Normale weergave
2026.7: Automations that speak your language
Tip
Donโt forget to join our release party live stream on YouTube on July 1, 2026, at 20:00 GMT / 12:00 PT / 21:00 CET!
Home Assistant 2026.7! ๐
This is one of those releases Iโve been looking forward to for a long time. My favorite by far is what weโve done with automations. Purpose-specific triggers and conditions graduate from Labs and become the new default for everyone. ๐
It comes down to something weโve been chasing for years: more power, less complexity. Instead of starting from Home Assistantโs internals, which entity, which state, which kind of trigger, you start from what you actually want your home to do. When the bedroom drops below 18ยฐC, turn on the heating. Thatโs it. No technical traps, no quirks to memorize. And because integrations can teach the automation engine their own triggers and conditions, it only gets better from here. All of it right there in our beautiful user interface.
The nice thing is, nothing breaks. All your existing automations keep working, worry-free. Weโve also written tons of great documentation explaining every single trigger, condition, and action, with examples to learn from. And if youโre one of those people who prefers writing automations in YAML instead of the UI, youโre in for an amazing experience too. User experience is not a synonym for โthe UIโ. YAML users deserve good user experience too.
But honestly? Iโve got a second favorite this release, and that surprised me a little. Activity, what many of you still know as the logbook, has been rebuilt into a slick and clean timeline. ๐ It reads top to bottom like a feed, groups entries by day, and finally speaks the same language as the rest of Home Assistant. I keep opening it just to look at it.
And thatโs just the start. Thereโs a new update-all button, dedicated panels for infrared and radio frequency, an overhauled ZHA Zigbee device management, and 10 new integrations from our community.
One more thing before you dive in: the Open Home Foundation is exhibiting at IFA Berlin for the first time, from September 4 to 8, 2026. Weโd love to meet you there, so come say hello. Thereโs also a community meetup on Sunday, September 6, and everyoneโs welcome. You can read all about it here.
Enjoy the release!
../Frenck
- Creating automations just became easier, natural and more powerful
- Activity logbook
- Update all
- Integrations
- Other noteworthy changes
- Need help? Join the community
- Backward-incompatible changes
- All changes
A huge thank you to all the contributors who made this release possible! And a special shout-out to @piitaya, @sairon, and @agners who helped write the release notes this release. Thanks to them, these release notes are in great shape. โค๏ธ
Creating automations just became easier, natural and more powerful
This is, hands down, one of the biggest and best changes weโve made to the automation editor in years. It has been roughly eight months in the making, built and refined release after release by a lot of people, and shaped by a mountain of your feedback along the way. As of this release, it is here for everyone, and we could not be more excited to finally hand it over.
Why are we this excited? Because automations have always asked you to meet Home Assistant halfway. Some people still talk about it like you need YAML, a coding background, and a free evening just to automate a light. That hasnโt been true for a while, and this release takes the biggest step yet toward closing that gap for good.
Back in Home Assistant 2025.12, we introduced purpose-specific triggers and conditions in Settings > System > Labs. Every release since has added more of them and polished the experience. This release, they graduate: this new way of building automationsAutomations in Home Assistant allow you to automatically respond to things that happen in and around your home. [Learn more] is out of Labs and becomes the new default for everyone. ๐
It is tempting to read this as a nicer set of menu options. It is much more than that. It is a different starting point: you describe what you want your home to react to, rather than starting from the technical building blocks underneath.
Start with what you want, not how it works
An automation engine thinks in primitives. People donโt. You think โwhen the front door opensโ, โwhen the last person leavesโ, or โwhen a battery runs lowโ.
The old path started somewhere else, with Home Assistantโs internals. Which entity? Which state? Does it become on, detected, home, or not_home? Do I need a state trigger, a numeric state trigger, a device trigger, or a system event? If you know Home Assistant well, those questions are second nature. If you donโt, they are the wall you hit before you even start. ๐ค
The new triggers and conditions speak the language of the thing you care about. When the bedroom drops below 18ยฐC, turn on the heating. You donโt think about numeric state triggers, attributes, or units. You pick Temperature crossed threshold and say what matters. Or Battery low: no need to know whether a device reports its battery as a percentage sensor, or what counts as โlowโ. You build around the moment itself.
Built around areas, not one device or entity at a time
The new building blocks also support targets, and that is a bigger deal than it sounds.
You can build an automationAutomations in Home Assistant allow you to automatically respond to things that happen in and around your home. [Learn more] around motion in the living room, instead of around one specific motion sensor. One sensor in that room, fine. Ten, also fine. Swap one out next year, add another, or remove the one that kept seeing the cat, and the automation keeps describing the same intent: motion in the living room.
When motion is detected outside, turn on the lights outside. The trigger points at the outside areaAn area in Home Assistant is a logical grouping of devices and entities that are meant to match areas (or rooms) in the physical world: your home. For example, the living room area groups devices and entities in your living room. [Learn more], the action points at the outside lights. Change which sensors or lights live there later, and the automation follows along. It reads like a sentence, and it is one less fragile list of entities to maintain forever.
More than friendlier wording
Here is the part that is easy to miss: this isnโt just a friendly wrapper around the old triggers.
These triggers and conditions can be extended by integrationsIntegrations connect and integrate Home Assistant with your devices, services, and more. [Learn more], including custom and community ones. Integrations have long been able to add their own actions; now they can add their own triggers and conditions too. Picture a washing machine integration offering a plain โlaundry is doneโ trigger, with no need to know which state value or attribute actually means finished. An integration knows things you would otherwise have to figure out yourself: which state changes matter, which to ignore, which edge cases are normal, and what a useful automation moment looks like in its world.
A sensor can tell you the electricity price. The integration can tell you when the price is lowest today. Instead of everyone rebuilding the same template, or learning the quirks of one particular heat pump, EV charger, or alarm panel, the integration can offer the triggers, conditions, and actions that make sense for it. That turns the automation engine into something integrations can teach. It is where โmore power, less complexityโ stops being a slogan.
No technical traps
There is a quieter benefit too: No technical traps. ๐ช
With these new triggers, you donโt need to care about unknown or unavailable states. The building block handles those in the way that makes sense for its purpose. The moment you have to decide whether one specific automation should ignore unavailable, wait it out, or treat it as false, we have already made you think about the wrong thing.
Event entities are another classic. Automate around one with a plain state trigger and you may discover it doesnโt fire the second time the same event happens, because the state didnโt change the way you expected. A purpose-specific trigger expresses the event directly, so that whole class of surprise simply goes away.
Your automations are safe, and YAML isnโt going anywhere
Before anyone opens a forum thread in mild panic: no, you donโt need to rewrite anything.
Existing automations keep working. Generic triggers, conditions, templates, and YAML all keep working. The new triggers and conditions are simply the better starting point for the next automation you build, and a nicer option when you decide to improve an old one. It is not a migration tax.
And this isnโt Home Assistant walking away from YAML. We put real effort into making the new building blocks read well in YAML too, the same way we did when automations moved to triggers, conditions, and actions and swapped service for action. If text is your interface, it should feel just as natural. If you use YAML to write automations, we are sure youโll love the new triggers and conditions just as much!
Documentation is part of the feature
We also did the less flashy work, which on a project like this is often the work that matters most. Every trigger, condition, and action now has its own documentation page over at triggers, conditions, and actions. Each one explains what the building block is, when you would reach for it, how to use it from the automation editor, how it looks in YAML, and includes real examples to learn from.
There is a lot of it, on purpose. Approachability is not only about a friendlier button in the UI. It is also about helping you understand what that button does, and when to use it. Good documentation is product work, even when it does not get its own screenshot.
There is an AI angle here too, and it belongs in the right place: this is for people first. But many of you already use AI to help build automations, and clearer, well-described building blocks give those tools much better material to work with. Their suggestions can become more consistent, because there is less Home Assistant-specific guesswork to invent. It will not happen overnight, since most models are trained on older examples and may keep suggesting the old patterns for a while. The better the documentation, the faster both people and machines pick up the new way.
Havenโt tried building automations this way yet? Open the automation editor and start with what you want to happen. We think youโll like where it begins. ๐
Activity logbook
Activity, the feature many of you still know as the logbook, has always been there to answer a simple question: what happened, and when? The way it answered, though, was a flat list of full sentences. โLiving room lamp turned on.โ โAuto lights was triggered by motion.โ Every row was a complete sentence, the device name was repeated on every line, and it used its own wording (โturned onโ, โchanged toโ) that didnโt quite match how states are written everywhere else in Home Assistant. Reading back a busy day meant reading every single line.
This release rebuilds it from the ground up into a timeline.
Each entry now sits on a vertical rail: the time on the left, a colored dot with the entityAn entity represents a sensor, actor, or function in Home Assistant. Entities are used to monitor physical properties or to control other entities. An entity is usually part of a device or a service. [Learn more]โs icon, and the text beside it. You read it top to bottom, like a feed. Entries are grouped by day, with Today, Yesterday, and dated headers, so you never lose track of where you are in time. The dot takes on the state color too, so an on and an off are easy to tell apart at a glance, without reading a word.
It also shows only the context you actually need. The timeline trims the name down to where youโre looking: on an entity page you just see the value, on a device page the device name is dropped, and on an area page the area is left out. No more reading the same device name on every row.
A few more touches make it feel right at home:
- The same words as the rest of the app. State text now comes from the backend, the same source the rest of Home Assistant uses, so it reads identically everywhere and in every language. No more logbook-only verbs.
- It shows the cause. When something was set in motion by a person, you see their avatar. An automation shows what triggered it, and an integration shows its brand icon. The โwhyโ sits right next to the โwhatโ.
- Time the way you want it. In the compact views, like the more info dialog, device and area pages, and on cards, select the timestamp to flip between absolute time and a relative โ2 hours agoโ. A quick glance when you want it, exact precision when you need it.
The same component powers all of this, so the timeline stays consistent whether itโs filling the full Activity page on a wide screen or tucked into a card on your phone. Wide screens get the full timeline with the time column and icons; narrow screens and cards get a compact version with the cause icon and the time trailing the entry.
Update all
Weโve all been there. You open Settings > Updates after being away for a bit, and there it is: a wall of pending updates. A new Home Assistant release, a handful of apps, that one integration, and seven ESPHome devices that all decided to ship new firmware in the same week. Keeping up used to mean working down that list one entry at a time, selecting, waiting, selecting the next, and repeating until your finger got tired.
Not anymore. This release reorganizes the updates page around how you actually think about your system, and adds a single button that does the heavy lifting: Update all.
Instead of one long, flat list, your pending updates are now grouped into clear cards, each covering a part of your setup:
- Home Assistant sits right at the top, with Core, the Operating System, and the Supervisor. These run the core of your system, so theyโre kept on their own, without an Update all button. You apply them yourself, on purpose.
- Integrations with several pending updates get a card of their own. Those seven ESPHome devices? Bundled together, so a single selection brings them all up to date. The same goes for a stack of HACS integrations waiting on a new version.
- Integrations gathers the remaining one-off integration updates into one tidy card.
- Apps does the same for your apps (used to be called add-ons).
- Skipped updates show up in their own card once you turn on Show skipped updates. Keeping them separate means they never get swept along by an Update all you didnโt intend for them.
Select Update all on any card, and Home Assistant takes it from there, updating everything in that group in one go. No ticking boxes, no confirmation dialog to step through, just done.
Itโs a small change to a page you only visit now and then, but it turns a recurring chore into a couple of taps.
Integrations
Thanks to our community for keeping pace with the new integrationsIntegrations connect and integrate Home Assistant with your devices, services, and more. [Learn more] and improvements to existing ones! Youโre all awesome ๐ฅฐ
New integrations
We welcome the following new integrations in this release:
-
Aqvify, added by @astrandb, launching at ๐ platinum quality
Monitor your Aqvify water well and tank sensors in Home Assistant. The integration connects through Aqvifyโs public cloud API and exposes sensors for your well water level, so you can keep an eye on your supply and build automations around it. -
Chef iQ, added by @Invader444
Read the temperatures from your Chef iQ wireless cooking probes directly over Bluetooth. No cloud account, base station, or hub is needed: the probe broadcasts its readings and Home Assistant listens passively. -
Dropbox, added by @bdr99
Store your Home Assistant backups straight to your Dropbox account. Setup runs through the Home Assistant Cloud Account Linking service, so you do not need a Home Assistant Cloud subscription or your own application credentials to get started. Once connected, Dropbox shows up as a backup location alongside the rest. -
Edifier Infrared, added by @abmantis
Control your Edifier speaker with any infrared transmitter you already have set up in Home Assistant. Built on the Infrared entity platform, so you can pair it with an ESPHome device with an IR LED, or any other supported IR emitter. Communication is one-way, so the integration uses assumed states. -
energieleser, added by @AjinkyaGokhale
Bring real-time energy readings into Home Assistant from energieleser devices, such as stromleser, gasleser, wasserleser, and wรคrmeleser. The integration reads consumption data over a local HTTP API, so all communication stays on your network. -
Envertech EVT800, added by @daniel-bergmann-00
Monitor your Envertech EVT800 solar microinverter in Home Assistant. The integration receives data locally over your network, exposing energy and power readings you can track on dashboards and use in automations. -
Greencell, added by @BrzezowskiGC
Connect your Greencell EV charging devices to Home Assistant over MQTT. It monitors charger status and electrical measurements like voltage, current, and power, and exposes real-time telemetry and charging-session data for dashboards and automations. -
Helty Flow, added by @ebaschiera
Control your Helty Flow decentralized heat-recovery ventilation units with the smart Wi-Fi interface. The integration talks to each unit directly on your local network, so it keeps working without an internet connection. -
KlikAanKlikUit, added by @Phunkafizer
Control self-learning KlikAanKlikUit 433.92 MHz RF devices from Home Assistant. Because the integration sends commands over RF without a feedback channel, it uses assumed states. -
MELCloud Home, added by @erwindouna
Bring your Mitsubishi Electric air conditioning and heat pump products into Home Assistant through MELCloud Home, Mitsubishi Electricโs cloud service. Monitor and control your devices alongside the rest of your home automations.
This release also has new virtual integrations. Virtual integrations are stubs that are handled by other (existing) integrations to help with findability. These ones are new:
- Avosdim, provided by Motionblinds, added by @mbo18
- BWT, provided by SEKO PoolDose, added by @lmaertin
- Gitter, provided by Matrix, added by @tr4nt0r
- Nexen, provided by Hypontech Cloud, added by @jcisio
Noteworthy improvements to existing integrations
It is not just new integrationsIntegrations connect and integrate Home Assistant with your devices, services, and more. [Learn more] that have been added; existing ones keep getting better too. Here are some of the noteworthy improvements this release:
- Alexa Devices gained switches to toggle announcements and communications on your Amazon Echo devices, thanks to @chemelli74. It also added a to-do list platform, so you can manage your Alexa shopping and to-do lists from Home Assistant, thanks to @lonlazer.
- SwitchBot added a button event entity for the Contact Sensor, plus switch controls for the Standing Fan. Thanks, @prmx and @Onero-testdev!
- Overkiz now supports Rexel Energeasy Connect, through both its cloud and local API. Thanks, @iMicknl!
- SwitchBot Cloud can now upload images to the SwitchBot AI Art Frame. Thanks, @XiaoLing-git!
- SMTP gained notify entities, the modern way to send email notifications. Thanks, @tr4nt0r!
- GitHub added entities that track GitHub user accounts. Thanks, @joostlek!
- Environment Canada gained a
get_alertsaction to fetch active weather alerts on demand. Thanks, @gwww! - Wallbox added a button to resume the charging schedule, handy alongside EcoSmart solar charging. Thanks, @Rayman223!
- Tesla Powerwall now supports the Powerwall 3, and gained sensors for the operation mode and the maximum charge and discharge power. Thanks, @Bre77 and @BrettLynch123!
- Tedee added a connectivity binary sensor, so you can tell when a lock drops off the network. Thanks, @zweckj!
- BleBox added support for openSensor and drutexSmart devices, including CO2 sensors. Thanks, @bkobus-bbx!
- Droplet now reports leak alerts. Thanks, @sarahseidman!
- Whirlpool Appliances added a button to stop the oven. Thanks, @bdlcalvin!
- Yoto got a lot of attention this release: a media browser, plus new sensors, binary sensors, a time entity, and number controls for display brightness and maximum volume. Thanks, @piitaya!
- Samsung Infrared added buttons for individual remote commands. Thanks, @lmaertin!
- openSenseMap now exposes its environmental measurements as sensors. Thanks, @AlCalzone!
- OpenEVSE added binary sensors for your chargerโs status. Thanks, @firstof9!
- Rabbit Air added an air quality sensor. Thanks, @MagikalUnicorn!
- Green Planet Energy gained actions to find the cheapest stretch of energy prices. Thanks, @petschni!
- Duco added a select to set the ventilation state on your Duco box nodes. Thanks, @ronaldvdmeer!
- Hypontech Cloud added load, grid, and battery sensors. Thanks, @jcisio!
- Xthings Cloud added a switch platform. Thanks, @zhangluofeng!
- Kiosker added a button to clear the blackout, plus binary sensors and sensors with blackout details. Thanks, @Claeysson!
- PAJ GPS added battery sensors for your trackers. Thanks, @skipperro!
- Vistapool grew a lot, with new button, number, light, and binary sensor entities for your pool controller. Thanks, @fdebrus!
- Fluss+ now supports covers, like gates and garage doors. Thanks, @Marcello17!
- Imou added live camera streaming. Thanks, @Imou-OpenPlatform!
Integration quality scale achievements
One thing we are incredibly proud of in Home Assistant is our integration quality scale. This scale helps us and our contributors to ensure integrations are of high quality, maintainable, and provide the best possible user experience.
This release, we celebrate several integrationsIntegrations connect and integrate Home Assistant with your devices, services, and more. [Learn more] that have improved their quality scale:
-
1 integration reached platinum ๐
-
2 integrations reached gold ๐ฅ
- Anthropic, thanks to @Shulyaka
- Growatt, thanks to @johanzander
-
3 integrations reached silver ๐ฅ
- OpenEVSE, thanks to @c00w
- OVHcloud AI Endpoints, thanks to @Crocmagnon
- Splunk, thanks to @Bre77
-
1 integration reached bronze ๐ฅ
- openSenseMap, thanks to @AlCalzone
This is a huge achievement for these integrations and their maintainers. The effort and dedication required to reach these quality levels is significant, as it involves extensive testing, documentation, error handling, and often complete rewrites of parts of the integration.
A big thank you to all the contributors involved! ๐
Now available to set up from the UI
While most integrationsIntegrations connect and integrate Home Assistant with your devices, services, and more. [Learn more] can be set up directly from the Home Assistant user interface, some were only available using YAML configuration. We keep moving more integrations to the UI, making them more accessible for everyone to set up and use.
The following integrations are now available via the Home Assistant UI:
- SAJ Solar Inverter, done by @edurenye
- SMTP, done by @tr4nt0r
- Swisscom Internet-Box, done by @anatosun
- UniFi AP, done by @PaulVanSchayck
Farewell to the following
Time for a little cleaning, and no, we did not wait for spring. The following integrationsIntegrations connect and integrate Home Assistant with your devices, services, and more. [Learn more] are no longer available as of this release. Most had been broken for a while, leaning on libraries or services that went unmaintained or offline years ago:
- Acer projector has been removed. It had been broken since 2019.
- Ampio Smog has been removed. The air quality service it polled is offline and its library has been unmaintained since 2019, so it no longer works.
- ATEN Rack PDU has been removed. It had been broken since 2024 over a dependency conflict, and its maintainer stepped down with no one to take over.
- Avi-on has been removed. It depended on the
bluepylibrary, which Home Assistant dropped back in 2022.7, and which has been unmaintained since 2018. - BeeWi SmartClim has been removed for the same reason: it relied on the long-unmaintained
bluepylibrary that Home Assistant dropped in 2022.7. - BlinkStick has been removed. It was disabled in 2024 because it relied on a non-open-source library that has been unmaintained since 2020.
- Clementine has been removed. It had been broken since 2023, and its library has been unmaintained since 2018.
- Dovado has been removed. It was disabled in 2024.7 because it relied on a non-open-source library that has been unmaintained since 2017.
- ELIQ Online has been removed. Its API endpoint no longer exists, and the underlying library has been unmaintained for years.
- Gitter has been removed. Gitter migrated to Matrix back in 2023 and its old API no longer works, so it is now a virtual integration handled by the Matrix integration, which you can use to connect instead.
- Greenwave Reality has been removed. It had been broken since around 2022, because the devices use an outdated encryption key that modern systems reject, and its library has been unmaintained since 2018.
- Logentries has been removed. The service was rebranded to InsightOps years ago and is no longer offered, and its API endpoint no longer responds.
- Microsoft Face has been removed, together with the Microsoft Face Detect and Microsoft Face Identify integrations that built on it. They had been broken since 2022 after a change to Microsoftโs Azure face API.
- MS Teams has been removed. The integration relied on Office 365 Connectors, which Microsoft discontinued on May 22, 2026, so it no longer works.
- Mycroft has been removed. It was disabled in 2023.6 over an unresolvable dependency conflict, and its library has not been updated since.
- SCSGate has been removed. It required obscure DIY hardware that is no longer available, its library has been unmaintained for a decade, and it had effectively no users left.
- ThermoWorks Smoke has been removed. It was disabled in 2024.10 over a dependency conflict, and its library has been unmaintained since 2019.
- Tikteck has been removed.
- UniFi LED has been removed. The hardware is discontinued and the integration had no remaining users.
- Watson TTS has been removed. It was disabled in 2023 over a dependency conflict, and no one stepped up to update it since.
Other noteworthy changes
There are many more improvements in this release; here are some of the other noteworthy changes:
- Edit a running timerโs duration. Change a timerโs duration straight from its dialog, no need to cancel and start over. Thanks, @chli1!
- A faster frontend. A big batch of performance work landed this release, most noticeably across the energy, history, and statistics graphs, so they draw quicker and feel snappier. Thanks, @MindFreeze!
- Device and area pages adapt to your screen. They now use a responsive column layout, and the device page lists its main entities first, so the important controls sit right at the top.
- More context in the scene editor. Entity rows now show their type and the integration they belong to, making large scenes easier to read. Thanks, @pszypowicz!
- Tags in the Apps store. The Apps store now shows tags and marks which apps you already have installed. Thanks, @bramkragten!
- A sub-editor for the statistics graph card. Tune each entity right from the cardโs visual editor. Thanks, @ildar170975!
- Live condition testing keeps improving. Conditions now show clearer status icons (addressing the red and green only accessibility concern from last release), the indicator works on mobile in the visibility editor, and live testing now covers conditions inside actions too. Thanks, @silamon and @marcinbauer-ohf!
- Hide columns in Developer tools. The States tab can now hide the Device and Area columns. Thanks, @vingerha!
- Matter soil moisture sensors. Matter-certified soil moisture sensors now show up in Home Assistant. Thanks, @lboue!
- A projector device class for media players. Projectors are now a proper media player device class, surfaced through Google Assistant, HomeKit, and SmartThings too. Thanks, @jtjart!
- Template lights gain xy color. Build template lights with full xy color support. Thanks, @Petro31!
- Clean a specific room from Google Assistant. Ask Google to send your robot vacuum to a particular room. Thanks, @joostlek!
- Snappier templates. Under the hood, a template engine optimization makes templates render up to 40% faster. Thanks, @frenck!
- Clearer automation traces. When you debug an automation or script, its trace now always includes template errors, making it easier to spot what went wrong. Thanks, @emontnemery!
Time format selection
Some entitiesAn entity represents a sensor, actor, or function in Home Assistant. Entities are used to monitor physical properties or to control other entities. An entity is usually part of a device or a service. [Learn more] tell time. A sensor with the next sunrise, the timestamp of your last backup, a countdown to the next calendar event. How that moment should be shown is a matter of taste: sometimes you want the exact date and time, and sometimes a friendly โin 3 hoursโ or โ2 days agoโ is far more useful at a glance.
Until now, picking how a timestamp was displayed meant editing YAML. This release brings that choice into the UI. When you add a timestamp entity to a tile card, the entities card, or as an entity badge, a Time format option shows up in the editor, so you can choose how the time is presented, including a new short or long style for the relative format.
Thanks, @karwosts!
Dedicated panels for infrared and radio frequency
Earlier this year, Home Assistant gained dedicated entity platforms for infrared and radio frequency devices, the building blocks behind integrations that reach your gear through an IR blaster or a 433 MHz transmitter. This release gives them a proper home.
Two new panels show up in the Settings menu, one for infrared and one for radio frequency. Each lists the proxies and transmitters youโve set up, so you can see your IR blasters and RF bridges at a glance and jump straight to the one youโre looking for, instead of hunting for them among everything else. The panels only appear when you actually have such devices, so they stay out of the way if you donโt.
Thanks, @balloob!
The ZHA Zigbee device management got an overhaul
Managing a Zigbee device through ZHA used to mean squinting at a cramped dialog. The clusters, bindings, signature, and neighbors tools were all there, but crammed into a small popup that left little room to breathe.
This release moves all of that onto a dedicated, full-page device view. The same tools are now laid out across tabbed navigation, with a device summary card up top, and the loading, empty, and error states have been cleaned up throughout. Itโs the same powerful Zigbee management, just far easier to work with.
Thanks, @jpbede!
Keeping your Raspberry Pi firmware up to date
Running Home Assistant Operating System on a Raspberry Pi? You are in good company: per our public, opt-in analytics, the Raspberry Pi platform currently powers about a third of all installations. As of this release, there is an โupdate entityโAn update entity is an entity that indicates if an update is available for a device or service. [Learn more] for the Piโs bootloader firmware, also often referred to as the EEPROM update. You can keep it current right from Settings > Updates, the same place you handle every other update.
This is more than a nice-to-have. Especially on the Raspberry Pi 5 and Compute Module 5, the firmware contains bug fixes, compatibility improvements for NVMe drives, thermal improvements, and much more. Until now, updating that firmware was cumbersome: you had to flash another SD card with a special image, or connect a keyboard and a display and run the rpi-eeprom-update command by hand. Now it takes a single step.
A few things to keep in mind:
- This needs Home Assistant Operating System 18 or newer, which provides the support the update entity builds on. On older versions, the entity simply isnโt there.
- On a Raspberry Pi 4, the firmware can only be updated when the board boots from an SD card. If your Pi 4 boots from USB storage, the update isnโt available. This is a limitation of the update system, and one more reason we recommend using USB only as a data disk while keeping an SD card as the main boot device.
- Not every board can update its firmware this way. Besides a Raspberry Pi 4 booting from USB storage, the Home Assistant Yellow with a Compute Module 4 isnโt supported either. Where an update canโt be applied, the entity doesnโt appear at all, so you donโt see an update that wouldnโt work.
- After the update is applied, Home Assistant prompts you to reboot to complete it.
Thanks, @sairon!
Need help? Join the community
Home Assistant has a great community of users who are all more than willing to help each other out. So, join us!
Our very active Discord chat server is an excellent place to be, and donโt forget to join our amazing forums.
Found a bug or issue? Please report it in our issue tracker to get it fixed! Or check our help page for guidance on more places you can go.
Are you more into email? Sign up for the Open Home Foundation Newsletter to get the latest news about features, things happening in our community, and other projects that support the Open Home straight into your inbox.
Backward-incompatible changes
We do our best to avoid making changes to existing functionality that might unexpectedly impact your Home Assistant installation. Unfortunately, sometimes it is inevitable.
We always make sure to document these changes to make the transition as easy as possible for you. This release has the following backward-incompatible changes:
Purpose-specific triggers and conditions
Several entity triggers and conditions, part of the new purpose-specific triggers and conditions, have been renamed so their keys are consistent across all domains. The old keys no longer work.
The following triggers changed:
battery.lowis nowbattery.became_lowbattery.not_lowis nowbattery.no_longer_lowlawn_mower.dockedis nowlawn_mower.returned_to_dockschedule.turned_offis nowschedule.block_endedschedule.turned_onis nowschedule.block_startedtimer.time_remainingis nowtimer.remaining_time_reachedupdate.update_became_availableis nowupdate.became_availablevacuum.dockedis nowvacuum.returned_to_dock
The following conditions changed:
climate.target_humidityis nowclimate.is_target_humidityclimate.target_temperatureis nowclimate.is_target_temperature
If an automation or script uses one of these, it will stop working until updated. To fix it, open the affected automation or script, re-select the trigger or condition (it now appears under its new name), and save. If you edit in YAML, replace the old key with the new one from the list above.
BSB-LAN
The BSB-LAN integration has reduced its support for the older version 1 JSON API. If your BSB-LAN device runs very old firmware that only speaks the version 1 API, update it to firmware that supports the version 2 API to keep everything working.
A repair notification will let you know if your device is affected.
iCloud
The battery_level attribute has been removed from iCloud device tracker entities. Use the dedicated battery sensor in your automations and scripts instead.
Person
Person entities no longer report the latitude and longitude of the home zone when their location comes from a presence scanner associated with the home zone.
If you have automations or scripts that check the coordinates of a person, adjust them. To check whether a person is in a specific zone, use the new in_zones state attribute instead.
Rabbit Air
The Rabbit Air fan preset mode values changed from title case to lowercase to match Home Assistantโs state convention: Auto is now auto, Manual is now manual, and Pollen is now pollen. The user-facing labels stay the same through translations.
Update any automations, scripts, templates, or action calls that reference the old title-case preset values.
Reolink
Reolink Duo PoE and Duo WiFi dual-lens cameras now expose a sub-device per lens. The camera and motion/AI sensor entities that previously had a โlens 0โ or โlens 1โ suffix in their name are moved to the new lens sub-devices and lose that suffix. Entity IDs and custom names stay the same, so most automations keep working.
If you target these entities through the camera device, update them to use the new lens sub-devices.
StarLine
The battery_level attribute has been removed from StarLine device tracker entities. Use the dedicated battery sensor in your automations and scripts instead.
Tesla Fleet
The route device tracker (device_tracker.<vehicle>_route) no longer reports the active routeโs destination name as its state. Its state is now derived from your zones like a normal device tracker (home, not_home, or a zone name), based on the routeโs coordinates.
The destination name is still available through the new destination sensor (sensor.<vehicle>_destination), which is disabled by default. Enable it from the entity settings if you have automations that relied on the destination name, and update any automations that matched the old route tracker state.
Teslemetry
The route device tracker no longer reports the active routeโs destination as its state or through a location_name attribute. Its state is now derived purely from the routeโs coordinates (zone-aware, like home or not_home).
If you relied on the destination name, enable the new Destination sensor (sensor.*_destination), which is disabled by default and reports the destination name as Tesla provides it.
Tractive
The battery_level attribute has been removed from Tractive device tracker entities. Use the dedicated battery sensor in your automations and scripts instead.
Zeroconf
The legacy requires_api_password field has been removed from the Home Assistant zeroconf/mDNS discovery announcement (_home-assistant._tcp). It had been hardcoded to true since the http.api_password authentication mechanism was removed in Home Assistant 2024.7, so it no longer carried any meaning. The official companion apps already ignore it.
Third-party discovery clients that still read this field need to tolerate its absence.
(@agners - #173090) (Zeroconf documentation) (API documentation)
Zone
The state (person count) and persons attribute of zone entities are now calculated from the in_zones attribute of person entities. As a result, a person can now be counted in more than one zone at the same time. For example, a person who is home with in_zones: ["home", "near_home"] now counts toward both zone.home and zone.near_home, where previously they only counted toward zone.home.
In addition, the state of position-aware device trackers is now the smallest zone the device is in, instead of the zone whose center it is closest to.
Automations, scripts, or templates that depend on zone person counts or on device tracker zone states may need to be adjusted.
Z-Wave JS
This release requires an updated Z-Wave JS server. You need zwave-js-server 3.9.0 or newer (schema 49):
- If you use the Z-Wave JS app, update it to at least version 1.4.0.
- If you use the Z-Wave JS UI Docker container, update it to at least version 11.19.1.
- If you run your own zwave-js-server, update it to at least version 3.9.0.
If you are a custom integration developer and want to learn about changes and new features available for your integration: Be sure to follow our developer blog. The following changes are the most notable for this release:
- Changes to device tracker entity models
- Frontend component updates in 2026.7
- Introducing new unit enumerators
- Deprecation of the
home_assistant_startflag ofasync_initialize_triggers
All changes
Of course, there is a lot more in this release. You can find a list of all changes made here: Full changelog for Home Assistant Core 2026.7.
v2.5.4
New
- Node.js 24 LTS Support
- MariaDB 12.3 Support
- Ubuntu 26.04 Support
Bug Fixes
- #758 site:delete does not remove user crontab in /var/spool/cron/crontabs/
- #761 SitePhpSettingsType.php throws 500 error while managing PHP sites โ TypeError: Unsupported operand types (string + int)
- #771 Font files missing correct mime type header in NGINX
British Columbia: Cities
British Columbia is home to some of Canada's most breathtaking landscapes, vibrant communities, and industries that keep the province moving. Today, we're excited to take you on a tour of several cities and towns featured in our upcoming British Columbia DLC for American Truck Simulator.
Grand Forks
Located in the beautiful Boundary Country region, Grand Forks sits at the meeting point of the Kettle and Granby Rivers. Surrounded by rolling hills, farmland, and forests, this welcoming community serves as an important agricultural and transportation center in southern British Columbia.
As you drive through town, you'll discover a charming downtown area alongside local industries that help support the region's economy. Truckers can find work connected to a local sawmill and building material factory, while those exploring the city may spot the historic gallery located near the heart of town. Whether you're delivering cargo or passing through on a longer journey, Grand Forks offers a relaxing stop with plenty of scenic views along the way.
Creston
Nestled within a fertile valley near the United States border, Creston is well known throughout British Columbia for its rich agricultural heritage. Surrounded by mountains and open farmland, this picturesque community offers drivers some truly memorable views.
Our team has recreated key landmarks and the area's distinct atmosphere, allowing players to experience the charm of this valley town firsthand. As you make your way through Creston, keep an eye out for recognizable sights, including the local theater, library, visitor center, and Presbyterian church. Truckers can also find a variety of cargo opportunities connected to the region's agricultural economy, with deliveries to and from farms, a winery, and a beverage factory making Creston an important destination for those traveling through southeastern British Columbia.
Sparwood
At the foot of the Canadian Rockies lies Sparwood, a town deeply connected to British Columbia's mining industry. Surrounded by rugged mountain landscapes, Sparwood is perhaps best known for its rich coal mining heritage and impressive industrial operations.
Drivers passing through will encounter dramatic scenery, steep mountain grades, and large-scale industry centered around the local coal mine. Keep an eye out for some of Sparwood's recognizable landmarks, including the visitor center, library, and the famous World's Largest Tandem Axle Truck displayed proudly near the highway. It's a sight that's hard to miss and has been carefully recreated by our map team.
Invermere
Situated along the shores of Lake Windermere, Invermere offers a refreshing change of pace amid the towering peaks of the Columbia Valley. Popular with both locals and visitors, this mountain town combines beautiful scenery with a welcoming small-town atmosphere.
As you travel through the area, you'll encounter stunning views of nearby lakes, forests, and mountain ranges. While tourism plays a significant role in the region, truckers will also find important connections to local businesses that help keep the valley supplied year-round. Drivers familiar with the area may even recognize the iconic Steak & Schnitzel Haus, faithfully recreated as part of the town's streetscape.
Golden
Nestled between several major mountain ranges, Golden serves as an important gateway to British Columbia's interior. Its strategic location has made it a key transportation hub for decades, connecting communities through some of Canada's most spectacular landscapes.
Players can look forward to navigating winding mountain highways, crossing impressive bridges, and experiencing the unique geography that surrounds the town. Golden's position along major transportation corridors ensures that there will be no shortage of deliveries moving through this busy mountain community, including work connected to the local railyard. Be sure to also look out for the town's visitor center as you pass through.
Princeton
Located where several highways converge, Princeton has long served as an important stop for travelers and truckers crossing southern British Columbia. Rich in history and surrounded by forests, rivers, and rolling hills, the town retains much of its classic frontier character.
As you pass through Princeton, you'll discover a blend of historic charm and modern industry. Local businesses and resource-based industries provide valuable job opportunities, including deliveries connected to a sawmill and nearby copper mining operations. Be sure to take in the surrounding scenery as you continue your travels through the region.
Campbell River
Situated on the eastern coast of Vancouver Island, Campbell River is known as one of British Columbia's premier coastal communities. Surrounded by forests and the waters of the Discovery Passage, it plays a vital role in the province's forestry, fishing, and transportation industries.
Truckers arriving in Campbell River will experience a unique coastal atmosphere unlike anywhere else in the DLC. From bustling industrial areas to scenic waterfront views, the city offers a memorable destination for those making deliveries across Vancouver Island. Drivers can also service the local marina, an important part of Campbell River's connection to the surrounding waterways. The surrounding landscapes and industries provide plenty of reasons to return time and time again.
These are just a few of the many cities and communities you'll be able to discover throughout British Columbia. Our teams are working hard to capture the unique character, industries, and landscapes that make this province such an exciting destination for truckers.
Stay tuned for more previews as we continue to reveal whatโs in store for this DLC. In the meantime, donโt forget to add British Columbia to your Steam Wishlist and follow us on X/Twitter, Instagram, Facebook, Bluesky, and TikTok, or subscribe to our newsletter for more behind-the-scenes content, teasers, and announcements.ย Until next time, keep on truckin' and happy haulin'!
Counter-Strike 2 Update
- [p]Champions Autograph Stickers are now available for purchase in the Major Shop, congratulations to the Falcons![/p][/*]
- [p]Highlight Souvenir Charms are now available for purchase in the Major Shop, featuring 10 highlights for each of the six stages of the Cologne 2026 Major, and the Falcons' trophy-lifting moment.[/p][/*]
Drie oorlogsboeken of een bonnetjesprinter | POM S11E40
De laatste voor de zomer, en Ernst-Jan is nog nat van de penalty's: tijdens de uitschakeling van Oranje maakte hij om zes uur 's ochtends de broodtrommels klaar, een verrassend doeltreffend copingsmechanisme. Alexander komt zonder schaamte uit de kast als airco-bezitter die wรฉl koelt en nรญet de hele nacht staat te blรจren. Daarna trekt Ernst-Jan een lade vol zomerboeken open die toevallig allemaal over oorlog en ondergang gaan, van Dispatches over Vietnam tot There Is No Antimemetics Division over anti-memes die hun eigen sporen wissen. Alexander biedt tegengif: een Chinese e-reader van zeventig euro die achterop je telefoon klikt, en een kassabonnetjesprinter die hem elke ochtend een papieren krantje voorschotelt, gehackte breaking news uit de schoolapp incluis.
Of je nu drie loodzware boeken leest of je eigen bonnensysteem soldeert, dit is de zomeraflevering waarin Ernst-Jan je laat voelen wat pijn is en Alexander je eraan herinnert dat knutselen ook bestaat.
Verder lezen over Carbon Equity? Kijk dan op carbonequity.com
Schrijf je via denkproducties.nl/pom in voor het Amsterdam Business Forum en krijg als POM-luisteraar automatisch toegang tot een exclusieve sessie met Seth Godin.
Abonneer je op de nieuwsbrief via pom.show, kom naar POM Live; haal hier je kaartje, en tot slot; interesse in een partnerschap met POM? Ga dan naar pom.partners voor meer informatie.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.pom.show
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 150 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.
Chrome 150.0.7871.46 (Linux)ย 150.0.7871.46/.47ย Windows/Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 150.
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but havenโt yet fixed.
This update includes 382 security fixes. Please see the Chrome Security Page for more information.
[N/A][506558270] Critical CVE-2026-13774: Use after free in Extensions. Reported by Google on 2026-04-26
[N/A][511766407] Critical CVE-2026-13775: Use after free in GPU. Reported by Google on 2026-05-10
[N/A][513012139] Critical CVE-2026-13776: Type Confusion in Dawn. Reported by Google on 2026-05-14
[N/A][513128566] Critical CVE-2026-13777: Insufficient validation of untrusted input in iOSWeb. Reported by Google on 2026-05-14
[N/A][513167952] Critical CVE-2026-13778: Use after free in WebUSB. Reported by Google on 2026-05-14
[N/A][513222854] Critical CVE-2026-13779: Use after free in Chromoting. Reported by Google on 2026-05-14
[N/A][514769383] Critical CVE-2026-13780: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-19
[N/A][516457532] Critical CVE-2026-13781: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-05-25
[N/A][516683433] Critical CVE-2026-13782: Use after free in Browser. Reported by Google on 2026-05-26
[N/A][516962178] Critical CVE-2026-13783: Use after free in Views. Reported by Google on 2026-05-27
[N/A][516962715] Critical CVE-2026-13784: Use after free in Views. Reported by Google on 2026-05-27
[N/A][517021684] Critical CVE-2026-13785: Use after free in Bluetooth. Reported by Google on 2026-05-27
[N/A][518007821] Critical CVE-2026-13786: Use after free in Ozone. Reported by Google on 2026-05-29
[N/A][522919313] Critical CVE-2026-13787: Use after free in Chromoting. Reported by Google on 2026-06-11
[N/A][523119897] Critical CVE-2026-13788: Use after free in Fullscreen. Reported by Google on 2026-06-12
[$36000][493847920] High CVE-2026-13789: Use after free in GPU. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-18
[$10000][457771782] High CVE-2026-13790: Side-channel information leakage in Scroll. Reported by Vsevolod Kokorin (Slonser) of Solidlab and Jorian Woltjer on 2025-11-04
[$10000][503850012] High CVE-2026-13791: Insufficient validation of untrusted input in Downloads. Reported by Ron Masas (Imperva) on 2026-04-17
[$4000][496012368] High CVE-2026-13792: Use after free in Touchbar. Reported by Weipeng Jiang (@Krace) of VRI on 2026-03-25
[$3000][510829679] High CVE-2026-13793: Insufficient policy enforcement in SVG. Reported by pakhunov.anton.n@gmail.com on 2026-05-07
[$2500][513893425] High CVE-2026-13794: Insufficient validation of untrusted input in WebAppInstalls. Reported by Daniel Rodrรญguez on 2026-05-16
[$2000][476591032] High CVE-2026-13795: Insufficient policy enforcement in Chrome for iOS. Reported by maitai on 2026-01-17
[N/A][491894115] High CVE-2026-13796: Integer overflow in Chromecast. Reported by Google on 2026-03-11
[N/A][499025645] High CVE-2026-13797: Insufficient validation of untrusted input in Chromecast. Reported by Google on 2026-04-02
[N/A][499048914] High CVE-2026-13798: Heap buffer overflow in Chromecast. Reported by Google on 2026-04-02
[N/A][499252371] High CVE-2026-13799: Use after free in QUIC. Reported by Google on 2026-04-03
[N/A][500108770] High CVE-2026-13800: Inappropriate implementation in Updater. Reported by Google on 2026-04-06
[N/A][501669642] High CVE-2026-13803: Type Confusion in Chrome Tabs. Reported by Google on 2026-04-11
[N/A][501873032] High CVE-2026-13804: Use after free in Chromecast. Reported by Google on 2026-04-12
[N/A][502282040] High CVE-2026-13805: Use after free in GFX. Reported by Google on 2026-04-13
[N/A][503333798] High CVE-2026-13806: Insufficient validation of untrusted input in Accessibility. Reported by Google on 2026-04-16
[N/A][504194494] High CVE-2026-13807: Use after free in Import. Reported by Google on 2026-04-19
[N/A][504221510] High CVE-2026-13808: Insufficient data validation in Chrome for iOS. Reported by Google on 2026-04-19
[N/A][504222227] High CVE-2026-13809: Side-channel information leakage in Safe Browsing. eported by Google on 2026-04-19
[TBD][504600482] High CVE-2026-13810: Inappropriate implementation in Input. Reported by dilipsc03@gmail.com on 2026-04-20
[N/A][506149253] High CVE-2026-13811: Use after free in IME. Reported by Google on 2026-04-24
[N/A][508293203] High CVE-2026-13812: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][508462149] High CVE-2026-13813: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-01
[N/A][511712766] High CVE-2026-13814: Use after free in Views. Reported by Google on 2026-05-10
[N/A][511722207] High CVE-2026-13815: Use after free in Blink. Reported by Google on 2026-05-10
[N/A][511735715] High CVE-2026-13816: Insufficient validation of untrusted input in File Input. Reported by Google on 2026-05-10
[N/A][511739631] High CVE-2026-13817: Insufficient validation of untrusted input in Glic. Reported by Google on 2026-05-10
[N/A][511823182] High CVE-2026-13818: Inappropriate implementation in Passwords. Reported by Google on 2026-05-10
[N/A][512962749] High CVE-2026-13819: Out of bounds read in ANGLE. Reported by Google on 2026-05-13
[N/A][512986879] High CVE-2026-13820: Out of bounds read in Skia. Reported by Google on 2026-05-13
[N/A][513142445] High CVE-2026-13821: Use after free in Canvas. Reported by Google on 2026-05-14
[N/A][513148038] High CVE-2026-13822: Inappropriate implementation in Extensions. Reported by Google on 2026-05-14
[N/A][513163011] High CVE-2026-13823: Use after free in Glic. Reported by Google on 2026-05-14
[N/A][513177497] High CVE-2026-13824: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-14
[N/A][513209610] High CVE-2026-13825: Uninitialized Use in Dawn. Reported by Google on 2026-05-14
[N/A][513237800] High CVE-2026-13826: Inappropriate implementation in Autofill. Reported by Google on 2026-05-14
[N/A][513371963] High CVE-2026-13827: Use after free in Updater. Reported by Google on 2026-05-15
[N/A][513399832] High CVE-2026-13828: Inappropriate implementation in Enterprise. Reported by Google on 2026-05-15
[N/A][513490996] High CVE-2026-13829: Insufficient validation of untrusted input in Settings. Reported by Google on 2026-05-15
[N/A][513727494] High CVE-2026-13830: Use after free in Chromoting. Reported by Google on 2026-05-16
[N/A][513781328] High CVE-2026-13831: Use after free in GPU. Reported by Google on 2026-05-16
[N/A][513822378] High CVE-2026-13832: Use after free in Headless. Reported by Google on 2026-05-16
[N/A][513920082] High CVE-2026-13833: Uninitialized Use in ANGLE. Reported by Google on 2026-05-17
[N/A][513925114] High CVE-2026-13834: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-17
[N/A][514338102] High CVE-2026-13835: Inappropriate implementation in XML. Reported by Google on 2026-05-18
[N/A][514420555] High CVE-2026-13836: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[N/A][514429130] High CVE-2026-13837: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[N/A][514445398] High CVE-2026-13838: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[N/A][514449396] High CVE-2026-13839: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[TBD][514609778] High CVE-2026-13840: Insufficient policy enforcement in Canvas. Reported by Binglin Song on 2026-05-19
[N/A][515467789] High CVE-2026-13841: Integer overflow in Skia. Reported by Google on 2026-05-21
[TBD][516836297] High CVE-2026-13842: Incorrect security UI in Chrome for iOS. Reported by Azza Tegar Naufal Ataullah on 2026-05-26
[N/A][516869032] High CVE-2026-13843: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-26
[N/A][516926115] High CVE-2026-13844: Use after free in Updater. Reported by Google on 2026-05-27
[N/A][516936863] High CVE-2026-13845: Use after free in DOM. Reported by Google on 2026-05-27
[N/A][516999424] High CVE-2026-13846: Use after free in USB. Reported by Google on 2026-05-27
[N/A][517073397] High CVE-2026-13847: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-27
[N/A][517345069] High CVE-2026-13848: Use after free in Forms. Reported by Google on 2026-05-28
[N/A][517351411] High CVE-2026-13849: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-05-28
[N/A][517610676] High CVE-2026-13850: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-28
[N/A][519692255] High CVE-2026-13851: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-06-03
[N/A][522560124] High CVE-2026-13852: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-06-11
[N/A][523224019] High CVE-2026-13853: Use after free in Journeys. Reported by Google on 2026-06-12
[N/A][523690961] High CVE-2026-13854: Use after free in Ozone. Reported by Google on 2026-06-13
[N/A][524395469] High CVE-2026-13855: Use after free in Ozone. Reported by Google on 2026-06-16
[$8000][508092634] Medium CVE-2026-13856: Insufficient validation of untrusted input in Speech. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-30
[$5000][479203484] Medium CVE-2026-13857: Inappropriate implementation in Geometry. Reported by Luan Herrera (@lbherrera_) on 2026-01-27
[$3000][507090179] Medium CVE-2026-13858: Out of bounds read in FFmpeg. Reported by Wongi Lee (@_qwerty_po) of Theori with Xint Code, Jungwoo Lee (@physicube) on 2026-04-27
[$2000][484756087] Medium CVE-2026-13859: Inappropriate implementation in ANGLE. Reported by Jason Villaluna on 2026-02-15
[$1000][417052041] Medium CVE-2026-13860: Incorrect security UI in Autofill. Reported by Khalil Zhani on 2025-05-12
[N/A][495456765] Medium CVE-2026-13861: Use after free in Core. Reported by Google on 2026-03-23
[N/A][495897416] Medium CVE-2026-13862: Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys). Reported by Google on 2026-03-24
[N/A][496012495] Medium CVE-2026-13863: Insufficient validation of untrusted input in CustomTabs. Reported by Google on 2026-03-25
[N/A][496399913] Medium CVE-2026-13864: Insufficient policy enforcement in WebHID. Reported by Google on 2026-03-26
[N/A][497090912] Medium CVE-2026-13865: Insufficient validation of untrusted input in Enterprise. Reported by Google on 2026-03-28
[N/A][497207698] Medium CVE-2026-13866: Insufficient validation of untrusted input in Input. Reported by Google on 2026-03-28
[N/A][497345177] Medium CVE-2026-13867: Inappropriate implementation in Geolocation. Reported by Google on 2026-03-29
[N/A][497453475] Medium CVE-2026-13868: Inappropriate implementation in Network. Reported by Google on 2026-03-29
[N/A][497610642] Medium CVE-2026-13869: Use after free in Device. Reported by Google on 2026-03-30
[N/A][497634837] Medium CVE-2026-13870: Use after free in WebView. Reported by Google on 2026-03-30
[N/A][497961376] Medium CVE-2026-13871: Insufficient data validation in GuestView. Reported by Google on 2026-03-30
[N/A][497977983] Medium CVE-2026-13872: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-03-31
[N/A][498085466] Medium CVE-2026-13873: Out of bounds memory access in Layout. Reported by Google on 2026-03-31
[N/A][498411773] Medium CVE-2026-13874: Inappropriate implementation in DataTransfer. Reported by Google on 2026-04-01
[N/A][498721671] Medium CVE-2026-13875: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-01
[N/A][498722200] Medium CVE-2026-13876: Inappropriate implementation in Network. Reported by Google on 2026-04-01
[N/A][498820206] Medium CVE-2026-13877: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-02
[N/A][499007266] Medium CVE-2026-13878: Use after free in Bluetooth. Reported by Google on 2026-04-02
[N/A][499022239] Medium CVE-2026-13879: Use after free in Bluetooth. Reported by Google on 2026-04-02
[N/A][499025880] Medium CVE-2026-13880: Use after free in USB. Reported by Google on 2026-04-02
[N/A][499100491] Medium CVE-2026-13881: Insufficient data validation in WebAppInstalls. Reported by Google on 2026-04-03
[N/A][499162550] Medium CVE-2026-13882: Inappropriate implementation in USB. Reported by Google on 2026-04-03
[N/A][500030250] Medium CVE-2026-13883: Type Confusion in ANGLE. Reported by Google on 2026-04-06
[N/A][500077014] Medium CVE-2026-13884: Heap buffer overflow in Chromecast. Reported by Google on 2026-04-06
[N/A][500474409] Medium CVE-2026-13885: Use after free in Skia. Reported by Google on 2026-04-07
[N/A][500475136] Medium CVE-2026-13886: Policy bypass in Isolated Web Apps. Reported by Google on 2026-04-07
[N/A][500508524] Medium CVE-2026-13887: Insufficient policy enforcement in NFC. Reported by Google on 2026-04-08
[N/A][500566906] Medium CVE-2026-13888: Use after free in Extensions. Reported by Google on 2026-04-08
[N/A][500588580] Medium CVE-2026-13889: Insufficient validation of untrusted input in WebAuthentication. Reported by Google on 2026-04-08
[N/A][500601345] Medium CVE-2026-13890: Out of bounds read in Chromecast. Reported by Google on 2026-04-08
[N/A][501631475] Medium CVE-2026-13891: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-04-11
[N/A][501674841] Medium CVE-2026-13892: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-11
[N/A][501729582] Medium CVE-2026-13893: Insufficient validation of untrusted input in WebUI. Reported by Google on 2026-04-11
[N/A][501741117] Medium CVE-2026-13894: Insufficient policy enforcement in Network. Reported by Google on 2026-04-11
[N/A][501770542] Medium CVE-2026-13895: Inappropriate implementation in Autofill. Reported by Google on 2026-04-12
[N/A][501820076] Medium CVE-2026-13896: Insufficient policy enforcement in Glic. Reported by Google on 2026-04-12
[N/A][501877896] Medium CVE-2026-13897: Insufficient policy enforcement in Chromecast. Reported by Google on 2026-04-12
[N/A][501925480] Medium CVE-2026-13898: Use after free in Cast Receiver. Reported by Google on 2026-04-12
[N/A][502109002] Medium CVE-2026-13899: Use after free in HTML. Reported by Google on 2026-04-13
[N/A][502374993] Medium CVE-2026-13900: Insufficient validation of untrusted input in Chromecast. Reported by Google on 2026-04-14
[N/A][503585173] Medium CVE-2026-13901: Insufficient validation of untrusted input in Serial. Reported by Google on 2026-04-17
[N/A][503725717] Medium CVE-2026-13902: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-17
[N/A][503912196] Medium CVE-2026-13903: Insufficient policy enforcement in Bluetooth. Reported by Google on 2026-04-18
[N/A][504185807] Medium CVE-2026-13904: Incorrect security UI in Safe Browsing. Reported by Google on 2026-04-19
[N/A][504192688] Medium CVE-2026-13905: Incorrect security UI in Chrome for iOS. Reported by Google on 2026-04-19
[N/A][504613867] Medium CVE-2026-13906: Out of bounds read in Codecs. Reported by Google on 2026-04-20
[N/A][505156685] Medium CVE-2026-13907: Inappropriate implementation in iOSWeb. Reported by Google on 2026-04-22
[N/A][505242189] Medium CVE-2026-13908: Insufficient validation of untrusted input in Omnibox. Reported by Google on 2026-04-22
[N/A][505933538] Medium CVE-2026-13909: Insufficient policy enforcement in DevTools. Reported by Google on 2026-04-24
[N/A][507231605] Medium CVE-2026-13910: Insufficient policy enforcement in WebXR. Reported by Google on 2026-04-28
[N/A][507239830] Medium CVE-2026-13911: Insufficient data validation in Spellcheck. Reported by Google on 2026-04-28
[N/A][508259433] Medium CVE-2026-13912: Incorrect security UI in Safe Browsing. Reported by Google on 2026-04-30
[N/A][508260619] Medium CVE-2026-13913: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-30
[N/A][508273690] Medium CVE-2026-13914: Inappropriate implementation in Passwords. Reported by Google on 2026-04-30
[N/A][508275293] Medium CVE-2026-13915: Use after free in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][508283108] Medium CVE-2026-13916: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][508286935] Medium CVE-2026-13917: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][509712284] Medium CVE-2026-13918: Use after free in Chrome for iOS. Reported by Google on 2026-05-05
[N/A][511249430] Medium CVE-2026-13919: Insufficient data validation in Extensions. Reported by Google on 2026-05-08
[N/A][511722559] Medium CVE-2026-13920: Insufficient validation of untrusted input in Media. Reported by Google on 2026-05-10
[N/A][511738175] Medium CVE-2026-13921: Insufficient validation of untrusted input in DeviceBoundSessionCredentials. Reported by Google on 2026-05-10
[N/A][511748106] Medium CVE-2026-13922: Side-channel information leakage in Paint. Reported by Google on 2026-05-10
[N/A][511772034] Medium CVE-2026-13923: Uninitialized Use in GPU. Reported by Google on 2026-05-10
[N/A][511784747] Medium CVE-2026-13924: Insufficient validation of untrusted input in WebView. Reported by Google on 2026-05-10
[N/A][511802911] Medium CVE-2026-13925: Inappropriate implementation in Downloads. Reported by Google on 2026-05-10
[N/A][511814550] Medium CVE-2026-13926: Insufficient validation of untrusted input in Network. Reported by Google on 2026-05-10
[N/A][511826446] Medium CVE-2026-13927: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-10
[N/A][512162479] Medium CVE-2026-13928: Insufficient validation of untrusted input in Enterprise. Reported by Google on 2026-05-11
[TBD][512249559] Medium CVE-2026-13929: Insufficient validation of untrusted input in DevTools. Reported by LegioSec on 2026-05-12
[N/A][512937764] Medium CVE-2026-13930: Insufficient policy enforcement in Actor. Reported by Google on 2026-05-13
[N/A][512997441] Medium CVE-2026-13931: Inappropriate implementation in Media. Reported by Google on 2026-05-13
[N/A][513001690] Medium CVE-2026-13932: Inappropriate implementation in Sharing. Reported by Google on 2026-05-14
[N/A][513002625] Medium CVE-2026-13933: Insufficient policy enforcement in Passwords. Reported by Google on 2026-05-14
[N/A][513006636] Medium CVE-2026-13934: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-14
[N/A][513009005] Medium CVE-2026-13935: Side-channel information leakage in ComputePressure. Reported by Google on 2026-05-14
[N/A][513044658] Medium CVE-2026-13936: Inappropriate implementation in Passwords. Reported by Google on 2026-05-14
[N/A][513046494] Medium CVE-2026-13937: Insufficient policy enforcement in Passwords. Reported by Google on 2026-05-14
[N/A][513143921] Medium CVE-2026-13938: Integer overflow in Fonts. Reported by Google on 2026-05-14
[N/A][513149760] Medium CVE-2026-13939: Insufficient validation of untrusted input in WebShare. Reported by Google on 2026-05-14
[N/A][513158425] Medium CVE-2026-13940: Uninitialized Use in Cast. Reported by Google on 2026-05-14
[N/A][513183855] Medium CVE-2026-13941: Inappropriate implementation in SiteSettings. Reported by Google on 2026-05-14
[N/A][513186670] Medium CVE-2026-13942: Insufficient validation of untrusted input in Video Capture. Reported by Google on 2026-05-14
[N/A][513204116] Medium CVE-2026-13943: Uninitialized Use in CSS. Reported by Google on 2026-05-14
[N/A][513224212] Medium CVE-2026-13944: Inappropriate implementation in DataTransfer. Reported by Google on 2026-05-14
[N/A][513226551] Medium CVE-2026-13945: Insufficient policy enforcement in Extensions. Reported by Google on 2026-05-14
[N/A][513274039] Medium CVE-2026-13946: Inappropriate implementation in ScriptInjections. Reported by Google on 2026-05-14
[N/A][513280648] Medium CVE-2026-13947: Uninitialized Use in XR. Reported by Google on 2026-05-14
[N/A][513286820] Medium CVE-2026-13948: Insufficient policy enforcement in Extensions. Reported by Google on 2026-05-14
[N/A][513311569] Medium CVE-2026-13949: Insufficient policy enforcement in Payments. Reported by Google on 2026-05-14
[N/A][513360781] Medium CVE-2026-13950: Uninitialized Use in GPU. Reported by Google on 2026-05-15
[N/A][513394321] Medium CVE-2026-13951: Policy bypass in USB. Reported by Google on 2026-05-15
[N/A][513401808] Medium CVE-2026-13952: Inappropriate implementation in PerformanceAPIs. Reported by Google on 2026-05-15
[N/A][513459192] Medium CVE-2026-13953: Inappropriate implementation in SplitView. Reported by Google on 2026-05-15
[N/A][513504934] Medium CVE-2026-13954: Insufficient policy enforcement in XML. Reported by Google on 2026-05-15
[N/A][513508305] Medium CVE-2026-13955: Insufficient validation of untrusted input in CustomTabs. Reported by Google on 2026-05-15
[N/A][513515168] Medium CVE-2026-13956: Incorrect security UI in PageInfo. Reported by Google on 2026-05-15
[N/A][513553557] Medium CVE-2026-13957: Incorrect security UI in Extensions. Reported by Google on 2026-05-15
[N/A][513567306] Medium CVE-2026-13958: Uninitialized Use in Codecs. Reported by Google on 2026-05-15
[N/A][513609249] Medium CVE-2026-13959: Insufficient validation of untrusted input in Blink. Reported by Google on 2026-05-15
[N/A][513714023] Medium CVE-2026-13960: Inappropriate implementation in Passwords. Reported by Google on 2026-05-16
[N/A][513719481] Medium CVE-2026-13961: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16
[N/A][513721370] Medium CVE-2026-13962: Insufficient data validation in PDF. Reported by Google on 2026-05-16
[N/A][513727626] Medium CVE-2026-13963: Inappropriate implementation in DevTools. Reported by Google on 2026-05-16
[N/A][513735096] Medium CVE-2026-13964: Insufficient policy enforcement in WebView. Reported by Google on 2026-05-16
[N/A][513737952] Medium CVE-2026-13965: Use after free in Oilpan. Reported by Google on 2026-05-16
[N/A][513741393] Medium CVE-2026-13966: Inappropriate implementation in History. Reported by Google on 2026-05-16
[$1000][507263861] Low CVE-2026-14026: Incorrect security UI in SplitView. Reported by adisahilna35@gmail.com on 2026-04-28
[TBD][361375787] Low CVE-2026-14027: Use after free in SignIn. Reported by Sven Dysthe (@svn-dys) on 2024-08-21
[TBD][401816601] Low CVE-2026-14028: Incorrect security UI in Chrome for iOS. Reported by Ameen Basha M K on 2025-03-09
[TBD][488762971] Low CVE-2026-14030: Incorrect security UI in SplitView. Reported by Khalil Zhani on 2026-03-01
[N/A][495459838] Low CVE-2026-14031: Incorrect security UI in File Input. Reported by Google on 2026-03-23
[N/A][495783474] Low CVE-2026-14032: Use after free in Bluetooth. Reported by Google on 2026-03-24
[N/A][495848160] Low CVE-2026-14033: Insufficient policy enforcement in Media. Reported by Google on 2026-03-24
[N/A][496368832] Low CVE-2026-14034: Inappropriate implementation in WebXR. Reported by Google on 2026-03-26
[N/A][496371586] Low CVE-2026-14035: Insufficient policy enforcement in Bluetooth. Reported by Google on 2026-03-26
[N/A][496411061] Low CVE-2026-14036: Insufficient policy enforcement in Bluetooth. Reported by Google on 2026-03-26
[N/A][496522611] Low CVE-2026-14037: Insufficient policy enforcement in GPU. Reported by Google on 2026-03-26
[N/A][497241148] Low CVE-2026-14038: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-03-28
[N/A][497358012] Low CVE-2026-14039: Insufficient policy enforcement in GetUserMedia. Reported by Google on 2026-03-29
[N/A][497488593] Low CVE-2026-14040: Use after free in BrowserTag. Reported by Google on 2026-03-29
[N/A][497544822] Low CVE-2026-14041: Insufficient policy enforcement in Serial. Reported by Google on 2026-03-29
[N/A][497558336] Low CVE-2026-14042: Inappropriate implementation in Isolated Web Apps. Reported by Google on 2026-03-29
[N/A][497632232] Low CVE-2026-14043: Use after free in GetUserMedia. Reported by Google on 2026-03-30
[N/A][497670996] Low CVE-2026-14044: Use after free in ANGLE. Reported by Google on 2026-03-30
[N/A][497723649] Low CVE-2026-14045: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-30
[N/A][497959724] Low CVE-2026-14046: Inappropriate implementation in CustomTabs. Reported by Google on 2026-03-30
[N/A][498864176] Low CVE-2026-14047: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-02
[N/A][499189601] Low CVE-2026-14048: Use after free in Chromecast. Reported by Google on 2026-04-03
[N/A][501659888] Low CVE-2026-14049: Inappropriate implementation in GPU. Reported by Google on 2026-04-11
[N/A][501708647] Low CVE-2026-14050: Insufficient policy enforcement in Passwords. Reported by Google on 2026-04-11
[N/A][501747804] Low CVE-2026-14051: Uninitialized Use in GamepadAPI. Reported by Google on 2026-04-11
[N/A][501810874] Low CVE-2026-14052: Insufficient policy enforcement in FileSystem. Reported by Google on 2026-04-12
[N/A][501836539] Low CVE-2026-14053: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-12
[N/A][501851312] Low CVE-2026-14054: Insufficient policy enforcement in Network. Reported by Google on 2026-04-12
[N/A][501857663] Low CVE-2026-14055: Insufficient validation of untrusted input in Device Trust. Reported by Google on 2026-04-12
[N/A][501888426] Low CVE-2026-14056: Insufficient validation of untrusted input in Media. Reported by Google on 2026-04-12
[N/A][502212647] Low CVE-2026-14057: Insufficient policy enforcement in FedCM. Reported by Google on 2026-04-13
[N/A][502354038] Low CVE-2026-14058: Policy bypass in Parser. Reported by Google on 2026-04-14
[N/A][502363986] Low CVE-2026-14059: Insufficient policy enforcement in Related-Website-Sets. Reported by Google on 2026-04-14
[N/A][502372527] Low CVE-2026-14060: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-14
[N/A][502434484] Low CVE-2026-14061: Inappropriate implementation in Dawn. Reported by Google on 2026-04-14
[N/A][502448128] Low CVE-2026-14062: Inappropriate implementation in Views. Reported by Google on 2026-04-14
[N/A][502473563] Low CVE-2026-14063: Out of bounds memory access in Chromecast. Reported by Google on 2026-04-14
[N/A][502714977] Low CVE-2026-14064: Use after free in PageInfo. Reported by Google on 2026-04-15
[N/A][503617508] Low CVE-2026-14065: Insufficient validation of untrusted input in PageInfo. Reported by Google on 2026-04-17
[N/A][503779807] Low CVE-2026-14066: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-17
[N/A][504069465] Low CVE-2026-14067: Use after free in Chrome for iOS. Reported by Google on 2026-04-18
[N/A][504210171] Low CVE-2026-14068: Inappropriate implementation in Omnibox. Reported by Google on 2026-04-19
[N/A][505136542] Low CVE-2026-14069: Integer overflow in WebNN. Reported by Google on 2026-04-21
[N/A][505137978] Low CVE-2026-14070: Uninitialized Use in WebNN. Reported by Google on 2026-04-21
[N/A][506143724] Low CVE-2026-14071: Side-channel information leakage in WebAudio. Reported by Google on 2026-04-24
[N/A][507099867] Low CVE-2026-14072: Incorrect security UI in SplitView. Reported by FARISSAL B on 2026-04-28
[N/A][507237563] Low CVE-2026-14073: Insufficient policy enforcement in WebXR. Reported by Google on 2026-04-28
[N/A][511743480] Low CVE-2026-14074: Side-channel information leakage in WebAuthentication. Reported by Google on 2026-05-10
[N/A][511808800] Low CVE-2026-14075: Policy bypass in Chrome for iOS. Reported by Google on 2026-05-10
[N/A][511815165] Low CVE-2026-14076: Policy bypass in Network. Reported by Google on 2026-05-10
[TBD][511869411] Low CVE-2026-14077: Incorrect security UI in Select. Reported by pwn.ai on 2026-05-11
[N/A][512953564] Low CVE-2026-14078: Policy bypass in WebRTC. Reported by Google on 2026-05-13
[N/A][512971938] Low CVE-2026-14079: Policy bypass in Network. Reported by Google on 2026-05-13
[N/A][512997517] Low CVE-2026-14080: Insufficient validation of untrusted input in TabSwitcher. Reported by Google on 2026-05-13
[N/A][513030698] Low CVE-2026-14081: Insufficient policy enforcement in DevTools. Reported by Google on 2026-05-14
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Daniel Yip
Google Chrome
Euro Truck Simulator 2: Holland Style Tuning Pack DLC Release
We are excited to reveal the Holland Style Tuning Pack DLC for Euro Truck Simulator 2, which is now released and available for you to get on Steam! This DLC contains dozens of accessories and paint jobs for a wide range of trucks and is the largest tuning pack we have developed for our games so far. Let's see what's in store!
Holland Style is one of the most distinctive and popular trends in European truck customization.ย In the 1970s, Dutch truckers began to adopt the idea of taking pride in their own trucks.ย Holland Style is characterized above all by perfectly coordinated colours, with a minimum of chrome, and an emphasis on symmetry, clean lines, and attention to detail.
The Holland Style Tuning Pack features a wide range of accessories for both the interior and exterior of your truck, along with an extensive selection of stylish paint jobs. This popular tuning style has been one of the most requested additions from our community, and many of the included items were inspired directly by their ideas.
"It all started some time ago when I was thinking about creating my own paint job DLC. Since we were working on the Benelux Rework at that time, which included the Netherlands, I wanted to create something to celebrate the occasion. I would like to thank all my colleagues for their tremendous cooperation and for putting so much passion into this project," says our 2D Graphic Designer for vehicles, Matej, who initiated the creation of this tuning pack.
With this DLC, you'll be able to customize your truck with a vast range of light boxes (for high-roof sleeper cabs), horns, mudflaps, auxiliary lights, Danish lights, and the famous double burners, as well as pennants, toys & decorations, steering wheels, and light boxes for the interior, allowing you to create a truly personalized cabin and make it feel like home.
While many of these accessories were designed by our team, we're especially proud to have collaborated with several well-known manufacturers to bring licensed products into the game. These include double burners, horns, auxiliary lights, and Danish plush pillows from Omnius; long mudflaps, pennants, and air fresheners from Go-In-Style; as well as interior light boxes, long mudflaps, and pennants from TruckJunkie.
You will also be able to select from 23 different paint jobs, each of which has 3 RGB presets that the player can choose from and customize the colours! The pack includes one paint job shared across all supported trucks, as well as two unique paint jobs for each of the truck groups listed below, with each pair tailored specifically to the respective truck models and differing between groups:
- Volvo FH Series 6, Volvo FH Series 5, and Volvo FH Series 4
- Volvo FH Series 3
- Scania R and S
- Scania R 2009 and Streamline
- Iveco S-Way
- DAF NGD and XD
- DAF XF 105 and DAF XF Euro 6
- MAN TG3 TGX
- MAN TGX Euro 6
- Renault T
- Mercedes-Benz New Actros
The tuning accessories for both the exterior and interior are available for all trucks in ETS2, where compatibility allows. The only exception is light boxes, which are limited to the trucks listed above. We also plan to update this DLC in the future for upcoming trucks.
While this tuning pack is going to make your truck beautiful on its own, we recommend combining it with other DLC for a top look, such as the HS-Shoch Tuning Pack, Michelin Fan Pack, XF Tuning Pack, Mighty Griffin Tuning Pack, FH Tuning Pack, Renault Trucks T Tuning Pack, orย Actros Tuning Pack. All of these are fully compatible with this DLC, allowing you to create truly stunning combinations!
So if you'd like to start trucking in true Holland style, make sure to get this DLC on Steam now!
Remember to also give our X/Twitter, Instagram, Facebook, Bluesky, TikTok, and YouTube a follow, as you'll receive updates about our games straight to your feed. Or subscribe to our newsletter to stay informed. Until next time, safe travels!
Apple Creator Studio gets smarter, faster, and more connected

Minecraft 26.3-snapshot-2 (snapshot) Released
v25.12.5
Hi,
The OpenWrt community is proud to announce the fifth service release of the OpenWrt 25.12 stable series.
Download firmware images using the OpenWrt Firmware Selector:
Download firmware images directly from our download servers:
Main changes between OpenWrt 25.12.4 and OpenWrt 25.12.5
Only the main changes are listed below. See the full changelog for details.
Security fixes
This release fixes several remotely triggerable vulnerabilities in core network services that are enabled by default. Updating is strongly recommended.
- odhcpd (DHCPv6/DHCPv4/RA server, enabled by default): multiple vulnerabilities reachable by a network-adjacent attacker were fixed by updating odhcpd:
- CVE-2026-53921 (Critical): stack buffer overflow in the DHCPv6 IA reply serialization, triggerable with crafted DHCPv6 REQUEST packets. GHSA-7fwx-hhrg-3496
- CVE-2026-53918 (High): use-after-free in the DHCPv6 IA handler. GHSA-44ff-jcwh-wgc2
- CVE-2026-53920 (High): stack memory disclosure via a truncated DHCPv6 IA_NA/IA_PD option. GHSA-p769-5v73-pc4f
- CVE-2026-53922 (Moderate): pre-auth denial of service via a size_t underflow in DHCPv6 IA handling. GHSA-7hcw-g2jh-pqv5
- CVE-2026-55606 (Moderate): stack buffer overread caused by a DUID length endianness mismatch. GHSA-x8x4-7gvf-gp45
- No CVE assigned (Moderate, CVSS 5.4): the NDP relay accepted IPv6 Neighbor Solicitations with a hop limit other than 255 (RFC 4861 violation), letting an off-link attacker spoof NS packets through the relay (neighbor-cache poisoning, traffic redirection or DoS). Only relevant when the NDP relay is enabled. https://github.com/openwrt/odhcpd/security/advisories/GHSA-qvg7-9jf5-wgjc
- odhcpd / LuCI stored XSS (Critical): an unauthenticated DHCPv6 client could inject lease-file lines through a crafted FQDN hostname, resulting in stored cross-site scripting on the LuCI DHCPv6 leases status page. Fixed by escaping client hostnames in the lease state file. GHSA-hhmc-92hw-535f
- uhttpd (web server): three HTTP request smuggling issues on keep-alive connections were fixed:
- CVE-2026-55612 (High): invalid chunk-length state reset. GHSA-p55c-rmhc-qfm5
- CVE-2026-55614 (High): case-sensitive Transfer-Encoding matching. GHSA-mcfg-c4r7-pjpf
- CVE-2026-55613 (Moderate): ubus POST body parse-error desync. GHSA-wgwp-64hh-f52p
- cgi-io: ACL bypass / arbitrary file read (Moderate): a path-traversal flaw in the cgi-download handler let an authenticated user with wildcard read permission read any root-readable file (e.g.
/etc/shadow). GHSA-jw5r-xhf5-2xcq - LuCI (web interface): a set of issues in LuCI core modules and applications were fixed. Most let a logged-in user with limited (delegated) permissions escalate to root command execution; a few are stored XSS issues reachable by clients on the network. The privilege-escalation issues only apply if the affected app is installed and the account/ACL in question exists:
- luci-app-tailscale-community (Critical, CVSS 9.9): command injection allowing delegated users to run commands as root via
tailscale.do_login. GHSA-xwc5-mx58-rh35 - luci-app-advanced-reboot (High): CVE-2026-55897 โ a read ACL exposes
/bin/shviafile.exec, allowing delegated users to run commands as root. GHSA-vj96-f37g-37f6 - luci-app-adblock-fast (High): CVE-2026-55159 โ delegated users can reach root command execution via newline-separated cron entries. GHSA-ggpf-xrph-wg5v
- luci-app-samba4 (High): a read ACL allows authenticated root command execution via the smbd
file.execpermission. GHSA-vx64-mmp7-h36c - luci-app-travelmate (High): a delegated UCI write can execute the travelmate auto-login command as root. GHSA-p35r-3323-6g7g
- luci-app-upnp (High): stored XSS โ an unauthenticated LAN client can inject JavaScript via a UPnP port-mapping description. GHSA-8v49-6387-7f89
- luci-mod-network / luci-mod-status (High): stored XSS via a DHCPv6 lease hostname (FQDN) shown in the status tables. GHSA-686p-p8p9-x6fh
- luci-app-banip (High): a crafted LuCI login username can inject an arbitrary IP into banIP's log parser, causing the wrong address to be blocked. GHSA-r6hx-4f83-vp8m
- luci-app-tailscale-community (Critical, CVSS 9.9): command injection allowing delegated users to run commands as root via
- ead (Emergency Access Daemon): CVE-2026-55490 (Moderate): an integer underflow in
handle_send_a()allowed a pre-auth denial of service. GHSA-9558-77jp-g3fw - Linux kernel: update to 6.12.94, pulling in the upstream 6.12.88 through 6.12.94 stable releases, which fix multiple security vulnerabilities, such as CVE-2026-43500.
- OpenSSL: update to 3.5.7, fixing multiple security vulnerabilities (CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447).
- musl libc: backport upstream fixes for CVE-2026-6042 and CVE-2026-40200.
- dropbear (SSH): backport security fixes from upstream 2026.90 and 2026.91, including CVE-2019-6111 (a malicious server could trick the scp client into overwriting arbitrary local files) and CVE-2026-35385.
Beyond the issues listed above, this release fixes a number of further security problems for which no CVE number or dedicated advisory was assigned. We strongly recommend upgrading to the latest OpenWrt release and installing all available package updates.
Device support
New devices supported in 25.12.5:
- ipq40xx: Linksys MR9000
- mediatek (filogic): GL.iNET GL-MT3600BE
- mediatek (filogic): Huasifei WH3000R (NAND)
- mediatek (filogic): JioRouter AX6000 (JIDU6101)
- mediatek (filogic): netis EAP930 V1
- mediatek (filogic): netis MEX605
- mediatek (filogic): TP-Link F65 v1
- mediatek (filogic): Zbtlink ZBT-Z8106AX-S
- mvebu: Zyxel NAS326
- ramips (mt76x8): Cudy WR300 v1
- ramips (mt7621): I-O DATA WN-AX2033GR2
New image variants for already supported devices:
- mediatek (filogic): Qihoo 360T7 - add UBI layout image
- mediatek (filogic): Creatlentem CLT-R30B1 - add all-in-UBI layout image
- mediatek (filogic): Bazis AX3000WM - also recognized under its alternative name WD-R3000N-G2A
Device fixes:
- ath79: MikroTik - build
AG71XX_LEGACYas a module, fixing AR8216/AR8236/AR8316 switch bring-up on boot on some MikroTik devices (#23739) - mediatek: do not let devfreq power off the CPU (stability fix)
- mediatek (filogic): Wavlink WL-WN536AX6 rev A - several fixes (correct 5 GHz MAC address, MAC-address nvmem layout, NAND bad-block management, SPI drive strength, network LED)
- mediatek (filogic): Qihoo 360T7 - fix DDR3 rate
- ramips: PAX1800 Lite - fix label MAC device and avoid attaching both UBI partitions on boot
- ramips (mt76x8): Cudy LT300 v3 - fix backup partition offset
- rtl8367b: fix RTL8367S-VB VLAN multicast memory handling
- mvebu: uDPU / eDPU - convert to dual (A/B) firmware
- ipq806x: AP3935 - disable hibernation on LAN1
- airoha (an7581): platform improvements and upstream networking fixes
WiFi fixes and improvements
- wifi-scripts: fix a null dereference on 6 GHz-only radios
- wifi-scripts: fix EAP (802.1X) station mode in the wpa_supplicant configuration generator
- wifi-scripts: fix tracking of disabled virtual interfaces
- hostapd: fix a misplaced radar-detected (DFS) ubus notification
Network and service improvements
- New "network" LED trigger (lan/wan/wlan) for link and activity indication on supported devices
- odhcpd and odhcp6c received many DHCPv6/DHCPv4 and IPv6 prefix-delegation correctness and robustness fixes, on top of the security fixes listed above, including more stable DHCPv6 IAID handling
- More robust handling of invalid DHCP / DHCPv6 client identifiers
- ubus, rpcd, uhttpd, umdns, uclient and fstools updated with stability and hardening fixes
Core component updates
- Linux kernel: update from 6.12.87 to 6.12.94
- OpenSSL: update from 3.5.6 to 3.5.7 (multiple security fixes, see above)
- wireless-regdb: update from 2026.03.18 to 2026.05.30
- dnsmasq: update from 2.91 to 2.93
- ca-certificates: update from 20260223 to 20260601 (refreshed root CA bundle)
- util-linux: update from 2.41.3 to 2.41.5
Upgrading to 25.12.5
Upgrading from 24.10 to 25.12 should be transparent on most devices, as most configuration data has either remained the same or will be translated correctly on first boot by the package init scripts.
For upgrades within the OpenWrt 25.12 stable series, Attended Sysupgrade is also supported, which allows preserving the installed packages.
-
Sysupgrade from 23.05 or earlier to 25.12 is not officially supported.
-
Cron log level was fixed in busybox.
system.@system[0].cronloglevelshould be set to7for normal logging.7is the default now. If this option is not set, the default is used and no manual action is needed. fc0c518 -
Bananapi BPI-R4: Interface
eth1was renamed tosfp-lanorlan4, and interfaceeth2was renamed tosfp-wanto match the labels. You have to upgrade without saving the configuration. cd8dcfe -
TP-Link RE355 v1, RE450 v1 and RE450 v2: The partition layout and block size changed in this release to fix configuration loss on sysupgrade. Users upgrading from OpenWrt 25.12.0 or earlier must use
sysupgrade -Fto force the upgrade. The image must not exceed 5.875 MB (6016 KiB). -
Meraki MX60: Direct sysupgrade to 25.12.5 is not possible without manual preparation โ
meraki_loadaddrmust be changed before upgrading, as the default value is insufficient to boot OpenWrt 25.12+. See the device wiki page for instructions. -
Sitecom WLR-7100 (X7 AC1200): This device was moved from the
ath79/generictarget to theath79/tinytarget in OpenWrt 25.12.4. Users upgrading from 25.12.3 or earlier need to flash the new image from theath79/tinytarget (usesysupgrade -F).
Known issues
- Zyxel EX5601-T0: the WAN interface was renamed from
eth1towanโ check and update your network configuration after upgrading. - Pixel 10 phones have problems connecting to WPA3-protected WiFi 6 APs. #21486
- 802.11r Fast Transition (FT) causes connection problems with some WiFi clients when WPA3 is used. #22200
- SQM CAKE MQ (
cake_mq): throughput may be unexpectedly low on some configurations after the scheduler fixes in this release. #22344
Full release notes and upgrade instructions are available at
https://openwrt.org/releases/25.12/notes-25.12.5
In particular, make sure to read the known issues before upgrading:
https://openwrt.org/releases/25.12/notes-25.12.5#known_issues
For a detailed list of all changes, refer to
https://openwrt.org/releases/25.12/changelog-25.12.5
To download the 25.12.5 images, navigate to:
https://downloads.openwrt.org/releases/25.12.5/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org?version=25.12.5
As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.
Have fun!
The OpenWrt Community
To stay informed of new OpenWrt releases and security advisories, there
are new channels available:
-
a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listinfo/openwrt-announce -
a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14 -
other announcement channels (such as RSS feeds) might be added in the future, they will be listed at https://openwrt.org/contact
macOS 26.6 beta 3 (25G5052e)
macOS 26.5.2 (25F84)
iOS 26.6 beta 3 (23G5052d)
iOS 26.5.2 (23F84)
Distribution Release: Kali Linux 2026.2
Part-DB 2.13.1
Important
If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8
Part-DB 2.13.1
This version is identical to Part-DB 2.13.0. See Release Notes there for list of changes.
This version is to fix the build and tagging of the docker images to fix issue #1430
Full Changelog: v2.13.0...v2.13.1
Distribution Release: Mageia 10
Distribution Release: Slackel 9.0 "MATE"
DistroWatch Weekly, Issue 1179
Review: PCLinuxOS 2026.05
News: COSMIC gets a new system monitor, Xfce tests new Wayland compositor, FreeBSD developers invite questions
Questions and answers: Tips for switching between distributions
Released last week: SteamOS 3.8.10, KaOS 2026.06, Drauger OS 7.8, AnduinOS 2.0.0
Torrent corner: CachyOS
Opinion poll: Favourite release cycle?
Website news:....
Part-DB 2.13.0
Important
If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8
Part-DB 2.13.0
New features & Improvements
- Improved password strength estimator and show time to crack estimate in tooltip
- Use better library for alerts and dialogs, instead of the outdated bootbox
- Improved page load error dialog
- Added bootswatch*s brite theme as possible theme
- Added Ollama as (local) AI provider
- Allow to configure the timeout for AI providers, making it more suitable for slow local inference
- Added full chinese translation (thannks @0x915)
- Allow to edit info provider references in part edit form
Bug fixes
- Fixed bug that stocktake date changed on part edit (#1390)
Other changes
- Updated dependencies
- Updated KiCad symbols
- Fixed many deprecations
New Contributors
Full Changelog: v2.12.3...v2.13.0
Distribution Release: AnduinOS 2.0.0
-
Bulwark
- v1.7.6 - Crypto Plugin API & Privileged Plugin Tier, S/MIME as a Plugin, Hide Folder Counts & Structured MFA Login
v1.7.6 - Crypto Plugin API & Privileged Plugin Tier, S/MIME as a Plugin, Hide Folder Counts & Structured MFA Login
1.7.6 (2026-06-28)
Breaking Changes
- S/MIME: The built-in S/MIME implementation has been removed from core and re-delivered through the new generic crypto plugin hooks (privileged same-origin plugin tier). S/MIME signing, encryption, decryption, certificate management, and the related settings UI now live in a plugin rather than the main app. Deployments that relied on built-in S/MIME must install the S/MIME crypto plugin to retain those features.
Thank you for your donations:
- You? Become a sponsor!
One-time
- Anonymous
Monthly
- @elgringoYan
- @pauladams8
- @djpriest
- @umakers
- @zplizzi
- @jeremiah
- @Theoretisch1337
- @svandive
- @HiltMundell
Features
- Plugins: Privileged same-origin plugin tier with a crypto API surface
- Plugins: Plugin hooks for email details, headers, and source
- Mail: Option to hide the total message count on folders (#498)
Fixes
- Mail: Hide the server scheduled folder when the virtual one is shown (#495)
- Mail: Stop the unified mailbox from mutating client-returned email objects
- Composer: HTML-escape sender and subject in the reply/forward quote header (#482)
- Calendar: Send calendar invites by setting
organizerCalendarAddress - Identity: Sync the default identity (
preferredPrimaryId) to server settings (#507) - Auth: Support MFA login via the structured auth endpoint
- Admin: Show all built-in themes in the admin theme controls (#496)
- i18n: Add missing translation keys across 19 locales
Release 2026.06.28
Docker Images
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.06.28
GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.06.28
Changes
- upgrade to Angular 22 (51fd203)
- upgrade dependencies (d136344)
- Bump actions/checkout from 6 to 7 in the github-actions group (33f1412)
12.0 RC2
๐ Jellyfin Web 12.0 RC2
We are pleased to announce the second release candidate preview release of Jellyfin 12.0!
This is a preview release, intended for those interested in testing 12.0 before it's final public release. We welcome testers to help find as many bugs as we can before the final release.
As always, please ensure you stop your Jellyfin server and take a full backup before upgrading!
A note about versioning
Starting with this release, we are dropping the preceding 10. from our versioning. Thus, 10.11.x -> [10.]12.x = 12.x. The reason is simple: at this point in the project, we don't envision a hard break in the API like we planned way back in the early days, and this version scheme was causing a lot of confusion amongst users about what a "major" release was. For more information, please see the RC1 release notes.
What's new?
The main goal of this release has been performance. 10.11.0 dropped a major backend rewrite, and while it was broadly functional, it had a lot of rough edges. This release seeks to polish out most of those rough edges and bring better performance to all users.
There are many other small fixes, improvements, changes, and translations. See our draft release notes here or below for the full list of pull requests. You can also view the Server side changelog here.
Note: You must be on Jellyfin 10.10.7+ or 10.11.x (ideally, 10.11.11) before upgrading! If you are not, the upgrade will fail. Ensure you upgrade to one of these versions first!
Note: The initial load of Jellyfin 12.x will run a few migrations and will take several minutes. Please be patient and do not interrupt the process. You can leverage the (newly improved!) startup UI on your local network to see specific progress, or off-network to see general progress, by visiting the server URL in your web browser during startup.
Note: If you install the RC, you should disable all external plugins and reinstall using the unstable plugin repository, or plugins may fail to load and cause unintended side effects.
Installing
This preview release is distributed in all our traditional forms, though not automatically via our Apt repository or latest tag.
- For all non-Docker environments, you can find the files for manual download in our repository by selecting "Stable Preview" for your OS.
- For Docker, you can pull the
12.0-rc2orpreviewtags.
What's Changed (since v12.0-rc1)
- Fix startup crash when ApiClient has no serverId yet by @joshuaboniface in #8088
Full Changelog: v12.0-rc1...v12.0-rc2
12.0 RC2
๐ Jellyfin Server 12.0 RC2
We are pleased to announce the second release candidate preview release of Jellyfin 12.0!
This is a preview release, intended for those interested in testing 12.0 before its final public release. We welcome testers to help find as many bugs as we can before the final release.
As always, please ensure you stop your Jellyfin server and take a full backup before upgrading!
A note about versioning
Starting with this release, we are dropping the preceding 10. from our versioning. Thus, 10.11.x -> [10.]12.x = 12.x. The reason is simple: at this point in the project, we don't envision a hard break in the API like we planned way back in the early days, and this version scheme was causing a lot of confusion amongst users about what a "major" release was. For more information, please see the RC1 release notes.
What's new?
The main goal of this release has been performance. 10.11.0 dropped a major backend rewrite, and while it was broadly functional, it had a lot of rough edges. This release seeks to polish out most of those rough edges and bring better performance to all users.
There are many other small fixes, improvements, changes, and translations. See our draft release notes here or below for the full list of pull requests. You can also view the Web side changelog here.
Note: You must be on Jellyfin 10.10.7+ or 10.11.x (ideally, 10.11.11) before upgrading! If you are not, the upgrade will fail. Ensure you upgrade to one of these versions first!
Note: The initial load of Jellyfin 12.x will run a few migrations and will take several minutes. Please be patient and do not interrupt the process. You can leverage the (newly improved!) startup UI on your local network to see specific progress, or off-network to see general progress, by visiting the server URL in your web browser during startup.
Note: If you install the RC, you should disable all external plugins and reinstall using the unstable plugin repository, or plugins may fail to load and cause unintended side effects.
Installing
This preview release is distributed in all our traditional forms, though not automatically via our Apt repository or latest tag.
- For all non-Docker environments, you can find the files for manual download in our repository by selecting "Stable Preview" for your OS.
- For Docker, you can pull the
12.0-rc2orpreviewtags.
What's Changed (since v12.0-rc1)
- Fix too many SQL variables in DeleteItem for large batch deletes by @joshuaboniface in #17153
- Don't run heavy DB tasks while scan is running by @Shadowghost in #17182
- Fix local Comic book plugin registration by @Shadowghost in #17188
- Fix Live TV tuner not releasing by @theguymadmax in #17178
- Fix localization lookup by @Shadowghost in #17187
- Fix embedded lyrics not updating on replace all refresh by @theguymadmax in #17134
- Revamp startup UI for visual style and usability by @joshuaboniface in #17154
- Use Convert.ToHexStringLower for Schedules Direct password hash by @obrenoalvim in #17174
- Live TV: re-fetch channel icons on guide refresh by @danieltutuianu in #16914
- Reject unsafe plugin package names in installer by @dfederm in #17013
- Batch duplicate-cleanup deletes in merge migrations by @Shadowghost in #17162
- Remove orphaned people by @theguymadmax in #17140
- Update CI dependencies by @renovate[bot] in #17176
- Update dependency Microsoft.NET.Test.Sdk to 18.7.0 by @renovate[bot] in #17167
- Update swashbuckle-aspnetcore monorepo to 10.2.3 - autoclosed by @renovate[bot] in #17141
- Update actions/checkout action to v7 by @renovate[bot] in #17131
New Contributors
- @obrenoalvim made their first contribution in #17174
- @danieltutuianu made their first contribution in #16914
Full Changelog: v12.0-rc1...v12.0-rc2
Distribution Release: Drauger OS 7.8
v1.19.2
Fixes and improvements
General
- playback: fix panic when MP4 muxer flushes with no samples (#5867)
- redact sensitive headers in HTTP debug logs (#5873)
- fix(recordstore): decode timezone offset minutes correctly (#5884)
- improve HTTP server performance (#5886) log incoming requests without cloning.
- prevent truncation of 64-bit values on 32-bit platforms (#5902)
RTSP
- add rtspScale parameter to inject Scale header on PLAY (#5800)
- client: switch automatically to TCP in case of H264 packetization-mode=0 (bluenviron/gortsplib#1086)
- support VP8 streams with multiple partitions (https://github.com/bluenviron/mediamtx/issues/5426) (bluenviron/gortsplib#1090)
- allow FU-A and STAP-A packets with H264 packetization-mode 0 (#5887) (bluenviron/gortsplib#1092)
WebRTC
- skip unresolvable webrtcAdditionalHosts entries instead of aborting (#5845)
RPI Camera
- support encoding primary stream with MJPEG (2/2) (#5892)
- support encoding secondary stream with H264 (2/2) (#4485) (#5898)
- add unified rpiCameraH264Profile, rpiCameraH264Level params (#5894) These replace rpiCameraHardwareH264Profile, rpiCameraHardwareH264Level, rpiCameraSoftwareH264Profile, rpiCameraSoftwareH264Level.
- fix race condition that prevents decoding the stream (bluenviron/mediamtx-rpicamera#109) (#5861) When a player immediately connects to a newly-created stream, SPS/PPS might not be available, neither in the SDP and neither in-band. Prevent the issue by always sending SPS/PPS in-band.
- improve performance by computing frame size once (bluenviron/mediamtx-rpicamera#111)
- fix wrong timestamp being passed to openh264 (bluenviron/mediamtx-rpicamera#114)
Dependencies
- code.cloudfoundry.org/bytefmt updated from v0.76.0 to v0.78.0
- github.com/abema/go-mp4 updated from v1.6.0 to v1.7.1
- github.com/bluenviron/gortsplib/v5 updated from v5.6.0 to v5.6.1
- github.com/bluenviron/mediacommon/v2 updated from v2.9.0 to v2.9.1
- github.com/matthewhartstonge/argon2 updated from v1.5.4 to v1.5.5
- github.com/pion/sdp/v3 updated from v3.0.18 to v3.0.19
- github.com/quic-go/webtransport-go updated from v0.10.0 to v0.11.0
- github.com/pion/srtp/v3 updated from v3.0.11 to v3.0.12
- github.com/bluenviron/mediamtx-rpicamera updated from v2.6.0 to v2.8.0
Security
Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.
Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:
ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx
You can verify checksums of binaries by downloading checksums.sha256 and running:
cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check
June 24th, 2026, Ampere Server Donation
Ampere has generously donated a server to FFmpeg: an AmpereOneยฎ (Mt. Mitchell) 2U system with 192 Arm cores, 512ย GB of RAM, 24 NVMe bays and 2ร25G networking, weighing in at 28ย kg. Thank you, Ampere!
To celebrate, Dascha (daschasara) answered FFmpeg's call for non-AI artwork and drew this piece for us:
Artwork by Dascha (daschasara)
v1.6.0
Changelog
- ac5c3b4 Add WebsiteConfiguration types, validation, and S3 error codes
- 375c276 Add website integration tests and remove NotImplemented stubs
- 04bb314 chore(deps): bump actions/checkout from 6 to 7
- 0d03381 chore(deps): bump the dev-dependencies group across 1 directory with 12 updates
- 8453a5b chore(deps): bump the dev-dependencies group with 23 updates
- 2a40e19 chore(deps): bump the dev-dependencies group with 24 updates
- 27e90ce feat(helm): Make it possible to specify deployment strategy
- 4599daa feat: Add 'topologySpreadConstraints'
- 6f1dfe8 feat: add options extensions to embed config
- 27f04ad feat: add windows functional test coverage and fix some windows behavior
- 1625c59 feat: improve static website hosting support
- 4d391ca feat: migrate Fiber to v3.3.0
- f08f76f feat: support x-amz-website-redirect-location
- 9610ef8 fix: prevent connection errors in space/quotas error paths
- cf4bc65 fix: prevent index-out-of-range panic in s3proxy GetBucketOwnershipControls
- 50e64f7 fix: prevent nil pointer panic in webhook sendLog
- 422b5a7 fix: prevent panic in ParseCopySource on empty input
- 12fb5a6 fix: reject empty Content-MD5 on PUT operations
- 6df901b fix: support asterisk read preconditions
- 67af0af fix: validate object lock default retention upper limits
- 8495cf4 s3api: add WithOnListen option for server readiness notification