Skip to content

Releases: diamonddigitaldev/Dropgate

3.0.10

29 Mar 21:46
@WillTDA WillTDA
3.0.10
0547e04
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
3.0.10 Latest
Latest

Dropgate | Patch Update (v3.0.10)

  • Added a new and improved file selection UI for client and server.
  • Client: Updated Electron to the latest version.

Installation

Dropgate Client

Download and run the executable to install Dropgate Client on your Windows computer.
Note: You may get a Windows SmartScreen popup when trying to run the installer. This is normal as the installer is not signed.

Dropgate Server

The easiest way to host your own Dropgate Server is using Docker. Please read this part of the server docs for the installation guide.
Alternatively, you can also download the source code, install the required node modules and run the server manually. (Learn more)

A quick note:

So far, I (WillTDA) have been the sole developer of the Dropgate Project, I'm committed to seeing Dropgate become the go-to open-source solution for file transfer operations.
My programming skills are far from perfect. If you do happen to find any careless bugs, inconsistencies or features you'd like to see added, please don't hesitate to let me know ASAP. Every issue submitted makes Dropgate better for everyone :)

Assets 4
Loading

3.0.9

28 Mar 18:14
@WillTDA WillTDA
3.0.9
1cedd4d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
3.0.9

Dropgate | Patch Update (v3.0.9)

  • Updated credits.
  • Updated core library version for client and server.

Installation

Dropgate Client

Download and run the executable to install Dropgate Client on your Windows computer.
Note: You may get a Windows SmartScreen popup when trying to run the installer. This is normal as the installer is not signed.

Dropgate Server

The easiest way to host your own Dropgate Server is using Docker. Please read this part of the server docs for the installation guide.
Alternatively, you can also download the source code, install the required node modules and run the server manually. (Learn more)

A quick note:

So far, I (WillTDA) have been the sole developer of the Dropgate Project, I'm committed to seeing Dropgate become the go-to open-source solution for file transfer operations.
My programming skills are far from perfect. If you do happen to find any careless bugs, inconsistencies or features you'd like to see added, please don't hesitate to let me know ASAP. Every issue submitted makes Dropgate better for everyone :)

Loading

3.0.8

25 Mar 01:59
@WillTDA WillTDA
3.0.8
26180fd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
3.0.8

Dropgate | Patch Update (v3.0.8)

  • Server: Force LF on entrypoint.sh
  • Server: Add Dropgate logo to OpenGraph meta tags

Installation

Dropgate Client

Download and run the executable to install Dropgate Client on your Windows computer.
Note: You may get a Windows SmartScreen popup when trying to run the installer. This is normal as the installer is not signed.

Dropgate Server

The easiest way to host your own Dropgate Server is using Docker. Please read this part of the server docs for the installation guide.
Alternatively, you can also download the source code, install the required node modules and run the server manually. (Learn more)

A quick note:

So far, I (WillTDA) have been the sole developer of the Dropgate Project, I'm committed to seeing Dropgate become the go-to open-source solution for file transfer operations.
My programming skills are far from perfect. If you do happen to find any careless bugs, inconsistencies or features you'd like to see added, please don't hesitate to let me know ASAP. Every issue submitted makes Dropgate better for everyone :)

Loading

3.0.7

23 Mar 15:05
@WillTDA WillTDA
3.0.7
b9a7c43
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
3.0.7

Dropgate | Patch Update (v3.0.7)

  • The source code for this application has been moved under Diamond Digital Development as part of our open-source roadmap. Any credits and links to the GitHub repo have been updated.
  • Client: Added menuCategory to the nsis installer config. This app will now install under a start menu folder named "Diamond Digital Development".

Installation

Dropgate Client

Download and run the executable to install Dropgate Client on your Windows computer.
Note: You may get a Windows SmartScreen popup when trying to run the installer. This is normal as the installer is not signed.

Dropgate Server

The easiest way to host your own Dropgate Server is using Docker. Please read this part of the server docs for the installation guide.
Alternatively, you can also download the source code, install the required node modules and run the server manually. (Learn more)

A quick note:

So far, I (WillTDA) have been the sole developer of the Dropgate Project, I'm committed to seeing Dropgate become the go-to open-source solution for file transfer operations.
My programming skills are far from perfect. If you do happen to find any careless bugs, inconsistencies or features you'd like to see added, please don't hesitate to let me know ASAP. Every issue submitted makes Dropgate better for everyone :)

Loading

3.0.6

18 Mar 23:28
@WillTDA WillTDA
3.0.6
894ae22
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
3.0.6

Dropgate | Patch Update (v3.0.6)

  • Client: Updated to Electron v41.0.3, serve material-icons via node_modules
  • Server: Updated to EJS v5.0.1, serve material-icons via node_modules
  • Docker Image: Updated to Node.js v24 (node:24-alpine), renamed appuser and appgroup to dropgate
  • Core Library: Fix file size calculation errors when accounting for 28 bytes encryption overhead per chunk

Installation

Dropgate Client

Download and run the executable to install Dropgate Client on your Windows computer.
Note: You may get a Windows SmartScreen popup when trying to run the installer. This is normal as the installer is not signed.

Dropgate Server

The easiest way to host your own Dropgate Server is using Docker. Please read this part of the server docs for the installation guide.
Alternatively, you can also download the source code, install the required node modules and run the server manually. (Learn more)

A quick note:

So far, I (WillTDA) have been the sole developer of the Dropgate Project, I'm committed to seeing Dropgate become the go-to open-source solution for file transfer operations.
My programming skills are far from perfect. If you do happen to find any careless bugs, inconsistencies or features you'd like to see added, please don't hesitate to let me know ASAP. Every issue submitted makes Dropgate better for everyone :)

Loading

3.0.5

11 Feb 19:28
@WillTDA WillTDA
3.0.5
32471db
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
3.0.5

Dropgate | Patch Update (v3.0.5)

  • Core Library: Fixed a bug that caused received bytes to be calculated incorrectly on download.
  • Server: Added extra validation checks for upload drag-and-drop area.

Installation

Dropgate Client

Download and run the executable to install Dropgate Client on your Windows computer.
Note: You may get a Windows SmartScreen popup when trying to run the installer. This is normal as the installer is not signed.

Dropgate Server

The easiest way to host your own Dropgate Server is using Docker. Please read this part of the server docs for the installation guide.
Alternatively, you can also download the source code, install the required node modules and run the server manually. (Learn more)

A quick note:

So far, I (WillTDA) have been the sole developer of the Dropgate Project, I'm committed to seeing Dropgate become the go-to open-source solution for file transfer operations.
My programming skills are far from perfect. If you do happen to find any careless bugs, inconsistencies or features you'd like to see added, please don't hesitate to let me know ASAP. Every issue submitted makes Dropgate better for everyone :)

Loading

3.0.4

09 Feb 22:52
@WillTDA WillTDA
3.0.4
617ccdc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
3.0.4

Dropgate | Security Update (v3.0.4)

Dropgate v3.0.4 is a critical security release addressing multiple high-severity vulnerabilities in the server-side upload protocol. Upgrading is strongly recommended for all users.

🛡️ Security Hardening

This release closes critical server-side vulnerabilities that could allow attackers to bypass storage quotas and exhaust server memory through malicious upload requests.

Server-Side Uploads (DGUP Protocol)

  • Bundle Initialization Race Fix (HIGH): Eliminated a critical TOCTOU race condition in /upload/init-bundle where concurrent bundle creation requests could bypass the global storage quota. The endpoint now properly serializes quota checks using acquireQuotaLock() / releaseLock() with try/finally protection, matching the existing pattern from v3.0.1's file initialization hardening.

  • Chunk Upload Stream Protection (HIGH): Protected against memory exhaustion attacks by implementing strict bounds checking during chunk upload streaming. The server now tracks receivedBytes incrementally and immediately terminates requests (413 Payload Too Large) if the incoming stream exceeds uploadChunkSizeBytes + 1024 bytes, preventing malicious clients from forcing the server to buffer multi-gigabyte payloads in memory.

  • JSON Body Limit Alignment (LOW): Fixed a configuration mismatch where Express's JSON parser used a 100KB default limit while the application enforced a 1MB manifest size check. The express.json() middleware now uses { limit: '1mb' }, ensuring the application-level validation is actually reachable and preventing confusing rejections of legitimate large manifests.

✅ Dropgate Client Improvements

Windows Context Menu Integration

  • Bundle Support: Right-clicking and selecting multiple files in Windows Explorer now correctly creates a bundle transfer instead of failing silently.
  • Visual Polish: The Dropgate icon now appears in the Windows context menu for better visual recognition.
  • Memory Fix: Resolved an out-of-memory error that occurred when uploading large files directly from the Windows context menu.

User Experience

  • Cancel Button Fix: The cancel button now displays correctly when the client window is opened during an active context menu-initiated transfer.
  • Notification Behavior: Clicking any Dropgate notification now properly opens the client window, improving workflow consistency.

🛠️ Changes & Documentation

Security Model

The v3.0.4 release completes the "Defense in Depth" strategy introduced in v3.0.1, extending atomic quota enforcement and stream validation to all upload endpoints. Servers can now safely handle high-concurrency scenarios without risk of quota bypass or memory exhaustion.

Core Library (@dropgate/core)

  • No protocol version changes; all fixes are server-side implementation hardening.

🧩 Developer Notes

  • Concurrent Load Testing: If you're running high-concurrency tests, the new bundle initialization locking may introduce slight latency under extreme parallel bundle creation scenarios. This is expected and necessary for correctness.
  • Memory Monitoring: The new chunk stream termination protection triggers at uploadChunkSizeBytes + 1024. If you see unexpected 413 errors, verify your client isn't sending oversized chunks.

Installation

Dropgate Client

Download and run the executable to install Dropgate Client on your Windows computer.
Note: You may get a Windows SmartScreen popup when trying to run the installer. This is normal as the installer is not signed.

Dropgate Server

The easiest way to host your own Dropgate Server is using Docker. Please read this part of the server docs for the installation guide.
Alternatively, you can also download the source code, install the required node modules and run the server manually. (Learn more)

A quick note:

So far, I (WillTDA) have been the sole developer of the Dropgate Project, I'm committed to seeing Dropgate become the go-to open-source solution for file transfer operations.
My programming skills are far from perfect. If you do happen to find any careless bugs, inconsistencies or features you'd like to see added, please don't hesitate to let me know ASAP. Every issue submitted makes Dropgate better for everyone :)

Loading

3.0.3

09 Feb 01:48
@WillTDA WillTDA
3.0.3
44291e5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
3.0.3

Dropgate | Patch Update (v3.0.3)

  • Server: Fixed DGUP bundle timer to update on chunk activity instead of file completion, change timeout from 10m -> 2m (matches chunk timer). This now prevents large files causing bundles to fail with a 410 Gone HTTP status.

Installation

Dropgate Client

Download and run the executable to install Dropgate Client on your Windows computer.
Note: You may get a Windows SmartScreen popup when trying to run the installer. This is normal as the installer is not signed.

Dropgate Server

The easiest way to host your own Dropgate Server is using Docker. Please read this part of the server docs for the installation guide.
Alternatively, you can also download the source code, install the required node modules and run the server manually. (Learn more)

A quick note:

So far, I (WillTDA) have been the sole developer of the Dropgate Project, I'm committed to seeing Dropgate become the go-to open-source solution for file transfer operations.
My programming skills are far from perfect. If you do happen to find any careless bugs, inconsistencies or features you'd like to see added, please don't hesitate to let me know ASAP. Every issue submitted makes Dropgate better for everyone :)

Loading

3.0.2

04 Feb 03:03
@WillTDA WillTDA
3.0.2
e23f58f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
3.0.2

Dropgate | Patch Update (v3.0.2)

  • Server: NEW! Docker image now supports arm64.
  • Server: Fixed rate limiting issues on download/meta API endpoints when downloading large bundles. A new middleware function exempts valid requests from the rate limit.
  • Dropgate Client/Web UI: Tweaked some CSS styling for the file list table. On smaller devices, the table would start to visually overlap if filenames were long.

Installation

Dropgate Client

Download and run the executable to install Dropgate Client on your Windows computer.
Note: You may get a Windows SmartScreen popup when trying to run the installer. This is normal as the installer is not signed.

Dropgate Server

The easiest way to host your own Dropgate Server is using Docker. Please read this part of the server docs for the installation guide.
Alternatively, you can also download the source code, install the required node modules and run the server manually. (Learn more)

A quick note:

So far, I (WillTDA) have been the sole developer of the Dropgate Project, I'm committed to seeing Dropgate become the go-to open-source solution for file transfer operations.
My programming skills are far from perfect. If you do happen to find any careless bugs, inconsistencies or features you'd like to see added, please don't hesitate to let me know ASAP. Every issue submitted makes Dropgate better for everyone :)

Loading

3.0.1

03 Feb 19:29
@WillTDA WillTDA
3.0.1
37e5add
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
3.0.1

Dropgate | Security Update (v3.0.1)

Dropgate v3.0.1 is a critical security release addressing multiple vulnerabilities identified in the P2P transfer protocol and server-side upload handling. Upgrading is strongly recommended for all users.

🛡️ Security Hardening

This release focuses on "Defense in Depth," implementing strict validation and protocol guardrails to prevent Denial of Service (DoS), memory exhaustion, and data corruption attacks.

P2P Protocol (Core Library)

  • Consent Enforcement: The P2P receiver now strictly rejects any binary data or chunk metadata received before the user has seen the file details and consented to the transfer. This prevents "forced" transfers from malicious senders.
  • Chunk & Size Validation: Critical validation added to verify that received binary data matches the declared chunk size and that cumulative data does not exceed the total file size.
  • Sequence Integrity: Chunks must now arrive in the exact expected sequence; out-of-order or duplicate chunks are rejected.
  • Connection Rate Limiting: Protected senders from DoS attacks by implementing a sliding-window rate limiter for incoming P2P connections (max 10 attempts per 10 seconds).
  • Memory Protection: Implemented a write-queue depth limit (max 100 pending writes) to prevent memory exhaustion if a sender floods a slow receiver with data.
  • Connection Race Fix: Fixed a TOCTOU (Time-of-Check to Time-of-Use) vulnerability where a new connection could inappropriately reset a transfer initiated by a previous connection.
  • Stall Detection: Added a 30-second timeout for unacknowledged chunks to automatically drop connections with stalled or malicious receivers.

Server-Side Uploads

  • Atomic Quota Enforcement: Eliminated a critical TOCTOU race condition in storage quota checks. By implementing a promise-based mutex for file initialization, the server now serializes concurrent requests to strictly enforce the global storage limit.
  • Resource Limits:
    • Added a maximum limit of 100,000 chunks per file to prevent resource exhaustion.
    • Added a maximum limit of 1,000 files per bundle to protect server memory and index performance.
  • Filename Hardening: Comprehensive sanitization of filenames to prevent path traversal, null-byte injection, and control-character attacks. Now also blocks reserved Windows filenames (e.g., CON, PRN, AUX, NUL).
  • Data Integrity:
    • Added chunk offset validation to ensure chunks cannot be written outside of the allocated file bounds.
    • Fixed a race condition where concurrent duplicate chunk uploads could lead to file corruption; chunks are now marked as received atomically before the write operation begins.
  • Integer Overflow Protection: Added safe integer checks for all file and bundle size calculations to prevent quota bypasses via integer wrapping on extremely large size values.

🛠️ Changes & Documentation

Troubleshooting

  • New Guidance: Updated TROUBLESHOOTING.md with specific solutions for users who hit the new security limits (e.g., how to increase UPLOAD_CHUNK_SIZE_BYTES for extremely large files).

Core Library (@dropgate/core)

  • Protocol Versioning: Internal protocol adjustments to support new sequence tracking and consent states.
  • Watchdog Hardening: The connection watchdog now only resets on actual data progress, preventing "keep-alive" attacks using empty control messages.

✅ Fixed / Added

  • Fixed a bug where a sender's connection replacement logic could cause a data-corrupting state reset during an active transfer.
  • Fixed a potential memory leak in the sender when a receiver stopped acknowledging chunks.
  • Fixed a race condition in storage quota checks.
  • Added live progress percentage to standard download page's window title, ensuring consistency across all pages.
  • Added "Show Changelog" option on Dropgate Client update modals.

🧩 Developer notes

  • If you encounter a "Too many chunks" error on your server, advise users to increase their UPLOAD_CHUNK_SIZE_BYTES.
  • The P2P protocol is now more sensitive to connection jitter; if you experience frequent disconnects, ensure your P2P_STUN_SERVERS are reliable.

Installation

Dropgate Client

Download and run the executable to install Dropgate Client on your Windows computer.
Note: You may get a Windows SmartScreen popup when trying to run the installer. This is normal as the installer is not signed.

Dropgate Server

The easiest way to host your own Dropgate Server is using Docker. Please read this part of the server docs for the installation guide.
Alternatively, you can also download the source code, install the required node modules and run the server manually. (Learn more)

A quick note:

So far, I (WillTDA) have been the sole developer of the Dropgate Project, I'm committed to seeing Dropgate become the go-to open-source solution for file transfer operations.
My programming skills are far from perfect. If you do happen to find any careless bugs, inconsistencies or features you'd like to see added, please don't hesitate to let me know ASAP. Every issue submitted makes Dropgate better for everyone :)

Loading