 2 +Fix negative offset when a suffix Range request exceeds object size +(Amit Mishra) +.RE +.IP \[bu] 2 +gui: Update embedded release to 1.1.10 (Nick Craig-Wood) +.IP \[bu] 2 +ncdu: Fix duplicated keystrokes on Windows by pinning tcell to v2.9.0 +(Nick Craig-Wood) +.IP \[bu] 2 +serve restic: Fix \f[V]--private-repos\f[R] isolation bypass +CVE-2026-59733 (Nick Craig-Wood) +.IP \[bu] 2 +serve s3 +.RS 2 +.IP \[bu] 2 +Fix spurious 404 on HEAD/GET during VFS writeback (max) +.IP \[bu] 2 +Fix path traversal letting clients see files in the root +GHSA-8v25-v8p6-qf7v (Nick Craig-Wood) +.RE +.IP \[bu] 2 +serve webdav: Fix MOVE overwrite failing without Overwrite header +(Sanjay Santhanam) +.IP \[bu] 2 +serve/http: Fix \f[V]--disable-zip\f[R] so it works over rc (Nick +Craig-Wood) +.RE +.IP \[bu] 2 +VFS +.RS 2 +.IP \[bu] 2 +Fix hang reopening a file during the handle-caching grace period (Nick +Craig-Wood) +.RE +.IP \[bu] 2 +Local +.RS 2 +.IP \[bu] 2 +Stop \f[V]--links\f[R] symlinks escaping the destination directory +CVE-2026-54572 (Nick Craig-Wood) +.IP \[bu] 2 +Don\[aq]t restore setuid/setgid/sticky bits from metadata by default +GHSA-945v-v9p3-v5xw (Nick Craig-Wood) +.RE +.IP \[bu] 2 +Drive +.RS 2 +.IP \[bu] 2 +Warn when non-exportable Google documents are skipped (Nick Craig-Wood) +.IP \[bu] 2 +Fix stray %!(EXTRA) in unexportable google document log message (Nick +Craig-Wood) +.IP \[bu] 2 +Warn when using rclone\[aq]s shared client_id (Nick Craig-Wood) +.RE +.IP \[bu] 2 +Filelu +.RS 2 +.IP \[bu] 2 +Fix recursive listing path handling and file filtering (kingston125) +.RE +.IP \[bu] 2 +Googlephotos +.RS 2 +.IP \[bu] 2 +Warn when using rclone\[aq]s shared client_id (Nick Craig-Wood) +.RE +.IP \[bu] 2 +Mega +.RS 2 +.IP \[bu] 2 +Wait for server events after upload, delete and move (Nick Craig-Wood) +.IP \[bu] 2 +Fix hard deleted files reappearing in listings (Nick Craig-Wood) +.RE +.IP \[bu] 2 +S3 +.RS 2 +.IP \[bu] 2 +Remove session token on cross-host redirects (IceLocke) +.IP \[bu] 2 +Strip STS security token on same-host HTTPS->HTTP redirect +GHSA-cf44-9pgv-m4xc (Nick Craig-Wood) +.IP \[bu] 2 +Fix error mapping in GetObject to match HeadObject (lewoberst) +.IP \[bu] 2 +Correct documented \f[V]copy_cutoff\f[R] minimum to 1 byte (max) +.IP \[bu] 2 +Fix mounting a prefix failing with 403 when HEAD is not permitted (Nick +Craig-Wood) +.RE +.IP \[bu] 2 +Smb +.RS 2 +.IP \[bu] 2 +Fix for IBM iSeries and signature verification (dithwick) +.RE +.IP \[bu] 2 +WebDAV +.RS 2 +.IP \[bu] 2 +Fix mixed property statuses in multi-status responses (nako-ruru) +.RE .SS v1.74.3 - 2026-06-05 .PP See commits (https://github.com/rclone/rclone/compare/v1.74.2...v1.74.3)