Release v4.5.0

4.5.0 (March 14, 2021)

• Reannounce. Typically torrent clients do that automatically, but in some cases you may want to do it manually. It is available as a context menu action.
• Redesigned filesystem browser. Allow searching in the current directory and eliminate unnecessary requests sent to server. Additionally, navigation via arrow keys is implemented (mainly for accessibility but could be useful for anyone).
• Major accessibility enhancements. All elements are now navigable by keyboard.
• Improve scrolling performance by overscanning 30 rows.
• rTorrent:
  • JSON-RPC support for eligible versions. Preliminary tests showed that, when compared with XMLRPC, JSON-RPC yields 2x performance, 15% lower total CPU time in rTorrent process, 33% lower total CPU time in Flood process.
  • load.throw command support for eligible versions. Definitive response when you add torrents, so Flood won't display success when the operation actually fails.
  • Better handle command failures.
  • Verify filesystem access and respond with errors when necessary.
• Bug fixes:
  • Fix French mistranslation
  • Fix button location in download rules tab of feed modal
  • Fix "Set tracker" of single tracker torrents in rTorrent
  • Fix "Checking" bar selected style for dark color scheme
  • Recognize qBittorrent's "Forced" state
  • Disk usage service errors are no longer fatal
• New translations
  • Chinese (Simplified), thanks to @MeetWq
  • Chinese (Traditional), thanks to @vongola12324
  • Czech, thanks to @brezinajn
  • French, thanks to @Carryozor and @foXaCe
  • German, thanks to @chint95
  • Hungarian, thanks to @m3r3nix
  • Romanian, thanks to @T-z3P
• Bump dependencies

Release v4.4.1

• Better handle tracker domain conversion and grouping
• Wrap texts (e.g. long IPv6 addresses and peer client versions) in tables of torrent details if necessary
• Distribution:
  • CI now publishes releases to AUR (Arch Linux User Repository)
  • CI now publishes Debian (.deb) packages to Github Releases
  • Contributions are welcome. See distribution/README.md.
• rTorrent fixes:
  • Remove [] from IPv6 addresses in peer list
• Bug fixes:
  • Remove ugly outline and highlight of focused button caused by an a11y change
  • Try to workaround potential index.html caching issues
    • Browser uses a fully cached asset tree in some cases, which defeats cache busting by asset hashes
• New translations
  • Finnish, thanks to @hyvamiesh
  • German, thanks to @chint95
• Bump dependencies

Release v4.4.0

4.4.0 (February 2, 2021)

• Return a portable link when torrent content is requested
  • Allow sharing of links to other people
  • Allow casting (Chromecast, Airplay) of content to devices which can't authenticate with Flood
  • Allow copying the link and paste it to a player application so more formats can be streamed
  • Allow external downloaders to use the link
• Allow to register to handle magnet links in "Add by URL" panel
  • Support for "add-urls" frontend query action is added
  • e.g. http://localhost:3000/?action=add-urls&url=magnet:?xt=
• Allow to download .torrent file of a torrent
• Add sequential downloading support for applicable clients
  • rTorrent: requires "d.down.sequential(.set)" commands, see jesec/rtorrent@bd904e3
  • qBittorrent: supported
  • Transmission: rejected, see https://trac.transmissionbt.com/ticket/452
• Add initial seeding (aka superseeding) support for applicable clients
  • BEP16
    • Saves bandwidth for initial seeder and quickly kicks off a healthy swarm
    • NOT recommended for non-initial seeders
  • rTorrent: not exposed to RPC interface, requires jesec/rtorrent@657089d
  • qBittorrent: supported
  • Transmission: not supported, see https://trac.transmissionbt.com/ticket/1691
• Display existing tags in alphabetical order in tag selector
• Optionally skip assets serving with --assets=false
  • May be useful for users who serve static assets from their own servers
  • Or developers who don't want to build assets before starting a server instance
• Refresh manifest and assets related to PWA (Progressive Web Application) support
• Separate locale and language when using "Automatic" language setting
  • Deal with minor locale differences (e.g. date formats) between language variants
  • See #123
• Remove inconsistency of clients by normalizing hashes in API responses to upper case
• Explicitly pass paths of contents to mediainfo
  • So unrelated files in the same folder won't be processed by mediainfo
• Remove dependency on shell in disk usage functions
  • New distribution-less (distroless) Docker image is now available, which has smaller size and allows maximum security
• Standalone executable:
  • Now available for linux-arm64 and win-arm64
  • Bundled Node.js runtime bumped to 14.15.4
  • Linux binaries are now fully static
  • Customized Node.js runtime with smaller size and memory consumption
• rTorrent fixes:
  • Create destination directory structure before moving torrent
  • Flood API responses no longer mixes with unprocessed rTorrent method call responses
  • Properly handle multi tags while adding
  • Remove torrents (with data) can delete empty directories
• qBittorrent fixes:
  • Fix "isBasePath" for newer versions
  • Implement "isCompleted" (skip_checking)
  • Trim whitespace in tags property
  • Optionally set website cookie for torrent fetching (add by URL)
• Security enhancements:
  • Don't leak details of internal errors
  • Rate limits /data API endpoint
• Bug fixes:
  • Pack torrent contents one by one to avoid out-of-memory during batch downloading
  • Potential crashes related to disk usage functions in rare Docker environments
  • Disallow comma in tag
• New translations
  • Chinese (Traditional), thanks to @vongola12324
  • Czech, thanks to @brezinajn
  • Dutch, thanks to @vain4us
  • French, thanks to @Carryozor
  • German, thanks to @Ben-Wallner
  • Hungarian, thanks to @sfu420
  • Romanian, thanks to @T-z3P
  • Spanish, thanks to @almontegil
• Bump dependencies

Additionally, Sonarr #4159 and Radarr #5552 now supports Flood natively.

Notes about sequential downloading:

Drawbacks:

• https://wiki.vuze.com/w/Sequential_downloading_is_bad

Benefits:

• Sequential downloading helps with I/O performance and lowers resource consumption and cost of hardware. It enables predictable I/O patterns and efficient caching. My hard disk is really noisy while downloading a torrent. But with sequential downloading, it does not make a sound. Speed is much better as well. Sequential I/O patterns also eliminate disk fragmentation problem that damages performance/lifespan of hard disks in long-term, which is a headache for long seeders.
• "It is bad for swarms." That's correct for unhealthy swarms. However, for private torrent users, in most cases, the seeder/leecher relationship is "many seeder, single/little leecher". Plus, with the incentives/punishments of tracker sites, there is little to no risk of "draining". As such, it makes more sense to protect hardware of everyone in the swarm. Predictable I/O patterns also allow seeders to seed many torrents more efficiently: if leechers use sequential download, the read patterns become predictably sequential, which allows better I/O performance and reduces the failure rate of hard disks.
• For seedbox users: seedboxes are virtual machines. That means many users share the same physical machine. Random chunk downloading is extremely taxing on disks. As a result, usually the speeds are limited by I/O more than bandwidth. If the swarm pattern is usually "many seeder, single leecher", sequential downloading can help a lot.
• Widely known "self" benefits: stream early, stream while downloading, organize episodes quick and unpack some files before finish, etc.

Release v4.3.1

• Make theme button always at the bottom of sidebar
• Remove legacy font formats from static assets
• Slightly tweak styles of country flags in peer list
  • Better accommodate longer flags
  • Display country code on hover
• qBittorrent fixes:
  • Attach cookies to URL downloads
  • Set trackers
• Transmission fixes:
  • Percentage downloaded of contents of a torrent
• Bug fixes:
  • API call to get peer list of a non-existent torrent no longer crash Flood server
  • Handle file not exist and access denied cases in content download
  • Properly handle API call to update password of a user
• Security enhancements:
  • Rate limit resource-intensive mediainfo request
  • Ensure path is allowed for mediainfo request
  • API call to list users no longer receive hashed passwords and client connection settings
    • Note: only an authenticated admin user may list users
• New translations
  • Czech, thanks to @brezinajn
  • Romanian, thanks to @T-z3P
• Bump dependencies

Release v4.3.0

• Generate magnet link from torrent
• Add a button to allow user to switch color scheme
• Multi architecture Docker images
  • linux/amd64
  • linux/arm64 (new)
  • linux/arm/v7 (new)
• Allow to display precise percentage
  • Expanded view: 1 decimal place
  • Details: 3 decimal places
• Mountpoints with very long paths are ignored by disk usage
• Tags can be attached while adding torrents to qBittorrent (needs qbittorrent/qBittorrent#13882)
• Bug fixes:
  • Download destination fallback to rTorrent default destination (Mika-/torrent-control#105)
  • Properly catch errors of AddFiles and AddURLs when using qBittorrent
  • Display existing trackers in set trackers modal
• New translations
  • Spanish, thanks to @vain4us
• Bump dependencies

Side note:

I am starting to maintain a distribution of rTorrent, available at jesec/rtorrent. It is optimized and small. It uses modern CMake and Bazel build systems. Bazel can also be used for dependency management and to produce statically linked reproducible builds.

Static binaries (amd64, arm64) can be downloaded via Github Actions. Docker images are also available at jesec/rtorrent.

I made a simple Dockerfile to demonstrate how to integrate rTorrent with Flood.

Release v4.2.0

flood.js.org/Changelog-4.2

• Allow content of a torrent to be streamed directly if supported by browser
• New translations
  • Chinese (Traditional), thanks to @vongola12324
  • Dutch, thanks to @vain4us
  • French, thanks to @Coosos
• Bump dependencies

Release v4.1.2

• qBittorrent fixes:
  • Remove existing tags
• New translations
  • Dutch, thanks to @vain4us
  • German, thanks to @chint95

Release v4.1.1

• Transmission fixes:
  • Set tags while adding torrents
  • Set trackers
• New translations
  • Czech, thanks to Jan Březina
  • French, thanks to @Carryozor
  • German, thanks to @chint95
  • Romanian, thanks to @T-z3P

Release v4.1.0

flood.js.org/Changelog-4.1

⚠️ Changes that may require manual attention: ⚠️

• Configuration is now schema validated before the start of Flood server
  • No action required if you use (preferred and default) CLI configuration interface
  • This ensures that when the config.js needs to be updated, the failure happens loud and early
  • Check shared/schema/Config.ts for more details
• Enforces that the length of secret must be larger than 30
  • Secret can be brute forced locally without interaction with the server
    • However, an attacker must get a valid token (generated by proper authentication) first
      • If all users are trusted, attackers have no way to get a valid token
  • Secret is used to sign authentication tokens but it is NOT linked to the password
    • Attacker may log into Flood as any user if they have the secret
      • However, they are still constrained by capabilities and settings (such as --allowedpath) of Flood

Other changes:

• Tag selector preference:
  • Single selection
  • Multi selection
• UX enhancements to tag selector
• Suggest destination based on selected tag
• add-urls and add-files API endpoints no longer fail if destination property is not provided
  • Download destination fallback has been implemented:
    • Tag-specific preferred download destination
    • Last used download destination
    • Default download destination of connected torrent client
  • This makes things easier for API users
  • No direct impact on Flood itself
• Remember last used "Add Torrents" tab
• Remove center alignment of certain modals to align with global styles
• Disallow browser's input suggestion when tag selector or folder browser is open
• Don't pop up the browser menu on right click while context menu is open
• Experimental standalone (single-executable) builds
• New translations
  • German, thanks to @chint95
  • Romanian, thanks to @T-z3P
• Bump dependencies
• Bug fixes:
  • Properly handle "error" alerts (display "❗" icon instead of "✅" icon)

Release v4.0.2

• New translations

  • German, thanks to @chint95
  • Romanian, thanks to @T-z3P