Version: ProjectSend r1605

Date released: October 26, 2022

  • Added file version to CSS and Javascript assets to prevent cache issues
  • Added an option to show a link to the public files repository under the log in form
  • Show image file dimensions (manage files, public page, download page, templates)
  • Updated Gallery theme to flexbox
  • Added link to download translations to the languages dropdown (system users only)
  • Fix upload button on default template (by SnappyBird)
  • Enlarged PDF preview (by ch1138 and serg499)
  • Fixed side menu visibility on dashboard (by ch1138)
  • Fixed public page not loading when no public groups were available
  • Disabled autocomplete on 2FA verification form (by SnappyBird)
  • Fixed PDO warning
  • Don’t add <p> tag to file description in email notifications if markup has HTML already
  • Use full path for sort links (by Koenari)

Version: ProjectSend r1584

Date released: October 14, 2022


Users with “uploader” role can now be limited to certain clients only
Added 2FA via email with a one time password
Added Custom assets manager (HTML, CSS, JS), to insert custom code into available locations (public pages, admin, templates, all)
New setting: set default expiration options (file expires or not, day before expiring)
New privacy settings: record user’s IP for downloads of all users, anonymous only or never
File editor: added buttons to copy expiration, public and hidden settings to other files
Templates can be extended to the public files list and download file page
Added preview for public files in listing and download page


Updated to Bootstrap 5
General update of colors, sizes and placing of elements.
Completely revamped the public files list page using the default template style.
Standardization of filters, search boxes and bulk actions.
Added a button to create new items in pages where they belong (ie: clients list -> Create client, manage files -> Upload file, etc)
Applied filters and search bar to public files list
Added a simple side modal class to show static content, or load it via ajax
Email template tags can now be clicked to insert them into the content area
Unsed email template tags are highlighted when editing a template
Removed grayed out effect from date selector on file editor, made the field look disabled
Copy file selection/settings (expiration, public, categories, clients, groups) grouped together for a cleaner experience.
File editor: added expand/collapse of each file
Updated the click to copy UI and functions, added Toastr for messages
Added copy to clipboard buttons to cron commands and social login callbacks
Public files list page group filter: show file count in each group
Download information UI fixes
Fixed a bug where installer errors were not showing

General Fixes and improvements

Added language selector to all non-logged in pages. On language change, return to previous page instead of index
Fixed user password being changed during editing
Fixed social login with Linkedin, Twitter, WindowsLive and Yahoo
Fixed a bug that prevented removing all categories from a file
Import orphan: by default, show allowed files.
Improved loading time of Orphan files pages when traversing several thousand files
Orphan files can now be deleted. Updated UI to import via actions selector
Fixed memberships requests failing when requested_by had to be null
Fixed loading plupload language
General code cleanup
JS and SCSS files completely reorganized
Removed Open Sans font since it was loading externally just for the headings
Fixed button that loads default emails content
Fix for installer not creating the user
Separated installer instances into different files
Replaced chosen-js with select2
Public file: don’t show title if it is equal to filename
Public download: file title used as page title
Replaced psendmodal with SweetAlert2
Highlight current submenu also on options and email templates
Upgraded to Gulp4 (by redondi88)
Cron fixes for FreeBSD (By xzenor)
Leave only html5 runtime on plupload
Updated dependencies

Version: ProjectSend r1420

Date released: May 28, 2022

  • Fixed deleting files as admin
  • Fixed deleting files from the database when they don’t exist on the disk
  • Added filtering files by assigned/not assigned

Version: ProjectSend r1415

Date released: May 26, 2022

  • New feature: throttle and ban failed log in attempts to prevent brute force attacks.
  • New in security Settings: whitelist or blacklist IPs from the log in ban feature.
  • New in Tools: unblock a banned IP address
  • New feature: cron jobs. Set up a task that can send pending email notifications in batches, deletes expired files and orphan files.
  • New Cron settings page: Enable/disable cron, change cron security key, select which tasks to run, enable or disable running via url, save log to database, send results via email.
  • New in Tools: Cron log viewer
  • Orphan files can now be filtered by allowed/not allowed.
  • If Recaptcha is enabled, use it on login, password reset request and register forms
  • New setting: disable sending email notifications of new files after adding/editing assignations. Enable this and combine it with a cron task to prevent long loading times after saving a file and overloading your mail server.
  • Updates are now separated into different files, with the latest database update number being independent from the software version. Cleans up the process and makes adding new updates easier.
  • Fixed installer issues (redirect loops and old sessions)
  • Fix: Category edit: verify parent id is not equal to same category id (by luca-rigutti)
  • While installing, get default timezone from system
  • Added max-width to the logo image on the gallery template.
  • Enable or disable debug from the custom config file, instead of using a core file
  • Fixed translations not loading and warnings on php 8+
  • Enable csv uploading by default
  • Use curl -if available- to get new versions and news data, enables timeout to prevent long loading times
  • Fixed: dashboard counters labels where not translatable
  • When editing a user, if role is not client, some fields should be always null (phone, contact, address)
  • Fixed XSS vulnerability on search forms
  • Fixed .htaccess (by RoboDoc)
  • Batch actions are sent as post instead of get to prevent malicious users from sending an action url to an admin user
  • Updated dependencies
  • Prevent registering via POST if self registration is disabled
  • Fixed Title TAG instead of file name (by deklica)
  • Spellchecking + Changed all instances of “his” to “their” when referencing an unknown individual (by ehawman-rosenberg)
  • Fixed JSON responses on widgets (by RiversideRocks)


Version: ProjectSend r1335

Date released: December 8, 2021

  • Improved php 8 compatibility by fixing the PDOEx query method (when DEBUG is set to true)
  • Fixed installer missing a database column
  • Fixed manage files and downloads when shell_exec is not enabled. which resulted in wrong file sizes

Version: r1330

Date released: November 30, 2021

  • Clients can now make files public according to a new setting (all clients, none, or manually allowed ones)
  • Implemented resumable downloads via php file serving (by jesbrand)
  • Fixed issues when updating due to invalid MySQL date values (by guitoulefoux)
  • Fixed directory traversal security issue (by (Thrun12)
  • Fixed all known XSS vulnerabilities
  • Fixed a security issue due to files IDs not being type validated (by ranjit-git)
  • Fixed file wrong file names in certain downloads (by guitoulefoux)
  • Fixed wrong migrations on users and files relations tables (by guitoulefoux)
  • Replaced invalid characters on file names when downloading the files
  • Fixed download of files with special characters (by PC-COLLEGE-Training)
  • Added Microsoft Graph OAuth2 support (by Seros)
  • Added IIS Compatibility (by Trapulo)
  • Updated dependencies
  • Added Security policy (by zidingz)
  • Fixed X-Accel downloads (by alexey001)
  • Fixed rejection of files with uppercase extensions while trying to upload
  • Prevented more file types from executing from the uploads directory
  • Fixed file name not showing in manage files after renaming (by cesarcorrea)
  • Fixed plupload translation not loading (by jensbrand)
  • Improved compatibility with newer versions of php
  • Fixed and issue that returned a 500 error on the Manage Files page

Version: r1295

Date released: November 19, 2020

  • Added support for X-Accel on nginx
  • Fixed password reset forms returning 403. By @varandinawer
  • New option: select pagination amount for all administration areas
  • Fixed pagination on default template. Solution by @mike-miguel
  • Always check php, mysql and modules requirements to prevent the app from running on unsupported platforms
  • Fixed: statistics chart for roles 7 and 8
  • Default template: use global pagination amount
  • Fixed missing uppercase characters on uploaded files
  • Fixed typo on activities widget
  • Added file size on public file download page
  • Added file description colum on manage files page
  • Don’t show the directories write permissions warning to clients
  • Fix CVE-2020-28874 by @varandinawer
  • Login: removed ajax functionality. Fixes infinite loading during errors. Fixes CVE-2020-28875 (found by @varandinawer)

Version: r1270

Date released: November 9, 2020

  • Fixed an issue with r1265 where the new columns where not being created on the actions log and user meta tables
  • Fixed notices

Version: r1265

Date released: November 8, 2020

  • Added files preview for video, audio, PDF and images (in the Manage files page and the default template for clients)
  • Added a page under Tools menu to test email configuration and new SSL options
  • Multiple files can now be edited at the same time. This is the result of changing how uploads work. As soon as a file finishes uploading it is added to the database so it’s always available and easier to edit
  • Added an option to download via XSendFile. This is a huge improvement for large downloads. While it requires a module to be installed on the server, the difference is outstanding. This module skips php when serving files, so that adds resumable downloads, faster speeds, and reduces significantly the chance of corrupt files
  • When creating users and clients, you can require them to change the password after their first login
  • Social login can now be enabled for Google, Facebook, Twitter, Linkedin, Windows Live, Yahoo
  • Better zip download support. When downloading multiple files as zip, everything is recorded on the action log and downloads viewer.
  • Added functions to download as zip on Pinboxes and Gallery templates.
  • Implemented svg uploading as branding logo or regular shareable files. A sanitizer is added for security
  • Flow of some actions have been improved, such as auto login when a client registers an account if auto approve is enabled
  • Image files thumbnails are created and served with a new, much more reliable library
  • Logged in users can change the language via a selector on the top right corner
  • Many security fixes have been applied
  • Dependencies are now handled via composer and npm, so it’s much easier to update them (phpmailer, plupload, bootstrap, chart.js, etc) and all assets are compiled via gulp. This leaves us with fewer, more compact and lighter requests and resource files
  • Fixed installer issue where you would not be allowed to continue due to directory write errors, but the error was hidden
  • New actions on the actions log
  • Changed how news and updates are retrieved, eliminating the need for the simple_xml module
  • New widget loads via ajax, so the dashboard is quicker to load and does not crash in case of errors
  • Actions log widget: you can now select and view any available action instead of a few predetermined ones
  • Lots of code refactoring to improve speed and resources usage
  • Fixed and issue when updating assignations and several hundred users/groups were targeted and php would stop responding
  • Fix: keep original filename special characters when downloading a file
  • Improved the default email templates with a bigger font size and content width
  • Show a warning if important directories don’t have write permissions
  • Several small bug fixes
  • Changed php version requirement to 7.1+

Version: r1070

Date released: April 25, 2019

  • Fixed login not working with certain translations (eg: French)
  • Removed the need for simple_xml extension
  • News and version updates are cached locally to prevent unnecessary connections, making the dashboard load faster everytime.
  • Improved email validation
  • Fixed a connection issue on the installer
  • Replaced the default allowed file types that are set during installation with a more comprehensive (by trini)
  • Fix for uploading files with the same name (by AlanReiblein)
  • Fixed an issue when uploading files unlisted extensions, even if this was not limited via settings.
  • Added the option to download multiple files zipped via the manage files page (same as the default template for clients)
  • Security fixes when hiding-showing files and on the installer (by mschop)
  • Fixed a security issue that allowed arbitrary code to be executed (by lmsilva)
  • Fixed known XSS bugs
  • Fixed a security issue where server’s log files would record passwords (reported by Felipe Molina de la Torre)
  • Updated README with requirements

Version: r1053

Date released: April 11, 2018

New features

  • New UI. More modern, responsive and overall more polished looking.
  • Can set a maximum file upload size on each client and user, overriding the default one.
  • Can now set the default maximum upload size on the installer.
  • Added ckeditor as a visual editor on files and groups descriptions (can be disabled)
  • Public groups: an option create groups where people can see its contents without being logged in.
  • Public page: a special page that shows all of the public groups and files. Has several options. Disabled by default.
  • Groups memberships: Option to allow clients to request memberships to public groups. An administrator can approve or deny them.
  • Added a new block on the dashboard with server information.
  • New template page design, in the style of that of WordPress with themes screnshots and descriptions.
  • Manage files: added filter by uploader.
  • Added options to set custom subjects on emails.
  • Email previews are now accurate in content.
  • New option to customize the footer text.
  • Better download links.
  • Added an option to prevent indexing by search engines.
  • Updated the style of the gallery theme.
  • Load a custom.js file if it exists (won’t get overwritten when updating).
  • Clients can select and expiry date for their files.


  • Fix for modal window not closing on zip downloads.
  • Fixed the MySQL error on some versions during installation, attributed to having 2 timestamps columns on the same table with default value of CURRENT_TIMESTAMP. Based on a contribution by cdoepmann.
  • Email: don’t auth if smtp is selected but auth is set to “none”.
  • CSV injection bug fix.
  • XSS security fixes.
  • Several security fixes.
  • Fixed category deletion.
  • Fix for uploaders not being able to delete their files.
  • Several fixes for multiple files downloading as zip.
  • Zip files download IDOR fix.
  • Fixed showing active status of clients and users.
  • New server side pagination, replaces the javacript one which made the site unresponsive if there were a lof of results.
  • Some fixes to the manage files page.

Misc changes and fixes

  • Added a DEBUG constant.
  • Fixed notices on the installer.
  • Added a check on the installer for php and mysql versions requierements.
  • Some parts of the code where cleaned up, including a new table generation class.
  • Refactory of the options pages UI. No more tabs, now groups of options are on their own page. Cleaner and faster to use.
  • Admin load a minified version of CSS files.
  • Moved most of the backend javacript to it’s own file.
  • Show the public url on the file editor.
  • Uploaded scripts. flot, phpmailer.
  • Better category administration page.
  • Throw a warning if php extension is present in the allowed uploads extension list.
  • Several other minor fixes.


  • A very important contribution in the form of security audit (security-prince)
  • MySQL compatibility fixed on the dashboard statistics (DBezemer)
  • Handle following of symlinks for imported orphaned files (joshstrange)
  • Fix to prevent direct access to the files folder (trainwreckjvbo)
  • UI improvements and option to disable the welcome email when creating users (adrianp-sti)
  • Fix CVE-2017-9783 and CVE-2017-9786 XSS vulnerabilities. (JackWhite20)
  • Fix for the email subjects (remez)
  • Login and notification fixes (OrlandoST)
  • Fix unsolicited error message on config save (Fix unsolicited error message on config save)
  • Fixed bug that stops uploading. (JackWhite20)
  • In case the file is a symlink, get the size from the real file not the symlink itself (Kevin Druelle)
  • Several Security Fixes (IppSec)
  • Expiry dates fixes, new features and improvements (eyeobticeo)
  • Typos fixes (hailthemelody)
  • Fixed port number problem when behind reverse proxy (berndblume)

Version: r754

Date released: September 17, 2016

New features

  • Files categories! Think of them as either categories, projects or folders. They are hierarchical and let you organize your files very easily. Clients – for the moment- can only use them to filter files. In the future they will be able to make their own categories and assign files to them.
  • Added an option so clients can now delete the files they have uploaded.
  • Moved to Bootstrap 3 for a much better mobile experience.
  • Log the download when an anonymous user gets a file through a public link.
  • Extended the downloads information for a particular file. You can now see the total downloads, how much are by unique clients and also how many are anonymous. The table now shows date, ip and remote host of each particular download.
  • Select system language when logging in (overrides the system defined language for this session only).
  • Added buttons to auto-generate secure passwords when creating users and clients.
  • Added an optional Google sign in button.
  • You can now log in using your e-mail too.
  • Added reCAPTCHA on the self registration form to prevent spam.
  • Added a confg file creator that will run if the sys.config.php file isn’t found.
  • Added a button to show the public URL for a file in the post-upload table.

Misc changes and fixes

  • Fixed downloading of large files on some servers.
  • You can now upload and import orphan files even if no clients or groups exist yet.
  • Files without assignations are not considered orphan anymore. Only those uploaded via FTP are orphan until they are added to the database.
  • Default and PinBoxes templates now show the categories filter and the expiration status/date for each file.
  • Redesigned the PinBoxes template to be more modern and compatible.
  • The username/email field on login isn’t case sensitive anymore.
  • Improved compatibility with php7

Behind the scenes improvements

  • CSS clean up
  • Better generation of the main menu
  • Replaced textboxlist with jQuery tags input, making the options page stop freezing for a few seconds when loading.
  • Changed the file renaming routine so characters are replaced by similar allowed ones instead of underscores.
  • Lots of other small fixes and improvements!

Version: r609

Date released: June 5, 2016

  • Replaced the old database class for PDO. This improves the security exponentially, as well as making the software more compatible and future-proof.
  • The table prefix will now be considered so it can be changed from the default tbl_ without the loop errors. This way you can have several PS installs on the same database as well as improve security by using a custom prefix.
  • Fixed the bug where the wrong files where deleted.
  • Fixed the hide/show files routines for clients and groups.
  • XSS fixes
  • “.” can now be used on usernames (added by sq5gvm)

Version: r582

Date released: June 8, 2015

  • Added a preview function for custom e-mail templates
  • Fixed the bug where wrong files were deleted
  • Fixed the search function for clients and groups when adding/editing files
  • Fixed a bug where files can’t be downloaded by a client if it was assigned to a group and not the client specifically
  • Fixed a bug where clients were not able to update their information and password
  • Security fixes

Version: r572

Date released: May 26, 2015

  • XXS security error fix.
  • Fixed the update routine. r571 shows an available update even if using that version.
  • Added the language files to the git.

Version: r571

Date released: May 25, 2015

  • Security fixes
  • Redirect on install error fixed
  • Public files are no longer considered orphan

Version: r561

Date released: April 22, 2014

  • Security fixes
  • Tables are now responsive thanks to footable
  • Fix for the orphans list bug
  • Manage files list also shows unassigned files, because they might be public
  • Added password rules (eg: require a lower case letter, a number, etc)
  • Added SMTP authentication options
  • Added an option to limit the uploading file types to certain roles only
  • Fixes for the database queries giving errors when a NULL setting was incorrect
  • Fix for the password recovery table not being created
  • Fix for public settings being reset if a client edited a file
  • CSS Cleanup
  • minor UI cleaning


Version: r514

Date released: October 31, 2013

New features

  • Added a new form so users and clients can reset their password. *
  • Added the possibility to set an expiry date to any file.
  • Added an option to select if expired files should be hidden from the clients, or shown but not allowed to download.
  • Added a template editor so each system email text, and the general header/footer can be customized.
  • Added the possibility to set any file as public, which allows downloading via a tokenized link. Can be combined with the expiry date feature.
  • New options to select the maximum attemps to send each notification, and also an expiration date (globally, in days).
  • You can now search within the orphan files list. Also, it now has pagination.
  • Each password field now has a toggle button for visibility, and the “confirm password” fields were removed.
  • Added a new button on the files uploads page to copy the selected assignations of the current file to all others.
  • The download log is stored on a separate table. This allows the system to recognize the date each file has been downloaded.
  • Files (on the manage files page) can now be sorted by download count.


  • Implemented phpass for secure passwords.
  • Fixed the notifications being sent multiple times.
  • Changed the way the download link is generated to improve security.
  • More validations are made when a file is requested for download.
  • Fixed the back button so it won’t work after a user logs out.
  • No more infinite redirects on login.
  • The modal window can now be reused without reloading the page (the action is does it performs is no longer repetead).
  • Fixed the urls where a double slash (//) was used.
  • With the new download log, files that belong to groups can also be tracked when a client downloads it.
  • Options are now saved correctly every time.
  • Sorting files/users/groups by date now works with any set format.

Updated scripts

  • plupload (1.5.7)
  • phpmailer (5.2.7)
  • Bootstrap (2.3.2)
  • timthumb
  • jQuery EasyTabs
  • jQuery flot

Other notes

  • The new password storing system requires that all curent accounts generate a new one. The security has been improved at the cost of this minor issue.
  • The remember me checkbox has been temporarily removed. A more secure implementation is planned.
  • The version number is not visible for unlogged users.
  • jQuery is now loaded locally.
  • The UI has been normalized (menu, button and messages styles, margins, layouts).

Version: r412

Date released: April 26, 2013


  • Fixed the installer to include the new options too.
  • Menu hover state fix by Martine Bouvrette
  • 0kb downloads fix by AlanReiblein
  • Correct timestamp for the main admin during installation
  • Downloads fix by cyril.ballagny
  • Updated phpmailer to 5.2.4

No new features have been added to this release, however this is a strongly recommended one due to both downloads fixes.

Version: r405

Date released: April 14, 2013

What’s new

  • New update notifier.
  • Added an option to prevent clients from uploading files.
  • Added an option to automatically add new self-registered clients to a specific group.
  • Auto-aproval for self-registrations.


  • Privacy fixes on the log.
  • Use UTF-8 on the header.
  • Fixes on the installer.
  • Small fix for moving files to the new folder structure if updating from a version older than the previous.
  • Clients are now sorted alphabetically on the upload form.
  • Fix for the statistics when there are no results.

Version: r375

Date released: March 4, 2013

What’s new:
– Added an option to send BCC of the notifications for new files to the main admin and any other specified e-mail addresses.
– Added the possibility to export the log to a csv file.
– Spanish translation file is included by default (translated by Raúl Elenes).
– The header is now completely responsive. Some other parts are still not done.
– Added a “My account” link for users and clients to be able to edit their own preferences and data.
– Files-to-clients relations are now imported from older installations.
– On updates and installation, the system will try to chmod some files and folders for security, and to improve timthumb’s compatibility.
– Added an option to select if timthumb should use the relative or absolute path to the image file.
– Notifications are not deleted from the database, but stored as sent (or any other code for error messages). This will allow for the creation of a notifications management page in the future.

– Email notifications are now working correctly.
– 0kb downloads should be fixed.
– File sizes over 2gb are now correctly read.
– Fixed some errores and notices on the installer.
– Fixed the zip file generator routine. Suggested by bflahault.
– Other small fixes.