[p]The following changes are available in the animgraph_2_beta build. To opt into the beta build, follow the instructions here: https://help.steampowered.com/en/faqs/view/5A86-0DF4-C59E-8C4A[/p][p][/p][p]To report bugs or provide feedback about the beta build, please email csgoteamfeedback@valvesoftware.com with the subject "AG2 Beta".[/p][p][/p][p]\[ ANIMGRAPH 2 ][/p]

• [p]Fixed viewmodel and worldmodel HE grenade throw[/p][/*]
• [p]Adjusted foot IK when idle[/p][/*]
• [p]Minor polish for turn animations when planting[/p][/*]
• [p]Fixed fast-weapon switching when holding inspect[/p][/*]
• [p]Minor adjustments to viewmodel animations[/p][/*]
• [p]Adjusted counter-strafe animation head dip amount[/p][/*]

[p][/p][p]Please note that the client may produce a fatal error message when attempting to connect to a server running a different build.[/p]

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. IceWhale Technology has released ZimaOS 1.6.0, an updated build of the company's independently-developed, Linux-based operating system for personal servers and network-attached storage (NAS) devices. It features a web-based administration interface and a multi-platform remote access client. "ZimaOS 1.6.0. New: added customizable display for storage devices; added USB class....

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.16

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.16

Changes

• upgrade dependencies (ab42325)
• fix PUBLIC_HOST_URL without a trailing slash (closes #959) (1a32eba)
• don't run workflow on README changes (29ccc42)
• add more CORS details (f2d71cb)

1.4.14 (2026-04-16)

Thank you for your donations:

• You? Become a sponsor!

One-time

• @mkorthaus-private
• @boris22100

Monthly

• @pr0ton11

Features

• Email: Add unified mailbox across accounts and sidebar icons toggle
• Email: Enhance email deletion and spam handling with improved parameterization
• Sieve: Enhance external rule handling in parser and store (#201)
• Plugins: Add i18n API, render hooks, and new intercept hooks to plugin system
• PWA: Dynamic PWA manifest with configurable name, description, and icons
• PWA: Show app name and logo in install prompt
• i18n: Add Ukrainian language with flags and missing translation keys
• i18n: Configurable locale prefix via NEXT_PUBLIC_LOCALE_PREFIX
• API: Add apiFetch helper for mount-prefix-aware API calls

Fixes

• Calendar: Send iMIP invitation emails when creating or updating calendar events (#192)
• Calendar: RFC 5545/6047 compliance for outgoing iMIP calendar emails
• Calendar: Add calendarAddress and replyTo to participants for Stalwart compatibility (#189, #192)
• Calendar: Improve CalDAV task detection for external clients like Thunderbird (#84)
• Email: Hide ICS attachments from attachment list when invitation banner is shown
• Email: Send before storing in Sent via onSuccessUpdateEmail (#188)
• Email: Standardize tag naming and fix unknown keyword display (#184, #185)
• i18n: Skip intl middleware for paths already containing a locale prefix
• Docs: Document PWA and branding env vars in .env.example
• Docs: Use company consistently in .env.example branding comments

Bugfixes and minor changes:

• Updated to libfilezilla 0.55.4 to address a crash
• SFTP: Updated to fzssh 1.2.0

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Joshua Webb has announced the release of an updated version of RakuOS, a Fedora-based immutable Linux distribution with a choice of KDE Plasma, GNOME and, newly introduced in this version, COSMIC desktops: "RakuOS Linux 2026.04.15 is a major release and our last major update for the Fedora 43....

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.13

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.13

Changes

• fix asterisk CORS_ALLOWED_ORIGINS, mentioned in #955 (03f71fd)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.12

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.12

Changes

• fix pnpm build (210c607)
• Bump softprops/action-gh-release from 2 to 3 in the github-actions group (3818969)
• fix yt-dlp options examples (4330d3b)
• update documentation (06c4a2c)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.10

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.10

Changes

• document CORS_ALLOWED_ORIGINS variable (aa60420)
• Don't mark live streams as seen (a6e8617)
• Fix permissive CORS policy that allows cross-origin attacks (0072d34)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.09

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.09

Changes

• upgrade dependencies (0b3645a)
• fix: handle playlists that don't supply video ids (d38d7bd)
• Bump astral-sh/setup-uv from 6 to 7 in the github-actions group (b7709d3)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.05

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.05

Changes

• fix: parse string boolean values when updating subscriptions (373692a)
• explain yt-dlp configuration in detail (54680c4)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.04

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.04

Changes

• change option presets to be multi-select (dd0f98d)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.03

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.03

Changes

• finalize custom options (closes #563, #482, #261, #681) (d41bdf6)
• Keep override controls on dedicated row (a02abf5)
• Fix frontend test typing for override flag (b16e597)
• Gate manual yt-dlp overrides behind flag (6e9b2dd)
• feat: add per-download yt-dlp presets and overrides (565a715)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.02

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.02

Changes

• update README (0cba61c)
• Add clarifying comments for n_entries and __last_playlist_index fields (closes #692) (d7eaaaa)
• Use PORT env variable in Dockerfile HEALTHCHECK instead of hardcoded 8081 (771ba52)
• Initial plan (1cc27d3)
• Propagate missing playlist context fields (playlist_count, playlist_autonumber, n_entries, __last_playlist_index) (981e6c1)
• Add explanatory comment for fake STR_FORMAT_RE_TMPL key group in tests (b17e1e5)
• Replace custom template substitution with yt-dlp's evaluate_outtmpl (c1b5540)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.01

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.01

Changes

• add subscriptions; change persistence file format to JSON (closes #901, #76, #113, #170, #242, #444, #503, #555, #566) (483575d)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.03.21

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.03.21

Changes

• fix pickle (closes #814) (84c6418)

Part-DB 2.10.0

Changes

• Frontend building now requires at least nodejs 22.
• For security hardening reasons Part-DB's generic web provider and the attachment download feature cannot download from local network IPs to avoid SSRF attacks. If you require internal attachment download, you can enable it via an env option.

New features

• Make format06 barcode checking more resiliant for non-standard conform labels and scanners by @mkne in #1321
• Implement parsing of TME QR codes by @alufers in #1324
• Ignore public/.well-known folder by @klausman in #1335
• Enable BOM sorting on part fields (Storage location, Manufacturing status) @mkne in #1338
• Allow to create custom kicad symbol/footprint autocomplete lists @DanTrackpaw in #1342
• Add price columns to project BOM table and build price summary by @MayNiklas in #1345
• Allow to sort by numeric value with SI prefix. This is realized via a separate optional column @wschopohl in #1344

Bugfixes

• Fix creating parts from TME if the SPN contains percent signs by @alufers in #1337

Miscellaneous

• Updated dependencies
• Updated translations
• Updated kicad symbols
• Improved documentation

New Contributors

• @alufers made their first contribution in #1324
• @klausman made their first contribution in #1335
• @DanTrackpaw made their first contribution in #1342
• @wschopohl made their first contribution in #1344

Full Changelog: v2.9.1...v2.10.0

The Extended Stable channel has been updated to 146.0.7680.201 for Windows and Mac which will roll out over the coming days/weeks.

The Stable channel has been updated to 147.0.7727.101/102 for Windows/Mac  and 147.0.7727.101 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 31 security fixes. Please see the Chrome Security Page for more information.

[$90000][490170083] Critical CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga on 2026-03-05

[$10000][493628982] Critical CVE-2026-6297: Use after free in Proxy. Reported by heapracer on 2026-03-17

[TBD][495700484] Critical CVE-2026-6298: Heap buffer overflow in Skia. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-24

[N/A][497053588] Critical CVE-2026-6299: Use after free in Prerender. Reported by Google on 2026-03-28

[TBD][497724498] Critical CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-30

[TBD][490251701] High CVE-2026-6359: Use after free in Video. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-06

[TBD][491994185] High CVE-2026-6300: Use after free in CSS. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-12

[TBD][495273999] High CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c on 2026-03-23

[TBD][495477995] High CVE-2026-6302: Use after free in Video. Reported by Syn4pse on 2026-03-24

[N/A][496282147] High CVE-2026-6303: Use after free in Codecs. Reported by Google on 2026-03-25

[N/A][496393742] High CVE-2026-6304: Use after free in Graphite. Reported by Google on 2026-03-26

[TBD][496618639] High CVE-2026-6305: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-26

[TBD][496907110] High CVE-2026-6306: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-27

[TBD][497404188] High CVE-2026-6307: Type Confusion in Turbofan. Reported by Project WhatForLunch (@pjwhatforlunch) on 2026-03-29

[N/A][497412658] High CVE-2026-6308: Out of bounds read in Media. Reported by Google on 2026-03-29

[N/A][497846428] High CVE-2026-6309: Use after free in Viz. Reported by Google on 2026-03-30

[TBD][497880137] High CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam on 2026-03-31

[N/A][497969820] High CVE-2026-6310: Use after free in Dawn. Reported by Google on 2026-03-31

[N/A][498201025] High CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google on 2026-03-31

[N/A][498269651] High CVE-2026-6312: Insufficient policy enforcement in Passwords. Reported by Google on 2026-03-31

[N/A][498765210] High CVE-2026-6313: Insufficient policy enforcement in CORS. Reported by Google on 2026-04-02

[N/A][498782145] High CVE-2026-6314: Out of bounds write in GPU. Reported by Google on 2026-04-02

[N/A][499247910] High CVE-2026-6315: Use after free in Permissions. Reported by Google on 2026-04-03

[N/A][499384399] High CVE-2026-6316: Use after free in Forms. Reported by Google on 2026-04-03

[N/A][500036290] High CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google on 2026-04-06

[TBD][500066234] High CVE-2026-6362: Use after free in Codecs. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-07

[N/A][500091052] High CVE-2026-6317: Use after free in Cast. Reported by Google on 2026-04-06

[N/A][495751197] Medium CVE-2026-6363: Type Confusion in V8. Reported by Google on 2026-03-24

[TBD][495996858] Medium CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse on 2026-03-25

[TBD][499018889] Medium CVE-2026-6319: Use after free in Payments. Reported by pwn2addr on 2026-04-02

[N/A][502103414] Medium CVE-2026-6364: Out of bounds read in Skia. Reported by Google Threat Intelligence on 2026-04-13

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

✨ New Features & Improvements

• @directus/app
  • Replaced "All Users" tab with Active, Suspended, and Invited status tabs (#27036 by @robluton)
  • Added Save as New File option to image editor (#27084 by @JamesW1)
• @directus/api
  • Added a new /ai/object endpoint to generate structured objects for autocomplete and other inline experiences (#26862 by @bryantgillespie)
• @directus/composables
  • Eliminated redundant count requests in the useItems composable (#26906 by @okxint)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed export failing on collections with virtual fields like $thumbnail by excluding them from export defaults and the field picker (#27073 by @om-singh-D)
  • Added customizing of cache keys for flow endpoints. (#26935 by @costajohnt)
  • Fix "Use named routes instead of hardcoded path strings #26733" (#26809 by @powerseed)
  • Fixed VBadge intercepting pointer events on slotted elements (#27087 by @HZooly)
  • Fixed comparison modal footer responsive breakpoint (#27061 by @robluton)
  • Updated liquidjs, axios, vite, nodemailer, brace-expansion, basic-ftp, hono, fast-xml-parser, tar, (#27081 by @br41nslug)
    qs and defu dependencies
• @directus/api
  • Added customizing of cache keys for flow endpoints. (#26935 by @costajohnt)
  • Updated liquidjs, axios, vite, nodemailer, brace-expansion, basic-ftp, hono, fast-xml-parser, tar, (#27081 by @br41nslug)
    qs and defu dependencies
  • Fixed schema introspection for MSSQL text fields with max length of -1 to be normalized to null (#26934 by @begsaquib)
  • Trimmed leading and trailing spaces from search queries (#27089 by @robluton)
  • Fixed promotion of deleted relation returning invalid date time value error (#27040 by @gaetansenn)
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)
  • Fixed MARKETPLACE_REGISTRY env not being passed to registry list call when generating extension settings (#27076 by @gaetansenn)
  • Replaced INTERNAL_SERVER_ERROR with SERVICE_UNAVAILABLE for marketplace registry errors and improved error messages. (#26937 by @eric-pennecot)
• @directus/schema
  • Fixed schema introspection for MSSQL text fields with max length of -1 to be normalized to null (#26934 by @begsaquib)
• @directus/themes
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)
• @directus/types
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)

📦 Published Versions

• @directus/app@15.9.0
• @directus/api@35.1.0
• @directus/composables@11.4.0
• create-directus-extension@11.0.35
• @directus/extensions@3.0.24
• @directus/extensions-registry@3.0.25
• @directus/extensions-sdk@17.1.3
• @directus/schema@13.0.8
• @directus/schema-builder@0.0.19
• @directus/themes@1.3.2
• @directus/types@15.0.2

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The Zorin project has published an update to Zorin OS. The latest version of the distribution, Zorin OS 18.1, introduces improved Windows application detection which allows for easy access to native Linux alternatives, the distribution provides tiling window improvements, and updates for the desktop panel. "The panel now....

5.42.1 (2026-04-15)

🔥 Bug fix

• typo in Russian translation for upload button (#25946)
• fixed 9 typos, spelling errors, and duplicate words. (#25936)
• skip form onChange when markdown updates come from setValue (#25955)
• adjust typo in test (#25960)
• update snapshot (9b2501ceeb)
• increase test timeout (f50134dbae)
• preserve relations in fill from another locale (#25703)
• enable save button when re-ordering components or dynamic zones (#25959)
• made changes to resolve Firefox timepicker issue (#25129, #25438)
• admin: batch content manager permission checks and reuse session ability (#25911)
• core: add firstPublishedAt field to draft (#25947)
• document-service: preserve relations during publish (#25909)
• tests: type errors cause build to fail which cause tests to fail (072ad0d801)
• upload: cache busting for cross-origin images in crop (#25950)
• upload-aws-s3: trust S3 response Location URL for compatible providers (#25939)

⚙️ Chore

• fix typos in comments and docs (12dfbe97c9)
• adding finnish translation to Strapi Admin (#25620)
• fix typos in comments and docs (91407798c4)
• update Polish language translations (#23762)
• deps: bump lodash from 4.17.23 to 4.18.1 (#25919)
• deps: bump lodash-es from 4.17.23 to 4.18.1 (#25906)
• deps: bump nodemailer from 8.0.4 to 8.0.5 (#25963)
• deps: bump axios from 1.13.5 to 1.15.0 (#25980)
• deps: bump path-to-regexp from 8.4.1 to 8.4.2 (#25901)
• examples: delete config.server.url to restore port override capability (#26011)

❤️ Thank You

• Adrien L @Adzouz
• akash-dabhi-qed @akash-dabhi-qed
• Antti Tuppurainen
• Bassel Kanso @Bassel17
• Jamie Howard @jhoward1994
• Mark Kaylor @markkaylor
• mathildeleg @mathildeleg
• Michał Kleszczyński @Magiczne
• Nico André @nclsndr
• Shalabh Gupta @coding-shalabh
• Tony @tonytkachenko
• Yohaan Narayanan @yohaann196
• Yohei Yamamoto @NAM-MAN

Alpine Linux stable releases 3.20.10, 3.21.7, 3.22.4, 3.23.4

{ Taipei, Taiwan, 15 april 2026 – QNAP® Systems, Inc. heeft vandaag HDP Recovery Media Creator uitgebracht, een disaster recovery-op ...} More

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Simon Long has announced the release of a new security update of Raspberry Pi OS, a Debian-based Linux distribution designed for the popular Raspberry Pi single-board computers. The new version, besides bringing the usual range of bug fixes and improvements, also disables the passwordless sudo: "Today we are....

[p]The following changes are available in the animgraph_2_beta build. To opt into the beta build, follow the instructions here: https://help.steampowered.com/en/faqs/view/5A86-0DF4-C59E-8C4A[/p][p][/p][p]To report bugs or provide feedback about the beta build, please email csgoteamfeedback@valvesoftware.com with the subject "AG2 Beta".[/p][p][/p][p]\[ ANIMGRAPH 2 ][/p]

• [p]Fixed wrong pose when backing into corners[/p][/*]
• [p]Improved stuttering of 3rd person aim[/p][/*]
• [p]Fixed main menu pistol poses[/p][/*]
• [p]Added missing knife draw animations[/p][/*]
• [p]Fix pop when running and switching weapons[/p][/*]
• [p]Fix pop when switching weapons after throwing a grenade[/p][/*]
• [p]Fixed head wobbling when planting C4[/p][/*]
• [p]Fixed issue when holding inspect and changing weapons[/p][/*]

[p]\[ OTHER ][/p]

• [p]Fixed a case where it was possible to climb down ladders faster than before.[/p][/*]

[p][/p][p]Please note that the client may produce a fatal error message when attempting to connect to a server running a different build.[/p]

Below are development builds for testing purposes.

Latest development build: 2.7.0.10 (April 14th 2026)

Latest stable release build: 2.7.0
https://github.com/clsid2/mpc-hc/releases/tag/2.7.0

Bugfixes and minor changes:

• SFTP: Added a heuristic to reply to a keyboard-interactive request with the site's password, if it consists of a single prompt named "Password"
• SFTP: Updated to fzssh 1.1.10 for increased compatibility with broken servers that blatantly violate the SSH specifications

2026-04-14

nginx-1.30.0 stable version has been released, incorporating new features and bug fixes from the 1.29.x mainline branch  — including Early Hints, HTTP/2 to backend and Encrypted ClientHello, sticky sessions support for upstreams, Multipath TCP support, the default proxy HTTP version set to HTTP/1.1 with keep-alive enabled, and more.

26.2 Snapshot 3 (known as 26.2-snapshot-3 in the launcher) is the third snapshot for Java Edition 26.2, released on April 14, 2026, which adds sulfur spikes and fixes bugs. Full changelog: https://minecraft.wiki/Java_Edition_26.2-snapshot-3