← Package directory
Available on winget

Install copyparty

Portable file server with accelerated resumable uploads, dedup, WebDAV, FTP, TFTP, zeroconf, media indexer, thumbnails++ all in one file, no deps

Install with winget
winget install --id 9001.copyparty
Upgrade
winget upgrade --id 9001.copyparty
Uninstall
winget uninstall --id 9001.copyparty

About copyparty

Portable file server with accelerated resumable uploads, dedup, WebDAV, FTP, TFTP, zeroconf, media indexer, thumbnails++ all in one file, no deps

What's new in 1.20.16

- v1.20.9 (2025-02-25) fixed CVE-2026-27948 (XSS) 🧪 new features - #1463 opds: improved compatibility with various clients (thx @kamaeff!) 9068ec6a - #1485 users with read-access can now create get-only shares (thx @Scotsguy!) 0bb80e92 - #1466 support the s6 service notification protocol (thx @mobin-2008!) 8c201b84 ca406472 - download-as-zip/tar: the toplevel folder can be renamed with url-param &name=foo or entirely removed with &name cc5420a3 - #1487 option to generate music spectrograms with linear frequency scale (thx @9hax!) 83dc20f3 - option to set custom name/path for ffmpeg/ffprobe binaries 5e806ec1 - #1489 audio playback of mka files 🩹 bugfixes - #1480 #1482 fix get-only shares not expiring if the creator is removed (thx @celinke97 and @Scotsguy!) 3b53a228 - #1474 toggling between cropped/fullsize coverart for music didn't work 926c6e81 - #1470 files from the year 30828 would break file listing 27031f73 - #1494 fix js-crash when dragging a pic from the gallery out of the browser (thx @icxes!) 7d81b9e8 - "fancy markdown editor" didn't work on phones 6183540c - improve signal handling f4f97b6c - if I messed something up then --sig-thr or send 7x sigterm 🔧 other changes - docker: the arm32 build of the iv image has graduated 6e75faa6 - copyparty/iv is now only available for i386 / x86_64 / aarch64 - docker: rawpy is no longer bundled; now using libraw directly 348b4bb5 - creating thumbnails of .raw photos is now MUCH slower but quality is also much better - partyfuse: switch to mfusepy; adds fuse3 support and improves performance b2401ff1 - additional advisory tiers f...

Read release notes

Version history

Version Updated Notes
1.20.16 Unknown - v1.20.9 (2025-02-25) fixed CVE-2026-27948 (XSS) 🧪 new features - #1463 opds: improved compatibility with various clients (thx @kamaeff!) 9068ec6a - #1485 users with read-access can now create get-only shares (thx @Scot...
1.20.14 Unknown - v1.20.9 (2025-02-25) fixed CVE-2026-27948 (XSS) 🧪 new features - #1410 #376 #1224 new option --glang to autoselect UI-translation based on webbrowser's language (thx @stackxp!) ec3e0e7e - #1407 #1384 option to automati...
1.20.13 Unknown - v1.20.9 (2025-02-25) fixed CVE-2026-27948 (XSS) 🧪 new features - #1351 add .hidden support (thx @NecRaul!) beb634dc 134e378e - cosmetic filter to exclude specific files from directory listings by adding their filenames...
1.20.12 Unknown - GHSA-67rw-2x62-mqqm: when a share is created for just one or more files inside a folder, it was possible to use FTP or SFTP to access the other files inside that folder by guessing the filenames - so ignore this issue...
1.20.11 Unknown GHSA-m6hv-x64c-27mm the nohtml volflag did not prevent javascript inside SVG images from executing -- a malicious user with write-access could upload an SVG file which would execute as javascript when someone opens it 1c...
1.20.10 Unknown - v1.20.9 (2025-02-25) fixed CVE-2026-27948 (XSS) 🩹 bugfixes - #1311 fix login (broke in v1.20.9) ecdfd2d1 🔧 other changes - warn that config-reload doesn't do global-options a29037a0 🌠 fun facts - rushing out a cve-fix...
1.20.9 Unknown GHSA-62cr-6wp5-q43h could let an attacker execute arbitrary JS by tricking you into clicking a malicious link 31b2801f 🔧 other changes - webdav: dav-port can be used as an alternative to daw d21242fc
1.20.8 Unknown - #1298 add Hungarian translation (thx @sonacl!) eefb181b f37c3b96 - #1299 chown now accepts 4-digit values (thx @new-sashok724!) 5a7504fd 🩹 bugfixes - audioplayer skip-silence: - #1303 clamp ffwd to safe values (thx @ic...
1.20.7 Unknown - now possible to upload/delete files while the filesystem-indexer is still busy d44ea245 0ca4c1bd - global-option fika decides which actions to allow while still indexing; default is upload+copy+delete - full deduplicat...
1.20.6 Unknown - #1264 now possible to grant the get permission when creating a share 95b827f1 - the button was already there, but until now it did nothing 🩹 bugfixes - a safeguard (24141b49) added in v1.20.5 was too strict and would b...
1.20.5 Unknown - #1240 webdav clients can now set fractional last-modified timestamps (thx @jcwillox!) 296362fc - #1260 add support for running the server with GraalPy (thx @vgskye!) 73d06eaf - #1182 pressing CTRL-C will copy links of...
1.20.4 Unknown - #1235 rightclick-menu: fix creating new files/folders in gridview (thx @SpaceXCheeseWheel!) ffca67f2 🔧 other changes - #1229 updated the Esperanto translation (thx @slashdevslashurandom!) 1142ac25 - #1232 shares: if an...
1.20.3 Unknown - send-message-to-serverlog now also available as url-parameter ?smsg=foo - option smsg configures which HTTP-methods to allow; can be set to GET,POST but default is only POST because GET is dangerous (CSRF) 🩹 bugfixes -...
1.20.1 Unknown - read-only demo server at https://a.ocv.me/pub/demo/ - docker image ╱ similar software ╱ client testbed there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most rece...
1.19.17 Unknown Release notes