Repository  -  API  -  Source


March 20, 2019
  • A modern browser with ECMAScript 2015 support is now required.


September 9, 2018
  • Node.js 8.0.0 or greater is now required.


April 30, 2018
  • Node.js 6.0.0 or greater is now required.


February 15, 2018
  • The Module API has changed. Now returns a object {onRequest, setupWebSocket}.


January 20, 2018
  • ARM v6 and v7 docker image is now available as silverwind/armhf-droppy


January 3, 2018
  • Added Search feature
  • No breaking changes, 6.x versions were just getting to high


November 21, 2017
  • Changed default listener to ["", "::"] in an attempt to workaround a edge-case on machines where IPv6 is disabled. Listening behaviour should be unchanged as Node.js already performed dual-stack listening on the previous "::" setting.


September 5, 2017
  • Added a reload button in the interface when file watching is disabled.


August 10, 2017
  • Added the 'droppy stop' command to kill daemonized droppy processes.


July 31, 2017
  • Added an option for the default state of the "Is DL" button on sharelinks.


June 20, 2017
  • Redesigned top row buttons so each view now has their own set.
  • When creating users on the command line, it's now possibly to specify if they are privileged.
  • Changes users on the command line should be immediately be reflected on running instances.


June 10, 2017
  • Pasting images and text from the clipboard to a directory will now automatically upload the contents to a new file.


June 3, 2017
  • Added the ignorePatterns and watch options.


March 22, 2017
  • Now using plyr for video playback.
  • Added the overlay addon to CodeMirror, which allows syntax highlighting to work better with mixed language files.


March 18, 2017
  • Added support for listening on unix domain sockets.


March 18, 2017
  • Added the compression option which is enabled by default. It very unlikely that this needs to changed, even with a reverse proxy in place as compression does not incur a performance penalty. It is suggested to turn of compression in your reverse proxy's configuration.
  • It is strongly recommended to set X-Forwarded-Proto in your reverse proxy configuration (see the wiki) as a future version might explicitly require this header to be present for increased browser security.


February 4, 2017
  • The previous ca option of TLS listeners has been removed. Intermediate certificates should be concatenated in the cert file instead.
  • Added a new passphrase option to TLS listeners, which is used to decrypt encrypted keys.


November 6, 2016
  • New buttons to zoom images so they fit horizontally or vertically, slight redesign.


October 14, 2016
  • Media gallery rewritten. Cleaner transitions and zooming support.
  • Known issue: Zooming on the second view may not target the right x coordinate.


September 13, 2016
  • Added read-only mode through new readOnly config option.


July 20, 2016
  • Node.js v4.0.0 or greater is now required.
  • Yesterday's version contained a breaking change for Apache reverse proxying which, which leads to this version bump. Users running droppy behind Apache should update their configuration to proxy WebSocket request to /!/socket instead of /?socket:
  RewriteEngine On
- RewriteCond %{REQUEST_URI} ^/droppy [NC]
- RewriteCond %{QUERY_STRING} socket [NC]
+ RewriteCond %{REQUEST_URI} ^/droppy/!/socket [NC]
  RewriteRule /(.*) ws://$1 [P,L]


July 19, 2016
  • Shortlinks are now 1 character shorter, e.g. /$/hash instead of /?$/hash. Old links are still supported.
  • Shortlinks are now invalidated when their length changes, e.g when link length changes from 5 to 6, all links with length of 5 will be invalidated and pruned after a short while.
  • Implemented a new URL scheme for resources which among other benefits results in save-as on images delivering the correct file name.


May 15, 2016
  • Added the allowFrame option to allow the site to be put into <frame> or <iframe>.


April 14, 2016
  • Added UID and GID arguments for Docker deployments


March 29, 2016
  • Changed default config directory from ~/.droppy to ~/.droppy/config. Please move the .json config files to this new directory for before upgrading local installations.
  • Dropped support for having files inside the config (e.g. only specifying --configdir or the old --home). If --filesdir is unspecified it will now fall back to the default.
  • Changed the Docker mount points inside the container. /droppy-data/files is now /files, /droppy-data is now /config to match the options.
  • CTRL-C should now work when using docker run without -d.


February 27, 2016
  • Brotli compression is now supported, resulting in around 15% faster initial load. Works in Firefox >= 44 and Chrome with a flag enabled.
  • dev option is now documented.


January 4, 2016
  • Docker image is now available as silverwind/droppy.
  • Fixed a error on startup when in a NODE_ENV=production environment.


December 19, 2015
  • Client data is now precompiled and published to npm, resulting in drastically reduced startup time after installing a new version.


November 10, 2015
  • Node.js 0.10 is again supported


October 12, 2015
  • Fixed a semi-critical CSFR vulnerability which allowed a attacker to use an authenticated user's session.
  • Increased site security by enabling CSP and making cookies inaccessible for scripts.


October 11, 2015
  • Added pollingInterval option and disabled file system polling by default. This reduces CPU usage to practically zero when idle. If you notice issues with files getting out of sync, you enable this option by setting a timeout of a few seconds.
  • Increased minimum node.js version to 0.12.0, which was necessary for unicode normalization.


October 11, 2015
  • File uploads can now take longer than 2 minutes. Proxy-specific timeouts may still apply. See the nginx.conf template for a suitable nginx configuration.


September 21, 2015
  • Fix a security issue, all users are advised to upgrade.


September 13, 2015
  • Fixed a bug where configuration could get lost when the server shuts down during a save operation.
  • Extended the default self-signed certificate validity to 100 years.
  • Prime generation for Perfect Forward Secrecy is now supported cross-platform.


September 2, 2015
  • Deprecated --home option in favor of --configdir and --filesdir. The old option is still supported, but files in <configdir>/config will be migrated to <configdir>. If --filesdir is not given, it will default to <configdir>/files.
  • The module API has been changed to not take a home option anymore. Instead, options now takes additional configdir and filesdir.
  • Added log option to module API, which defines a log file.
  • Empty directory and files in uploads are no longer supported because browsers and busboy were exhibiting all kinds of weird bugs when these were involved. They might return at a later stage, but for now, it's too much of a hack to keep supporting them.