ZendTo can now do secure encryption and decryption of drop-offs. All the user sees is a tick-box in the "new drop-off" form which, if ticked, will ask for a passphrase. When the recipients come to download the drop-off, they will be prompted for the passphrase as necessary. I have implemented this as carefully and securely as I can. If the sender and recipients lose the passphrase, there is no way to recover the contents of the files. The passphrase is never stored in any way on the ZendTo server or in its database. There are new preferences.php settings to control how and if encryption is applied to new drop-offs.
Note: upgrading to this version requires the latest PHP you can get hold of. Don't worry, download and run the beta version of the installer (see below). This will upgrade your system and will only overwrite configuration settings that cannot be avoided.
For those in the EU, and those with users in the EU, I have added an optional "GDPR and cookies consent" pop-up. If you enable it, the users can ignore it, but they can't dismiss it and then ignore it (it chucks them off to another web page).
I have added a "Download All Files" button to the pages that let you download drop-offs. Please do let me know when you hit situations in which it doesn't work!
There are some security fixes to the actual ZendTo application.
The main focus of this beta is the new installer support for SuSE Linux Enterprise Server 12 (tested on SLES 12sp3) and openSUSE Leap 15.
I have also changed the packaging so the (*.mo) compiled language files are no longer included, as these are built during the rpm and deb's post-installation script which now calls makelanguages.
The installer no longer rebuilds PHP. On all supported systems it installs at least PHP 7.1 which does not need patching. To migrate an existing installation over to the new PHP, simply download the installer and run stage 2, the "install PHP" part, then stage 5 "configure apache and php" to ensure your php.ini is configured correctly.
The latest betas I believe to be stable are:
However, I strongly advise you to use the beta installer on a fresh system.
The file at http://zend.to/files/ZendTo-Version-Beta will tell you the latest beta version number.
Instead of the old VM images, I have written an installer which will automate (almost!) the entire process is installing ZendTo on to a blank server installation.
It talks to you along the way, asks if you want to do each of the 8 steps, and asks you to confirm the odd question or two. It pauses quite a bit so you can see what it's doing, giving you the chance to stop it temporarily (Ctrl-S) to read what it's done before you continue (Ctrl-Q).
It is also modular, so you can run each of the 8 parts alone; you may want to do this when, for example, there is an update to PHP5 and you want to just rebuild PHP with "big uploads" support.
The parts are:
I have tested the installer on:
There are 2 things the installer does not currently do:
The other main new features of interest are:
You can download the new installer now. Then just unpack it and run it as root with
tar xzf install-beta.ZendTo.tgz cd install.ZendTo ./install.sh
If you look inside its Ubuntu-Debian or CentOS-RedHat directories, you will see the 8 stages. The main install.sh will ask you whether you want to run each stage and will walk you through what it is doing. Feel free to pause (Ctrl-S) or stop it (Ctrl-C) at any time; if you stop it you can just re-run it. Each of the 8 stages can be run independently at any time by just running that particular stage number's script.
There is 1 command-line option that can be used on either install.sh or any its stages: "--defaults" tells the installer to just use the default values it suggests, and not to pause long at any point. It will run entirely unattended.
After you have installed the package (or just updated to the new rpm/deb/tgz package), you will find the new upgrader for preferences.php in /opt/zendto/bin/upgrade_preferences_php. Run it on its own (after installing/upgrading to the new version) and it will show you how to use it. It will automatically copy all your old preferences.php settings into a new file, while keeping your comments, extra "define"s you may have added, and such like.
Please do tell me what you think of this upgrade, and in particular the new installer. Please report all bugs, issues, suggestions and so on.