Part-DB 2.11.0

New features

• Added AI powered website scraper to provide detailed part infos even from webshops with little structured data
• Added feature to force refresh of info provider search and results, and to skip delegation to specialized providers when using "create part from URL"
• Add Docker update support via Watchtower integration by @Sebbeben in #1330
• Add Quick Apply and batch update to bulk info provider import by @Sebbeben in #1316
• Add 'Add stock' button to part stock info page by @kernchen-brc in #1352
• Added 250 and 500 entry to table lengthes menus

Bug fixes

• Fix sort order after column reorder on page reload by @wschopohl in #1346
• Fixed error making editing of users impossible
• Fixed error with converting existing DB to postgresql database (#1362)
• Fixed error that original category were changed, if category cloned and eda info changed (#1341)
• Keep part table length selection across page loads (#1350)

Miscellaneous

• Updated dependencies
• Updated KiCad symbols and footprint list

Full Changelog: v2.10.0...v2.11.0

1.6.1 (2026-05-04)

Features

• Updates: Update-available detection with non-dismissible notice and dev-reload refresh
• Plugins: New plugin hooks for compose, attachments, search, lifecycle, and routing
• Sharing: Share indicators for calendars and contacts, updated JMAP capabilities (#244)
• Mail: Auto-add recipients to trusted senders when replying
• Identity: Sanitize identity display name to prevent invalid From headers

Fixes

• Mobile: Synchronize mobile submenu view with browser history for better navigation
• Viewer: Update email viewer styles to improve overflow handling
• Auth: Ensure cookieSlot consistency during account updates in auth store
• Auth: Thread per-account cookie slot through OAuth flows
• Calendar: Square the colored left marker on calendar events
• About: Show git commit in About instead of "unknown"

i18n

• Update mailbox context menu translations across 12 locales

1.6.0 (2026-05-01)

Features

• Deployment: Subpath deployment support via NEXT_PUBLIC_BASE_PATH environment variable
• Mail: Image attachment thumbnails and preview chips
• Mobile: Reworked mobile mail viewer toolbar
• Mobile: Mobile-friendly settings panel
• Mobile: Mobile-friendly admin panel
• Mail: Redesigned expanded details panel
• Mailbox: Show full path in mailbox context menu header with intelligent path shortening

Fixes

• Viewer: Respect per-email dark mode toggle when "always show in light mode" is on
• Navigation: Scroll apps list in navigation rail to prevent overflow
• Context menu: Clamp submenu inside viewport
• Context menu: Prevent context menu from clipping below viewport
• Context menu: Prevent jump and animation on open
• Mail: Stop silently destroying emails when trash mailbox isn't found (#195)
• Mail: Preserve list scroll position when tagging an email
• Mail: Render below-header overflow popup outside clipped row
• Mail: Collapse below-header attachments to single row with overflow pill
• Push: Fix push preview JMAP query
• Tour: Navigate tour to mailbox when starting from another page
• i18n: Add useTranslations for "selected emails" and "cancel" on email list batch operations

i18n

• Translate SPF/DKIM/DMARC tooltips
• Add missing keys across 14 locales

1.5.4 (2026-05-01)

Features

• PWA: Web push notifications for new inbox mail (#233), with click-through to open the message
• Composer: Insert and edit tables in rich-text emails (#236)
• Mail: Configurable sub-addressing delimiter character (#239)
• i18n: Turkish localization
• i18n: Missing keys filled in across 15 locales

Fixes

• Mail: Set In-Reply-To and References headers on replies (#234)
• Mail: Persist htmlBody in drafts to preserve rich formatting (#236)
• Auth: Pin JMAP auth verification to the configured server URL (#237)
• Auth: Evict unrecoverable basic-auth accounts on reload
• Notifications: Scope new-mail notifications to genuine inbox deliveries
• Notifications: Extend PushVerification timeout and clean up leftover subscriptions
• Viewer: Smooth out body load to prevent flicker on first render
• Viewer: Prevent iframe flash when loading images or trusting the sender
• Viewer: Pad bare HTML emails like plain-text mails for consistent layout
• Viewer: Light-mode override now only affects body content
• Viewer: Detect <style> tag when applying padding
• Viewer: Drop iframe border-radius
• Calendar: Localize event start date in detail popover and event modal
• Dev: Include http protocol in connect-src for development mode CSP

✨ New Features & Improvements

• @directus/app
  • Updated the token field on the user detail page to require confirmation before regenerating or removing a token, and saved those changes immediately without requiring a page-level save. (#27108 by @LZylstra)
• @directus/api
  • Added opt-in must-revalidate and ETag headers for assets via ASSETS_CACHE_REVALIDATE env var (#27027 by @gaetansenn)
  • Added a force option to schema apply to bypass hash check (#27136 by @Nitwel)
• @directus/env
  • Added opt-in must-revalidate and ETag headers for assets via ASSETS_CACHE_REVALIDATE env var (#27027 by @gaetansenn)
• @directus/sdk
  • Added a force option to schema apply to bypass hash check (#27136 by @Nitwel)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed UI freeze when navigating items with WYSIWYG translations for non-admin users (#27154 by @gaetansenn)
  • Fixed selection not being cleared after running a manual flow from the collection list view sidebar (#27330 by @kropsi)
  • Fixed "Save as copy" in the file library throwing a 403 Forbidden error (#27181 by @sanskar-soni-9)
  • Fixed user token not being displayed after generation when collaboration is enabled (#27319 by @LZylstra)
  • Prevented filter popup being closed when reordering filters (#27324 by @HZooly)
  • Fixed icon flash in navigation sidebar for bookmarks without an icon (#27329 by @HZooly)
  • Migrated @directus/visual-editing into the monorepo (#27157 by @formfcw)
• @directus/api
  • Removed duplicate @directus/schema-builder dependency (#27166 by @ComfortablyCoding)
  • Bumped basic-ftp, liquidjs, xmldom, protobufjs, vite dependencies (#27335 by @br41nslug)
  • Fixed flows not awaiting reload (#27137 by @Nitwel)
  • Fixed VERSION_SAVE activity/revisions not respecting collection tracking settings (#27096 by @yogeshwaran-c)
  • Denied creating collections with / in name (#27114 by @costajohnt)
• @directus/types
  • Added a force option to schema apply to bypass hash check (#27136 by @Nitwel)
• @directus/visual-editing
  • Migrated @directus/visual-editing into the monorepo (#27157 by @formfcw)
  • Fixed the edit handler firing twice when clicking an overlay button directly (#27157 by @formfcw)
• @directus/utils
  • Migrated @directus/visual-editing into the monorepo (#27157 by @formfcw)
• @directus/sdk
  • Fixed SDK types linking to directus_access junction collection (#27152 by @yogeshwaran-c)
• @directus/composables
  • Fixed useShortcut attempting to access document before available (#27155 by @ComfortablyCoding)

📦 Published Versions

• @directus/app@15.10.0
• @directus/api@35.2.0
• @directus/composables@11.4.1
• create-directus-extension@11.0.36
• @directus/env@5.8.0
• @directus/extensions@3.0.25
• @directus/extensions-registry@3.0.26
• @directus/extensions-sdk@17.1.4
• @directus/memory@3.1.8
• @directus/pressure@3.0.22
• @directus/schema-builder@0.0.20
• @directus/storage-driver-azure@12.0.22
• @directus/storage-driver-cloudinary@12.0.22
• @directus/storage-driver-gcs@12.0.22
• @directus/storage-driver-s3@12.1.8
• @directus/storage-driver-supabase@3.0.22
• @directus/themes@1.3.3
• @directus/types@15.0.3
• @directus/utils@13.4.1
• @directus/validation@2.0.23
• @directus/visual-editing@2.0.1
• @directus/sdk@21.3.0
• @directus/sandbox@0.0.0

Security Release

• Update Instructions
• Update details on blog

This is a security release to improve attachment related permission checks, and URL validation for webhooks.

Upgrade is advised if you allow untrusted users to delete attachments, or if untrusted users have permission to create webhooks on instances which make use of the ALLOWED_SSR_HOSTS BookStack env file option.

Thanks to 404_pkj (GitHub) and naruhodoowl (GitHub) for responsibly reporting these issues.

Full List of Changes

• Updated PHP package versions.
• Updated attachment actions to align page access check.
• Updated URL validation in webhooks to help prevent escaping workarounds.
• Fixed issue where exact search term negation would lead to no results. (#6121)

5.44.0 (2026-04-29)

🚀 New feature

• deploy to cloud homepage widget (#25774)

🔥 Bug fix

• add responseType to getFetchClient for non-JSON responses (#25974)
• prevent browser defaults for Ctrl+I and other modifier shortcuts in Firefox (#26050)
• contain absolute descendants in OverflowingItem (#26133)
• content-manager: prevent duplicate React key in homepage recent-documents widget (#26084)
• content-manager: optimize document layout hooks (#26005)
• database: make 5.0.0-02-created-document-id migration idempotent (#26045)
• document-service: support delete selection params (#25097)
• document-service: preserve self-referential relations during publish and discard (#25890)
• document-service: discard-draft 500 on self-referential manyToMany relations (#26152)
• i18n: preserve non-localized media when creating a locale (#26031)
• openapi: documentation plugin generates OpenAPI with incorrect ID parameter (#26067)
• review-workflows: pass locale params to useDocument in StageSelect and AssigneeSelect (#26104)
• types: align Service.Generic index signature with Controller.Generic (#25475)

📚 Documentation Changes

• add AGENTS.md universal agent guide (#26018)

⚙️ Chore

• release v5.43.0 update develop (#26100)
• upgrade contributor docs dependencies (#26073)
• deps: bump multiple dependencies (#26103)
• deps: bump @xmldom/xmldom from 0.8.12 to 0.8.13 (#26098)
• deps: bump and dedupe pinned subdeps (#26139)
• examples: migration performance benchmark harness + mariadb/sqlite + anti-pattern schemas (#26036)
• scripts/release: fix experimental peer dependencies install (#26083)

💅 Enhancement

• add ESM syntax support for Vite .mts config file (#25238)
• i18n: improve Russian translations of tours section in admin package (#25221)
• translations: update czech translations (#25824)

❤️ Thank You

• Adrien L @Adzouz
• akash-dabhi-qed @akash-dabhi-qed
• Ayoub Hidri @ayhid
• Bassel Kanso @Bassel17
• Ben Irvin
• DMehaffy
• Filip Ónodi @fonodi
• Jamie Howard @jhoward1994
• Kellen Bolger
• Laurens Kling @laurenskling
• Leonid Vinogradov
• Nico André
• otociulis @otociulis
• Simon Norris @cache-your-dreams
• Ziyi @butcherZ

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.28

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.28

Changes

• allow filtering out members-only videos in subscriptions (closes #971) (5d96a58)

1.5.3 (2026-04-28)

New: Help shape Bulwark Webmail. Each instance now sends a lightweight daily heartbeat (version, platform, bucketed account counts, feature toggles - never message data or PII) so we can see which platforms and features actually get used and prioritize fixes where they matter most. You're in control: opt out any time from Admin → Telemetry or by setting BULWARK_TELEMETRY=off. Full schema in the privacy notice.

Features

• Telemetry: Anonymous instance telemetry, on by default. Reports schema version, platform, bucketed account counts, and feature toggles only - disable from the admin UI, with BULWARK_TELEMETRY=off, or by clearing the endpoint
• Telemetry: Track unique logins (HMAC'd per instance, 90-day retention) so the heartbeat can report bucketed account totals without storing usernames
• Plugins: Theme API v2 with token compiler and skin slot
• Plugins: Extension preview page and detailed extension info API
• Calendar: Right-click context menu on empty calendar space
• Docker: Persistent named volume for telemetry data so the instance id and admin's consent choice survive container upgrades

Fixes

• Security: Block telemetry endpoint from pointing at internal/loopback hosts (validation + DNS-rebind re-check at fetch time)
• Security: Harden plugin config, TOTP token exchange, and branding file serving
• Mail: Batch shortcuts now act on the multi-selection when one is present (#228)

Bug fixes

• validation failed when creating git sync(d7a8bc1 by @kmendell)

Full Changelog: v1.18.0...v1.18.1

1.18.1

1.18.1

1.18.1

New features

• full control over prune options (#2372 by @kmendell)
• add UI to create and edit custom templates (#2351 by @mohamedhagag)
• add raw inspect tab to container detail view (#2368 by @GiulioSavini)
• universal environment dashboard (#2241 by @kmendell)
• add dedicated healthcheck tab for containers (#2384 by @kmendell)
• resource updates overview page (#2204 by @kmendell)
• add ability to deploy Docker Swarm stacks from Git repo with GitOps updates (#2412 by @SplinterHead)

Bug fixes

• handle deferred file close errors in docker build copy helper(3cdc1dd by @kmendell)
• datetime displays now respect the app's selected locale (#2366 by @GiulioSavini)
• guard volume file browser against non-mountable driver types (#2364 by @GiulioSavini)
• actually redeploy swarm stack when saving edits (#2365 by @GiulioSavini)
• set all api endpoints to use auth by default and explicitly remove auth for public endpoints (#2377 by @kmendell)
• add version label to environment cards (#2379 by @kmendell)
• always show save button on template pages (#2402 by @GiulioSavini)
• fall back to user cache dir when /tmp is not writable (#2408 by @GiulioSavini)
• skip image update checks for services with build config (#2403 by @GiulioSavini)
• tolerate undefined env vars in GitSync compose validation (#2380 by @GiulioSavini)
• pin trivy digest to 0.70.0(686248c by @kmendell)
• null user_id for env bootstrap keys + H2 support for registry fetches (#2370 by @GiulioSavini)
• incorrect conversion of linux runtime identity types (#2410 by @kmendell)
• pre-create volumes with driver_opts before stack deploy (#2407 by @GiulioSavini)
• show host CPU/RAM in System Overview instead of Arcane container limits (#2343 by @GiulioSavini)
• compose update indicator not refreshing when a new image is pulled(e367e1f by @kmendell)

Dependencies

• bump github.com/jackc/pgx/v5 from 5.7.6 to 5.9.0 in /backend in the go_modules group across 1 directory (#2383 by @dependabot[bot])
• bump github.com/go-git/go-git/v5 from 5.17.2 to 5.18.0 in /backend in the go_modules group across 1 directory (#2388 by @dependabot[bot])
• bump github.com/docker/compose/v5 from 5.1.2 to 5.1.3 in /backend (#2398 by @dependabot[bot])
• bump charm.land/bubbletea/v2 from 2.0.2 to 2.0.6 in /cli (#2391 by @dependabot[bot])
• bump charm.land/lipgloss/v2 from 2.0.2 to 2.0.3 in /cli (#2390 by @dependabot[bot])
• bump github.com/getarcaneapp/arcane/types from 1.17.3 to 1.17.4 in /cli (#2392 by @dependabot[bot])
• bump github.com/aws/aws-sdk-go-v2/credentials from 1.19.14 to 1.19.15 in /backend (#2396 by @dependabot[bot])
• bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.57.0 to 1.57.1 in /backend (#2400 by @dependabot[bot])
• bump github.com/aws/aws-sdk-go-v2/config from 1.32.14 to 1.32.16 in /backend (#2401 by @dependabot[bot])
• bump to go 1.26.2(f01ce6c by @kmendell)
• bump github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2 in /backend in the go_modules group across 1 directory (#2417 by @dependabot[bot])

Other

• remove useless assignment of bytes variables(7b610e3 by @kmendell)
• use specific cosign id token(a5fd68a by @kmendell)
• use specific cosign id token(369c7b8 by @kmendell)
• use non-interactive mode for cosign(53f286b by @kmendell)
• use manual cosign key(0995de3 by @kmendell)
• use cosign v3 syntax(1b5dd7b by @kmendell)
• simplify version info dialog(dbad484 by @kmendell)
• redesigned login screen (#2389 by @kmendell)
• use arcane/tools image for volume browser and trivy scans (#2409 by @kmendell)

Full Changelog: v1.17.4...v1.18.0

1.18.0

1.18.0

1.18.0

Bug fixes

• truncate long image refs in container table (#2318 by @GiulioSavini)
• project icons not loading when used with yaml/env aliases (#2324 by @kmendell)
• surface actual compose load error instead of generic 'no compose file found' (#2326 by @mkaltner)
• project max depth not working for filesystem discovery (#2325 by @kmendell)
• Locale selector background was inconsistent (#2348 by @RJMurg)
• light mode contrast for container stats CPU/memory monitor (#2344 by @GiulioSavini)
• keep project build context as container path so local builder can stat it (#2346 by @GiulioSavini)
• preserve webhook URL query params in generic notification provider (#2345 by @GiulioSavini)
• surface registry fetch errors in GET /templates/registries (#2355 by @GiulioSavini)
• detect provider-level failures in generic webhook notifications (#2356 by @GiulioSavini)
• skip gitops-managed projects in filesystem cleanup (#2354 by @GiulioSavini)
• Update Projects button only updates project containers (#2289 by @GiulioSavini)
• svelte reactivity issues in project editors (#2329 by @kmendell)
• send notification on single container update (#2357 by @GiulioSavini)

Dependencies

• bump github.com/mattn/go-runewidth from 0.0.22 to 0.0.23 in /cli (#2303 by @dependabot[bot])
• bump prettier from 3.8.1 to 3.8.2 (#2313 by @dependabot[bot])
• bump @codemirror/view from 6.40.0 to 6.41.0 (#2306 by @dependabot[bot])
• bump @sveltejs/kit from 2.55.0 to 2.57.1 in the npm_and_yarn group across 1 directory (#2327 by @dependabot[bot])
• bump extractions/setup-just from 3 to 4 (#2331 by @dependabot[bot])
• bump pnpm/action-setup from 5 to 6 (#2333 by @dependabot[bot])
• bump actions/github-script from 8 to 9 (#2330 by @dependabot[bot])
• bump github.com/coreos/go-oidc/v3 from 3.17.0 to 3.18.0 in /backend (#2334 by @dependabot[bot])
• bump github.com/getarcaneapp/arcane/types from 1.17.2 to 1.17.3 in /cli (#2332 by @dependabot[bot])
• bump @tanstack/svelte-query from 6.1.13 to 6.1.14 (#2336 by @dependabot[bot])
• bump golang.org/x/mod from 0.34.0 to 0.35.0 in /backend (#2335 by @dependabot[bot])
• bump svelte from 5.55.0 to 5.55.3 (#2338 by @dependabot[bot])

Other

• add missing permissions for attestations(8362f97 by @kmendell)

Full Changelog: v1.17.3...v1.17.4

1.17.4

1.5.2 (2026-04-27)

Features

• Plugins: New composer-sidebar slot and ui:composer-sidebar permission — plugins can now render a panel on either side of the New Message dialog. See repos/subway-surfers for an example
• Plugins: Manifests can declare frameOrigins — a strictly-validated list of https://host origins the plugin needs to embed. The proxy reads the union from enabled plugins and merges it into the host CSP frame-src, so the host CSP no longer needs to know about specific embed providers
• Calendar/Contacts: JMAP sharing for calendars and address books
• i18n: Czech language support

Fixes

• Security: Validate URLs before outbound fetch
• Calendar: Prevent drag creation on touch events in the time grid
• Contacts: Emit RFC 9553 name kinds and decode QUOTED-PRINTABLE in vCard import (#224, #187)
• Mail: Hide preview line in compact density to match settings preview (#223)
• Proxy: Inline matcher for Next.js proxy and drop unnecessary Node.js runtime config
• i18n: Portuguese fixes for "ficheiro" and "contactos" variants

Changelog

Others

• cc605ac: Added shutdown group (#1732) (@mabbas007)
• b297f3a: Format pending countdown as MM:SS (#1727) (@phuonganh2601)
• af655d3: build(deps-dev): bump vite from 7.3.1 to 7.3.2 in /frontend (@dependabot[bot])
• 6df1205: update deps (@seriousm4x)

Github Actions

• aabd8c1: gh-action: bump dependabot/fetch-metadata from 2 to 3 (@dependabot[bot])
• 24e218b: gh-action: bump pnpm/action-setup from 5 to 6 (@dependabot[bot])

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.26

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.26

Changes

• implement time-clipped downloads (closes #969, replaces #907) (4f83174)
• title filter for subscriptions (closes #968) (91ee831)
• Bump aquasecurity/trivy-action in the github-actions group (d89a5dd)

1.5.1 (2026-04-25)

Features

• Stalwart: OAuth auto-setup with dialog and validation for origin and issuer URLs
• Mail: Right-click context menu on the folders sidebar
• Mail: Replace folder prompt() calls with a proper modal dialog
• Calendar: Add 'Today' button to the desktop calendar toolbar
• Junk: Setting to show avatars in the Junk folder

Fixes

• Admin: Restore admin panel after Stalwart v0.16 REST API removal
• Viewer: Restore broken viewer toolbar actions and improve the mobile menu (#220)
• Folders: Stop flicker on background folder refresh
• Email: Preserve search/filter on batch move and archive
• Email: Preserve search/filter when moving emails via drag-drop
• i18n: Improve Korean flag

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2026-03-08)

recent important news

• v1.20.9 (2025-02-25) fixed CVE-2026-27948 (XSS)

🧪 new features

• #1410 #376 #1224 new option --glang to autoselect UI-translation based on webbrowser's language (thx @stackxp!) ec3e0e7
• #1407 #1384 option to automatically switch between list-view and grid-view depending on folder contents (thx @icxes!) 822fa71 660ed7a 961a273
• #1447 audioplayer can now play bcstm / bfstm / brstm files (nintendo 3ds/wii bgm) 3a9ff67
• #1389 add 1000-based filesize-units in addition to 1024-based 43773f2
• #1395 reloc-by-wark, a pair of hooks to rename incoming uploads to a hash of the file contents 1e7de5d
• option --rlo to change the logrotate-counter for -lo 8b98688
• add --certkey to specify certificate and key as separate files 8c7cdf8
  • but the built-in HTTPS server should still not be trusted
• config-files can now use OS environment-variables anywhere in the [global] config section cbd82b6 e52bbed
  • by default, only the syntax ${VAR} is supported, not $VAR or %VAR%
  • previously, a small handful of global-options already supported this (c lo hist dbpath ssl_log), but they also supported the $VAR syntax, which is no longer the case
  • if the old $VAR syntax is detected, copyparty will crash on startup, suggesting the following remedies (choose one!) in the log:
    1. update the config-value to the new ${VAR} syntax (recommended)
    2. allow the old syntax with global-option --env-expand 1 (risky)
    3. ignore the old syntax and only expand the new syntax with global-option --env-expand 2
    4. disable all environment-variable expansions with PRTY_NO_ENVEXPAND=1

🩹 bugfixes

• #1437 webdav clients can now PROPFIND a file with depth: infinite which at least webdav4 does e00f2b4
• #1392 navigating into a subfolder using a dks dirkey (default-disabled) could fail 228c3df
• #1446 #1330 #1362 fix some small edgecases with the rightclick-menu (thx @icxes!) 874e0e7
• #1403 #1396 audioplayer: fix ui-crash when folder contains an m3u-file and sort-order is changed during playback (thx @icxes!) 198f631
• #1428 #1427 when --magic was enabled, nameless uploads of textfiles would get the file-extension .ssa instead of .txt (thx @Scotsguy!) ed516dd
• #1449 on some filesystems, the tail/follow function would spam the log with reopened at byte XXX 8173018
• #1401 on windows, a spec-violating basic-upload could delay that upload by a few seconds 6fb1287
• on macOS, u2c would clear the terminal on exit, even with -ns 238887c
• audio-files in a videofile trenchcoat did not thumbnail correctly 1066dc3

🔧 other changes

• #1387 added gentoo packaging (thx @mid-kid!) fb5384f
• #1425 improved FreeBSD / OpenBSD support (thx @chilledfrogs!) f561318 745d82f
• #1352 new handler: fail2ban (thx @Lomaiin!) 26e663d
• improve errormessage when the server's OS-HDD blips out of existence d1517d0
• #1439 improve IPv6 autoban IP-range (thx @SnowSquire!) f6dc1e2
• ensure opus transcodes will at most have 2 audio channels (stereo) b31f290
• #1417 smb-server: probably add IPv6 support a5d859d
• --list-nics and --list-ips to show autodetected network-adapters and IPs 8d4363d
• docs:
  • nixos module-override example (thx @Scotsguy!) 0b16e87
  • make it even more obvious that --allow-csrf is a bad idea 9a724b0
  • mention --urlform get to disable message-to-serverlog ac05b4f
  • readme: improve shadowing phrasing 003c68d
  • devnotes: explain the vendored dependencies 971f8ef

🌠 fun facts

• this release includes code written at abs(unit)
  • btw that pdp had an IPv6 lease and browsed the internet :^)
    • hasn't connected to copyparty though (yet...)
• this release was powered by 一体いつから (TaKo Hardcore bootleg) followed by Fighting My Way (YUPPUN Hardcore Remix) (shd is a good dj)

💾 what to download?

• except for u2c.exe, all of the options above are mostly equivalent
• the zip and tar.gz files below are just source code
• python packages are available at PyPI

1.5.0 (2026-04-23)

Breaking Changes

• Self-service portal now needs Stalwart 0.16+: Stalwart dropped its self-service HTTP API in 0.16.0 and replaced it with JMAP. Bulwark Webmail only talks to the new JMAP endpoint, so the self-service portal (account settings, app passwords, API keys) requires Stalwart 0.16 or newer. STALWART_API_URL is deprecated, these actions go through the normal JMAP session.

Features

• Stalwart: Migrate Stalwart management API to JMAP x: methods for Stalwart 0.16
• Admin: Add API Keys management and IP allowlist for App Passwords
• Contacts: Revamp contact detail view with filters, photo, print, and duplicate actions
• Contacts: Add contact activity component showing recent emails and upcoming events
• Contacts: Add right-click context menu
• Contacts: Group contacts by first letter with sticky section headers, toggleable in settings
• Calendar: Support resizing events from the top edge
• Calendar: Add timezone-aware formatting for event start times and update utcEnd on duration change
• Calendar: Optimize layout of overlapping events
• Calendar: Add collapsible details to calendar invitation banner
• Email: Implement batch archiving and bulk moving of emails
• Email: Show full folder path in move/drop toast
• Settings: Reorganize settings into 6 groups with clearer tabs
• Navigation: Add account-addition button to the navigation rail
• Mobile: Streamline email viewer header layout
• Mobile: Pass isMobile through calendar views and time-grid interactions

Fixes

• Mailbox: Retry mailbox fetch on first login to handle lazy provisioning (#217)
• Mailbox: Use fresh state in archive handling to avoid stale mailbox data
• Mailbox: Improve error message on mailbox creation failure
• Auth: Skip checkAuth on route change when already authenticated
• Auth: Clean up unused imports and improve TOTP QR code rendering
• UI: Align hover styles and selection-toggle target with focused item
• UI: Read matchMedia synchronously on client to prevent layout flicker

Refactor

• Settings: Remove Stalwart API URL configuration (now derived via JMAP)

Chore

• i18n: Add missing translation keys
• Deps: Bump dependencies to latest compatible versions

Changelog

• 69901f9 Bump actions/download-artifact to v8
• f8e188a chore(deps): bump the dev-dependencies group with 11 updates
• 6f321fd chore(deps): bump the dev-dependencies group with 21 updates
• ccba8a5 chore(deps): bump the dev-dependencies group with 9 updates
• 2b918d5 chore: fix spellings and unused function args
• 0dc074a feat: add --socket-perm option for UNIX socket file permissions
• 14b0aab feat: add cli option to generate shell auto completion
• 53bbaf2 feat: add presigned URL generation in webui
• 545a9e9 feat: add server-side pagination for webui object explorer
• 41fc459 feat: history back/forward actions on explorer and modals
• fcb540e feat: in webui add bucket favorites and direct-navigation to explorer
• a673900 fix for multipart upload when using sidecar meta
• 873148a fix: add Host header to HTTP test requests for fasthttp v1.70.0 compatibility
• 8c49a33 fix: add explicit sidecar metadata cleanup on object/bucket deletion
• 9816c2f fix: add gcs compatibility flag to fix s3proxy GCS SigV4 signature mismatch
• 81f0158 fix: close temp file before rename in sidecar StoreAttribute
• d6fb954 fix: correct 206 Partial Content response status for ranged GetObject and HeadObject
• 48bfa9f fix: correct HeadObject restore status for offline objects in scoutfs
• 8e8fac6 fix: docker entrypoint move VGW_ARGS before backend subcommand
• b905554 fix: fix azure multipart upload objects masking
• b151d46 fix: fix webui port validation to allow unix socket paths
• 3529e1b fix: in webui use AWS SigV4-compliant URI encoding for path and query params
• 62e8cdd fix: make CompleteMultipartUpload idempotent and add part-number support to GetObject/HeadObject
• b473aa0 fix: move versionId validation to backend
• 5ff1c4b fix: use encodeS3Key in webui instead of encodeURIComponent in createFolder

5.43.0 (2026-04-22)

🚀 New feature

• core/*: introduce strapi.ai namespace (#25886)
• i18n: complete Dutch (nl) translations for admin panel (#25932)

🔥 Bug fix

• date picker sends date-only format to avoid deprecation warning (1508d5d8f3)
• bulk publish validation on required components in dz (#25687)
• use admin basename for 401 redirect path (#25458)
• auth providers generate unique username on conflict (#23853)
• webpack public path was missing a slash at the end (#22654)
• handle potential null userPermissions in Protect component (#24444)
• admin: add cursor pointer and fix click behavior on sortable table headers (#25418)
• admin: eliminate several browser race conditions (#26020)
• content-manager: blocks editor errors when image has formats: null (#26015)
• content-manager: use RBAC-aware populate in countDraftRelations (#25977)
• content-manager: don't allow locale to overwrite list view settings (#25437)
• content-manager: render ID column without number grouping (#25996)
• content-manager: apply i18n translations to dynamic zone component names (#25417)
• data-transfer: fix large transfer crashes; show transfer progress (#23479)
• upload: content-api does not return signed urls (#26034)
• upload-aws-s3: support root-level credentials and update AWS SDK (#25914)

⚙️ Chore

• update main README content (#25618)
• data-transfer: isIgnoredContentType helper for filtering (#26004)
• deps: bump undici from 6.24.1 to 6.25.0 (#26022)
• deps: bump follow-redirects from 1.15.11 to 1.16.0 (#26025)

💅 Enhancement

• strapi dev continue watching on build error (#25514)
• add list & delete admin user cli commands (#23022)
• data-transfer: improve progress UX (#25921)

🚨 Security

• upgrade to axios 1.15.1 (#26072)

❤️ Thank You

• Adrien L @Adzouz
• Akash Santra @Akash504-ai
• Bellian @Bellian
• Ben Irvin @innerdvations
• Benedikt Rötsch @axe312ger
• DMehaffy @derrickmehaffy
• Jamie Howard @jhoward1994
• Jan Willem Keizer @janwillemkeizer
• Jayesh Patel @itsmejay80
• Jesús Villar @Callm3thebreeze
• kdt523 @kdt523
• Marian Vonsien @mvo-zyres
• markkaylor @markkaylor
• Nico André @nclsndr
• Nikola Dinevski @ndinevski
• Paul Bratslavsky @PaulBratslavsky
• Schero D. @Schero94
• Simen @Eventyret
• Varun Chawla @veeceey

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.21

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.21

Changes

• upgrade dependencies (abb9492)
• cr fixes (23de982)
• Updated import and fixed race condition (0ea934c)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.18

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.18

Changes

• fix yt-dlp options overrides (closes #958) (e9f979b)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.16

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.16

Changes

• upgrade dependencies (ab42325)
• fix PUBLIC_HOST_URL without a trailing slash (closes #959) (1a32eba)
• don't run workflow on README changes (29ccc42)
• add more CORS details (f2d71cb)