• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.

Chevereto v4.0.0-beta.10 announcement

🛡 Added two-factor authentication

Now under /settings/security users will be able to add two-factor authentication for their accounts. This works with any TOTP provider, namely Google Authenticator, Microsoft Authenticator, etc.

As you may notice the new section is called "Security". This is because there will be more options in the future, like active sessions and stuff like that. Do you need more security? 🤗 Feel free to open a RFC.
🛡 Added encrypted application secrets

Currently user passwords are stored using hashing, same user-API keys. This means that if the database gets compromised an attacker won't be able to access these. In the other hand, application secrets (as your AWS S3 password) up to now are stored in plain text in the database, which is a serious security concern as access to these is protected only by one layer. In other words, if an attacker get access to your database it could for sure compromise your SMTP, all your storages, your external services, etc.

With V4.0.0-beta.10 I'm introducing encrypted application secrets, meaning that the database will store an encrypted value, which is useless without the encryption key.

Don't worry, the upgrade will be automatic 🤗 as the system will auto create the keys and it will encrypt all existing secrets.
2FA, most awaited one by me. Just wanted to ask when a user-based API is going to be released. Any beta number for that?
🤦‍♂️ Added remarks on B2 (old) storage API

Plenty users never read the docs, therefore we are now making very explicit that the B2 Storage API is for legacy purposes. All new buckets for B2 are S3 compatible.

Thank you for the B2 updates! I'm glad to not be on B2 anymore for sure.

I'm excited for v4 and already paid for it 😀
🐘 Added bcmath polyfill

Chevereto uses the PHP bcmath extension for generating the alphanumeric representation of integer ids. In some systems this extension is disabled and Chevereto can't be used.

In this release we are removing that hard dependency by adding a polyfill that provides the same functionality for these systems without the extension.
🐞 Fixed bug id drop upload not ignoring self targets

The drag and drop upload functionality now ignores self targets (links in the Chevereto user interface that you may accidentally drag).
🐞 Fixed bug in URL paste handler when URL upload is disabled

The paste URL even was being called even if the URL upload functionality was disabled. This is only an user interface bug, now the handler ignores URLs if URL uploading is forbidden.