[1.3.0]
Update sftpgo to 2.7.0
Full Changelog
SFTPD: Added support for Post-Quantum Traditional Hybrid Key Exchange through the newly added algorithm mlkem768x25519-sha256.
JWT: replace jwtauth/jwx with lightweight wrapper around go-jose. Implementing our own wrapper simplifies the codebase and improves maintainability. Moreover, go-jose depends only on the standard library, resulting in a leaner dependency that still meets all our requirements.
WebUI: add French and German translations.
Public shares: show disclaimer on login page.
Enable setting password change requirements in user templates.
DataProvider: preserve the initial sort order for related resources (such as folders and groups), improving compatibility and predictability when managing them with Terraform.
OIDC: allow login if the password method is disabled.
OIDC: ensure token username adheres to configured naming conventions.
Removed Git support. Hosting Git repositories over SSH falls outside the intended scope of a file transfer solution, and the use of external commands introduces unnecessary security risks by increasing the attack surface. For example, a user could upload a Git repository containing custom hooks to their SFTPGo folder; when they push to the repository, a Git pre-receive hook shell script would be executed with the privileges of the sftpgo user. Thanks to @hyperreality for the detailed report.
Removed rsync support. In the previous versions, rsync was executed as an external command, which means we have no insight into or control over what it actually does. From a security perspective, this is far from ideal. To be clear, there's nothing inherently wrong with rsync itself. However, if we were to support it properly within SFTPGo, we would need to implement the low-level protocol internally rather than relying on launching an external process. This would ensure it works seamlessly with any storage backend, just as SFTP does, for example. We recommend using one of the many alternatives that rely on the SFTP protocol, such as rclone.
