

the intention with that statement was that seafile, by default, places all the files inside its own proprietary file container thing, where the files are not easily accessible from the server’s actual filesystem, using regular linux utilities. My knowledge of seafile is really minimal, so this could be wrong – in which case I’ll fix that right away! or, at the very least, try to clarify what I meant to avoid this confusion.
in case you happen to know – are you aware if it’s possible to use Seafile while having it just place all the files and folders on the disk like any other program would?
so uhh, sorry for the late response to this – was going to reply much earlier, but then suddenly it became more timely than ever…
the good news is, I’m fairly confident in how it handles the filesystem and permissions, preventing unauthorized access to files.
but the part I’m a bit less sure about is sanitizing user data; the kind of vulnerabilities where someone uploads a malicious file and bad stuff happens if you then open that file in a certain way, or someone sends you a malicious link and trick you into clicking it – in other words, the kind of vulnerabilities which require the attacker to have a certain level of access already, or that requires tricking you into doing something.
…and with version 1.18.5 released just now, we got a prime example of exactly one of those. Really unfortunate timing, but it’s a blessing to have so many new and curious eyes on it to spot these sooner rather than later. It is what it is.