commit a2ce8b04f31d921c1aef834dddf0b8548dc3411e
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 9 14:37:30 2026 +0100

    build: add explicit permissions to GitHub Actions workflows
    
    This restricts the GITHUB_TOKEN to least-privilege in all workflows,
    fixing CodeQL code-scanning alerts for actions/missing-workflow-permissions.

commit bfd650b4289542fed6d2c4319cb87f8d5ee13722
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 9 12:48:59 2026 +0100

    vfscache: fix grace timer reusing stale fd after _checkObject removes cache file
    
    Before this change when a cache item was in its grace period (with
    HandleCaching) and the file is reopened, _checkObject runs before the
    grace timer recovery check. If the remote object's fingerprint changed
    _checkObject removes the cache file from disk. However the grace
    recovery path still reused the now-stale fd pointing to a deleted
    inode, skipping _createFile entirely. This left no cache file on disk,
    causing cache.Exists() to return false and breaking
    rename-while-writing logic.
    
    Fix this by checking the cache file still exists before reusing the fd
    in grace recovery. If the file was removed, close the stale fd and
    downloaders and fall through to _createFile.
    
    Also update the fingerprint in item.rename after setting the new object,
    preventing unnecessary cache invalidation when a file is reopened after
    a rename.
    
    This was discovered in the integration tests on backends that update
    modtime on rename (like mailru).

commit 16591fdc21a0efe3bcb782684ff5c4b2897b6a24
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 9 11:46:51 2026 +0100

    webdav: Add a section on symlink/junction points in the help
    
    This notes in particular not to use `--links` but to use
    `--local-links`.
    
    Fixes #9317

commit c1f5df209024c79028c98134b703b31d599befac
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Wed Apr 8 16:43:41 2026 +0100

    Changelog updates from Version v1.73.4

commit 0fa16e8638fe06ebe23a44e0bbdcd486cd166a10
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Wed Apr 8 10:19:50 2026 +0100

    build: update all dependencies
    
    This also streamlines the update process in RELEASE.md and the Makefile

commit d58ce7b1b78f6590068ab93a93d04dfe80e914cc
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Wed Apr 8 09:17:10 2026 +0100

    docs: fix XSS vulnerability in dropdown mobile header
    
    Use textContent instead of innerHTML when inserting the dropdown
    label to prevent DOM text being reinterpreted as HTML.
    
    Fixes https://github.com/rclone/rclone/security/code-scanning/176

commit f757e6c0a7a7de921229e2cbe0546afca810847d
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Apr 8 09:03:49 2026 +0100

    build: fix Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder
    
    Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.96.0 to 1.97.3.
    - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
    - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.96.0...service/s3/v1.97.3)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
      dependency-version: 1.97.3
      dependency-type: direct:production
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 20eaad4b6d258a513f331afaf87283a4edec1ef4
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Mar 10 16:21:15 2026 +0000

    linkbox: fix downloading files by using web API - fixes #8665
    
    The Linkbox open API (/api/open/file_search) no longer returns download
    URLs, breaking all downloads. This switches to using the web API
    (/api/file/my_file_list/web) which requires email+password authentication
    but returns working download URLs.
    
    This will unfortunately require changing your existing rclone config.
    
    - Add email, password, and web_token config options
    - Add web API login via /api/user/login_email with token caching and retry
    - Create separate CDN HTTP client with HTTP/2 disabled and browser
      User-Agent to avoid CDN fingerprint blocking
    - Remove searchOK regex and name-filtering (web API doesn't support it)

commit 1ac0c3eecb2b7517dcd792f4a8e878046ab124a3
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Apr 7 23:25:54 2026 +0100

    vfs: fix tests after --vfs-handle-caching
    
    In this commit
    
    0db3e7a2a0e6a989 vfs: fix slow nfs serve by adding --vfs-handle-caching
    
    We added --vfs-handle-caching but unfortunately forgot to disable it
    for the TestRWCacheUpdate test.

commit 561f20f83f0bd5c0af2b3136a518329df574ecc6
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Apr 7 23:27:16 2026 +0100

    Add Suyun to contributors

commit e7deebdf40afce02f49244b79c2cbbc2f487c249
Author: Suyun <suyun@aosc.io>
Date:   Mon Apr 6 17:54:17 2026 +0800

    build: fix loong64 and s390x build

commit cb9bdf629c9dc25953f4c760e5bfd6c1b5faef3e
Author: albertony <12441419+albertony@users.noreply.github.com>
Date:   Sun Feb 22 15:01:44 2026 +0100

    jottacloud: add encoding of percent character to default backend encoding
    
    Fixes #9153

commit 1f3770a57fa078660cf6f1ee53f87c8daa6d2134
Author: albertony <12441419+albertony@users.noreply.github.com>
Date:   Fri Apr 3 14:25:07 2026 +0200

    docs: fix markdown issues in mount docs

commit 829b06d39bbf2c889360da9257eec65489740df3
Author: Clément Notin <clement.notin@gmail.com>
Date:   Fri Apr 3 14:32:24 2026 +0200

    docs: fix header level for metadata option

commit 0db3e7a2a0e6a9897f66a7b365dbeb17fd448ae9
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Mar 12 12:55:45 2026 +0000

    vfs: fix slow nfs serve by adding --vfs-handle-caching
    
    Add a configurable grace period (default 5s) that delays closing file
    handles and downloaders when the last handle closes. If a new handle
    opens within the grace period, it reuses the existing resources.
    
    This fixes 40x performance degradation with serve nfs vs serve sftp
    caused by go-nfs opening/reading/closing on every NFS READ RPC, which
    destroyed read-ahead prefetch before it could accumulate.
    
    The grace period only applies to non-dirty files so that writeback
    proceeds immediately on close.
    
    Fixes #9251

commit 654df913757a0d24491ef9b81f980ff3d13aad68
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Apr 3 11:10:33 2026 +0100

    Add Xiangzhe to contributors

commit f079361a015bccd34734e7c8adc0e3498e236ef0
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Apr 3 11:10:33 2026 +0100

    Add Mike GIllan to contributors

commit 3677b7ff77dee08ad412d1fb9f3df8b2f967d06b
Author: Ross Smith II <ross@smithii.com>
Date:   Thu Apr 2 07:29:15 2026 -0700

    fix(docs): Fix link to not be language specific

commit 4a00a4dc4bbf21aa6f112036c644701968c7234b
Author: Mike GIllan <mike.gillan@gmail.com>
Date:   Mon Mar 23 17:43:10 2026 -0400

    iclouddrive: lowercase Apple ID for SRP authentication
    
    Apple IDs are case-insensitive, but the SRP proof computation (M1)
    hashes the username client-side. The old plaintext signin let the
    server normalize the case, but with SRP the client must match.
    Lowercase the Apple ID before use so mixed-case IDs authenticate
    correctly.
    
    Reported-by: ArturKlauser

commit 2610beb18d165c2b0ecde7099754b3e6d5f4ecbb
Author: Xiangzhe <xiangzhedev@gmail.com>
Date:   Tue Mar 3 15:59:59 2026 +0800

    iclouddrive: use dynamic origin for SRP auth headers
    
    This fixes China mainland iCloud authentication by deriving the Origin
    and Referer headers from authEndpoint instead of hardcoding idmsa.apple.com.
    
    Fixes compatibility with PR #8818 (China region support) and PR #9209
    (SRP authentication).
    
    Signed-off-by: Xiangzhe <xiangzhedev@gmail.com>

commit 35e4f605485e0d1eff044c99c6f5515a2605f1f2
Author: Mike GIllan <mike.gillan@gmail.com>
Date:   Mon Feb 23 17:24:23 2026 -0500

    iclouddrive: replace plaintext signin with SRP authentication
    
    Apple has deprecated the legacy /appleauth/auth/signin endpoint and
    now blocks it, causing "Invalid Session Token" errors for all users
    when their trust token expires. The browser login flow now requires
    SRP (Secure Remote Password), a cryptographic handshake that never
    transmits the password.
    
    Replace Session.SignIn() with a multi-step SRP-6a flow:
    1. authStart - initialize session at /authorize/signin
    2. authFederate - submit account name to /federate
    3. authSRPInit - exchange client public value for salt/B at /signin/init
    4. authSRPComplete - send M1/M2 proofs to /signin/complete
    
    The SRP implementation uses the RFC 5054 2048-bit group with SHA-256
    and Apple's NoUserNameInX variant. Password derivation supports both
    s2k and s2k_fo protocols via SHA-256 + PBKDF2.
    
    The 2FA and trust token flow is unchanged. Auth headers for all
    idmsa.apple.com requests now include X-Apple-Auth-Attributes,
    X-Apple-Frame-Id, and use Origin/Referer of https://idmsa.apple.com.
    
    Fixes #8587

commit 839a3b92e0a8454577a7ed6770e02a9ce4b1beed
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Mar 17 16:58:05 2026 +0000

    docs: modernize rclone.org site design
    
    - replace Bootstrap/jQuery with purpose-built CSS and JS
    - remove backend icons from navbar and content pages
    - replace remaining FontAwesome icons with inline SVGs, remove FontAwesome
    - modernize CSS styling for menus, typography, cards, tables, and code blocks
    - add copy-to-clipboard buttons on code blocks using SVG icon
    - move TOC to left sidebar with responsive overlay drawer
    - add sticky header, top scrollbar and first column for wide tables
    - add left/right arrow buttons to scrollable tables
    - hide homepage logo on mobile
    - make wide menus with filter for Commands and Storage Systems
    - add dark mode support based on browser preference
    - fix CSS/JS cache busting to use build time

commit 492e0bd6167a3efac85bb45bb4bf444af9404ef8
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add Andriy Senyshyn to contributors

commit d4894db7659ffb8ce26c054de5967e07f6fb8b3a
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add Claude Opus 4.6 to contributors

commit 8d09f166818670ba91719fbae2fa6e40a472bb4e
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add jinyu.han to contributors

commit 550889c096ecdf09e7a57fca40068d96b06cb843
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add jinkeyuu to contributors

commit 896961404b8c894a1e358fa9600b8e572d8c8e46
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add lif to contributors

commit 5eabfc74f4d9f599f4fbaea4afb0c1a275c23ec7
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add BizaNator to contributors

commit 787d0333763e88d9701dc0ea645429bd3bbbe5b8
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add Patrick Farrell to contributors

commit db258d404af1b081f83165ad982429f06425bafb
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add Jason to contributors

commit 3cdf680a15ef9527b58236c56ecd3cc8357bd69f
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add ZRHan to contributors

commit bc57110920622f57a5a357b808e5db311d6b6a65
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add Andrew Furman to contributors

commit 133eae4d5bd4d6708c2894373ac46a29c25295ab
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add Andriy Senyshyn to contributors

commit 24c40463ebacf04e7a5dc62a270ab8ec569341bb
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Apr 2 16:32:22 2026 +0100

    Add Bhagyashreek8 to contributors

commit e9fddaabebd2676ac90a7c909f9026c93ae9caa6
Author: jinkeyuu <44105232+jinkeyuu@users.noreply.github.com>
Date:   Tue Mar 31 18:45:40 2026 +0800

    s3: add UCloud Object Storage provider (#9230)
    
    Co-authored-by: jinyu.han <jinyu.han@ucloud.cn>

commit c49015552ca8c125cf0808e1ab8eeb0c7270c13b
Author: lif <1835304752@qq.com>
Date:   Tue Mar 31 17:56:28 2026 +0800

    bisync: fix handling of unreadable lockfiles - fixes #9290
    
    Lockfiles with invalid JSON content caused bisync to fail permanently
    because lockFileIsExpired() logged the decode error but still fell
    through to the "valid lock file" path with zero-value TimeExpires.
    
    Now when a JSON decode error is detected:
    - If --max-lock is set (< basicallyforever): treat garbled lockfile as
      expired, mark listings failed, and proceed (safe assumption: the
      previous bisync run crashed and left garbage).
    - If --max-lock is not set (default): log a clear error telling the
      user the lockfile needs manual inspection, and return false.

commit ffdd043b957aad7808f82910f737bab3de2f5b10
Author: BizaNator <17164422+BizaNator@users.noreply.github.com>
Date:   Sun Mar 29 20:59:43 2026 -0500

    librclone/ctest: add Windows support and fix memory management
    
    Make ctest build and run on Windows in addition to Linux/macOS:
    
    - Add OS detection in Makefile using ifeq ($(OS),Windows_NT)
    - Use .lib extension and .exe suffix on Windows
    - Link Windows system libraries (winmm, ws2_32, ole32)
    - Remove unused dlfcn.h include that prevented compilation on Windows
    
    Fix memory management to use RcloneFreeString instead of free for
    strings returned by RcloneRPC, as documented in the librclone README.
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

commit 434edba275b4032a197808568781dbcbcfc38bf8
Author: Chris <238498929+chris081519-crypto@users.noreply.github.com>
Date:   Fri Mar 27 10:24:28 2026 +0100

    s3: fix regression where PutObject fails with non-seekable readers
    
    Commit a3e1312d accidentally replaced io.NopCloser(in) with a bare
    io.Reader when assigning req.Body in uploadSinglepartPutObject.
    
    rclone wraps upload readers in an accounting.Account for progress
    tracking. When the AWS SDK calls Seek on the body, Account.Seek does
    a type assert on the inner reader. With a bare io.Reader the type
    is unexpected and causes:
    
      operation error S3: PutObject, serialization failed: internal error:
      Seek not implemented for io.nopCloser
    
    With io.NopCloser(in) the type assert works correctly for both seekable
    and non-seekable readers.
    
    Restore io.NopCloser(in) to wrap the reader correctly in all cases.
    
    Verified by running both before (regression confirmed) and after (fix
    confirmed):
      go test ./backend/s3/... ./fs/operations/... -remote TestS3:

commit da7a3d8d64d1a22fce3c0477f78ce5fb41eafa4e
Author: Enduriel <endur1el@protonmail.com>
Date:   Mon Mar 30 12:09:36 2026 +0200

    filen: update SDK version
    
    - increase timeout for http requests
    - only use a single URL per request type

commit 2362b4ca50dc0d81c1c06ac38bbb4c7c86b5b001
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Mar 30 16:29:51 2026 +0000

    build(deps): bump golang.org/x/image from 0.36.0 to 0.38.0
    
    Bumps [golang.org/x/image](https://github.com/golang/image) from 0.36.0 to 0.38.0.
    - [Commits](https://github.com/golang/image/compare/v0.36.0...v0.38.0)
    
    ---
    updated-dependencies:
    - dependency-name: golang.org/x/image
      dependency-version: 0.38.0
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit 5e3d783b3ef5fc3132045a973dbf81a468729541
Author: kapitainsky <dariuszb@me.com>
Date:   Sat Mar 28 13:29:53 2026 +0100

    docs: note macOS 10.15 (Catalina) support with version v1.70.3
    
    due to min golang requirements macOS Catalina (10.15) can not run newer rclone versions

commit 7a63990df2f1ce2e3d9fbe006cdad7df53a77d0b
Author: Bjoern Franke <bjo+git@schafweide.org>
Date:   Tue Mar 24 23:13:19 2026 +0100

    Add OVHcloud storage classes
    
    Added OVHcloud storage classes according to https://help.ovhcloud.com/csm/en-ie-public-cloud-storage-s3-choosing-right-storage-class?id=kb_article_view&sysparm_article=KB0047293 and https://help.ovhcloud.com/csm/en-ie-public-cloud-storage-s3-choosing-right-storage-class?id=kb_article_view&sysparm_article=KB0047293

commit 7ca667d35d6b4ef1e76e55aec6c71ea28059945a
Author: Patrick Farrell <pfarrell@whamcloud.com>
Date:   Mon Mar 23 15:33:01 2026 -0400

    local: remove fadvise calls that cause spinlock contention
    
    Remove the POSIX_FADV_DONTNEED and POSIX_FADV_SEQUENTIAL calls
    from the local backend. The DONTNEED calls cause severe spinlock
    contention on parallel file systems (and any system with many
    concurrent transfers), because each call triggers per-page cache
    teardown under a global lock.
    
    Observed on a 256-core system running rclone with 64 parallel
    transfers over Lustre: 69% of all CPU cycles were spent in
    kernel spinlock contention from the fadvise path, with effective
    throughput well below hardware capability.
    
    The kernel's own page reclaim (kswapd) handles eviction more
    efficiently from a single context. Since rclone does not always
    read files sequentially (e.g. multipart uploads rewind and
    re-read blocks), FADV_SEQUENTIAL was also not reliably correct.
    
    This is consistent with the non-Linux behavior (which never
    called fadvise) and with restic's decision to remove identical
    code (restic/restic#670).
    
    Fixes #7886

commit 1e22af83588d472b7afb7f4b80af23b0e77b17b4
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Mar 23 23:03:59 2026 +0000

    Changelog updates from Version v1.73.3

commit 589d45a0bfe282f77db3c56412de0009ce6f5d6b
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Fri Mar 20 22:19:00 2026 +0000

    build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2
    
    Bumps [github.com/buger/jsonparser](https://github.com/buger/jsonparser) from 1.1.1 to 1.1.2.
    - [Release notes](https://github.com/buger/jsonparser/releases)
    - [Commits](https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/buger/jsonparser
      dependency-version: 1.1.2
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit d5deec353471c0f74f1e963c2d05a78a23172e46
Author: albertony <12441419+albertony@users.noreply.github.com>
Date:   Fri Mar 20 21:18:07 2026 +0100

    docs/jottacloud: fix broken link

commit 53c19e04ba08394163753a25637a7931fd857c49
Author: Jason <jasonbabo@gmail.com>
Date:   Fri Mar 20 13:51:27 2026 +0000

    docs: clarify Filen password change requires updating both password and API key in rclone config

commit e7fadc7e3d3ee512cd9e9e83fcad45bfc3ea158b
Author: Jason <jasonbabo@gmail.com>
Date:   Fri Mar 20 11:06:24 2026 +0000

    docs: note that Filen API key changes on password change

commit 7dfc5b30765dcdf1457e09c72ad81d9418e0300f
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu Mar 19 02:20:16 2026 +0000

    build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3
    
    Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.1 to 1.79.3.
    - [Release notes](https://github.com/grpc/grpc-go/releases)
    - [Commits](https://github.com/grpc/grpc-go/compare/v1.79.1...v1.79.3)
    
    ---
    updated-dependencies:
    - dependency-name: google.golang.org/grpc
      dependency-version: 1.79.3
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit 523a29a4e993c9f4e3fe1a30adc95f31c9bbfe10
Author: ZRHan <56144550+ZRHann@users.noreply.github.com>
Date:   Tue Mar 17 01:29:45 2026 +0800

    webdav: request only required properties in listAll to improve performance
    
    This PR optimizes the PROPFIND requests in the webdav backend to only ask for
    the specific properties rclone actually needs.
    
    Currently, the generic webdav backend sends an empty XML body during directory
    listing (listAll), which causes the server to fall back to allprops by default.
    This forces the server to return properties we never use, such as
    getcontenttype.
    
    Fetching getcontenttype can be a very expensive operation on the server side.
    For instance, in the official golang.org/x/net/webdav library, determining the
    content type requires the server to open the file and read the first 500 bytes.
    
    For a directory with 1,300 files in my environment, rclone ls time dropped from
    ~30s to ~4s (as fast as native ls).
    
    This only applies to the other vendor for backwards compatibility which could be
    expanded.

commit a3e1312d9dd67937631c2451c6fa8bb0a2bc82c0
Author: Chris <238498929+chris081519-crypto@users.noreply.github.com>
Date:   Sat Feb 21 15:57:57 2026 +0100

    s3: fix Content-MD5 for Object Lock uploads and add GCS quirk
    
    AWS S3 requires Content-MD5 for PutObject with Object Lock parameters.
    Since rclone passes a non-seekable io.Reader, the SDK cannot compute
    checksums automatically. Buffer the body and compute MD5 manually for
    singlepart PutObject and presigned request uploads when Object Lock
    parameters are set. Multipart uploads are unaffected as Object Lock
    headers go on CreateMultipartUpload which has no body.
    
    Add object_lock_supported provider quirk (default true) to allow
    skipping Object Lock integration tests on providers with incomplete
    S3 API support. Set to false for GCS which uses non-standard
    x-goog-bypass-governance-retention header and doesn't implement
    PutObjectLegalHold/GetObjectLegalHold.
    
    Add Multipart and Presigned subtests to Object Lock integration tests
    to cover all three upload paths.
    
    Fixes #9199

commit e987d4f3519aca87146f11758821085d2f60ef74
Author: Marco Ferretti <mferretti93@gmail.com>
Date:   Sat Mar 14 22:15:47 2026 +0000

    s3: add multi tenant support for Cubbit

commit 639bd8895967f46571b53419633a3b3bae58048e
Author: Andrew Furman <7343697+furmandev@users.noreply.github.com>
Date:   Thu Mar 12 14:58:22 2026 -0700

    lib/rest: fix URLPathEscapeAll breaking WebDAV servers (eg nzbdav) with strict path matching
    
    URLPathEscapeAll was only passing [A-Za-z0-9/] through unencoded, causing
    it to percent-encode RFC 3986 unreserved characters (-, ., _, ~). Per RFC
    3986 §2.3, unreserved characters MUST NOT be percent-encoded, and a URI
    that unnecessarily encodes them is not equivalent to one that does not.
    
    Servers that perform strict path matching without normalising
    percent-encoded characters will reject the over-encoded form with a 404.
    
    Before: /files/my-report.pdf → /files/my%2Dreport%2Epdf
    After:  /files/my-report.pdf → /files/my-report.pdf
    
    Reserved characters (spaces, semicolons, colons, etc.) continue to be
    encoded as before.

commit bfa2fbb78edc2f5cebf55c48e7be1a4eff0949ae
Author: Andriy Senyshyn <135705861+sam-mt@users.noreply.github.com>
Date:   Thu Mar 12 19:30:13 2026 +0200

    copyurl: fix ignored --upload-headers and --download-headers
    
    Co-authored-by: Andriy Senyshyn <andriy.senyshyn@kiteworks.com>

commit 69ccbacf306c677b7253e8d7c1b6478996fe7dfd
Author: Bhagyashreek8 <57988406+Bhagyashreek8@users.noreply.github.com>
Date:   Thu Mar 12 15:34:16 2026 +0530

    s3: IBM COS: provide ibm_iam_endpoint as a configurable param for IBM IAM-based auth

commit 5d6690eb20f4698b71a00edfc569608bf796d39b
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Mar 9 12:03:44 2026 +0000

    list: fix nil pointer panic in Sorter when temp file creation fails
    
    When extsort.Strings() cannot create temporary files (e.g. due to
    apparmor restrictions or permission denied), it returns a nil sorter
    with the error on errChan. The code then called Sort() on the nil
    sorter, causing a panic.
    
    Check for nil sorter and return the error instead of panicking.
    
    Fixes #9244

commit c7b8654b17e3a578dbf8339c5f878a185e1b94b1
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Mar 10 09:49:05 2026 +0000

    docs: update RELEASE procedure to avoid mistakes

commit 906b27d8b94f0ec83afd30a6fad174e806aafbc9
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Wed Mar 11 11:26:05 2026 +0000

    Add Billy Hughes to contributors

commit e233f8b0a74b6bee1a4662b23148f0eb425f04ad
Author: Billy Hughes <w.g.h.hughes@gmail.com>
Date:   Mon Feb 2 11:10:36 2026 +0000

    accounting: Add deletedDirs stat to core/stats help output

commit 17a547a980e3ee4a4424f552c27a984ae55cb065
Author: Jan-Philipp Reßler <75355263+TabError@users.noreply.github.com>
Date:   Mon Mar 9 19:35:20 2026 +0100

    docs: added text to the label showing version-introduced info
    
    Co-authored-by: Jan-Philipp Reßler <xodarap@xodarap.de>

commit cdb3ecb0fb3cd6a1451a80a11f3c5f6bd6d993e4
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Mar 6 20:43:59 2026 +0000

    Changelog updates from Version v1.73.2

commit 2d7f84576a82ab481eceaf33d65062fb9eca08ba
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Mar 6 11:24:00 2026 +0000

    fs/log: fix data race on OutputHandler.format field
    
    The format field was read in Handle() without synchronization while
    setFormat() could write it concurrently from InitLogging(). This
    caused a data race detected by the race detector, failing
    TestListBucketsAuthProxy in cmd/serve/s3.
    
    Fix by protecting all access to format with the existing mutex.

commit ab234dcfd7e3da3506baad82515c54811170eeb3
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu Mar 5 23:04:17 2026 +0000

    build(deps): bump docker/build-push-action from 6 to 7
    
    Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
    - [Release notes](https://github.com/docker/build-push-action/releases)
    - [Commits](https://github.com/docker/build-push-action/compare/v6...v7)
    
    ---
    updated-dependencies:
    - dependency-name: docker/build-push-action
      dependency-version: '7'
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit c5bcfbac8f7044a76b470912fc413bf9eef9840a
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu Mar 5 23:04:12 2026 +0000

    build(deps): bump docker/setup-buildx-action from 3 to 4
    
    Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
    - [Release notes](https://github.com/docker/setup-buildx-action/releases)
    - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4)
    
    ---
    updated-dependencies:
    - dependency-name: docker/setup-buildx-action
      dependency-version: '4'
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit 88ed8e2b43dbd925f5f7db70dc7348286c00bc1d
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu Mar 5 23:04:08 2026 +0000

    build(deps): bump docker/metadata-action from 5 to 6
    
    Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
    - [Release notes](https://github.com/docker/metadata-action/releases)
    - [Commits](https://github.com/docker/metadata-action/compare/v5...v6)
    
    ---
    updated-dependencies:
    - dependency-name: docker/metadata-action
      dependency-version: '6'
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit b097454f835a6d1582464df525b5e7a97a3d44ad
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Mar 4 22:43:20 2026 +0000

    build(deps): bump docker/setup-qemu-action from 3 to 4
    
    Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3 to 4.
    - [Release notes](https://github.com/docker/setup-qemu-action/releases)
    - [Commits](https://github.com/docker/setup-qemu-action/compare/v3...v4)
    
    ---
    updated-dependencies:
    - dependency-name: docker/setup-qemu-action
      dependency-version: '4'
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit 2f890114b678e6db5cf7a038b9129d7013aae308
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Mar 4 22:43:15 2026 +0000

    build(deps): bump docker/login-action from 3 to 4
    
    Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
    - [Release notes](https://github.com/docker/login-action/releases)
    - [Commits](https://github.com/docker/login-action/compare/v3...v4)
    
    ---
    updated-dependencies:
    - dependency-name: docker/login-action
      dependency-version: '4'
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit 78a7d9bb8e6c4654701877db238ec0aa31fb7fbc
Author: nielash <nielronash@gmail.com>
Date:   Mon Mar 2 21:06:39 2026 -0500

    bisync: update changelog

commit 72c561d20958574e31dfa08837cb055f479b78d3
Author: nielash <nielronash@gmail.com>
Date:   Mon Mar 2 12:28:02 2026 -0500

    bisync: auto-generate rc help docs
    
    This adds a go generate ./cmd/bisync command to autogenerate the bisync rc docs,
    including the list of params.

commit b864c4f9c950bcbe3b9014636a26f11344da6ab9
Author: nielash <nielronash@gmail.com>
Date:   Mon Mar 2 12:10:13 2026 -0500

    bisync: add more structured info to rc output
    
    This adds a few handy bits of info, like the session name, workdir location, and
    listing file paths, to the rc output.

commit bb78eb8ab20f360b7dbc91701242d671c67cbf83
Author: nielash <nielronash@gmail.com>
Date:   Mon Mar 2 12:08:48 2026 -0500

    bisync: add missing rc params - fixes #7799
    
    This adds 11 previously-missing rc params for newer bisync features.
    
    It also makes optional parameters truly optional. (Previously, callers were
    required to supply every single one, even if using the default value.)

commit e11a066e009ef5f9c96ac691ac13925602c45270
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Feb 16 17:26:02 2026 +0000

    operations: multithread copy: grab memory before making go routines
    
    This reduces the number of go routines which can get out of hand when
    using large --transfers and --multi-thread-streams from potentially
    --multi-thread-streams * --transfers Go routines to --max-memory /
    --multi-thread-chunk-size
    
    It serializes the memory allocator in each transfer which should be
    good for performance and reduce lock contention.

commit f0dfe9280c9aa1fc8a41981d1f51f1e26c128ce3
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Mar 3 12:44:42 2026 +0000

    b2: add server side copy real time accounting

commit b8d2ce8962bde274a75b7bd7808952f686bdce3d
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Mar 3 12:45:28 2026 +0000

    s3: add server side copy real time accounting

commit f60b09e7ab276385d43d8adc51068f7622b0b69c
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Feb 12 16:34:06 2026 +0000

    azureblob: add server side copy real time accounting

commit 307f1edaf4b07c28be56192e6b95146893a17932
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Feb 12 16:32:09 2026 +0000

    operations: add method to real time account server side copy
    
    Before this change server side copies would show at 0% until they were
    done then show at 100%.
    
    With support from the backend, server side copies can now be accounted
    in real time. This will only work for backends which have been
    modified and themselves get feedback about how copies are going.
    
    If the transfer fails, the bytes accounted will be reversed.

commit a7a3bee4882d7d4aa67d5d4f903c4936bcd9af8a
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Mar 3 14:00:47 2026 +0000

    Add Duncan F to contributors

commit 8e24a21ef246587fa12f1693c6e7436c814b0a47
Author: Duncan F <131309315+duncanaf@users.noreply.github.com>
Date:   Tue Feb 10 18:09:35 2026 -0800

    azureblob: add --azureblob-copy-total-concurrency to limit total multipart copy concurrency

commit 239dae97dba49553c2da45eb398be6f3af009fee
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Mar 3 14:00:47 2026 +0000

    Add razorloves to contributors

commit 7056989972e229f2664b71ddb796865e940f52b1
Author: razorloves <razorloves@gmail.com>
Date:   Tue Mar 3 02:53:42 2026 -0600

    docs: fix new drive flag typo in changelog

commit 056adc97d61343c01c958824fc4912db1f99890d
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Feb 27 11:24:16 2026 +0000

    build: update to golang.org/x/net v0.51.0 to fix CVE-2026-27141 #9220
    
    See: https://pkg.go.dev/vuln/GO-2026-4559

commit c2fd08192bdb21659d2860830e68717e12efae12
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Feb 27 11:22:12 2026 +0000

    Add Bjoern Franke to contributors

commit 9e0054983cb4ef5adadf2179ab1f4190eec312e0
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Feb 27 11:22:12 2026 +0000

    Add Brian Bockelman to contributors

commit 7c336fdb6f2e4970fcabf1005bc060af2e5e388a
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Feb 27 11:22:12 2026 +0000

    Add Romāns Potašovs to contributors

commit 5d07f521dca2448df387b1d9aaa35fbcc5645d7e
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Feb 27 11:22:11 2026 +0000

    Add Adam Kasztenny to contributors

commit 0d759d1280d1035c90be2d24a0a5245ddac56f94
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Feb 27 11:22:11 2026 +0000

    Add hxnd to contributors

commit 93b1c50c14647c3fd5891470c6a1d501011ae3f8
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Feb 27 11:22:11 2026 +0000

    Add Bjoern Franke to contributors

commit d6819d9d462e289b23310aae935644cf28834f9a
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Feb 27 11:22:11 2026 +0000

    Add FTCHD to contributors

commit 65f2f5973462cf59abd61b7fce039f25fd00d15f
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu Feb 26 22:43:00 2026 +0000

    build(deps): bump actions/upload-artifact from 6 to 7
    
    Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
    - [Release notes](https://github.com/actions/upload-artifact/releases)
    - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)
    
    ---
    updated-dependencies:
    - dependency-name: actions/upload-artifact
      dependency-version: '7'
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit ac177f70cb48e73ffcc86d7e5eade79172a5417f
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Thu Feb 26 22:43:03 2026 +0000

    build(deps): bump actions/download-artifact from 7 to 8
    
    Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8.
    - [Release notes](https://github.com/actions/download-artifact/releases)
    - [Commits](https://github.com/actions/download-artifact/compare/v7...v8)
    
    ---
    updated-dependencies:
    - dependency-name: actions/download-artifact
      dependency-version: '8'
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit 9be4fc8c2b628128282ccdaeee07021292221636
Author: Leon Brocard <lbrocard@fastly.com>
Date:   Thu Feb 26 18:18:52 2026 +0100

    serve http: add gzip compression
    
    Add gzip compression for directory listings and text assets served over HTTP.
    
    This reduces the rclone repository file listing from 40 kB to 8 kB and reduces
    the rclone MANUAL.txt from 2.7 MB to 700 kB.
    
    This makes listings and assets served across the network load faster.
    
    The compression level of 5 should be a good balance between size and speed.

commit cf240b6c0f8435568d1fc71234462ec68bb00e7a
Author: Brian Bockelman <bbockelman@morgridge.org>
Date:   Sat Feb 7 09:50:48 2026 -0600

    webdav: permit redirects on PROPFIND for metadata
    
    The WebDAV implementation already permits redirects on PROPFIND for
    listing paths in the `listAll` method but does not permit this for
    metadata in `readMetaDataForPath`.  This results in a strange experience
    for endpoints that heavily use redirects -
    
    ```
    rclone lsl endpoint:
    ```
    
    functions and lists `hello_world.txt` in its output but
    
    ```
    rclone lsl endpoint:hello_world.txt
    ```
    
    Fails with a HTTP 307.
    
    The git history for this setting indicates this was done to avoid
    an issue where redirects cause a verb change to GET in the Go HTTP
    client; it does not appear to be problematic with HTTP 307.
    
    To fix, a new `CheckRedirect` function is added in the `rest` library
    to force the client to use the same verb across redirects, forcing this
    for the PROPFIND case.

commit 6159ea9cf5597db9a9c0c56641069e3a91d5ea9f
Author: Romāns Potašovs <justgook@gmail.com>
Date:   Sun Feb 8 23:34:10 2026 +0200

    webdav: add missing headers for CORS
    
    fix #7492

commit be1fb99aeea33aea0be11da356a166ac42821611
Author: Adam Kasztenny <adamkasztenny@gmail.com>
Date:   Sun Feb 8 21:12:10 2026 -0500

    docs: Document unsupported S3 object keys with double slashes
    
    Fixes #5063 by documenting that S3 object keys containing
    consecutive forward slashes (//) are not supported by rclone.
    
    The issue occurs because rclone normalizes paths like "a//b" to "a/b",
    causing "object not found" errors when trying to access the original
    object. This documentation addition explicitly warns users about this
    limitation and provides workarounds.
    
    Changes:
    - Added new subsection "Important note about double slashes (//)"
      under "Restricted filename characters" in S3 documentation
    - Explains the normalization behavior and its consequences
    - Provides clear examples and workarounds
    
    AI Model/Tool Attribution:
    - Implemented using opencode AI assistant
    - Issue analysis and documentation update performed by AI tools
    
    Resolves: #5063

commit 01095a539b5a7cec0972037f83f99845393bdcf4
Author: Prakhar Chhalotre <chhalotreprakhar00@gmail.com>
Date:   Thu Feb 26 21:50:24 2026 +0530

    touch: add metadata when using `--metadata-set`

commit 6578f0ad089a93082bc228b3c47bdfd9f48176a7
Author: hxnd <callmehxnd@outlook.de>
Date:   Thu Feb 26 13:41:24 2026 +0100

    s3: ionos: updated regions & endpoints

commit f4ffa549520a9862ce1bc5a1fe3303d7177705a3
Author: Bjoern Franke <bjo+git@schafweide.org>
Date:   Thu Feb 26 13:38:22 2026 +0100

    s3: scaleway: ONEZONE_IA is available in all zones, GLACIER only in FR-PAR
    
    Co-authored-by: Bjoern Franke <bjo@schafweide.org>

commit abed695720c2e18b8dfa3f580349c7f08ad44b31
Author: Prakhar Chhalotre <chhalotreprakhar00@gmail.com>
Date:   Thu Feb 26 18:07:10 2026 +0530

    drive: add integration test for handling folder names with single quotes

commit 77892a8289495f4f1d06a8b0b15c1914efa60a5c
Author: FTCHD <144691102+FTCHD@users.noreply.github.com>
Date:   Sat Feb 21 03:06:08 2026 +0300

    http: dark mode for browser

commit 9f9569ad6fb8efec0787f179ceea2637b14f7e47
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Feb 26 11:59:20 2026 +0000

    docs: note that --use-server-modtime only works on some backends
    
    Closes #6977

commit 80cdc4dd06fd5c689d0cbd0d010cf0b5cd0a6664
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Feb 26 12:00:43 2026 +0000

    Add a1pcm to contributors

commit 216c9de2c40753d74573dea3bf2a50748ba703be
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Feb 26 12:00:43 2026 +0000

    Add Leon Brocard to contributors

commit 7952910e4096a0beb27d3808dc4272a2c20a04d2
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Feb 26 12:00:43 2026 +0000

    Add Dark Dragon to contributors

commit 7eed0b682520d9dd547158a4e460d6535987f409
Author: jzunigax2 <125698953+jzunigax2@users.noreply.github.com>
Date:   Mon Feb 9 14:06:26 2026 -0600

    internxt: fix Entry doesn't belong in directory errors on windows

commit c7da3ab77f19c5a0bfad40d34dc8918fcf539b91
Author: a1pcm <a1pcm@users.noreply.github.com>
Date:   Mon Feb 23 03:26:31 2026 -0600

    drime: fix chunk-uploaded files ignoring workspace ID
    
    When specifying --drime-workspace-id, a file greater than the limit at
    which file uploads get chunked would ignore the specified ID and get put
    into the default workspace instead.
    
    Completes the fix described in commit 2360e65 by properly closing the
    chunkwriter by providing the workspace ID to the Drime API call.

commit 879913da414460b4a7f8b7332413c9a53c1a393a
Author: Leon Brocard <lbrocard@fastly.com>
Date:   Thu Feb 26 10:02:27 2026 +0100

    s3: add new Fastly Object Storage regions
    
    Add AU East 1, EU South 1, JP Central 1, UK East 1, and US Central 1
    regions and endpoints for Fastly Object Storage.
    
    Also sort the entries alphabetically.

commit 576e6145fcc1656c7cdb84319107ae3c40163bbc
Author: Dark Dragon <darkdragon-001@web.de>
Date:   Tue Feb 24 13:44:10 2026 +0100

    docs: Fix headers hierarchy for mount.md
    
    Similar to "Mounting on macOS", "Mounting on Linux" needs to move one layer down. This also fixes the missing anchor overlay on hover.

commit be73a72f930da0fd2b0ecb7c10e2278c517513d2
Author: Leon Brocard <acme@astray.com>
Date:   Wed Feb 25 13:48:17 2026 +0100

    serve http: add fallback embedded favicon
    
    Browsers make a request to /favicon.ico when visiting pages generated
    by the HTTP server.
    
    Previously, if remotes did not have a /favicon.ico then the server
    responded with a 404, causing browsers to show a default icon.
    
    This adds a tiny fallback embedded PNG rclone favicon to help users
    identify the rclone browser tab.

commit 36913cda94ddc96054a16f4f3cb88433257c460e
Author: Leon Brocard <acme@astray.com>
Date:   Wed Feb 25 13:45:49 2026 +0100

    graphics: optimise images losslessly with ImageOptim
    
    All PNG and JPEG images in the graphics/ and docs/static/img/
    directories have been run through ImageOptim with lossless compression.
    This reduces the checkout size and the size of logo files served,
    without any change in visual quality.
    
    ```bash
    git diff --cached --stat
    docs/static/img/ncw-bitcoin-address.png                                  | Bin 1100 -> 404 bytes
    docs/static/img/rclone-1200x630.png                                      | Bin 36503 -> 24220 bytes
    docs/static/img/rclone-32x32.png                                         | Bin 1106 -> 704 bytes
    graphics/cover.jpg                                                       | Bin 9986330 -> 8998666 bytes
    graphics/logo/favicon/favicon_16px.png                                   | Bin 559 -> 389 bytes
    graphics/logo/favicon/favicon_32px.png                                   | Bin 1106 -> 704 bytes
    graphics/logo/logo_on_dark/logo_on_dark__horizontal_color_128px.png      | Bin 10651 -> 6655 bytes
    graphics/logo/logo_on_dark/logo_on_dark__horizontal_color_256px.png      | Bin 22388 -> 14378 bytes
    graphics/logo/logo_on_dark/logo_on_dark__horizontal_color_32px.png       | Bin 2656 -> 1650 bytes
    graphics/logo/logo_on_dark/logo_on_dark__horizontal_color_64px.png       | Bin 5284 -> 3245 bytes
    graphics/logo/logo_on_dark/logo_on_dark__horizontal_mono_128px.png       | Bin 9875 -> 5790 bytes
    graphics/logo/logo_on_dark/logo_on_dark__horizontal_mono_256px.png       | Bin 21247 -> 10809 bytes
    graphics/logo/logo_on_dark/logo_on_dark__horizontal_mono_32px.png        | Bin 2234 -> 1406 bytes
    graphics/logo/logo_on_dark/logo_on_dark__horizontal_mono_64px.png        | Bin 4622 -> 2751 bytes
    graphics/logo/logo_on_dark/logo_on_dark__vertical_color_128px.png        | Bin 3946 -> 2444 bytes
    graphics/logo/logo_on_dark/logo_on_dark__vertical_color_256px.png        | Bin 8234 -> 5134 bytes
    graphics/logo/logo_on_dark/logo_on_dark__vertical_color_512px.png        | Bin 17223 -> 10797 bytes
    graphics/logo/logo_on_dark/logo_on_dark__vertical_color_64px.png         | Bin 1979 -> 1271 bytes
    graphics/logo/logo_on_dark/logo_on_dark__vertical_mono_128px.png         | Bin 3490 -> 2104 bytes
    graphics/logo/logo_on_dark/logo_on_dark__vertical_mono_256px.png         | Bin 7372 -> 4630 bytes
    graphics/logo/logo_on_dark/logo_on_dark__vertical_mono_512px.png         | Bin 16451 -> 8358 bytes
    graphics/logo/logo_on_dark/logo_on_dark__vertical_mono_64px.png          | Bin 1684 -> 1049 bytes
    graphics/logo/logo_on_dark/logo_symbol_on_dark_mono_128px.png            | Bin 3889 -> 2239 bytes
    graphics/logo/logo_on_dark/logo_symbol_on_dark_mono_256px.png            | Bin 8843 -> 4917 bytes
    graphics/logo/logo_on_dark/logo_symbol_on_dark_mono_512px.png            | Bin 19071 -> 9074 bytes
    graphics/logo/logo_on_dark/logo_symbol_on_dark_mono_64px.png             | Bin 1731 -> 1130 bytes
    graphics/logo/logo_on_light/logo_on_light__horizontal_color_128px.png    | Bin 10621 -> 6860 bytes
    graphics/logo/logo_on_light/logo_on_light__horizontal_color_256px.png    | Bin 22317 -> 14747 bytes
    graphics/logo/logo_on_light/logo_on_light__horizontal_color_32px.png     | Bin 2594 -> 1655 bytes
    graphics/logo/logo_on_light/logo_on_light__horizontal_color_64px.png     | Bin 5184 -> 3316 bytes
    graphics/logo/logo_on_light/logo_on_light__horizontal_mono_128px.png     | Bin 8839 -> 5907 bytes
    graphics/logo/logo_on_light/logo_on_light__horizontal_mono_256px.png     | Bin 19305 -> 11010 bytes
    graphics/logo/logo_on_light/logo_on_light__horizontal_mono_32px.png      | Bin 2092 -> 1422 bytes
    graphics/logo/logo_on_light/logo_on_light__horizontal_mono_64px.png      | Bin 4198 -> 2835 bytes
    graphics/logo/logo_on_light/logo_on_light__vertical_color_128px.png      | Bin 3856 -> 2446 bytes
    graphics/logo/logo_on_light/logo_on_light__vertical_color_256px.png      | Bin 8083 -> 5179 bytes
    graphics/logo/logo_on_light/logo_on_light__vertical_color_512px.png      | Bin 16804 -> 11148 bytes
    graphics/logo/logo_on_light/logo_on_light__vertical_color_64px.png       | Bin 1932 -> 1258 bytes
    graphics/logo/logo_on_light/logo_on_light__vertical_color_800px_2to1.png | Bin 23388 -> 12019 bytes
    graphics/logo/logo_on_light/logo_on_light__vertical_mono_128px.png       | Bin 3139 -> 2106 bytes
    graphics/logo/logo_on_light/logo_on_light__vertical_mono_256px.png       | Bin 6347 -> 4630 bytes
    graphics/logo/logo_on_light/logo_on_light__vertical_mono_512px.png       | Bin 14138 -> 8358 bytes
    graphics/logo/logo_on_light/logo_on_light__vertical_mono_64px.png        | Bin 1522 -> 1038 bytes
    graphics/logo/logo_on_light/logo_symbol_on_light_mono_128px.png          | Bin 3193 -> 2241 bytes
    graphics/logo/logo_on_light/logo_symbol_on_light_mono_256px.png          | Bin 6992 -> 4917 bytes
    graphics/logo/logo_on_light/logo_symbol_on_light_mono_512px.png          | Bin 16638 -> 9074 bytes
    graphics/logo/logo_on_light/logo_symbol_on_light_mono_64px.png           | Bin 1568 -> 1127 bytes
    graphics/logo/logo_symbol/logo_symbol_color_128px.png                    | Bin 4468 -> 2783 bytes
    graphics/logo/logo_symbol/logo_symbol_color_16px.png                     | Bin 1787 -> 391 bytes
    graphics/logo/logo_symbol/logo_symbol_color_256px.png                    | Bin 9362 -> 5835 bytes
    graphics/logo/logo_symbol/logo_symbol_color_512px.png                    | Bin 19898 -> 12946 bytes
    graphics/logo/logo_symbol/logo_symbol_color_600px_spaced.png             | Bin 18775 -> 13537 bytes
    graphics/logo/logo_symbol/logo_symbol_color_64px.png                     | Bin 2235 -> 1380 bytes
    ```

commit 699e4cfb2374796a08cb5db801b52c4bd489fead
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Feb 23 13:01:33 2026 +0000

    docs: update sponsors

commit bc5cad879243294a6472b31d1bc231e56e90f8db
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Feb 23 13:05:25 2026 +0000

    Add Jan-Philipp Reßler to contributors

commit 9024962fc4b8a641db446e731c7b5bc0823f8ac5
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Feb 23 13:05:25 2026 +0000

    Add Chris to contributors

commit aa1f4ace64496b66dc3c88e4756f588eb5cfb6af
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Feb 23 13:05:25 2026 +0000

    Add Shlomi Avihou to contributors

commit dd1d750c55455220227ce7b4c5f9dcd84204fdcb
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Feb 23 13:05:25 2026 +0000

    Add Jan-Philipp Reßler to contributors

commit 5a2564c6e28b559585fe3556c36d794b46354592
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Feb 23 13:05:24 2026 +0000

    Add Varun Chawla to contributors

commit 82cc80cc6f737ae2ef902d88bab04da468686137
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Feb 23 13:05:24 2026 +0000

    Add Prakhar Chhalotre to contributors

commit 7d0a8bf850b93d3f70a50f47eab489295e6058d9
Author: Chris <238498929+chris081519-crypto@users.noreply.github.com>
Date:   Fri Feb 20 17:40:24 2026 +0100

    s3: add Object Lock support
    
    Add support for S3 Object Lock with the following new options:
    
    - --s3-object-lock-mode: set retention mode (GOVERNANCE/COMPLIANCE/copy)
    - --s3-object-lock-retain-until-date: set retention date (RFC3339/duration/copy)
    - --s3-object-lock-legal-hold-status: set legal hold (ON/OFF/copy)
    - --s3-bypass-governance-retention: bypass GOVERNANCE lock on delete
    - --s3-bucket-object-lock-enabled: enable Object Lock on bucket creation
    - --s3-object-lock-set-after-upload: apply lock via separate API calls
    
    The special value "copy" preserves the source object's setting when used
    with --metadata flag, enabling scenarios like cloning objects from
    COMPLIANCE to GOVERNANCE mode while preserving the original retention date.
    
    Includes integration tests that create a temporary Object Lock bucket covering:
    - Retention Mode and Date
    - Legal Hold
    - Apply settings after upload
    - Override protections using bypass-governance flag
    The tests are gracefully skipped on providers that do not support Object Lock.
    
    Fixes #4683
    Closes #7894 #7893 #8866

commit fd8b28d36dd176844c48caf7ca5c2017ab5f8b47
Author: Varun Chawla <34209028+veeceey@users.noreply.github.com>
Date:   Fri Feb 20 08:30:15 2026 -0800

    webdav: escape reserved characters in URL path segments
    
    Use URLPathEscapeAll instead of URLPathEscape for path encoding.
    
    URLPathEscape relies on Go's url.URL.String() which only minimally
    escapes paths - reserved sub-delimiter characters like semicolons and
    equals signs pass through unescaped. Per RFC 3986 section 3.3, these
    characters must be percent-encoded when used as literal values in
    path segments.
    
    Some WebDAV servers (notably dCache/Jetty) interpret unescaped
    semicolons as path parameter delimiters, which truncates filenames
    at the semicolon position. URLPathEscapeAll encodes everything
    except [A-Za-z0-9/], which is safe for all servers.
    
    Fixes #9082

commit c63ecace4148735b1ceae80eae85dd3330e72052
Author: Shlomi Avihou <shlomi@zadarastorage.com>
Date:   Fri Feb 13 11:57:41 2026 -0800

    s3: add Zadara Object Storage provider

commit 0c8c3d8fb934bccb04467a4d3be0dfe7c7de33cb
Author: Jan-Philipp Reßler <75355263+TabError@users.noreply.github.com>
Date:   Fri Feb 20 17:21:48 2026 +0100

    bisync: add group Sync to the bisync command
    
    Co-authored-by: Jan-Philipp Reßler <xodarap@xodarap.de>

commit 5042f360f0ca482a3fa1e803a13012f01288acdd
Author: Varun Chawla <34209028+veeceey@users.noreply.github.com>
Date:   Fri Feb 20 03:46:53 2026 -0800

    archive: extract: strip "./" prefix from tar entry paths
    
    Tar files created from the current directory (e.g. tar -czf archive.tar.gz .)
    produce entries prefixed with "./". When extracting, rclone's character
    encoding replaces the "." with a full-width dot (U+FF0E), creating a
    spurious directory instead of merging into the destination root.
    
    Strip the leading "./" from NameInArchive before processing. Only "./"
    is stripped specifically to avoid enabling path traversal attacks via
    "../".
    
    Fixes #9168

commit 9601dbce87d469626a8486cbc3a7e92b3b78c82a
Author: Prakhar Chhalotre <chhalotreprakhar00@gmail.com>
Date:   Wed Feb 18 20:49:47 2026 +0530

    accounting: update String method output format for clarity in transfer rate representation - fixes #9129

commit e06f0b0595fbc11e032a10c58274ec12fb11c1d7
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Wed Feb 18 12:12:04 2026 +0000

    docs: add instructions on how to update Go version

commit b2866f0291a4918499378a92279656a3988cb96a
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Wed Feb 18 12:11:52 2026 +0000

    build: modernize Go code with go fix for go1.25

commit cf97f250df6d4719a7e6a740142ba4eae30df64a
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Wed Feb 18 09:59:16 2026 +0000

    build: update all dependencies
    
    Could not update github.com/coreos/go-systemd as the new version doesn't build under freebsd
    
    See: https://github.com/coreos/go-systemd/issues/509

commit 627b763d4bb9299b4e5f82bcb1992dc3b2ddeb75
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Wed Feb 18 09:50:56 2026 +0000

    lib/rest: remove go1.24 workaround now go1.25 is the minimum

commit f14945f9c1648da9d8b3ed3b97844f7efbae0279
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Wed Feb 18 09:48:58 2026 +0000

    build: update to go1.26 and make go1.25 the minimum required version

commit 391661fdb4a57bb0b64a93654a0235012e89a1ed
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Wed Feb 18 11:33:38 2026 +0000

    Add Jack Kelly to contributors

commit faffd0a6f105011a7159fb8613d68c45758d6077
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Feb 17 18:22:21 2026 +0000

    Changelog updates from Version v1.73.1

commit 6cc3356f8e1509f4c5536e873fb53da7d01134eb
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Feb 17 16:48:52 2026 +0000

    build: fix build using go 1.26.0 instead of go 1.25.7
    
    In the actions config use Go ~1.25.7 to pin the go version to 1.25.x,
    x >= 7.
    
    Before this it was choosing Go 1.26.0 which isn't what we want.

commit 07e76419c92247e5f2d13546ecbb48ab058417cf
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Wed Dec 31 17:59:36 2025 +0000

    fs/march: fix runtime: program exceeds 10000-thread limit
    
    Before this change when doing a sync with `--no-traverse` and
    `--files-from` we could call `NewObject` a total of `--checkers` *
    `--checkers` times simultaneously.
    
    With `--checkers 128` this can exceed the 10,000 thread limit and
    fails when run on a local to local transfer because `NewObject` calls
    `lstat` which is a syscall which needs an OS thread of its own.
    
    This patch uses a weighted semaphore to limit the number of
    simultaneous calls to `NewObject` to `--checkers` instead which won't
    blow the 10,000 thread limit and is far more sensible use of OS
    resources.
    
    Fixes #9073

commit 60c4f35b56bb7b8cecb9f8c0ed84279d93fb6739
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Feb 16 16:03:40 2026 +0000

    accounting: fix missing server side stats from core/stats rc
    
    These stats weren't being updated in the global stats read by rc
    core/stats:
    
    - transferQueue
    - deletesSize
    - serverSideCopies
    - serverSideCopyBytes
    - serverSideMoves
    - serverSideMoveBytes

commit 15a9c0fd367285e68d5699bc22a9b0d1072329e7
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Feb 6 13:02:18 2026 +0000

    pacer: re-read the sleep time as it may be stale
    
    Before this change we read sleepTime before acquiring the pacer token
    and uses that possibly stale value to schedule the token return. When
    many goroutines enter while sleepTime is high (e.g., 10s), each
    goroutine caches this 10s value. Even if successful calls rapidly
    decay the pacer state to 0, the queued goroutines still schedule 10s
    token returns, so the queue drains at 1 req/10s for the entire herd.
    This can create multi‑minute delays even after the pacer has dropped
    to 0.
    
    After this change we refresh the sleep time after getting the token.
    
    This problem was introduced by the desire to skip reading the pacer
    token entirely when sleepTime is 0 in high performance backends (eg
    s3, azure blob).

commit 8b85ffbf033cff39f1c861eb3ee15b2f691f6685
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Feb 3 16:40:54 2026 +0000

    pacer: fix deadlock between pacer token and --max-connections
    
    It was possible in the presence of --max-connections and recursive
    calls to the pacer to deadlock it leaving all connections waiting on
    either a max connection token or a pacer token.
    
    This fixes the problem by making sure we return the pacer token on
    schedule if we take it.
    
    This also short circuits the pacer token if sleepTime is 0.

commit 26fb659fe436b594ddf1795df6128e70558ec918
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Feb 17 11:54:37 2026 +0000

    test_all: increase retries for Internxt eventual consistency

commit 7aa3d8a32f2ae2492dd3f2a4937a5662cf3c1378
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Feb 17 11:40:41 2026 +0000

    build: fix CVE-2025-68121 by updating go to 1.25.7 or later - fixes #9167

commit b7ebec865bfbd696779b2fafcbf80d170dddfd07
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Feb 2 15:42:45 2026 +0000

    drime: fix files and directories being created in the default workspace
    
    Before this change directories and files were created in the default
    workspace, not the workspace specified by --drime-workspace-id.

commit a60d09c43d15b05ec2762db7dfeb0dd4ed7013d6
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Feb 17 11:32:21 2026 +0000

    docs: update sponsors

commit 14a47937c03e6b33c2c70d90470c71b2a0c29302
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Tue Feb 17 11:32:44 2026 +0000

    Add kingston125 to contributors

commit 64d691616102e73b0eb78e1b178498be392dbe66
Author: Jack Kelly <jack@OpenClimateFix.org>
Date:   Tue Feb 3 08:08:09 2026 +0000

    copyurl: Extend copyurl docs with an example of CSV FILENAMEs starting with a path.

commit ae778f1413b39d3f9a7b8ddc39bdb4b35e7452e0
Author: kingston125 <kingston125@github.com>
Date:   Tue Feb 10 21:30:15 2026 -0500

    filelu: migrate API calls to lib/rest

commit 33859568d6793684493db80bbe861c0f2bac5ed2
Author: José Zúniga <125698953+jzunigax2@users.noreply.github.com>
Date:   Fri Feb 13 14:18:51 2026 -0500

    internxt: implement re-login under refresh logic, improve retry logic - fixes #9174

commit 4b3aa5aea03d4826a6a2c72d97f724f2945c5546
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Feb 6 16:24:28 2026 +0000

    docs: add ExchangeRate-API as a sponsor

commit 349487bb7f71ba5225bbfce981a719d1b3ca62c3
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Feb 12 14:08:09 2026 +0000

    Add Cohinem to contributors

commit b70b2fff16e8627b5f8af3402bf50293633f6a7d
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Thu Feb 12 14:08:09 2026 +0000

    Add Leon Brocard to contributors

commit 32307e9226551477af9f7ec0d6b3cce2e7cf099e
Author: Leon Brocard <acme@astray.com>
Date:   Wed Feb 11 22:12:35 2026 +0000

    s3: remove StackPath Object Storage provider
    
    StackPath's object storage service no longer exists and all S3
    endpoints are no longer operational.
    
    Before this change, users could select StackPath as an S3 provider
    during configuration, but connections would fail as the endpoints no
    longer respond and the service has been discontinued.
    
    After this change, StackPath is removed from the list of supported
    S3 providers, preventing users from attempting to configure a
    non-functional service.
    
    Fixes #9148

commit 2bd6630c2eacbe0aa647216455946f50a618c8d1
Author: Cohinem <143964778+Cohinem@users.noreply.github.com>
Date:   Wed Feb 11 17:06:31 2026 +0300

    drime: implement About

commit 54c2078f257d6ba266f96baa2869812817f861c9
Author: albertony <12441419+albertony@users.noreply.github.com>
Date:   Tue Feb 10 09:12:17 2026 +0100

    build: bump github.com/go-chi/chi/v5 from 5.2.3 to 5.2.5 to fix GO-2026-4316

commit 4f284614a47d2c2c00375b3a9378c73cc97160f1
Author: kingston125 <support@filelu.com>
Date:   Tue Feb 10 22:05:49 2026 -0500

    Set list_version to 2 for FileLu S3 configuration

commit eef0b39a2caf03dc8b14cf2eb69d6c210499aa90
Author: kingston125 <support@filelu.com>
Date:   Wed Feb 4 17:26:17 2026 -0500

    filelu: add multipart upload support with configurable cutoff

commit 37f633663642ccbf654ee0119413f2c2151c2f0e
Author: kingston125 <support@filelu.com>
Date:   Wed Feb 4 17:29:07 2026 -0500

    filelu: add multipart init response type

commit 1049f88a1da1cd2e042e92b6e3126adc010bc885
Author: kingston125 <support@filelu.com>
Date:   Wed Feb 4 17:18:12 2026 -0500

    filelu: add comment for response body wrapping

commit 327ca25a4d225046ceec637c082c8af4841925a1
Author: kingston125 <support@filelu.com>
Date:   Wed Feb 4 17:09:55 2026 -0500

    filelu: avoid buffering entire file in memory
    
    Avoid buffering the entire file in memory during download, especially
    for large files.

commit 673e24a60ff46bdc0fd32a465d631597554b026b
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Mon Feb 2 11:12:34 2026 +0000

    docs: update sponsor logos

commit 43db4c5dc76be95dd230176f7dbd62bb2a28b5b3
Author: Leon Brocard <acme@astray.com>
Date:   Thu Feb 5 12:10:53 2026 +0000

    s3: add Fastly Object Storage provider
    
    - Add new Fastly provider with US East, US West, and EU Central regions
    - Add `etag_is_not_md5` quirk for providers with mandatory encryption
    - Disable server-side copy for Fastly (not supported)

commit 88b484722a3fb7ff2a7bf7af16d00647b27fd421
Author: Enduriel <endur1el@protonmail.com>
Date:   Mon Feb 2 16:38:01 2026 +0100

    filen: fix potential panic in case of error during upload

commit ed5bd327c08bb222e1ab3888bb0869c76e3be629
Author: Enduriel <endur1el@protonmail.com>
Date:   Thu Feb 5 12:07:41 2026 +0100

    filen: fix 32 bit targets not being able to list directories Fixes #9142
    
    or do pretty much anything,
    this was caused by timestamps not being read to 64 bit integers

commit 341ce61a2aa535b5c555ade033dfa82b0fab4474
Author: wiserain <mail275@gmail.com>
Date:   Tue Feb 3 08:13:03 2026 +0900

    pikpak: support custom filenames for addurl backend command - fixes #9111
    
    Extended the addurl backend command to accept an optional filename parameter,
    enabling customized naming for downloaded files.

commit 9abf9d38c0b8009430228150c8f1f0a50e52505b
Author: Nick Craig-Wood <nick@craig-wood.com>
Date:   Fri Jan 30 22:19:04 2026 +0000

    Start v1.74.0-DEV development
