Hosting ProjectSend


ProjectSend is an open source file and image sharing application. ProjectSend was initially released in 2007 when it was known as cFTP.

1 click installation ProjectSend

1 click installation

Easy update ProjectSend

Easy update

Backup and restoration ProjectSend

Backup and restoration


Photos and Files
Current version
Last update
11 January 2021
English , Español (Spanish)

System Requirements

Installation size
30.00 MB
open source
What's new
r1295 (major version)
11 January 2021 - 30MBr1295

Changes and Bugfixes
  • Added support for X-Accel on nginx
  • Fixed password reset forms returning 403. By @varandinawer
  • New option: select pagination amount for all administration areas
  • Fixed pagination on default template. Solution by @mike-miguel
  • Always check php, mysql and modules requirements to prevent the app from running on unsupported platforms
  • Fixed: statistics chart for roles 7 and 8
  • Default template: use global pagination amount
  • Fixed missing uppercase characters on uploaded files
  • Fixed typo on activities widget
  • Added file size on public file download page
  • Added file description colum on manage files page
  • Don’t show the directories write permissions warning to clients
  • Fix CVE-2020-28874 by @varandinawer
  • Login: removed ajax functionality. Fixes infinite loading during errors. Fixes CVE-2020-28875 (found by @varandinawer)


Changes and Bugfixes
  • Fixed an issue with r1265 where the new columns where not being created on the actions log and user meta tables
  • Fixed notices


Changes and Bugfixes
  • Added files preview for video, audio, PDF and images (in the Manage files page and the default template for clients)
  • Added a page under Tools menu to test email configuration and new SSL options
  • Multiple files can now be edited at the same time. This is the result of changing how uploads work. As soon as a file finishes uploading it is added to the database so it’s always available and easier to edit
  • Added an option to download via XSendFile. This is a huge improvement for large downloads. While it requires a module to be installed on the server, the difference is outstanding. This module skips php when serving files, so that adds resumable downloads, faster speeds, and reduces significantly the chance of corrupt files
  • When creating users and clients, you can require them to change the password after their first login
  • Social login can now be enabled for Google, Facebook, Twitter, Linkedin, Windows Live, Yahoo
  • Better zip download support. When downloading multiple files as zip, everything is recorded on the action log and downloads viewer.
  • Added functions to download as zip on Pinboxes and Gallery templates.
  • Implemented svg uploading as branding logo or regular shareable files. A sanitizer is added for security
  • Flow of some actions have been improved, such as auto login when a client registers an account if auto approve is enabled
  • Image files thumbnails are created and served with a new, much more reliable library
  • Logged in users can change the language via a selector on the top right corner
  • Many security fixes have been applied
  • Dependencies are now handled via composer and npm, so it’s much easier to update them (phpmailer, plupload, bootstrap, chart.js, etc) and all assets are compiled via gulp. This leaves us with fewer, more compact and lighter requests and resource files
  • Fixed installer issue where you would not be allowed to continue due to directory write errors, but the error was hidden
  • New actions on the actions log
  • Changed how news and updates are retrieved, eliminating the need for the simple_xml module
  • New widget loads via ajax, so the dashboard is quicker to load and does not crash in case of errors
  • Actions log widget: you can now select and view any available action instead of a few predetermined ones
  • Lots of code refactoring to improve speed and resources usage
  • Fixed and issue when updating assignations and several hundred users/groups were targeted and php would stop responding
  • Fix: keep original filename special characters when downloading a file
  • Improved the default email templates with a bigger font size and content width
  • Show a warning if important directories don’t have write permissions
  • Several small bug fixes
  • Changed php version requirement to 7.1+

Read more:

r1070 (security release)
8 August 2019 - 20MBSecurity
  • Security fixes when hiding-showing files and on the installer (by mschop)
  • Fixed a security issue that allowed arbitrary code to be executed (by lmsilva)
  • Fixed known XSS bugs
  • Fixed a security issue where server’s log files would record passwords (reported by Felipe Molina de la Torre)

  • Fixed login not working with certain translations (eg: French)
  • Removed the need for simple_xml extension
  • News and version updates are cached locally to prevent unnecessary connections, making the dashboard load faster everytime.
  • Improved email validation
  • Fixed a connection issue on the installer
  • Replaced the default allowed file types that are set during installation with a more comprehensive (by trini)
  • Fix for uploading files with the same name (by AlanReiblein)
  • Fixed an issue when uploading files unlisted extensions, even if this was not limited via settings.
  • Added the option to download multiple files zipped via the manage files page (same as the default template for clients)
  • Updated README with requirements

Read more:

r1053 (major version) (security release)
11 May 2018 - 4MBHighlights
  • New UI. More modern, responsive and overall more polished looking.
  • Can set a maximum file upload size on each client and user, overriding the default one.
  • Can now set the default maximum upload size on the installer.
  • Added ckeditor as a visual editor on files and groups descriptions (can be disabled)
  • Public groups: an option create groups where people can see its contents without being logged in.
  • Public page: a special page that shows all of the public groups and files. Has several options. Disabled by default.
  • Groups memberships: Option to allow clients to request memberships to public groups. An administrator can approve or deny them.
  • Added a new block on the dashboard with server information.
  • New template page design, in the style of that of WordPress with themes screnshots and descriptions.
  • Manage files: added filter by uploader.
  • Added options to set custom subjects on emails.
  • Email previews are now accurate in content.
  • New option to customize the footer text.
  • Better download links.
  • Added an option to prevent indexing by search engines.
  • Updated the style of the gallery theme.
  • Load a custom.js file if it exists (won’t get overwritten when updating).
  • Clients can select and expiry date for their files.

Bug Fixes
  • Fix for modal window not closing on zip downloads.
  • Fixed the MySQL error on some versions during installation, attributed to having 2 timestamps columns on the same table with default value of CURRENT_TIMESTAMP. Based on a contribution by cdoepmann.
  • Email: don’t auth if smtp is selected but auth is set to “none”.
  • CSV injection bug fix.
  • XSS security fixes.
  • Several security fixes.
  • Fixed category deletion.
  • Fix for uploaders not being able to delete their files.
  • Several fixes for multiple files downloading as zip.
  • Zip files download IDOR fix.
  • Fixed showing active status of clients and users.
  • New server side pagination, replaces the javacript one which made the site unresponsive if there were a lof of results.
  • Some fixes to the manage files page.

  • Added a DEBUG constant.
  • Fixed notices on the installer.
  • Added a check on the installer for php and mysql versions requierements.
  • Some parts of the code where cleaned up, including a new table generation class.
  • Refactory of the options pages UI. No more tabs, now groups of options are on their own page. Cleaner and faster to use.
  • Admin load a minified version of CSS files.
  • Moved most of the backend javacript to it’s own file.
  • Show the public url on the file editor.
  • Uploaded scripts. flot, phpmailer.
  • Better category administration page.
  • Throw a warning if php extension is present in the allowed uploads extension list.

  • A very important contribution in the form of security audit (security-prince)
  • MySQL compatibility fixed on the dashboard statistics (DBezemer)
  • Handle following of symlinks for imported orphaned files (joshstrange)
  • Fix to prevent direct access to the files folder (trainwreckjvbo)
  • UI improvements and option to disable the welcome email when creating users (adrianp-sti)
  • Fix CVE-2017-9783 and CVE-2017-9786 XSS vulnerabilities. (JackWhite20)
  • Fix for the email subjects (remez)
  • Login and notification fixes (OrlandoST)
  • Fix unsolicited error message on config save (Fix unsolicited error message on config save)
  • Fixed bug that stops uploading. (JackWhite20)
  • In case the file is a symlink, get the size from the real file not the symlink itself (Kevin Druelle)
  • Several Security Fixes (IppSec)
  • Expiry dates fixes, new features and improvements (eyeobticeo)
  • Typos fixes (hailthemelody)
  • Fixed port number problem when behind reverse proxy (berndblume)

Read more:

r754 (major version)
1 March 2017 - 4MBNew features
  • Files categories! Think of them as either categories, projects or folders. They are hierarchical and let you organize your files very easily. Clients – for the moment- can only use them to filter files. In the future they will be able to make their own categories and assign files to them.
  • Added an option so clients can now delete the files they have uploaded.
  • Moved to Bootstrap 3 for a much better mobile experience.
  • Log the download when an anonymous user gets a file through a public link.
  • Extended the downloads information for a particular file. You can now see the total downloads, how much are by unique clients and also how many are anonymous. The table now shows date, ip and remote host of each particular download.
  • Select system language when logging in (overrides the system defined language for this session only).
  • Added buttons to auto-generate secure passwords when creating users and clients.
  • Added an optional Google sign in button.
  • You can now log in using your e-mail too.
  • Added reCAPTCHA on the self registration form to prevent spam.
  • Added a confg file creator that will run if the sys.config.php file isn’t found.
  • Added a button to show the public URL for a file in the post-upload table.

Misc changes and fixes
  • Fixed downloading of large files on some servers.
  • You can now upload and import orphan files even if no clients or groups exist yet.
  • Files without assignations are not considered orphan anymore. Only those uploaded via FTP are orphan until they are added to the database.
  • Default and PinBoxes templates now show the categories filter and the expiration status/date for each file.
  • Redesigned the PinBoxes template to be more modern and compatible.
  • The username/email field on login isn’t case sensitive anymore.
  • Improved compatibility with php7
  • Behind the scenes improvements

CSS clean up
  • Better generation of the main menu
  • Replaced textboxlist with jQuery tags input, making the options page stop freezing for a few seconds when loading.
  • Changed the file renaming routine so characters are replaced by similar allowed ones instead of underscores.
  • Lots of other small fixes and improvements!

Read more:

display more versions
r582 (security release)
9 June 2015 - 4MB
  • Added a preview function for custom e-mail templates
  • Fixed the bug where wrong files were deleted
  • Fixed the search function for clients and groups when adding/editing files
  • Fixed a bug where files can’t be downloaded by a client if it was assigned to a group and not the client specifically
  • Fixed a bug where clients were not able to update their information and password
  • Security fixes

Read more:

r572 (security release)
29 May 2015 - 4MB
  • XXS security error fix.
  • Fixed the update routine. r571 shows an available update even if using that version.
  • Added the language files to the git.

Read more:

r561 (security release)
25 April 2014 - 4MB
  • Security fixes
  • Tables are now responsive thanks to footable
  • Fix for the orphans list bug
  • Manage files list also shows unassigned files, because they might be public
  • Added password rules (eg: require a lower case letter, a number, etc)
  • Added SMTP authentication options
  • Added an option to limit the uploading file types to certain roles only
  • Fixes for the database queries giving errors when a NULL setting was incorrect
  • Fix for the password recovery table not being created
  • Fix for public settings being reset if a client edited a file
  • CSS Cleanup
  • minor UI cleaning

Read more:

r514 (addendum 1)
5 August 2014 - 4MBApplications:
  • Developers: ProjectSend internal identifier updated from "cftp" to "projectsend".

r514 (major version)
31 October 2013 - 4MBNew features
  • Added a new form so users and clients can reset their password.
  • Added the possibility to set an expiry date to any file.
  • Added an option to select if expired files should be hidden from the clients, or shown but not allowed to download.
  • Added a template editor so each system email text, and the general header/footer can be customized.
  • Added the possibility to set any file as public, which allows downloading via a tokenized link. Can be combined with the expiry date feature.
  • New options to select the maximum attemps to send each notification, and also an expiration date (globally, in days).
  • You can now search within the orphan files list. Also, it now has pagination.
  • Each password field now has a toggle button for visibility, and the "confirm password" fields were removed.
  • Added a new button on the files uploads page to copy the selected assignations of the current file to all others.
  • The download log is stored on a separate table. This allows the system to recognize the date each file has been downloaded.
  • Files (on the manage files page) can now be sorted by download count.

  • Implemented phpass for secure passwords.
  • Fixed the notifications being sent multiple times.
  • Changed the way the download link is generated to improve security.
  • More validations are made when a file is requested for download.
  • Fixed the back button so it won't work after a user logs out.
  • No more infinite redirects on login.
  • The modal window can now be reused without reloading the page (the action is does it performs is no longer repetead).
  • Fixed the urls where a double slash (//) was used.
  • With the new download log, files that belong to groups can also be tracked when a client downloads it.
  • Options are now saved correctly every time.
  • Sorting files/users/groups by date now works with any set format.

Other notes
  • The new password storing system requires that all curent accounts generate a new one. The security has been improved at the cost of this minor issue.
  • The remember me checkbox has been temporarily removed. A more secure implementation is planned.
  • The version number is not visible for unlogged users.
  • jQuery is now loaded locally.
  • The UI has been normalized (menu, button and messages styles, margins, layouts).

Read more:

26 April 2013 - 4MBFixes
  • Menu hover state fix by Martine Bouvrette
  • 0kb downloads fix by AlanReiblein
  • Correct timestamp for the main admin during installation
  • Downloads fix by cyril.ballagny
  • Updated phpmailer to 5.2.4

Read more:

15 April 2013 - 4MBWhat's new
  • New update notifier.
  • Added an option to prevent clients from uploading files.
  • Added an option to automatically add new self-registered clients to a specific group.
  • Auto-aproval for self-registrations.

  • Privacy fixes on the log.
  • Use UTF-8 on the header.
  • Fixes on the installer.
  • Small fix for moving files to the new folder structure if updating from a version older than the previous.
  • Clients are now sorted alphabetically on the upload form.
  • Fix for the statistics when there are no results.

Read more:

21 February 2013 - 4MBWhat's new:
  • Added an option to send BCC of the notifications for new files to the main admin and any other specified e-mail addresses.
  • Added the possibility to export the log to a csv file.
  • Spanish translation file is included by default (translated by RaĂşl Elenes).
  • The header is now completely responsive. Some other parts are still not done.
  • Added a "My account" link for users and clients to be able to edit their own preferences and data.
  • Files-to-clients relations are now imported from older installations.
  • On updates and installation, the system will try to chmod some files and folders for security, and to improve timthumb's compatibility.
  • Added an option to select if timthumb should use the relative or absolute path to the image file.
  • Notifications are not deleted from the database, but stored as sent (or any other code for error messages). This will allow for the creation of a notifications management page in the future.

  • Email notifications are now working correctly.
  • 0kb downloads should be fixed.
  • File sizes over 2gb are now correctly read.
  • Fixed some errores and notices on the installer.
  • Fixed the zip file generator routine. Suggested by bflahault.
  • Other small fixes.

Read more:

r335 (major version)
7 February 2013 - 3MBThe new features list is pretty extensive. Among the biggest are the following:
  • Clients groups
  • Files can be assigned to multiple clients/groups
  • A complete log of everything that happens on the site
  • Statistics graphics
  • Clients can register themselves if allowed (an admin must approve each new account)
  • File editor
  • SMTP and gmail options for sending email notifications
  • Deactivate clients and users accounts to forbid logging in.
  • Master list of all existing files
  • List of users/clients who downloaded each file (accesible from the Manage files page)
  • New dashboard and overall design of the app.
  • Search and filters on files, clients, groups and users lists (also available to clients on their list)
  • Clients can edit the files they have uploaded
  • Notification emails now include a summary of the new files with name and an excerpt of the description.
  • Lots of fixes
  • Cleaner code/css (still in progress)
  • Use HTML5 as default on the uploader script.

Read more:

4 January 2013 - 2MB
31 July 2012 - 2MB
24 April 2012 - 2MB
4 April 2012 - 2MB
2 April 2012 - 2MB
23 February 2012 - 2MB
17 February 2012 - 2MB

Our Web hostings are compatible with


Only the Web hosting

100% SSD Web Hosting
100 GB and +
Multi-site management
Advanced management of EV and DV SSL certificates
Anti-DDoS protection
10 GB of VOD

Learn more

from CHF 9.92 / month


The complete Web+Mail offer

100% SSD Web Hosting
100 GB and +
Multi-site management
Advanced management of EV and DV SSL certificates
Anti-DDoS protection
10 GB of VOD

Professional messaging
5 email addresses with unlimited storage

Online messaging
Instant messaging
Syncing contacts and calendars

Learn more

from CHF 12.00 / month

Cloud Server


100% SSD Web Hosting
100 GB and +
Multi-site management
Advanced management of EV and DV SSL certificates
Anti-DDoS protection
10 GB of VOD

2 CPU and +
6 Gb (RAM) and +
100% SSD
100% dedicated resources

Infomaniak manages your server

Learn more

from CHF 39.00 / month

Prices in CHF