Skip to content

Upgrade to upstream v1.13.1 + fork cleanup#6

Merged
HerrSammyDE merged 16 commits into
developfrom
upgrade-1.13.1
Jun 30, 2026
Merged

Upgrade to upstream v1.13.1 + fork cleanup#6
HerrSammyDE merged 16 commits into
developfrom
upgrade-1.13.1

Conversation

@HerrSammyDE

Copy link
Copy Markdown
Member

Brings the fork up to upstream pterodactyl/wings v1.13.1 (e771816) and trims fork divergence that is no longer needed.

Upstream v1.13.1

  • Merged upstream v1.13.1, integrating its backup-restore SSRF hardening (host allowlist, blocked private/internal IP ranges, UUID identifier validation, download-URL validation) into the fork's customized backup restore handler — fork features (operation registry, progress events, sha256 checksums) preserved.
  • Conflicts resolved in config/config.go, router/router_server_backup.go, server/backup/{backup,backup_local,backup_s3}.go; leaked pterodactyl/wings import paths in newly merged files corrected to Rene-Roscher/wings.

Fork cleanup (all removed code verified fork-only; upstream has none)

  • Removed the SFTP brute-force protection (SmartSecurityProtector) and its sftp.security.* config. sftp/server.go now equals upstream apart from the module rename; config.go SftpConfiguration is byte-identical to upstream. It was in-memory/single-node only, had a broken success path, and risked locking out NAT/CGNAT users. SFTP abuse protection is left to the network layer / Panel.
  • Removed unused zstd backup support. The active archiver always produced gzip (createCompressor ignored backups.format); zstd was only wired to dead code (archive_system.go, zero callers). Dropped the config option, the zstd compression adapter, the zstd decompressor branch, .zst file matching and the zstd tests/content-types. Backups are honestly gzip-only now.
  • Restored upstream's TestArchive_Stream (dropped when the fork rewrote archive_test.go).
  • Removed stale fork docs describing the now-removed features (COMPRESSION_UPGRADE.md, BACKUP_CONFIG_GUIDE.md, WORK.md).

New: FORK_CHANGES.md

Documents which changes are EmeraldHost-specific vs upstream (like the panel repo's), so customizations are not accidentally reverted on future upgrades.

Verification

Go is not available locally; the merge and both removals were verified statically by multi-agent review: new upstream tests compile/pass against the fork, the SSRF controls are intact, the gzip backup/restore round-trip is unaffected, and no upstream functionality was removed or broken. CI (go test -race) is the final gate.

Supersedes the v1.13.0 work; the release/v1.13.1 tag/release should be cut after this merges into develop.

robertdrakedennis and others added 16 commits June 22, 2026 16:26
Merges pterodactyl/wings v1.13.1 (e771816) into our upgrade branch.

Notable upstream change: backup-restore SSRF hardening - host allowlist,
blocked private/internal IP ranges, UUID identifier validation, and
download URL validation. Integrated into the fork's customized backup
restore handler so the SSRF protections apply while preserving the fork's
backup operation registry, WebSocket progress events, zstd support and
sha256 checksums.

Conflicts resolved in config/config.go, router/router_server_backup.go and
server/backup/{backup,backup_local,backup_s3}.go. Corrected leaked
github.com/pterodactyl/wings module import paths in newly merged files
(quota_file.go and the new upstream test files). Added a v1.13.1 CHANGELOG
entry. Statically verified the merge (8-agent review): new upstream tests
compile/pass against the fork, SSRF controls intact, source compiles.
Tracks which changes are EmeraldHost-specific vs upstream pterodactyl/wings
(baseline v1.13.1) so customizations are not accidentally reverted on
upgrades: backup subsystem (operation registry/queue, retry, WebSocket
progress, multi-format compression, sha256 checksums), SFTP brute-force
protection + activity streaming, module rename, config divergences, and a
list of upstream code that must NOT be mistaken for fork changes.
Strictly separate our own changes from upstream code:
- Drop .github/FUNDING.yaml and release.yaml committer identity from our
  config divergences (verified identical to upstream e771816 - not ours);
  list them under section 4 as upstream defaults instead.
- Clarify section 3 issues are verified fork-only (git grep vs upstream
  returns zero hits) - our tech debt, not ignorable-as-upstream behavior.
Reverts sftp/server.go to upstream SFTP auth behaviour (now identical to
upstream apart from the module rename) and drops the sftp.security.* config
tree. The protector was in-memory/single-node only, had a broken
success-path (recordSuccessfulAuth only ran on non-credential errors,
never on a real login), and risked locking out legitimate users sharing a
NAT/CGNAT IP. SFTP abuse protection is left to the network layer / Panel.
Updates FORK_CHANGES.md accordingly.
The fork's rewrite of archive_test.go dropped upstream's TestArchive_Stream
(archive-content listing). Re-add it (verbatim, in its own file) since all
deps are present (NewFs helper, franela/goblin, mholt/archives) and it still
holds against the fork's archiver: getFiles collects only file entries, so
the fork's directory-entry inclusion does not change the assertion.
TestArchive_Stream restored in archive_stream_test.go.
The active archiver always produces gzip (createCompressor ignores
Backups.Format); zstd was only wired to dead code (archive_system.go, zero
callers), so no zstd backup is ever created and the 'ZSTD restore not
supported' branch was unreachable.

Drop the whole zstd pretense: delete archive_system.go, remove the
Backups.Format config option, the zstd compression adapter/constant, the
zstd decompressor branch, .zst file matching, and the zstd tests/content
types. Backups are honestly gzip-only now. All removed code was fork-only
(upstream has zero zstd). Updates FORK_CHANGES.md.
COMPRESSION_UPGRADE.md (zstd) and BACKUP_CONFIG_GUIDE.md (zstd + SFTP
brute-force config) describe features that were removed on this branch and
would mislead operators into setting non-existent config keys. WORK.md was
an internal scratch brief. All three are obsolete; the still-accurate fork
docs (FORK_CHANGES.md, BACKUP_PROGRESS_EVENTS.md, WEBSOCKET_EVENTS.md) stay.
@HerrSammyDE HerrSammyDE merged commit f7ba42d into develop Jun 30, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants