Details

• Security #5291: Mitigate attack on content-defined chunking algorithm

  Restic uses Rabin Fingerprints for its content-defined chunker. The algorithm relies on a secret polynomial to split files into chunks.

  As shown in the paper "Chunking Attacks on File Backup Services using Content-Defined Chunking" by Boris Alexeev, Colin Percival and Yan X Zhang, an attacker that can observe chunk sizes for a known file can derive the secret polynomial. Knowledge of the polynomial might in some cases allow an attacker to check whether certain large files are stored in a repository.

  A practical attack is nevertheless hard as restic merges multiple chunks into opaque pack files and by default processes multiple files in parallel. This likely prevents an attacker from matching pack files to the attacker-known file and thereby prevents the attack.

  Despite the low chances of a practical attack, restic now has added mitigation that randomizes how chunks are assembled into pack files. This prevents attackers from guessing which chunks are part of a pack file and thereby prevents learning the chunk sizes.

  #5291 #5295

• Bugfix #1843: Correctly restore long filepaths' timestamp on old Windows

  The restore command now correctly restores timestamps for files with paths longer than 256 characters on Windows versions prior to Windows 10 1607.

  #1843 #5061

• Bugfix #2165: Ignore disappeared backup source files

  The backup command now quietly skips files that are removed between directory listing and backup, instead of printing errors like:

  error: lstat /some/file/name: no such file or directory
  

  #2165 #3098 #5143 #5145

• Bugfix #5153: Include root tree when searching using find --tree

  The restic find --tree command did not find trees referenced by restic snapshot --json. It now correctly includes the root tree when searching.

  #5153

• Bugfix #5169: Prevent Windows VSS event log 8194 warnings for backup with fs snapshot

  When running backup with the --use-fs-snapshot option in Windows with admin rights, event logs like

  Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
  . This is often caused by incorrect security settings in either the writer or requester process.
  
  Operation:
     Gathering Writer Data
  
  Context:
     Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
     Writer Name: System Writer
     Writer Instance ID: {54b151ac-d27d-4628-9cb0-2bc40959f50f}
  

  Are created several times even though the backup itself succeeds. This has now been fixed.

  #5169 #5170 https://forum.restic.net/t/windows-shadow-copy-snapshot-vss-unexpected-provider-error/3674/2

• Bugfix #5212: Fix duplicate data handling in prune --max-unused

  The prune --max-unused size command did not correctly account for duplicate data. If a repository contained a large amount of duplicate data, this could previously result in pruning too little data. This has now been fixed.

  #5212 https://forum.restic.net/t/restic-not-obeying-max-unused-parameter-on-prune/8879

• Bugfix #5249: Fix creation of oversized index by repair index --read-all-packs

  Since restic 0.17.0, the new index created by repair index --read-all-packs was written as a single large index. This significantly increased memory usage while loading the index.

  The index is now correctly split into multiple smaller indexes, and repair index now also automatically splits oversized indexes.

  #5249

• Bugfix #5259: Fix rare crash in command output

  Some commands could in rare cases crash when trying to print status messages and request retries at the same time, resulting in an error like the following:

  panic: runtime error: slice bounds out of range [468:156]
  [...]
  github.com/restic/restic/internal/ui/termstatus.(*lineWriter).Write(...)
  	/restic/internal/ui/termstatus/stdio_wrapper.go:36 +0x136
  

  This has now been fixed.

  #5259 #5300

• Change #4938: Update dependencies and require Go 1.23 or newer

  We have updated all dependencies. Restic now requires Go 1.23 or newer to build.

  This also disables support for TLS versions older than TLS 1.2. On Windows, restic now requires at least Windows 10 or Windows Server 2016. On macOS, restic now requires at least macOS 11 Big Sur.

  #4938

• Change #5162: Promote feature flags

  The deprecate-legacy-index, deprecate-s3-legacy-layout, explicit-s3-anonymous-auth and safe-forget-keep-tags features are now stable and can no longer be disabled. The corresponding feature flags will be removed in restic 0.19.0.

  #5162

• Enhancement #1378: Add JSON support to check command

  The check command now supports the --json option to output all statistics in JSON format.

  #1378 #5194

• Enhancement #2511: Support generating shell completions to stdout

  The generate command now supports using - as the filename with the --[shell]-completion option to write the generated output to stdout.

  #2511 #5053

• Enhancement #3697: Allow excluding online-only cloud files (e.g. OneDrive)

  Restic treated files synced using OneDrive Files On-Demand as though they were regular files. This caused issues with VSS and could cause OneDrive to download all files.

  Restic now allows the user to exclude these files when backing up with the --exclude-cloud-files option.

  #3697 #4935 #4990

• Enhancement #4179: Add sort option to ls command

  The ls -l command output can now be sorted using the new --sort <field> option for the fields name, size, time (same as mtime), mtime, atime, ctime and extension. A --reverse option is also available.

  #4179 #5182

• Enhancement #4433: Change default sort order for find output

  The find command now sorts snapshots from newest to oldest by default. The previous oldest-to-newest order can be restored using the new --reverse option.

  #4433 #5184

• Enhancement #4521: Add support for Microsoft Blob Storage access tiers

  The new -o azure.access-tier=<tier> option allows specifying the access tier (Hot, Cool or Cold) for objects created in Microsoft Blob Storage. If unspecified, the storage account's default tier is used.

  There is no official Archive storage support in restic, use this option at your own risk. To restore any data, it is necessary to manually warm up the required data in the Archive tier.

  #4521 #5046

• Enhancement #4942: Add snapshot summary statistics to rewritten snapshots

  The rewrite command now supports a --snapshot-summary option to add statistics data to snapshots. Only two fields in the summary will be non-zero: TotalFilesProcessed and TotalBytesProcessed.

  For snapshots rewritten using the --exclude options, the summary statistics are updated accordingly.

  #4942 #5185

• Enhancement #4948: Format exit errors as JSON when requested

  Restic now formats error messages as JSON when the --json flag is used.

  #4948 #4952

• Enhancement #4983: Add SLSA provenance to GHCR container images

  Restic's GitHub Container Registry (GHCR) image build workflow now includes SLSA (Supply-chain Levels for Software Artifacts) provenance generation.

  Please see the restic documentation for more information about verifying SLSA provenance.

  #4983 #4999

• Enhancement #5054: Enable compression for ZIP archives in dump command

  The dump command now compresses ZIP archives using the DEFLATE algorithm, reducing the size of exported archives.

  #5054

• Enhancement #5081: Add retry mechanism for loading repository config

  Restic now retries loading the repository config file when opening a repository. The init command now also retries backend operations.

  #5081 #5095

• Enhancement #5089: Allow including/excluding extended file attributes during restore

  The restore command now supports the --exclude-xattr and --include-xattr options to control which extended file attributes will be restored. By default, all attributes are restored.

  #5089 #5129

• Enhancement #5092: Show count of deleted files and directories during restore

  The restore command now reports the number of deleted files and directories, both in the regular output and in the files_deleted field of the JSON output.

  #5092 #5100

• Enhancement #5109: Make small pack size configurable for prune

  The prune command now supports the --repack-smaller-than option that allows repacking pack files smaller than a specified size.

  #5109 #5183

• Enhancement #5119: Add start and end timestamps to backup JSON output

  The JSON output of the backup command now includes backup_start and backup_end timestamps, containing the start and end time of the backup.

  #5119

• Enhancement #5131: Add DragonFlyBSD support

  Restic can now be compiled on DragonflyBSD.

  #5131 #5138

• Enhancement #5137: Make tag command print which snapshots were modified

  The tag command now outputs which snapshots were modified along with their new snapshot ID. The command supports the --json option for machine-readable output.

  #5137 #5144

• Enhancement #5141: Provide clear error message if AZURE_ACCOUNT_NAME is not set

  If AZURE_ACCOUNT_NAME was not set, commands related to an Azure repository would result in a misleading networking error. Restic now detect this and provides a clear warning that the variable is not defined.

  #5141

• Enhancement #5173: Add experimental S3 cold storage support

  Introduce S3 backend options for transitioning pack files from cold to hot storage on S3 and S3-compatible providers. Note: this only works for the prune, copy and restore commands for now.

  This experimental feature is gated behind the "s3-restore" feature flag.

  #3202 #2504 #5173

• Enhancement #5174: Add xattr support for NetBSD 10+

  Extended attribute support for backup and restore operations is now available on NetBSD version 10 and later.

  #5174 #5180

• Enhancement #5251: Improve retry handling for flaky rclone backends

  Since restic 0.17.0, the backend retry mechanisms rely on backends correctly reporting when a file does not exist. This is not always the case for some rclone backends, which caused restic to stop retrying after the first failure.

  For rclone, failed requests are now retried up to 5 times before giving up.

  #5251

• Enhancement #52897: Make recover automatically rebuild index when needed

  When trying to recover data from an interrupted snapshot, it was previously necessary to manually run repair index before runnning recover. This now happens automatically so that only recover is necessary.

  #52897 #5296