/
🖥️ PowerFolder Server 26 SP1

🖥️ PowerFolder Server 26 SP1

  • Verified

    •  

     

    • Release Date: March 2026

    • Build Number: 26.1.104

    • Type: Hot Fix Release

    📦 Download Links

    ⬆️ Upgrade Information

    • Please read this complete Release Notes and instructions before upgrading.

    • Please follow the regular upgrade documentation for Windows or Linux

    • Upgrading any previous version higher or equal to version 16.0.100

    • Cluster: Running different versions on the servers in the cluster is supported but limited to version >= 22.0.100

    🔐HARICA Root Certificates Added to Java Truststore

    The Java truststore (cacerts) has been updated to include the complete official HARICA Root Certificate portfolio.

    Added Root Certificates

    The following HARICA Root Certificates are now trusted:

    • HARICA Root CA 2011

    • HARICA Root CA 2015 (RSA & ECC)

    • HARICA TLS Root CA 2021 (RSA & ECC)

    • HARICA TLS Root CA 2021 Cross (RSA & ECC)

    • HARICA Client Root CA 2021 (RSA & ECC)

    • HARICA Qualified Root CA 2021 (RSA & ECC)

    🔄 Changing Database Collation to utf8mb4_general_ci in MariaDB v11.x

    Attached detailed documentation describing the required database collation adjustment and upgrade procedure: Changing Database Collation to utf8mb4_general_ci

    📊Folder Audit Information

    More information about this feature: Server Audit Information

    🌐WebDAV Token Validity

    The default WebDAV token validity is now tecnically 21 years:

    security.tokens.webdav.valid.time.seconds=662256000

    Server admin can change this as per requirement.

    Block folders of expired user

    Server admin can now block the shared folders for all users when a account is expired.

    Default:

    server.account.block.folders.on.expiration=false

    Set to:

    server.account.block.folders.on.expiration=true

    to block and unblock folders of an account when expired/valid again

    🗑️Restoring top folder from system archive ("BACKUP_REMOVE")

    Admins and users are now able to restore top-level folders direct from recycle bin.

    web.restore_folder.users.enabled=true

    To hide the options from end users set in server config:

    web.restore_folder.users.enabled=false

    Note: The new functionality is always visible to server admins

    📝Support for ONLYOFFICE v9.1.x & 9.2.x

    PowerFolder Server, Client, and Mobile Apps now fully support the latest ONLYOFFICE Document Server versions, whether deployed via Docker or as a standalone installation.

    🆕 Organization Expiration Management

    Two new administrative API endpoints have been added to manage expired organizations more efficiently:

    These endpoints simplify maintenance and cleanup of outdated organizational records in larger deployments.

    🛡️Content Security Policy (CSP) Protection

    To enhance security against Cross-Site Scripting (XSS) and other injection attacks, the application supports enabling Content Security Policy (CSP) headers. CSP allows the browser to restrict which content sources (scripts, styles, images, etc.) are allowed to load, preventing malicious scripts from executing.

    Configuration

    The CSP mechanism can be controlled via configuration flags in your server configuration file:

    # Enable or disable Content Security Policy web.csp.enable=true # Run in report-only mode or enforce policy web.csp.report_only=false

    Options

    • web.csp.enable

      • Default: true

      • Enables CSP headers in responses.

      • Set to false to completely disable CSP protection (not recommended).

    • web.csp.report_only

      • Default: false

      • When false, CSP violations will block content that does not comply with the policy.

      • When true, CSP runs in Report-Only mode: violations are logged/reported, but the browser does not block the content.

      This is useful for debugging potential CSP false positives without breaking user functionality.

    ✨ New: Default user folders on first login

    To simplify onboarding for new users, the system can now automatically create default folders at their first login.
    Add the following to your Default.config (server maintenance):

    # Default folders f.my_files.name=Meine Dateien f.my_files.dir=Meine Dateien f.shared.name=Geteilt f.shared.dir=Geteilt

    🔄 Javascript in Email Templates

    The email templates are also improved, please update the email templates or delete the old templates.

    📂 Enhancements in Database for Sub-Folder Sharing

    In this version, major changes have been made to the database tables. New columns and entries have been added to support versioning and preparations for sub-folder sharing in upcoming releases. These changes are backward-compatible, even if the admin decides to downgrade the server.

    ⬇️ Downgrade Information (optional)

    • In case a downgrade to a previous version is necessary:

      • For a downgrade, you have to review our downgrade documentation.

      • Simply replace the PowerFolder-Server.jar file with that from the previous version you would like to run.

    • Log messages due to the higher schema version of database can be ignored:

      • [DatabaseMigrator]: Database layout version is newer than expected.

    📜 Changelog

    • PFS-4801: Remove INFO [FolderInfo]: Folder (….) : rename (forced internalize)

    • PFS-5420: Access not possible after invite due to cache invalidation issue causing stale account state across servers

    • INT-1249

    • INT-1672

    • Release Date: March 2026

    • Build Number: 26.1.103

    • Type: Hot Fix Release

    📜 Changelog

    • PFS-5420: Access not possible after invite due to cache invalidation issue causing stale account state across servers

    • INT-1249

    • Release Date: March 2026

    • Build Number: 26.1.101

    • Type: Hot Fix Release

    📜 Changelog

    • PFS-4832: Fix Illegal mix of collations messages in logs

    • Release Date: February 2026

    • Build Number: 26.1.100

    • Type: Major Server Release

    📜 Full Changelog

    • PFS-4440: Provide list of last logins in web

    • PFS-4553: Redesign the “Devices” list for clarity, usability, and control

    • PFS-4761: Create WebDAV Token in My Account / Devices

    • PFS-4760: WebDAV Token should be valid indefinitely

    • PFS-4521: Block WebDAV operations exceeding storage

    • PFS-4100: Fix "delete all" in device table

    • PFC-3501: Ensure client disconnects and prevent relogin after device (token) is deleted and prompts for password

    • PFS-4799: Restore links from folders in recycle bin

    • PFI-87: Include Harica RSA root certificates 2021 in Java keystore

    • PFS-4596: Rename files with dots (.) in filename

    • PFS-4711: Fixed view txt files on link landing page

    • PFS-4677: Unable to create or edit documents in subfolder level = 5

    • PFS-4730: Add actual storage usage information column for Organizations

    • PFS-4773: Set expiry of accounts as per organization

    • PFS-4758: Block folders when account is expired

    • PFS-4548: Metadata files containing folder permissions and links history

    • PFS-4787: Reduced SQL load (connections + queries/s) while accessing file links

    • PFS-4786: Prevent high load on federated systems when a service is offline

    • PFS-4803: Fix: Filerestore should follow Foldersetting of max. Versions

    • PFS-4572: Ensure the sender field is filled properly while sending invitations

    • PFS-4794: Cleanup of 0-byte files on failed WebDAV PUT uploads

    • PFS-4747: Include size in FileLink API getFiles

    • PFS-4757: Logging: Upload form, File links, Change of permissions and storage

    • PFS-4802: Remove sync icons direct after new upload of files

    • PFS-4789: Fix settings button in Links table

    • PFS-4806: Fix loading of file links

    • PFS-4735: Generalize the notifications for large folder and file names

    • PFS-4751: Provide icons for Open Document Format (ODF)

    • PFS-4665: File options are not hiding/working

    • PFS-4750: Correct spelling errors in several texts

    • PFS-4697: Cleanups and followups