Upgrade to upstream v1.13.1 + fork cleanup#6
Merged
Conversation
Merges pterodactyl/wings v1.13.1 (e771816) into our upgrade branch. Notable upstream change: backup-restore SSRF hardening - host allowlist, blocked private/internal IP ranges, UUID identifier validation, and download URL validation. Integrated into the fork's customized backup restore handler so the SSRF protections apply while preserving the fork's backup operation registry, WebSocket progress events, zstd support and sha256 checksums. Conflicts resolved in config/config.go, router/router_server_backup.go and server/backup/{backup,backup_local,backup_s3}.go. Corrected leaked github.com/pterodactyl/wings module import paths in newly merged files (quota_file.go and the new upstream test files). Added a v1.13.1 CHANGELOG entry. Statically verified the merge (8-agent review): new upstream tests compile/pass against the fork, SSRF controls intact, source compiles.
Tracks which changes are EmeraldHost-specific vs upstream pterodactyl/wings (baseline v1.13.1) so customizations are not accidentally reverted on upgrades: backup subsystem (operation registry/queue, retry, WebSocket progress, multi-format compression, sha256 checksums), SFTP brute-force protection + activity streaming, module rename, config divergences, and a list of upstream code that must NOT be mistaken for fork changes.
Strictly separate our own changes from upstream code: - Drop .github/FUNDING.yaml and release.yaml committer identity from our config divergences (verified identical to upstream e771816 - not ours); list them under section 4 as upstream defaults instead. - Clarify section 3 issues are verified fork-only (git grep vs upstream returns zero hits) - our tech debt, not ignorable-as-upstream behavior.
Reverts sftp/server.go to upstream SFTP auth behaviour (now identical to upstream apart from the module rename) and drops the sftp.security.* config tree. The protector was in-memory/single-node only, had a broken success-path (recordSuccessfulAuth only ran on non-credential errors, never on a real login), and risked locking out legitimate users sharing a NAT/CGNAT IP. SFTP abuse protection is left to the network layer / Panel. Updates FORK_CHANGES.md accordingly.
The fork's rewrite of archive_test.go dropped upstream's TestArchive_Stream (archive-content listing). Re-add it (verbatim, in its own file) since all deps are present (NewFs helper, franela/goblin, mholt/archives) and it still holds against the fork's archiver: getFiles collects only file entries, so the fork's directory-entry inclusion does not change the assertion.
TestArchive_Stream restored in archive_stream_test.go.
The active archiver always produces gzip (createCompressor ignores Backups.Format); zstd was only wired to dead code (archive_system.go, zero callers), so no zstd backup is ever created and the 'ZSTD restore not supported' branch was unreachable. Drop the whole zstd pretense: delete archive_system.go, remove the Backups.Format config option, the zstd compression adapter/constant, the zstd decompressor branch, .zst file matching, and the zstd tests/content types. Backups are honestly gzip-only now. All removed code was fork-only (upstream has zero zstd). Updates FORK_CHANGES.md.
COMPRESSION_UPGRADE.md (zstd) and BACKUP_CONFIG_GUIDE.md (zstd + SFTP brute-force config) describe features that were removed on this branch and would mislead operators into setting non-existent config keys. WORK.md was an internal scratch brief. All three are obsolete; the still-accurate fork docs (FORK_CHANGES.md, BACKUP_PROGRESS_EVENTS.md, WEBSOCKET_EVENTS.md) stay.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Brings the fork up to upstream pterodactyl/wings v1.13.1 (
e771816) and trims fork divergence that is no longer needed.Upstream v1.13.1
config/config.go,router/router_server_backup.go,server/backup/{backup,backup_local,backup_s3}.go; leakedpterodactyl/wingsimport paths in newly merged files corrected toRene-Roscher/wings.Fork cleanup (all removed code verified fork-only; upstream has none)
SmartSecurityProtector) and itssftp.security.*config.sftp/server.gonow equals upstream apart from the module rename;config.goSftpConfigurationis byte-identical to upstream. It was in-memory/single-node only, had a broken success path, and risked locking out NAT/CGNAT users. SFTP abuse protection is left to the network layer / Panel.createCompressorignoredbackups.format); zstd was only wired to dead code (archive_system.go, zero callers). Dropped the config option, the zstd compression adapter, the zstd decompressor branch,.zstfile matching and the zstd tests/content-types. Backups are honestly gzip-only now.TestArchive_Stream(dropped when the fork rewrotearchive_test.go).COMPRESSION_UPGRADE.md,BACKUP_CONFIG_GUIDE.md,WORK.md).New: FORK_CHANGES.md
Documents which changes are EmeraldHost-specific vs upstream (like the panel repo's), so customizations are not accidentally reverted on future upgrades.
Verification
Go is not available locally; the merge and both removals were verified statically by multi-agent review: new upstream tests compile/pass against the fork, the SSRF controls are intact, the gzip backup/restore round-trip is unaffected, and no upstream functionality was removed or broken. CI (
go test -race) is the final gate.Supersedes the v1.13.0 work; the
release/v1.13.1tag/release should be cut after this merges intodevelop.