• Milestone

This is bug-fix release for 1.29.0.

Feature highlights✨:

• Accept .txt import of feed URLs in additional to e.g. OPML
• New CLI for automatic periodic SQLite export with retention
• More feed info: last received date, publication date

Bug fixes highlights 🐛:

• Fix cookies with some browsers
• Fix search in shared user queries with empty results

UI highlights 🖼:

• Improve Web browsers compatibility

This release has been made by @Alkarex, @Frenzie, @IEEE-754, @Inverle, @McFev, @ciro-mota, @cweiske, @polybjorn and newcomer @mzl2233

Full changelog:

• Features
  • Accept .txt import of feed URLs in additional to e.g. OPML #8818, #8837
  • New CLI for automatic periodic SQLite export with retention #8819
  • More feed info: last received date, publication date #8799
• Bug fixing
  • Fix cookies with some browsers #8867
  • Fix search in shared user queries with empty results #8863
  • Fix XML errors with loading invalid OPML in lib_opml library #8652, #8853,
    lib_opml#48, lib_opml#51
  • Fix ensure maximum number of feeds also with Dynamic OPML #8832
  • Fix click mark as read #8817
• UI
  • Improve browser compatibility to keep mobile navigation at the bottom #8833
  • Improve support of older/simpler Web browsers/engines such as SeaMonkey #8810,
    #8811, #8813,
  • Improve Swage theme #8842
  • Rename Nord theme to Nord #8805
  • Replace GIF spinner by CSS spinner #8804, #8812
  • Various UI and style improvements: #8800, #8816,
• I18n
  • Improve Brazilian Portuguese #8846
  • Improve Dutch #8868
  • Improve German #8840
  • Improve Polish #8854
  • Improve Russian #8861
  • Improve Traditional Chinese #8849
• Misc.
  • Update dev dependencies #8858, #8864

5.46.1 (2026-05-20)

🔥 Bug fix

• FK violation publishing self-relation parent & child in one release (#26147)
• move session-manager jwt check from register to bootstrap (#25412)
• admin: remove year 2041 limit on date/datetime pickers (#26209)
• content-manager: fix getMainField context for component list/edit configure views (#25509, #26124)
• database: respect nested sort in populate for join-table relations (#26361)
• graphql: inherit publication state for i18n localizations (#22163)
• migrations: guard inverseJoinColumn access in discard-drafts migration (#26331)
• review-workflows: add assignee and review stage to list view filters (#26171)
• review-workflows: message when single stage (#26229)
• upgrade: use pnpm install when project prefers pnpm (#26246)
• upgrade: align scoped @strapi packages in devDependencies (#26248)

⚙️ Chore

• sonarcloud security review (#25949)
• deps: bump ip-address from 10.1.0 to 10.2.0 (#26222)
• deps: bump @protobufjs/utf8 from 1.1.0 to 1.1.1 (#26311)
• deps: bump axios from 1.15.1 to 1.15.2 (#26177)
• deps: bump fast-xml-builder from 1.1.4 to 1.2.0 (#26253)
• deps: bump fast-uri from 3.0.1 to 3.1.2 (#26254)
• eslint: migrate .eslintrc + .eslintignore to .eslintrc.cjs (#26216)

🚨 Security

• deps: upgrade multiple dependencies (#26326)

❤️ Thank You

• Adrien L @Adzouz
• Andrei L @unrevised6419
• Ben Irvin
• Garrett Heaver @garrettheaver
• jmichalec-vl
• Maksim Zhukau @MaksZhukov
• Simen @Eventyret
• Simon Norris @cache-your-dreams
• Westley Marchment

Bug fixes

• block unsafe compose include file reads (#2630 by @kmendell)
• add missing gRPC/ws tunnel commands (#2636 by @kmendell)
• unable to use templates due to 'not found' error (#2634 by @kmendell)
• retry rate limited update checks (#2639 by @kmendell)
• prevent projects from disappearing when projects folder is unreadable (#2641 by @kmendell)
• release notes not populated for manager instance (#2643 by @kmendell)

Other

• publish manager and agent image tags (#2645 by @kmendell)
• use trivy-db mirrors from arcane-tools (#2646 by @kmendell)

Full Changelog: v1.19.3...v1.19.4

1.19.4

1.19.4

1.19.4

1.6.7 (2026-05-17)

Features

• Contacts: vCard 4.0 parsing and generation support
• Admin: Master-user impersonation route with app-top-banner plugin slot rendered on every authenticated page
• Admin: Allow admin password overwrite during setup recovery
• Setup: HTTPS requirement warning in the setup wizard
• Mobile: Show details toggle and expandable panel for sender info

Performance

• Calendar: Speed up calendar invitation banner load

Security

• Mail: Sandbox thread email HTML in srcDoc iframe with a CSP <meta> tag
• Admin: Redact sensitive config secrets from the admin API response
• Admin: Make impersonation cookies session-only

Fixes

• Auth: Read OAUTH_SCOPES at runtime instead of build time
• Auth: Use a relative Location header in redirects
• Auth: Adopt orphan session cookie on first SPA load
• Mail: Per-account push subscriptions so multi-account notifications work (#298)
• Mail: Close attachment preview when clicking outside the content area
• Mail: Pin quick reply to the bottom for short emails
• Mail: Show "no body content" instead of an infinite skeleton for bodyless emails
• Mail: Show contact popup when clicking the sender name in the email header
• Mail: Prevent long addresses from overflowing email details columns (#297)
• Mobile: Align quick reply with the mobile bottom toolbar
• Mobile: Respect safe-area insets on mobile bottom bars
• Mobile: Pad safe-area-inset-top
• UI: Apply dark background to the email content wrapper in dark mode
• UI: Improve dark mode background colors in the email viewer
• UI: Add viewport export with initialScale: 1
• UI: Strip the Stalwart master-user % suffix from the displayed account
• Plugins: Warn and block install when the app version is below the plugin's minAppVersion
• Plugins: Register app-top-banner in plugin-store SLOT_NAMES
• Plugins: Carry configSchema + settingsSchema through marketplace install
• Build: Add outputFileTracingExcludes to reduce Turbopack memory tracing

i18n

• Add missing translation keys across 16 locales

Bug fixes

• remove gzip middleware from agent endpoints (#2627 by @kmendell)

Full Changelog: v1.19.2...v1.19.3

1.19.3

1.19.3

1.19.3

Bug fixes

• remove intel-gpu-tools from docker images since its has no effect currently(fea78a5 by @kmendell)
• allow hiding default networks on typology view (#2594 by @kmendell)
• refresh project detail runtime status (#2602 by @kmendell)
• allow LOGIN email authentication type (#2603 by @kmendell)
• keep session across backend version bumps (#2607 by @kmendell)
• missing store prefix on test connection form(5f1645f by @kmendell)
• swarm engine not respecting cpu limits (#2617 by @kmendell)
• only perform auto pairing on edge edgent not direct (#2622 by @kmendell)
• container cache leak from docker subscription (#2624 by @kmendell)

Performance improvements

• increase loading times of project list view (#2596 by @kmendell)

Dependencies

• bump to go 1.26.3(8e819fe by @kmendell)
• bump all go deps(6817e70 by @kmendell)
• bump the npm_and_yarn group across 1 directory with 2 updates (#2600 by @dependabot[bot])
• bump svelte from 5.55.5 to 5.55.7 in the npm_and_yarn group across 1 directory (#2601 by @dependabot[bot])
• bump github.com/danielgtaylor/huma/v2 from 2.37.3 to 2.38.0 in /backend (#2612 by @dependabot[bot])
• bump github.com/docker/cli from 29.4.3+incompatible to 29.5.0+incompatible in /backend (#2613 by @dependabot[bot])
• bump google.golang.org/grpc from 1.81.0 to 1.81.1 in /backend (#2610 by @dependabot[bot])
• bump prettier-plugin-svelte from 3.5.1 to 3.5.2 (#2618 by @dependabot[bot])

Other

• create admin role middleware for each endpoint (#2593 by @kmendell)
• consolidate digest and image updater logic (#2623 by @kmendell)

Full Changelog: v1.19.1...v1.19.2

1.19.2

1.19.2

1.19.2

1.6.6 (2026-05-15)

Features

• Mail: Sync onboarding completion state across devices so the welcome flow only runs once per account (#285)
• Mail: Distinct icons for Shared, Important, Memos, Scheduled, and Snoozed folders (#288)
• Compose: Raise HTML identity signature length cap to 50,000 characters
• Compose: Allow <img> tags in HTML identity signatures for inline logos and banners

Fixes

• Files: Hide Files settings entry and sidebar nav when the filesEnabled policy is off (#291)
• Admin: Honor the cookieSameSite admin config override instead of always defaulting (#284)
• UI: Standardize punctuation in tooltips and inline comments across locales

i18n

• Add Danish localization
• Clean up Danish locale wiring and sort the language picker alphabetically (#286)

Changelog

Bug fixes

• 7b8bcfa: fix: switch cron-parser to named import (CronExpressionParser) (#1737) (@codeanish)

5.46.0 (2026-05-13)

🚀 New feature

• close button for the trial banner (3fd5f9fd56)
• adding collapse button (901465b1e2)
• updating design after Claude comments (d1cb08f76e)
• getting that button to stick while the banner doesn't (f04fe97a75)
• add preview support to images and videos (#25216)
• content-manager: add possibility to customize blocks (#22063)
• email: replace sendmail package with nodemailer in provider (#25893)

🔥 Bug fix

• making button float better (c5396f1c18)
• using isValid & adding translations (59498861f7)
• auto-expand and scroll to newly added dynamic zone components (#26044)
• keep draft link on x-to-one relations non-dp to dp (#26179)
• long component names overflow in dynamic zone picker (#26010)
• remove await from several telemetry calls to prevent blocking (#24743)
• admin: resolve prism is not defined (#25660)
• admin: handle 204 no-content response in fetch client (#25416)
• content-manager: local-storage was not updated if filters were removed (#26240)
• content-manager: skip draft/modified count queries for non-D&P content types (#26049)
• core/admin: admin and content api tokens retro-compatibility (#26313)
• core/core: validation uses injected strapi instance (#26211)
• database: morph typeField wins over same-name fields in populate (#26120)
• database: append primary key to ORDER BY for paginated selects (#26032)
• db: deterministic schema hash by sorting tables before hashing (#26202)
• graphql: isolate root query args per root field (#26178)
• test: check button attribute differently (#26212)
• utils: throw ValidationError for all invalid query params (not just sort) (#25894)

⚙️ Chore

• adding translations for the banner (e696d94627)
• turkish translations for cloud (#26223)
• .github: bump CI runners to node 24 (#26231)
• ai: ignore .agents/local-skills and .agents/local-state for local only harness (#26276)
• deps: bump eslint-plugin-react (#26227)
• deps: migrate msw 1.x → 2.13.4 across admin test suites (#26065)
• deps: upgrade typedoc to 0.28.19 and related plugins (#26082)
• security: mark Strapi v4 as End of Life (#26162)
• upload: add concurrentUploadSize config (#26053)

❤️ Thank You

• Alanderson Zelindro da Rosa
• Andrei L @unrevised6419
• Anslem @ace2016
• Ben Irvin
• Christian Dreier
• DMehaffy
• Florent Baldino @Baldinof
• guoyangzhen
• Jamie Howard @jhoward1994
• markkaylor
• mathildeleg @mathildeleg
• Nico André
• Nicolò
• ozzy @ddoemonn
• Rémi de Juvigny @remidej
• Simen @Eventyret
• Simon Norris

1.6.5 (2026-05-13)

Features

• Protocol: Register as the system handler for mailto: and webcal: links from a new protocol handler settings page
• Protocol: Account picker for protocol links when multiple accounts are connected
• Protocol: Import-or-subscribe choice for detected webcal calendars
• Protocol: Reuse the open PWA/session for mailto: links instead of always opening a new tab
• UI: Route account avatars through the shared Avatar component for consistent fallbacks (#278)

Fixes

• Calendar: Support HTTP basic auth in iCal subscription URLs (#275)
• Admin: Honor admin-uploaded favicon in root metadata (#274)
• Admin: Honor NEXT_PUBLIC_BASE_PATH in admin sidebar nav links (#271)
• UI: Broaden body font stack so Thai (and other non-Latin scripts) render correctly in subjects, sender names, and other chrome (#265)

Bug fixes

• show archived switch overlapping projects search bar(d02a05c by @kmendell)
• show correct environments types in filter (#2578 by @kmendell)
• build history not being updated after builds are completed (#2586 by @kmendell)
• incorrect backend arg used for trivy on 32bit hosts (#2587 by @kmendell)
• updater api authorization checks (#2588 by @kmendell)
• deny non hmac jwt requests(d568d03 by @kmendell)
• add rate limiting to webhooks and auth endpoints, and add caching to user session (#2591 by @kmendell)

Other

• add mobile device custom redirect url for oidc (#2580 by @kmendell)
• migrate off gin to use echo for backend router (#2582 by @kmendell)
• store user sessions in database with proper jti (#2590 by @kmendell)

Full Changelog: v1.19.0...v1.19.1

1.19.1

1.19.1

1.19.1

New features

• show pull usage and limits (if applicable) (#2458 by @kmendell)
• automated docker api re-negotiation (#2471 by @kmendell)
• implement node label management with system and user label separation (#2479 by @SplinterHead)
• allow mTLS auth for edge agents (#2116 by @kmendell)
• implement multi-file swarm git sync and host path mapping (#2457 by @SplinterHead)
• ability to archive projects (#2519 by @kmendell)
• redesigned updater center for arcane self updates (#2558 by @kmendell)

CLI - New features

• arcane-cli update channels and self-update (#2517 by @kmendell)

Bug fixes

• git sync file size limitations not being respected (#2427 by @kmendell)
• default secret and config UID/GID to "0" to prevent parsing errors (#2422 by @SplinterHead)
• resolve project status using effective compose project name (#2198 by @GiulioSavini)
• block compose self-redeploy when arcane manages itself (#2404 by @GiulioSavini)
• scope named volume sources to stack in service mounts (#2430 by @GiulioSavini)
• card overview headers missaligned on layout(5fd35e4 by @kmendell)
• include files not created with new projects (#2463 by @kmendell)
• tables are laggy when lots of rows are rendered (#2468 by @kmendell)
• buildkit not using the image exporter (#2469 by @kmendell)
• swarm scale mode and replicas fixes (#2470 by @kmendell)
• prevent slog-gin panic on tunneled requests (#2467 by @lohrbini)
• don't clear real image records when marking ref-aliases up to date (#2474 by @GiulioSavini)
• restrict git repository management to admins and block credential reuse on URL changes (#2504 by @kmendell)
• show loading state immediately on swarm service actions (#2475 by @GiulioSavini)
• allow mtls when tls is not managed by arcane (#2503 by @kmendell)
• skip excluded containers when collecting images for auto-update pull (#2473 by @GiulioSavini)
• remove double verification of mTLS certificates (#2505 by @kmendell)
• image update checks fail on mobile due to incorrect id (#2506 by @kmendell)
• add registry.gitlab.com to trustedAuthDelegations (#2507 by @kmendell)
• accent color allows non color values to be saved (#2513 by @kmendell)
• handle directory-sync file paths that Docker previously created as directories (#2508 by @kmendell)
• improve login form autofill compatibility (#2514 by @MikeO7)
• use in-memory trivy DB backend on 32-bit architectures to prevent mmap allocation failure (#2529 by @kmendell)
• allow force removing of images (#2530 by @kmendell)
• set docker config directory to avoid errors around config.json (#2557 by @kmendell)
• remove double loading of env overides and settings, use in memory cache instead (#2562 by @kmendell)
• show compose-labeled image updates in project updates (#2563 by @kmendell)
• gotify token decryption missing from auto heal and prune notifications(e28c4a4 by @kmendell)
• regenerate apikey dialog shows behind sheet(b7a8ec7 by @kmendell)
• always use dockerhub credentials if available (#2567 by @kmendell)
• agent api token fallbacks and guards (#2568 by @kmendell)

CLI - Bug fixes

• use correct checksum for updater(d645d4d by @kmendell)
• replace the arcane-cli located on PATH during update(a1e0c4a by @kmendell)

Dependencies

• bump github.com/moby/moby/client from 0.4.0 to 0.4.1 in /types (#2441 by @dependabot[bot])
• bump github.com/docker/cli from 29.4.0+incompatible to 29.4.1+incompatible in /backend (#2443 by @dependabot[bot])
• bump github.com/getarcaneapp/arcane/types from 1.17.4 to 1.18.1 in /cli (#2444 by @dependabot[bot])
• bump github.com/moby/moby/api from 1.54.1 to 1.54.2 in /backend (#2445 by @dependabot[bot])
• bump prettier from 3.8.2 to 3.8.3 (#2449 by @dependabot[bot])
• migrate to pnpm v11.0.0(4a94c5c by @kmendell)
• upgrade frontend dependencies (#2461 by @kmendell)
• bump github.com/docker/cli from 29.4.1+incompatible to 29.4.2+incompatible in /backend (#2490 by @dependabot[bot])
• bump github.com/samber/slog-gin from 1.21.0 to 1.21.1 in /backend (#2481 by @dependabot[bot])
• bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.57.1 to 1.57.2 in /backend (#2489 by @dependabot[bot])
• bump @tanstack/svelte-query from 6.1.24 to 6.1.26 (#2485 by @dependabot[bot])
• bump github.com/aws/aws-sdk-go-v2/credentials from 1.19.15 to 1.19.16 in /backend (#2487 by @dependabot[bot])
• bump ghcr.io/devcontainers/features/node from 1.7.1 to 2.0.0 (#2480 by @dependabot[bot])
• bump github.com/fsnotify/fsnotify from 1.9.0 to 1.10.1 in /backend (#2482 by @dependabot[bot])
• bump pnpm to 11.0.6(0e47b40 by @kmendell)
• bump github.com/aws/aws-sdk-go-v2/config from 1.32.16 to 1.32.17 in /backend (#2536 by @dependabot[bot])
• bump github.com/shirou/gopsutil/v4 from 4.26.3 to 4.26.4 in /backend (#2542 by @dependabot[bot])
• bump golang.org/x/text from 0.36.0 to 0.37.0 in /backend (#2540 by @dependabot[bot])
• bump github.com/charmbracelet/fang from 0.4.4 to 1.0.0 in /cli (#2532 by @dependabot[bot])
• bump @codemirror/view from 6.41.1 to 6.42.1 (#2535 by @dependabot[bot])
• bump golang.org/x/time from 0.14.0 to 0.15.0 in /backend (#2538 by @dependabot[bot])
• bump react-dom from 19.2.5 to 19.2.6 (#2541 by @dependabot[bot])
• bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 in /backend in the go_modules group across 1 directory (#2544 by @dependabot[bot])
• bump sigstore/cosign-installer from 4.1.1 to 4.1.2 (#2533 by @dependabot[bot])
• bump react-email from 6.0.1 to 6.1.1 (#2537 by @dependabot[bot])
• bump golang.org/x/net from 0.53.0 to 0.54.0 in /backend (#2539 by @dependabot[bot])
• bump pnpm to v11.0.9(5f43b7e by @kmendell)
• remove react-email/preview-server(685f9c3 by @kmendell)
• bump github.com/nicholas-fedor/shoutrrr from 0.14.3 to 0.15.0 in /backend (#2547 by @dependabot[bot])
• bump github.com/docker/cli from 29.4.2+incompatible to 29.4.3+incompatible in /backend (#2548 by @dependabot[bot])
• bump golang.org/x/mod from 0.35.0 to 0.36.0 in /backend (#2550 by @dependabot[bot])
• bump google.golang.org/grpc from 1.80.0 to 1.81.0 in /backend (#2551 by @dependabot[bot])
• bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 in /backend (#2553 by @dependabot[bot])
• bump @tanstack/svelte-query from 6.1.26 to 6.1.28 (#2549 by @dependabot[bot])

Other

• make login screen padding more centered (#2429 by @kmendell)
• sidebar grouping and edge cases (#2188 by @cabaucom376)
• consolidate helpers and dedupe boilerplate code (#2437 by @kmendell)
• split ws_handler and skip pagination counts when not needed (#2440 by @kmendell)
• cleanup frontend with more universal components (#2459 by @kmendell)
• frontend ui cleanup and fixes (#2515 by @kmendell)
• use charm logging instead of logrus for arcane-cli (#2518 by @kmendell)
• move job bootstrap into job service (#2523 by @kmendell)
• streamline remote environment logic (#2524 by @kmendell)

Full Changelog: v1.18.1...v1.19.0

1.6.4 (2026-05-11)

New: Web Setup Wizard

First-launch web setup wizard. New installs no longer need to hand-edit .env.local - point a browser at the container and the wizard probes the JMAP server(s), configures OAuth/OIDC, generates the session secret, accepts branding uploads, and provisions the initial admin password. Admin storage is now split into ADMIN_CONFIG_DIR (operator-authored, mountable read-only after setup) and ADMIN_STATE_DIR (runtime audit log and login timestamps); the legacy ADMIN_DATA_DIR keeps working for existing installs.

Features

• Setup: Web setup wizard with multi-step flow: Server, Auth, Security, Logging, Branding, Review, Admin
• Setup: Admin config/state directory split with optional ADMIN_CONFIG_READONLY for immutable deployments (#226)
• Setup: File uploads on the wizard branding step
• Setup: Redesigned review step with grouped summary and an advanced toggle for the full config
• Setup: Require explicit confirmation when JMAP probe finds no session
• Mail: Drag attachments out of the viewer to the local file system (#267)
• Mail: Reading Pane at Bottom mail layout (#262)
• Mail: Configurable signature position – above or below quoted text (#266)
• Mail: Signature position is now searchable from the email behavior settings
• Mail: Show avatar in Focused list for compact density and above
• Mail: Align Focused list preview with other layout previews
• Compose: From-header override in the composer with catch-all auto-reply, replies to an alias on a domain you own pre-fill the alias as the sender even when it isn't a configured identity (#246)

Performance

• Mail: Prefetch initial email data on login
• Auth: Parallelize login round-trips and drop redundant JMAP re-verify

Fixes

• Auth: Skip upstream JMAP reverify for trusted URLs (#237)
• Auth: Show account identity in the switcher header instead of the sending alias
• Compose: Fall back to the primary identity signature on reply
• Setup: Drop redundant first-login banner about removing ADMIN_PASSWORD (#222)
• UI: Consistent notice cards for server probe results

i18n

• Add missing translation keys across 15 locales

1.19.0

1.19.0

1.19.0

5.45.1 (2026-05-11)

🔥 Bug fix

• prevent single-type switch crashes and refresh schema after CTB updates (c9db1321d837f8024f0f9f2c4ab38645b535613c)

❤️ Thank You

• Adrien L @Adzouz
• Ben Irvin
• Jamie Howard

• Milestone

This is a major release.

Feature highlights✨:

• New sort order preferences at global, category, and feed levels
• Use feed-provided icon
• New option to hide sidebar by default
• Show time since when a feed has problems
• New functions to handle plural in internationalisation
• New cli/purge.php to apply purge policy from command line

Bug fixes highlights 🐛:

• Improve support of PHP 8.5+
• Several fixes related to searches

Security highlights 🛡:

• Limit cURL to protocols HTTP, HTTPS

UI highlights 🖼:

• Improve mobile view with multiple lines when thumbnails and summaries are shown
• Several themes improved

Extensions highlights 🧩:

• New Webhook extension for automated RSS notifications
• New LLM Classification extension to automatically tag incoming articles based on a prompt sent to an LLM

This release has been made by @Alkarex, @Inverle, @Kiblyn11, @math-GH, @rupakbajgain, @xtmd and newcomers @polybjorn, @olivluca, @tomasodehnal, @PeterVavercak, @mrtnrdl, @ale-rt, @cweiske, @rid3r45, @gabbihive, @drosell271, @Kachelkaiser, @zanivann, @nanos, @bowencool, @pe1uca, @matheusroberson, @DenuxPlays, @rlrs, @chanse-syres, @IEEE-754, @umaidshahid, @michi-onl

Full changelog:

• Features
  • New sort order preferences at global, category, and feed levels #8234
  • New filtering by date of Server modification date #8131, #8576
    • Corresponding search operator, e.g. mdate:P1D for finding articles modified by the author / server during the past day.
    • Especially useful for optimising the API synchronisation.
  • Use feed-provided icon #8633
  • New option to automatically mark new articles as read if an identical GUID already exists in the same category #8673
  • Automatic feed visibility/priority during search #8609
  • Add feed visibility filter to statistics view unread dates #8489
  • Add option to enable/disable notifications, also for PWA #8458
  • Add a form to create new user queries on the User Queries page #8623
  • Allow WebSub hub push from same private network #8450
  • Support category field in JSON feed import #8786
• Bug fixing
  • Fix wrong search toString in case of regex-looking string #8479
  • Fix article last seen date in case of feed errors #8646
  • Fix search expansion with backslash #8497
  • Fix user query parsing #8543
  • Fix search in shared user queries #8789
  • Fix redirect to wrong view after mark as read in reader and global views #8552
  • Fix SQLite paging when sorting by article length #8594
  • Fix change sorting during paging #8688
  • Fix SQL keyset pagination when sorting by category name #8597
  • Fix SQL duplicates in the user labels when sorting randomly #8626
  • Fix wrong error redirect in subscription management #8625
  • Fix do not include hidden feeds when counting total number of unread articles #8715
  • Update user modify date when changing extensions UserJS / UserCSS #8607
  • Non-strict OPML export #eedefb
• Security
  • Limit cURL to protocols HTTP, HTTPS #8713
  • Better sanitise favicon URLs #8714
  • New setting for <iframe> referrer allow list #8672
  • Fix email validation and allow error page for unverified email users #8582
  • Add allowfullscreen to <iframe> #8467
  • Rewrite Set-Cookie using native PHP support of SameSite #8447, #8778
    • Sanitize lifetime of session cookies from session.cookie-lifetime in php.ini
  • Update to <meta name="referrer" content="no-referrer" /> from deprecated never #8725
  • Preventive measure against search ingestion #8777
• UI
  • New option to hide sidebar by default #8528
  • Improve mobile view with multiple lines when thumbnails and summaries are shown #8631
  • New option to disable unread counter in tab title and favicon #8728
  • Show time since when a feed has problems #8670
  • Improve add feed UI #8683
  • Improve slider behaviour when using navigate back button #8496, #8524
  • Improve consistency of slider behaviour after submitting form #8612
  • Create dynamic favicons from SVG instead of PNG canvas #8577, #8588
  • Only display scrollbar everywhere if there's an overflow (especially for Chromium) #8542
  • Fix CSS padding of .content pre code #8620
  • Fix wrong navigation buttons layout on Chromium #8606
  • Fix don’t mark as read if middle click is outside of article link #8553
  • More robust JS #8595
  • Fix sidebar slide animation at narrow viewports #8747
  • Visually dim disabled users in user management table #8768
  • Improve multiple UI themes #8711, #8732,
    #8733, #8734, #8735,
    #8736, #8737, #8738,
    #8739, #8743, #8746,
    #8749, #8761, #8781,
    #8784, #8785
  • Various UI and style improvements: #8537, #8538,
    #8541, #8624, #8731,
    #8774
• Deployment
  • Also push Docker images to GitHub registry #8669
  • Improve support of PHP 8.5+ using Pdo\Mysql #8526
  • Add support for Podman in Makefile #8456
  • Re-add database status in installation check #8510
  • Docker / CLI: Allow chown/chmod to fail with warning #8635
• Extensions
  • New Webhook extension for automated RSS notifications Extensions#456
  • New LLM Classification extension to automatically tag incoming articles based on a prompt sent to an LLM Extensions#458
  • New extension methods to get typed configuration values #8696
  • New hook: Minz_HookType::ActionExecute #8599, #8603
  • New hook to modify the list of feeds to actualize #8655, #8675
  • Allow passing Minz_HookType as hook name in registerHook() #8600
  • Return more info and status from httpGet() #8700
  • Make httpGet() cache nullable #8705
  • Allow extensions’ configuration UI to use select-input-changer JavaScript helper #8721
• SimplePie
  • Bump upstream #8628, simplepie#71
  • New function get_icon_url() for feed favicon simplepie#974
  • Fix Undefined array key in get_thumbnail() #8634, simplepie#970
  • Fix int types for enclosures #8702, simplepie#975
  • Fix HTTPS headers given to SimplePie, e.g. for some HTTP/2 cases #8742
• CLI
  • New cli/purge.php to apply purge policy #8740
• I18n
  • CLI validate language directory names #8767
  • New functions to handle plural, and new timeago() #8670
  • Improve German #8491, #8557, #8689,
    #8704
  • Improve Italian #8517, #8519, #8554,
    #8555, #8556, #8566
  • Improve Latvian #6553
  • Improve Polish #8536
  • Improve Portuguese #8649
  • Improve Simplified Chinese #8474, #8475, #8476
  • Improve Traditional Chinese #8709, #8716, #8723,
    #8730, #8748
  • Improve Spanish #8572
• Misc.
  • Initial conventions for AI agents and humans: AGENTS.md, SKILLS.md, instructions.md #8478
  • Update to CSSXPath 1.5.0 #8642
  • Update to PHPMailer 7.0.2 #8483
  • SQL improve PHP syntax uniformity #8604
  • Trim SQL whitespace before parenthesis #8522
  • Improve PHP code #8627, #8644, #8753,
    #8697
  • Add dev legacy rules PHPCS 3 #8645
  • Update dev dependencies #8469, #8480, #8499,
    #8545, #8546, #8547,
    #8617, #8638, #8660,
    #8661, #8662, #8663,
    #8664, #8665, #8666,
    #8667, #8668, #8685,
    #8752, #8754, #8755,
    #8756, #8757, #8758,
    #8772, #8798