Development Build
Below are development builds for testing purposes.
Latest development build: 2.7.3.17 (July 8th 2026)
Latest stable release build: 2.7.3.2
https://github.com/clsid2/mpc-hc/releases/tag/2.7.3
Below are development builds for testing purposes.
Latest development build: 2.7.3.17 (July 8th 2026)
Latest stable release build: 2.7.3.2
https://github.com/clsid2/mpc-hc/releases/tag/2.7.3

Β The Stable channel has been updated to 150.0.7871.100/.101 for Windows and Mac andΒ 150.0.7871.100Β for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log
Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Daniel Yip
Google Chrome
Weβre updating which Apple platforms the Home Assistant Companion app supports, and because transparency is core to how we work, we want to be upfront about whatβs changing.
Starting with version 2026.8.0 of the Companion app, we will no longer support iOS 15, watchOS 8, or macOS 11. The last supported version for these platforms will be 2026.7.1.
Hereβs everything you need to know:
At Home Assistant, weβre committed to helping you use your devices for the long haul. We know your hardware is something you rely on every day, which is why we try to keep the Companion app running on older devices for as long as possible. However, supporting older OS versions indefinitely comes at a cost, limiting our ability to adapt to modern technology.
From September this year, Appleβs developer tools will officially stop supporting watchOS 8 and macOS 11, making it technically difficult for us to keep building for them. With less than 1% of our users currently running these older OS versions, this update allows us to future-proof the Companion app for the vast majority of our community.
By focusing our efforts on current operating system versions, we can keep our codebase maintainable for the long term. This shift removes some long-standing constraints, since older OS versions had been limiting our ability to make UX, stability, and performance improvements, including adding features such as Apple Watch complications and more advanced widgets.
A recap of whatβs changing:
Importantly, this doesnβt mean your older iOS devices will become unusable. You can still control your home using the Home Assistant frontend in your deviceβs web browser, which remains fully supported and receives regular monthly updates.
The last compatible Companion app version (2026.7.1) will also remain available on the App Store, and the source code will stay accessible on GitHub for any users who want to compile the app themselves.
This update means a stronger, more capable Companion app for everyone going forward, and itβs part of how we keep Home Assistant evolving. We appreciate your understanding and support through this change, and are looking forward to building whatβs next.
Full Changelog: v1.7.0.8...v1.8.0.2
[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.11.5.html]
This release addresses medium-impact problems that need to be fixed as some enable remote DOS, or local memory corruption.
The fixes below, and more, are also released in the unstable version postfix-3.12-20260706.
In addition to updated releases for the supported Postfix versions 3.8-3.11, releases will also be available for the out-of-support Postfix versions 3.5-3.7. NOTE: these do not include the patches for out-of-support Postfix versions that have been issued for "large SMTP inputs (June 2026)", "TLSA parsing (June 2026)", and "SMTP smuggling fixes". Those patches still need to be applied.
These defects were found by Qualys assisted by Claude Mythos Preview; more than half date from 20 or more years ago. When I implemented Postfix, I knew that there were going to be mistakes. That is the reason why Postfix has its architecture and safety nets. The number of defects may seem large, but consdering that they were found in a code base of some 150 thousand lines, the error rate is still lower than what I designed for.
Denial of service:
Bug (defect introduced: Postfix 2.7, date: 20090617): out-of-memory condition with remote input in the postscreen dummy SMTP engine. This dummy engine is used after PREGREET or DNSBL checks fail, or when "after 220" protocol checks are enabled. Reported by Qualys, assisted by Claude Mythos Preview.
Bug (defect introduced: Postfix 2.0, date: 20030619): file system DOS: with smtpd_proxy_filter enabled, the before-filter SMTP server did not enforce the message size limit for mailbox From_ lines at the beginning of a message. With smtpd_proxy_filter disabled, the file size limit was still enforced by the cleanup daemon. Reported by Qualys, assisted by Claude Mythos Preview.
Memory corruption:
Bug (defect introduced: Postfix 2.3, date: 20060611): double ldap_msgfree(resloop) call during error handling when special_result_attribute is configured. An attacker who controls the LDAP server or can play attacker-in-the-middle could corrupt heap memory. Reported by Qualys, assisted by Claude Mythos Preview.
Bug (defect introduced: Postfix 3.4, date: 20190121): missing null termination in a postlogd process that was started with an EMPTY maillog_file setting, while receiving a message from a postlog command that was started with a NON-EMPTY maillog_file setting. Under these contradicting conditions, an unprivileged attacker could cause postlogd to write null bytes to stack memory as it tokenized text outside the receive buffer, and possibly gain 'postfix' privilege. Problem reported by Qualys, assisted by Claude Mythos Preview.
Bug (defect introduced: Postfix 2.3, date: 20060711): one-byte heap over-write in the Milter client with soft_bounce=yes while processing a malformed SMFIR_REPLYCODE Milter response. An attacker who controls the Milter or who can play attacker-in-the-middle could corrupt heap memory. Reported by Qualys, assisted by Claude Mythos Preview.
Other crashes and panic()s:
Bug (defect introduced: Postfix 2.1, date: 20030619): SMTP server panic() in smtpd_proxy_filter when handling long mailbox From_ lines at the beginning of a message. Reported by Qualys, assisted by Claude Mythos Preview.
Bug (defect introduced: Postfix 3.1, date: 20151129): a missing return statement in the SHOWQ_CLEANUP_AND_RETURN() macro. A local user could submit a crafted message that triggered a read-after-free and panic() in the unprivileged showq daemon (which scans the mail queue for the 'postqueue -p' and 'mailq' commands). This could happen only before a message had been picked up by the pickup(8) daemon. Problem reported by Qualys, assisted by Claude Mythos Preview.
Bug: (defect introduced: Postfix 3.10, date: 20240925): NULL pointer read in the TLSRPT client, caused by missing STR_OR_NULL() wrappers. Reported by Qualys, assisted by Claude Mythos Preview.
Bug (defect introduced: Postfix < alpha, date: 1997): missing recursion guard while processing :include: files that directly include other :include: files in local(8) aliases or .forward files. This could result in exhausting stack space (segfault) or file handles (fatal error). This is not a global DOS; it affected at most two parallel delivery processes for the local recipient who created the condition. Reported by Qualys, assisted by Claude Mythos Preview.
Other read after free:
Bug (defect introduced: postfix-3.11.0-RC1, date: 20251222): heap memory over-read in the cleanup daemon as it handled a milter "shutdown" reply. The over-read memory was logged after masking unprintable content. Problem reported by Qualys, assisted by Claude Mythos Preview.
Bug (defect introduced: Postfix 2.3, date: 20050526): limited (<= 11 byte) heap over-read in the cleanup daemon. This could be triggered by local user with a crafted queue file, but the over-read content was not disclosed and there was no other impact. Problem reported by Qualys, assisted by Claude Mythos Preview.
Bug (defect introduced: Postfix < alpha, date: 19971221): a signal handler in the postdrop command could call unlink() with a pathname that was already wiped and free()d, but not yet reused. Reported by Qualys, assisted by Claude Mythos Preview.
Other code hygiene:
Bug (defect introduced: Postfix 3.11, date: 20260219): In the non-BerkeleyDB re-indexing server, vstream_fopen_as() ignored the uid and gid arguments and opened a database source file read-only as the 'postfix' user instead of the file owner. Reported by Qualys, assisted by Claude Mythos Preview.
Bug (defect introduced: Postfix 2.2. date: 20040829): after a RAND_bytes() call failure, do not rely on stack-based pseudo-randomness for tlsmgr seed generation, and for timing jitter of tlsmgr seed refresh intervals. Reported by Qualys, assisted by Claude Mythos Preview.
Bug (defect introduced: Postfix 2.3, date: 20060711): In the Milter client, null-terminate the SMFIR_REPLYCODE response data to exclude stale data when processing the result as a C string. Reported by Qualys, assisted by Claude Mythos Preview.
Proactive changes:
Hardening: make sure that optimizers will not delete a memset() call in myfree() that wipes memory.
Allow zero-length memory allocation requests. Many people have experience with systems that allow this, therefore it should not trigger a panic in Postfix.
Safety: added a global recursion guard in the local delivery agent.
You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.
there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2026-07-06)
in volumes with both dirkeys and filekeys enabled (default-disabled), a valid filekey could be converted into a dirkey, granting read-access to the containing folder
--no-sb-lg) in most deployments, avoiding #230initcfg in the images have use-bwrap: n to disable it db68353plainreadme and plainlogues to show readmes/logues as plaintext 9fa950bno_readme and no_logues (previously global-only) 379c0aa--ftp-banner 8242e69iv image is no longer available for arm32 / armv6 6e75faa| download link | is it good? | description |
|---|---|---|
| copyparty-sfx.py | β the best π | runs anywhere! only needs python |
| copyparty-en.py | β also good | same but english-only, no i18n |
| a docker image | it's ok | good if you prefer docker π |
| copyparty.exe | β οΈ acceptable | for win8 or later; built-in thumbnailer |
| u2c.exe | β οΈ acceptable | CLI uploader as a win7+ exe (video) |
| copyparty.pyz | β οΈ acceptable | similar to the regular sfx, mostly worse |
| copyparty-en.pyz | β οΈ acceptable | english-only, no smb-server |
| copyparty32.exe | βοΈ dangerous | for win7 -- never expose to the internet! |
| cpp-winpe64.exe | βοΈ dangerous | runs on 64bit WinPE, otherwise useless |
| bootable usb | β(οΎβοΎ)β | a surprisingly useful joke (x86_64) |
If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.
bogus as a temporary failures to prevent downgrade attacks.ECDSA private key support for SEC1 format.redirect_uri for loopback addresses.name and group claims from userinfo endpoint when missing from the JWT token.user to group panics.UnknownRecipient only for disabled or expired masked emails.sanitize_email rejects valid Punycode domains.attributesToSearchOn.calendar-query REPORT returns invalid HTTP 404 when no events match the query.EMFILE (too many open files).
Release created in https://github.com/OpenRCT2/OpenRCT2/actions/runs/28747294389
SHA256 checksums:
dc597f5cc6115a7e5eff61c09a77a5edeb4686a69f72230dda4257c5c4f6f395 ./OpenRCT2-v0.5.3-macos-universal.zip
a653c7b0b54ce5cbe3703230227d624f825883b4312706f3582b9730f00c3706 ./OpenRCT2-v0.5.3-android.apk
fd8b595179e978d880737cd268f61046ed81a51ba42b89895725690bb5a8bf75 ./OpenRCT2-v0.5.3-windows-installer-x64.exe
b7f4d4420583f39b9e9b6f6bf67839916d8eac9fa302936a0edebfc7835b5861 ./OpenRCT2-v0.5.3-Linux-noble-x86_64.tar.gz
fc86fa42b00e95a81ad4326f6600da766d4fbb0d3d6c60c6c57a120b6718f1db ./OpenRCT2-v0.5.3-windows-installer-arm64.exe
a0ba982c31f9aee5fc0c4c1d00914625bdab34adad3a4c4f69e840589121ec1d ./OpenRCT2-v0.5.3-sha256sums.txt
726cc68f9a590b05822897cc3e05effa3437d5bfdb136bf106d4d1b0b733e0b6 ./OpenRCT2-v0.5.3-windows-symbols-x64.zip
c5870c1b2aea31220adc62212987cdfa1fc063a7b1f8f01dbb9b0cf644e63900 ./OpenRCT2-v0.5.3-windows-symbols-win32.zip
dfbdaa9b4e7f9441ba78fe7c02c8180a37c7639fb5f485b6cdc1436fd0518a91 ./OpenRCT2-v0.5.3-Linux-trixie-x86_64.tar.gz
f430793307dfc58fe7b58e2d40757e5c83a5648eb44847ecbaf03a46986d16dc ./OpenRCT2-v0.5.3-Linux-bookworm-x86_64.tar.gz
9c63cb5d7b6d8b2b247f0b7339e5cfbf0d6bbec447b6d55a61f7da30f0f3d9f7 ./OpenRCT2-v0.5.3-linux-x86_64.AppImage
524fb97e3735fd40ac1619985df9215be4bbc4339145f2e8d01a431e46e678a7 ./OpenRCT2-v0.5.3-windows-portable-win32.zip
78e101f8d2e35ddb713c145caaa638fd693e9fde9b29b0f040301474712b15ab ./OpenRCT2-v0.5.3-windows-portable-arm64.zip
ac756d1e717053efc3950f63188f7bf7c5b1a700d5cc30ffcf96f11c592147b7 ./OpenRCT2-v0.5.3-windows-symbols-arm64.zip
d67814e13c12e622d4570b9a8b4a417da5b002729f9f851e80d0562b781c80ab ./OpenRCT2-v0.5.3-windows-portable-x64.zip
5f30ba5be029eb8e844be5b4be2b569ab21cee9258a74649dd1f126190e173de ./OpenRCT2-v0.5.3-windows-installer-win32.exe
505a5f227a221f268b2f1ce07b2eb83823ab33f24de2d1045c8ce0e68ba0e501 ./OpenRCT2-v0.5.3-Linux-resolute-x86_64.tar.gz
Today, weβre excited to share your very first look at gameplay from our upcoming Coaches DLC for Euro Truck Simulator 2, a highly anticipated expansion that many of you in our community have been eager to see more of. Let's hit the road!
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.07.05GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.07.05
Note
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
upsnap with UID:GID 1000:1000 for ssh/sshpass (#1751) (@invario)
We hope you've packed a warm jacket and perhaps a wee bit of shortbread, because today we're taking you to the Scottish Highlands! We're excited to share with you a closer look at Inverness, a brand-new city arriving as part of our upcoming UK Rework project for Euro Truck Simulator 2. Let's take a closer look at what this destination has to offer drivers.
OBS-Studio-32.2.0-beta3-Sources.tar.gz: ef43995eb14efe8b8e6191c47bd6f153d2afeb3d7f89651f841fa324107fba87
OBS-Studio-32.2.0-beta3-Ubuntu-24.04-x86_64-dbsym.ddeb: 3a836ea98ed8b529e3f55697c5d9dce5618ee2af1af3c3bbb85ad477c21bdf80
OBS-Studio-32.2.0-beta3-Ubuntu-24.04-x86_64.deb: 2dcea895e43a98b0d3806059caeab8f1daa079b6cc7b8621bdd5431fec69b2f3
OBS-Studio-32.2.0-beta3-Ubuntu-26.04-x86_64-dbsym.ddeb: b393f34ba32641fadea8fac15bd283f997249a4e784d70b9c718e8b3a4b2ac3c
OBS-Studio-32.2.0-beta3-Ubuntu-26.04-x86_64.deb: 8d92c0ffca97deff9837939e32acc22abe9ea86936d1a19dce019df5dd1d45d9
OBS-Studio-32.2.0-beta3-Windows-arm64-PDBs.zip: 209b9a05e8b2846b055900c3fba992537415677f3b7010d2384d99110bd49aeb
OBS-Studio-32.2.0-beta3-Windows-arm64.zip: 87c99eba714e86f35c32ce1a40cd71a647bc0ddfdde8c80c63dc7ac761880d61
OBS-Studio-32.2.0-beta3-Windows-x64-Installer.exe: c9b46539f7eb3f1fd8fb0e1d6567c13f04ea8ce4849cb396fc93734238ce4d01
OBS-Studio-32.2.0-beta3-Windows-x64-PDBs.zip: c7ea35d7b6ea40ce8e5d61cb71e7257124356cd4ad69f320e654b79baf9e1414
OBS-Studio-32.2.0-beta3-Windows-x64.zip: 2ce6b1b0afbf7eb3eff95320cdcdc09d0a458242244de6f7dadb8ef330f53f9c
OBS-Studio-32.2.0-beta3-macOS-Apple-dSYMs.tar.xz: 1835eb94f8482de3d8e80a9cd44f8048e52333efe30b898fc6a22cab564edd3c
OBS-Studio-32.2.0-beta3-macOS-Apple.dmg: c29af9b0f1d73bc0af29a2792da05425c75a8696a271ca2a7c7578ed7e665830
OBS-Studio-32.2.0-beta3-macOS-Intel-dSYMs.tar.xz: 50d06713bca689c35eccf1efb429666614f1a2c932197e086eed83432cd68f7f
OBS-Studio-32.2.0-beta3-macOS-Intel.dmg: 452922feffa830a0413a61f640bf01fac3daf69e26ef9620e91ee334d4a28cb0