❌

Normale weergave

Ontvangen β€” 31 Januari 2026 ⏭ Selfhosted

one safeguard too many

βœ‡Copyparty
Door: 9001
15 Februari 2026 om 09:34

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

πŸ§ͺ new features

  • #1264 now possible to grant the get permission when creating a share 95b827f
    • the button was already there, but until now it did nothing

🩹 bugfixes

  • a safeguard (24141b4) added in v1.20.5 was too strict and would block requests from certain reverseproxies, specifically anything that adds X-Forwarded-HTTP-Version 72224d2

⚠️ not the latest version!

  •  
  • ↗️

fast again

βœ‡Copyparty
Door: 9001
31 Januari 2026 om 23:42

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

πŸ§ͺ new features

🩹 bugfixes

πŸ”§ other changes

  • fast again! ed6a8d5
    • replaced the connection:close band-aid added in v1.20.4 with a proper fix that doesn't make things slower behind reverseproxies
    • I've tried everything I can think of (with nginx as reverseproxy) and can't notice any difference in behavior, but please let me know if this breaks anything for you πŸ™
  • #1245 updated Portuguese translation (thx @000yesnt!) 69fa1d1
  • #1259 OpenRC: add command to test config (thx @lotsospaghetti!) 79273a7
  • #1257 removed the nth global-option because it was never implemented (thx @stackxp!) 22cdc0f
  • syntax highlighter: added languages nasm + nix, removed autohotkey + cmake b20d325

🌠 fun facts

  • http/1.1 still tends to be faster than http/2 and http/3 for large transfers which is the main reason copyparty hasn't made the change
    • eh, not really a fun fact I suppose ┐( Β΄ w `)β”Œ

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 29 Januari 2026 ⏭ Selfhosted

BookStack v25.12.3

βœ‡BookStack
Door: ssddanbrown
29 Januari 2026 om 16:29

Security Release

BookStack v25.12.3 has been released.

This is a security release to address a vulnerability where form elements in page content could be used to trick more privileged users into making API requests.

We strongly advise that you update your instance if you allow untrusted users to create or edit pages.

Thanks to Joud Zakharia of zentrust partners GmbH for the discovery of this vulnerability, and thanks to Sven Faßbender of zentrust partners GmbH for their responsible disclosure and great communication of this issue.

Additional Update Notices

  • Page Content - As of this release, most types of form content are now removed from page content on render. If you applied customizations which made use of in-page form content, you may now need to find alternative methods.

Full List of Changes

  • Updated application PHP dependencies.
  • Updated session-based API authentication to only be active for GET requests.
  • Updated page content filtering to remove many common form elements & attributes.
  • Updated translations with latest Crowdin changes. (#5997)

  •  
  • ↗️
Ontvangen β€” 25 Januari 2026 ⏭ Selfhosted

Part-DB 2.5.1

βœ‡Part-DB
Door: jbtronics
25 Januari 2026 om 21:54

Part-DB 2.5.1

Tip

If you like Part-DB, consider donating to support the development. Press the sponsor button on the main github page, for more info.

Important

If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8

Improvements

  • When using the "upload files" button automatically determine a fitting attachment type based on extension
  • Support SPN columns for all suppliers as columns in BOM imports, not only LCSC (PR#1208, thanks @MayNiklas)

Bug fixes

  • Disable the ID search by default, like intended in PR #1184
  • Use correct language for sidebar trees, even if no user is logged in
  • Prevent ordering of extra column in log tables, as this errors on Postgres and has no real use
  • Show an error popup instead of a 500 page when info provider retrieval fails
  • Added clear button for part select input in BOMs (#1156)

Miscellaneous

  • Updated dependencies
  • Updated translations

New Contributors

Full Changelog: v2.5.0...v2.5.1

  •  
  • ↗️

FreshRSS 1.28.1

βœ‡FreshRSS
Door: Alkarex
25 Januari 2026 om 19:20

This is a release focussing on bug fixing, in particular regressions from the release 1.28.0.

Selected new features ✨:

  • New customisable message for closed registrations
  • Add username in Apache access logs (also in Docker logs): for GReader API, and for HTTP Basic Auth from reverse proxy

Improved performance 🏎️:

  • Disable counting articles in user labels for Ajax requests (unused)

Many bug fixes πŸ›

This release has been made by @Alkarex, @Frenzie, @Inverle and newcomers @ciro-mota, @eveiscoull, @hackerman70000, @Hufschmidt, @johan456789, @martgnz, @mmeier86, @netsho, @neuhaus, @RobLoach, @rupakbajgain.

Full changelog:

  • Features
    • Handle Web scraping of text/plain as <pre class="text-plain"> #8340
    • New customisable message for closed registrations #8462
  • Bug fixing
    • Fix unwanted expansion of user queries (saved searches) applied to filters #8395
    • Fix encoding of filter actions for labels #8368
    • Fix searching of tags #8425
    • Fix refreshing feeds with token while anonymous refresh is disabled #8371
    • Fix RSS and OPML access by token #8434
    • Fix MySQL/MariaDB transliterator_transliterate fallback (when the php-intl extension is unavailable) #8427
    • Fix regression with MySQL/MariaDB index hint #8460
    • Auto-add lastUserModified database column also during mark-as-read action #8346
    • Do not include hidden feeds when counting unread articles in categories #8357
    • Remove wrong PHP deprecation of OPML export action #8399
    • Fix shortcut for next unread article #8466
    • Fix custom session.cookie-lifetime #8446
    • Fix feed validator button when changing the feed URL #8436
  • Performance
    • Disable counting articles in user labels for Ajax requests (unused) #8352
  • Security
    • Change Content-Disposition: inline to attachment in f.php #8344
    • Hardened user methods exists, mtime, ctime #26c1102
  • Deployment
    • Add username in Apache access logs (also in Docker logs): for GReader API, and for HTTP Basic Auth from reverse proxy #8392
  • SimplePie
  • Extensions
    • Update .gitignore to ignore installed extensions #8372
  • UI
    • Add data-category="3" to ease custom CSS styling of articles #8397
    • Fix space between By: and the author’s name #8422
  • I18n
  • Misc.

  •  
  • ↗️
Ontvangen β€” 24 Januari 2026 ⏭ Selfhosted
Ontvangen β€” 23 Januari 2026 ⏭ Selfhosted

a fresh pair of sock(et)s

βœ‡Copyparty
Door: 9001
30 Januari 2026 om 23:42

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

🩹 bugfixes

  • #1235 rightclick-menu: fix creating new files/folders in gridview (thx @SpaceXCheeseWheel!) ffca67f
  • #1231 fix http desync if the urlform global-option was changed to get
    • this initial fix only applies when reverse-proxied, in which case copyparty will now always connection:close (don't reuse tcp/uds connections), as giving each client a fresh socket helps avoid all such issues e1eff21 b4fddbc
    • the expected performance impact from this change is near-zero for real use, even if benchmarks show a 40% reduction in requests/sec in the absolute-worst-case (burst of cheap requests)
    • a future version will also fix this issue for non-proxied clients

πŸ”§ other changes

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 21 Januari 2026 ⏭ Selfhosted

dillo approves

βœ‡Copyparty
Door: 9001
23 Januari 2026 om 19:02

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

πŸ§ͺ new features

  • send-message-to-serverlog now also available as url-parameter ?smsg=foo 6dcb1ef
    • option smsg configures which HTTP-methods to allow; can be set to GET,POST but default is only POST because GET is dangerous (CSRF)

🩹 bugfixes

  • #1227 dillo was not able to login because dillo is more standards-compliant than every other browser (nice) b4df8fa
  • a web-scraper which got banned for making malicious requests could remain banned for one request longer than intended (wait why did I fix this) ba67b27
  • ?ls was still a bit jank 0a3a807

🌠 fun facts

  • this 6AM release was powered by void/mournfinale
  • was going to name the release "dilla pΓ₯ dillo" but somehow google-translate thinks that means "fuck on fuck" which would have been inappropriate

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 19 Januari 2026 ⏭ Selfhosted

xattrs + range-select

βœ‡Copyparty
Door: 9001
22 Januari 2026 om 12:52

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #1212, #1214 range-select in the grid-view by click-and-drag (thx @icxes!) 3e3228e 72c5940
  • #134 xattrs (linux extended file attributes) can now be indexed and searchable 8240ef6
  • rightclick-menu:
  • option to override the domain in certain links, so copyparty returns an external URL even if you're accessing it by a LAN address:
  • new option vol-nospawn (volflag nospawn) to not automatically create the volume's folder on the server's HDD if it doesn't exist
  • new option vol-or-crash (volflag assert_root) to intentionally crash on startup if a volume's folder doesn't already exist on the server HDD
  • new option --flo to tweak the log-format used by the -lo option for logging to a file 826e84c
  • #1197 u2c (commandline uploader): give up and crash if server is offline for longer than 3 minutes (configurable) 67c5d8d

🩹 bugfixes

  • #1203 configured chmod/chown rules were not applied when a file was being deduped bef0772
  • the unlistc* volflags could not be specified for single-file volumes 2664891
  • the defensive renaming of uploaded readmes/logues would assume the default filenames, not considering the recently added option to customize these names c17c3be
  • #1191 the ipu option can once again be used to reject connections from certain IP-ranges caf831f
    • this was a regression in v1.19.21 causing the server to crash on startup if such a config was attempted
  • some empty folders could be created during startup in certain server-configs with nested volumes 4e67b46
  • api: trying to ?ls nested virtual folders could return an error 6675039
  • ui/ux:
    • #1179 improve errormessage if audio transcoding fails 7357d46
    • ensure a trailing slash when viewing a folder with the h permission; good for relative links in html-files

πŸ”§ other changes

  • #1193, #1194: NixOS improvements (thx @toast003!) 9d223d6 d5a8a34
  • truncate huge errormessages from ffmpeg so the log doesn't get flooded 3aebfab
  • ui/ux:
    • the dl button (to download selected files individually) now skips folders, since that never worked bc24604
    • #1200 add html classes to make custom styling easier c46cd7f
    • rephrase errormessages from see serverlog to see fileserver log
  • docs:
    • mention in the readme that uploading files from a deeply nested folder using a webbrowser on Windows can fail because browsers don't handle the max-pathlen limitation of Windows optimally (not a copyparty-specific issue, but still hits us)

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️

Part-DB 2.5.0

βœ‡Part-DB
Door: jbtronics
18 Januari 2026 om 23:28

Part-DB 2.5.0

Tip

If you like Part-DB, consider donating to support the development. Press the sponsor button on the main github page, for more info.

Important

If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8

New features

  • Added console command to change database platform (e.g. from sqlite to mysql, or mysql to postgresql)
  • Added a ability to search for part IDs from searchfields (thanks @kernchen-brc, #1184)

Improvements

  • Do not mark new categories excluded from simulation in KiCAD, to avoid annoying symbols in KiCad (thanks @lukas-runge , #1192)
  • Optimized frontend file sizes a bit

Bug fixes

Miscellaneous

  • Updated dependencies

New Contributors

Full Changelog: v2.4.0...v2.5.0

  •  
  • ↗️
Ontvangen β€” 14 Januari 2026 ⏭ Selfhosted

v11.14.1

βœ‡Directus
Door: github-actions[bot]
15 Januari 2026 om 19:35

⚠️ Potential Breaking Changes

Added multi-domain support for OAuth/OpenID (#26312)
SSO callback URL generation and redirect validation now includes port matching to ensure redirects target the correct server.

Fixed getAsset returning all file fields instead of only those allowed by the users permissions (#25905)
getAsset / GET /assets/:id now respects directus_files permissions when returning file based fields.

  • @directus/app
    • Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
      controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
      collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
      has now been fully removed.
    • Removed the "Comment" tab from the activities page (#26440 by @Abdallah-Awwad)
  • @directus/api
    • Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
      controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
      collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
      has now been fully removed.
    • Fixed getAsset returning all file fields instead of only those allowed by the users permissions (#25905 by @gaetansenn)
    • Added multi-domain support for OAuth/OpenID (#26312 by @gaetansenn)
    • Added a new AI_ENABLED environment variable to allow opting out of our AI chat feature (#26458 by @bryantgillespie)
  • @directus/system-data
    • Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
      controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
      collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
      has now been fully removed.
  • @directus/specs
    • Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
      controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
      collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
      has now been fully removed.
  • @directus/types
    • Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
      controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
      collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
      has now been fully removed.
  • @directus/sdk
    • Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml)
      controller, and mocks, as well as the corresponding SDK commands and schema types, types and services, system fields and
      collections, OpenAPI specifications, and App UI routes and components. This endpoint has been unused for over a year and
      has now been fully removed.

✨ New Features & Improvements

  • @directus/app
    • Added a new AI_ENABLED environment variable to allow opting out of our AI chat feature (#26458 by @bryantgillespie)
    • Added concurrency control for file uploads via a new FILES_MAX_UPLOAD_CONCURRENCY env variable (#26424 by @thomas-svrts)
    • Added nested validation rules to validation error notice (#26389 by @robluton)
    • Added Comparison modal wysiwyg diff highlighting (#26301 by @robluton)
    • Fixed an issue that would cause some drawer header icons from being displayed too large (#26442 by @kekekuli)
  • @directus/api
    • Added concurrency control for file uploads via a new FILES_MAX_UPLOAD_CONCURRENCY env variable (#26424 by @thomas-svrts)
  • @directus/env
    • Added multi-domain support for OAuth/OpenID (#26312 by @gaetansenn)
    • Added a new AI_ENABLED environment variable to allow opting out of our AI chat feature (#26458 by @bryantgillespie)
    • Added concurrency control for file uploads via a new FILES_MAX_UPLOAD_CONCURRENCY env variable (#26424 by @thomas-svrts)
    • Added support for specifying a KMS Key ID in S3 storage when using aws:kms Server Side Encryption (#26377 by @Joey92)
  • @directus/types
  • @directus/storage-driver-s3
    • Added support for specifying a KMS Key ID in S3 storage when using aws:kms Server Side Encryption (#26377 by @Joey92)

πŸ› Bug Fixes & Optimizations

  • @directus/app
  • @directus/api
  • @directus/types
  • @directus/system-data
  • @directus/memory
  • @directus/sdk
    • Added a new AI_ENABLED environment variable to allow opting out of our AI chat feature (#26458 by @bryantgillespie)
    • Fixed conversion of fields from object notation to dot syntax in SDK subscription queries (#26397 by @bruno-costa)
  • @directus/schema
    • Improved CockroachDB database introspection performance (#26393 by @br41nslug)
  • @directus/themes
  • @directus/schema-builder
  • @directus/storage-driver-supabase
    • Fixed an issue where the Supabase storage driver would fail if the root folder is the empty string. (#26384 by @aderugy)

πŸ“¦ Published Versions

  • @directus/app@15.0.0
  • @directus/api@33.0.0
  • @directus/composables@11.2.9
  • create-directus-extension@11.0.25
  • @directus/env@5.4.0
  • @directus/extensions@3.0.16
  • @directus/extensions-registry@3.0.16
  • @directus/extensions-sdk@17.0.5
  • @directus/memory@3.0.14
  • @directus/pressure@3.0.14
  • @directus/schema@13.0.5
  • @directus/schema-builder@0.0.11
  • @directus/specs@12.0.0
  • @directus/storage-driver-azure@12.0.14
  • @directus/storage-driver-cloudinary@12.0.14
  • @directus/storage-driver-gcs@12.0.14
  • @directus/storage-driver-s3@12.1.0
  • @directus/storage-driver-supabase@3.0.14
  • @directus/system-data@4.0.0
  • @directus/themes@1.2.1
  • @directus/types@14.0.0
  • @directus/utils@13.1.1
  • @directus/validation@2.0.14
  • @directus/sdk@21.0.0

  •  
  • ↗️
Ontvangen β€” 13 Januari 2026 ⏭ Selfhosted

v0.18.2

βœ‡Beszel
Door: henrygd
13 Januari 2026 om 01:57

This release fixes a regression that resulted in the agent binary being dynamically linked, causing it to fail on musl-based Linux distributions like Alpine and OpenWrt. If you were affected by this, see below for instructions to fix.

What's Changed

  • Add separate dynamically linked glibc build for Linux. (#1618)
  • Fix GPU ID collision between Intel and NVIDIA collectors. (#1522)
  • Agent update command now detects your system's C library and downloads the optimal binary (static or glibc) on Linux.
  • fix: some of indonesia translate by @marmar76 in #1625
  • Jetson tegrastats regex pre jetpack5 by @Vascolas007 in #1631
  • site: only hide GPU engine graph if entire usage is 0% by @crimist in #1624

New Contributors

Fix for musl-based Linux distributions

If you updated to a version that currently fails to start (./beszel-agent: not found), you can restore your agent by running the following commands:

# 1. Download latest static binary (replace 'amd64' with your arch if different)
curl -L https://github.com/henrygd/beszel/releases/latest/download/beszel-agent_linux_amd64.tar.gz | tar -xz

# 2. Replace the broken binary
mv beszel-agent /opt/beszel-agent/beszel-agent
chmod +x /opt/beszel-agent/beszel-agent

# 3. Restart the service
# For Alpine:
rc-service beszel-agent restart
# For OpenWRT:
/etc/init.d/beszel-agent restart

Full Changelog: v0.18.1...v0.18.2

  •  
  • ↗️
Ontvangen β€” 12 Januari 2026 ⏭ Selfhosted

v0.18.1

βœ‡Beszel
Door: henrygd
12 Januari 2026 om 03:30

Fixes bug in 0.18.0 release where all containers were cleared from the "All Containers" page when any system returned no containers.

Additionally, there was a temporary problem with the :latest Docker image which may have caused your agents to report as down. This is fixed now and you can re-pull the image if necessary: #1618 (comment)

  •  
  • ↗️

v0.18.0

βœ‡Beszel
Door: github-actions[bot]
12 Januari 2026 om 00:23

What's Changed

  • Add option to make universal token permanent. (#1097, #1614)
  • Add experimental NVML GPU collector. (#1522, #1587)
  • Add low battery alerts. (#1507)
  • Add battery charge to systems table.
  • Add --url and --token command line arguments to the agent. (#1524)
  • Collect S.M.A.R.T. data in the background every hour.
  • Add SMART_INTERVAL environment variable to customize S.M.A.R.T. data collection interval.
  • Collect system distribution and architecture.
  • Add system_details collection to store infrequently updated system information.
  • Improve S.M.A.R.T. device path lookup for NVMe devices. (#1504)
  • Raise smartctl timeout to 15 seconds. (#1465)
  • Fix container logs decoding for raw streams. (#1535)
  • Rename login honeypot field to prevent password manager autofill (#1011).
  • fix: When there is no client, LoaderCircle will always transfer by @Zero2A11 in #1511
  • fix non unique fingerprint by @deadbeef84 in #1556
  • bug: fix disk sorting in smart table by @svenvg93 in #1551
  • chore; add check for systemd before monitoring by @svenvg93 in #1550
  • fix: use origin country flags for Spanish and Portuguese languages by @Natxo09 in #1571
  • Add Serbian and Bahasa Indonesia translations.
  • Update Go dependencies.

New Contributors

Full Changelog: v0.17.0...v0.18.0

  •  
  • ↗️
Ontvangen β€” 9 Januari 2026 ⏭ Selfhosted

sftp fixes

βœ‡Copyparty
Door: 9001
19 Januari 2026 om 03:45

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

🩹 bugfixes

  • various SFTP fixes (i blame the single tschunk on day 3):
    • #1170 be more lenient regarding stat permissions 9030828
    • #1170 deletes could return EPERM when ENOENT was more appropriate 8c9e101
    • #1170 files would be created with an extremely restrictive chmod 2f4a30b
      • certified octal moment
    • write-only folders could return ENOENT 6c41bac
  • #1177 disk-usage quotas became incompatible with shares in v1.20.0 038af50
  • appending to existing files with ?apnd was possible in volumes with non-reflink dedup, where it could propagate to deduped copies of the file 738a419
    • (was only possible for users with write+delete perms, so at least it couldn't be used for nefarious purposes)
  • rightclick-menu: "copy link" would strip filekeys 3a16d34

πŸ”§ other changes

  • copyparty.exe: updated pillow to 12.1.0 a9ae6d5

🌠 fun facts

  • tschunk is the sound a hacker makes as they faceplant onto the table after having one too many

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 8 Januari 2026 ⏭ Selfhosted

5.2.7

βœ‡UpSnap
Door: github-actions[bot]
8 Januari 2026 om 00:48

Note

UpSnap is, and always will be, free and open source software.

If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.

The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.

Changelog

Bug fixes

  •  
  • ↗️
Ontvangen β€” 7 Januari 2026 ⏭ Selfhosted

5.2.6

βœ‡UpSnap
Door: github-actions[bot]
7 Januari 2026 om 15:57

Note

UpSnap is, and always will be, free and open source software.

If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.

The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.

Changelog

Features

Bug fixes

Others

Npm dependencies

  • 3d68442: npm-dep: bump @inlang/paraglide-js from 2.7.0 to 2.7.1 in /frontend (@dependabot[bot])
  • 8714f93: npm-dep: bump @inlang/paraglide-js from 2.7.1 to 2.7.2 in /frontend (@dependabot[bot])
  • d1c6ee5: npm-dep: bump @sveltejs/kit from 2.49.2 to 2.49.3 in /frontend (@dependabot[bot])
  • dbcdd2b: npm-dep: bump typescript-eslint from 8.50.1 to 8.51.0 in /frontend (@dependabot[bot])
  • 341d6b7: npm-dep: bump typescript-eslint from 8.51.0 to 8.52.0 in /frontend (@dependabot[bot])

  •  
  • ↗️
Ontvangen β€” 4 Januari 2026 ⏭ Selfhosted

Part-DB 2.4.0

βœ‡Part-DB
Door: jbtronics
4 Januari 2026 om 22:13

Part-DB 2.4.0

Tip

If you like Part-DB, consider donating to support the development. Press the sponsor button on the main github page, for more info.

Important

If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8

New features

  • Added info provider for Buerklin (thanks to @mkne, #1151)
  • Show part IDs in project BOMs

Improvements

  • Use more performant hash algorithms for cache keys
  • Increase label generator PDF preview height to show PDF toolbar (@mkne , #1171)
  • Show info provider capabilities in fixed order

Bug fixes

  • Fixed exception if DigiKey has no media for a part (#1154)

Miscellaneous

  • Updated dependencies

New Contributors

Full Changelog: v2.3.0...v2.4.0

  •  
  • ↗️
Ontvangen β€” 3 Januari 2026 ⏭ Selfhosted

sftp is fine too

βœ‡Copyparty
Door: 9001
9 Januari 2026 om 02:38

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • sftp server 4714c2f ec7ea30
  • #1135 right-click menu (thx @stackxp and @Scotsguy!) 82c4960 05a4472
  • PUT can now append to existing files 63d8e5a
    • new option apnd-who to configure who is allowed to do that
  • #1128 added option to skip uploading a file if the filename is already taken on the server (thx @Scotsguy!) fa32e15
  • #1127 descript.ion now also works for folders 2c26aec
  • in file listings, up_by and up_ip (uploader info) can now be displayed for non-admin users by adding them to the mte option 7bfd370
  • #1120 display the disk-space quota instead of the underlying HDD size (thx @rabid-dev!) 511dc01 e0845b2
  • option to skip dotfiles/dotfolders when using download-as-zip 7d7a151
  • #1124 button to skip files with a filename collision when copying/moving files 85639ad
  • #1151 u2c (commandline uploader): option to use basic-auth instead of the PW header (thx @Le0Developer!) 120fdfb
  • the name of the pw url-param and http-header can be changed f81d80b
    • mainly to force basic-auth, but perhaps also for other purposes
    • changing these will break support for many clients, so you probably want to keep the default

🩹 bugfixes

  • image-viewer:
    • images now scale properly when rotated while the zoom feature is enabled c0e167f
    • the current image rotation will now be applied to the next image as well 485c60c c82a3cb
  • groups announced by an IdP will now also apply for native (copyparty-config) users f08cb25
  • windows: download-as-zip would flatten everything to a single folder 2d1d295
  • #1157 dirkeys did not work in grid-view d1ddcb1
  • #1123 the ui-notree option to simplify the UI would simplify a bit too much 4c73704
  • don't add the trailing slash to a volume in the controlpanel when the volume is a file 80a3749
    • the link couldn't be clicked on Windows CE 4.20 using Internet Explorer 4.01

πŸ”§ other changes

  • #1158 updated german translation (thx @Scotsguy!) 3bf80c8
  • the dotfiles button now also toggles showing unlisted files e55e5a4
  • /?h&ls (the api to list volumes) now includes the user's permissions for each volume 1f6e811
  • #1142 new option dav-port to open a dedicated port for webdav clients 4642d32
    • workaround for certain clients which pretend to be webbrowsers
  • #1147 workaround for a buggy browser-extension 8551472
  • detect (and panic) when a webbrowser has failed to load one of the javascript files af3f777
    • replaces the confusing errormessage resulting from half of the code missing

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 30 December 2025 ⏭ Selfhosted

BookStack v25.12.1

βœ‡BookStack
Door: ssddanbrown
30 December 2025 om 18:25

Security Release

BookStack v25.12.1 has been released.

This is a security release which adds limits to search operations, and adds size checks to ZIP import files before they are extracted.
These changes help prevent potential abuse to host disk space usage and/or service availability.

We recommended to update your instance if untrusted users have ZIP import permissions, or if untrusted users can perform searches.

Thanks to Jeong Woo Lee (@eclipse07077-ljw) and Gabriel Rodrigues (aka TEXUGO) for reporting these vulnerabilities.

Full List of Changes

  • Updated application PHP dependencies.
  • Add some additional resource-based limits. (#5968)
  • Updated translations with latest Crowdin changes. (#5962)

  •  
  • ↗️
Ontvangen β€” 25 December 2025 ⏭ Selfhosted

5.2.5

βœ‡UpSnap
Door: github-actions[bot]
25 December 2025 om 10:23

Note

UpSnap is, and always will be, free and open source software.

If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.

The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.

Changelog

Others

Go dependencies

Npm dependencies

Github Actions

  •  
  • ↗️
Ontvangen β€” 24 December 2025 ⏭ Selfhosted

FreshRSS 1.28.0

βœ‡FreshRSS
Door: Alkarex
24 December 2025 om 20:27

This is a major release, just in time for the holidays πŸŽ„

Selected new features ✨:

  • New sorting and filtering by date of User modified, with corresponding search operator, e.g. userdate:PT1H for the past hour
  • New sorting by article length
  • New advanced search form
  • New overview of dates with most unread articles
  • New ability to share feed visibility through API (implemented by e.g. Capy Reader)
    • Bonus: Capy Reader is also the first open source Android app to support user labels
  • Better transitions UI between groups of articles
  • New links in UI for transitions between groups of articles, and jump to next transition
  • Docker default image updated to Debian 13 Trixie with PHP 8.4.11
  • And much more…

Improved performance 🏎️:

  • Scaling of user statistics in Web UI and CLI, to help instances with 1k+ users
  • Improve SQL speed for some critical requests for large databases
  • API performance optimisation thanks to streaming of large responses

Selected bug fixes πŸ›:

  • Fix OpenID Connect with Debian 13
  • Fix MySQL / MariaDB bug wrongly sorting new articles
  • Fix SQLite bind bug when adding tag

Breaking changes πŸ’₯:

  • Move unsafe autologin to an extension
  • Potential breaking changes for some extensions (which have to rename some old functions)

This release has been made by @Alkarex, @Frenzie, @Inverle, @aledeg, @andris155, @horvi28, @math-GH, @minna-xD and newcomers @Darkentia, @FollowTheWizard, @GreyChame1eon, @McFev, @jocmp, @larsks, @martinhartmann, @matthew-neavling, @pudymody, @raspo, @scharmach, @scollovati, @stag-enterprises, @vandys, @xtmd, @yzx9.

Full changelog:

  • Features
    • New sorting and filtering by date of User modified #7886, #8090,
      #8105, #8118, #8130
      • Corresponding search operator, e.g. userdate:PT1H for the past hour #8093
      • Allows finding articles marked by the local user as read/unread or starred/unstarred at specific dates for e.g. undo action.
    • New sorting by article length #8119
    • New advanced search form #8103, #8122, #8226
    • Add compatibility with PCRE word boundary \b and \B for regex search using PostgreSQL #8141
    • More uniform SQL search and PHP search for accents and case-sensitivity (e.g. for automatically marking as read) #8329
    • New overview of dates with most unread articles #8089
    • Allow marking as read articles older than 1 or 7 days also when sorting by publication date #8163
    • New option to show user labels instead of tags in RSS share #8112
    • Add new feed visibility (priority) Show in its feed #7972
    • New ability to share feed visibility through API (implemented by e.g. Capy Reader) #7583, #8158
    • Configurable notification timeout #7942
    • OPML export/import of unicity criteria #8243
    • Ensure stable IDs (categories, feeds, labels) during export/import #7988
    • Add username and timestamp to SQLite export from Web UI #8169
    • Add option to apply filter actions to existing articles #7959, #8259
    • Support CSS selector ~ subsequent-sibling #8154
    • Rework saving of configuration files for more reliability in case of e.g. full disk #8220
    • Web scraping support date format as milliseconds for Unix epoch #8266
    • Allow negative category sort numbers #8330
  • Performance
    • Improve SQL speed for updating cached information #6957, #8207,
      #8255, #8254, #8255
    • Fix SQL performance issue with MySQL, using an index hint #8211
    • Scaling of user statistics in Web UI and CLI, to help instances with 1k+ users #8277
    • API streaming of large responses for reducing memory consumption and increasing speed #8041
  • Security
    • πŸ’₯ Move unsafe autologin to an extension #7958
    • Fix some CSRFs #8035
    • Strengthen some crypto (login, tokens, nonces) #8061, #8320
    • Create separate HTTP Retry-After rules for proxies #8029, #8218
    • Add data: to CSP in subscription controller #8253
    • Improve anonymous authentication logic #8165
    • Enable GitHub release immutability #8205
  • Bug fixing
    • Exclude local networks for domain-wide HTTP Retry-After #8195
    • Fix OpenID Connect with Debian 13 #8032
    • Fix MySQL / MariaDB bug wrongly sorting new articles #8223
    • Fix MySQL / MariaDB database size calculation #8282
    • Fix SQLite bind bug when adding tag #8101
    • Fix SQL auto-update of field f.kind to ease migrations from FreshRSS versions older than 1.20.0 #8148
    • Fix search encoding and quoting #8311, #8324, #8338
    • Fix handling of database unexpected null content (during migrations) #8319, #8321
    • Fix drag & drop of user query losing information #8113
    • Fix DOM error while filtering retrieved full content #8132, #8161
    • Fix config.custom.php during install #8033
    • Fix do not mark important feeds as read from category #8067
    • Fix regression of warnings in Web browser console due to lack of window.bcrypt object #8166
    • Fix chart resize regression due to chart.js v4 update #8298
    • Fix CLI user creation warning when language is not given #8283
    • Fix merging of custom HTTP headers #8251
    • Fix bug in the case of duplicated mark-as-read filters #8322
  • SimplePie
  • Deployment
    • Docker default image updated to Debian 13 Trixie with PHP 8.4.11 and Apache 2.4.65 #8032
    • Docker alternative image updated to Alpine 3.23 with PHP 8.4.15 and Apache 2.4.65 #8285
    • Fix Docker healthcheck cli/health.php compatibility with OpenID Connect #8040
    • Improve Docker for compatibility with other base images such as Arch Linux #8299
      • Improve cli/access-permissions.sh to detect the correct permission Web group such as www-data, apache, or http
    • Update PostgreSQL volume for Docker #8216, #8224
    • Catch lack of exec() function for git update #8228
    • Work around DOMDocument::saveHTML() scrambling charset encoding in some versions of libxml2 #8296
    • Improve configuration checks for PHP extensions (in Web UI and CLI), including recommending e.g. php-intl #8334
  • UI
    • New button for toggling sidebar on desktop view #8201, #8286
    • Better transitions between groups of articles #8174
    • New links in transitions and jump to next transition #8294
    • More visible selected article #8230
    • Show the parsed search query instead of the original user input #8293,
      #8306, #8341
    • Show search query in the page title #8217
    • Scroll into filtered feed/category on page load in the sidebar #8281, #8307
    • Fix autocomplete issues in change password form #7812
    • Fix navigating between read feeds using shortcut shift+j/k #8057
    • Dark background in Web app manifest to avoid white flash when opening #8140
    • Increase button visibility in UI to change theme #8149
    • Replace arrow navigation in theme switcher with <select> #8190
    • Improve scroll of article after load of user labels #7962
    • Keep scroll state of page when closing the slider #8295, #8301
    • Scroll into filtered feed/category on page load #8281
    • Display sidebar dropdowns above if no space below #8335, #8336
    • Use native CSS instead of SCSS #8200, #8241
    • Various UI and style improvements: #8171, #8185, #8196
    • JavaScript finalise migration from Promise to async/await: #8182
  • API
    • API performance optimisation: streaming of large responses #8041
    • Fever API: Add with_ids parameter to mass-change read/unread/saved/unsaved on lists of articles #8312
    • Misc API: better REST error semantics #8232
  • Extensions
    • Add support for extension priority #8038
    • Add support for extension compatibility #8081
    • Improve PHP code with hook enums #8036
    • New hook nav_entries #8054
    • Rename Extensions default branch from master to main #8194
  • I18n
    • Translation status as text in README #7842
    • Add new translate CLI commands move #8214
    • Change some regional language codes to comply with RFC 5646 / IETF BCP 47 / ISO 3166 / ISO 639-1 #8065
    • Improve German #8028
    • Improve Greek #8146
    • Improve Finnish #8073, #8092
    • Improve Hungarian #8244
    • Improve Italian #8115, #8186
    • Improve Polish #8134, #8135
    • Improve Russian #8155, #8197
    • Improve Simplified Chinese #8308, #8313
  • Misc.

  •  
  • ↗️

BookStack v25.12

βœ‡BookStack
Door: ssddanbrown
24 December 2025 om 13:19

Links

Full List of Changes

  • Added user mentions for comments. (#5944, #560)
  • Added slug history tracking system. (#5913, #5411)
  • Added initial developer API for the new WYSIWYG editor. (#5928, #5763)
  • Added internal reference handling on content copying. (#5917, #3239)
  • Added settings to control the number of books/shelves that will be displayed per page. Thanks to @Xenoamor. (#5606, #2343)
  • Updated translations with latest Crowdin changes. (#5933)
  • Updated new WYSIWYG editor with a range of fixes. (#5939)
  • Updated BookStack system CLI to v0.4. (#5956)
  • Updated CSS dark/light mode handling so all CSS variables exist by default. (#5923)
  • Updated "Microsoft URL Rewrite Module for IIS" download link. Thanks to @gerundt. (#5952)
  • Updated image thumbnail generation to more reliably log issues on error. (#5869)
  • Updated database to add index to views table to make view-based queries more efficient. (#5948)
  • Updated application database requirements. (#5882)
  • Fixed search pagination not using APP_URL value, and breaking for sub-path usage. (#5951)
  • Fixed search pagination overflowing view on smaller screen sizes. (#5920)

  •  
  • ↗️
Ontvangen β€” 17 December 2025 ⏭ Selfhosted

bad apple x2

βœ‡Copyparty
Door: 9001
3 Januari 2026 om 00:47

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #1080 new translation: Vietnamese (thx @thatfrozenfrog and @khoidauminh!) b60eb3f d4a9787
  • #1110 add option xf-proto-fb to support reverseproxies which do not provide an x-forwarded-proto header 9c64788
    • and improve the rproxy config guidance message in the serverlog c8f3b4e
    • and show a warning in the controlpanel if misconfiguration is detected c8f3b4e
  • #1109 add option --ipar, reverseproxy-aware alternative to --ipa 3368421
    • its purpose is rejecting connections from unexpected/unwanted IPs/subnets
  • option idp-chsub can be used to replace spaces in IdP usernames/groupnames 5e1d9a5
  • #1029 indicate password max-length in ui 8d46cf1

🩹 bugfixes

  • #1111 apple gave us coal for xmas this year 0b6d2d2
    • workaround for a new bug in safari (iOS and Macos) where it would randomly show a login-popup
  • #1113 the @acct group was unavailable in groupless IdP setups b6c2ec1

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 15 December 2025 ⏭ Selfhosted

merikuri

βœ‡Copyparty
Door: 9001
17 December 2025 om 11:03

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

recent important news

πŸ§ͺ new features

  • #1068 #1089 add options to customize which textfiles (readme/prologue/epilogue) to embed above/below directory listings 14bef85
    • prologues, epilogues, readmes, preadmes (global-options and/or volflags) accept a comma-separated list of filenames to look for
  • #1092 add option th-qv to change the thumbnail quality a1cbac0
    • also found and enabled a size-optimization for libvips, so:
  • #1092 automatically delete and rebuild thumbnails if thumbnailer-config is changed ca6c4de
  • #1049 add option log-date to display dates in logs 965a4a6
  • #1047 rss-feed: title/description of each entry is now a template-string which can reference arbitrary metadata properties (thx @djjeane!) 5e85e3d
  • extend the ramdisk safeguard to also prevent moving files into ephemeral storage fa91822
    • would previously prevent creating new files, but this was another potential source for confusion (thx coworker!)
  • now possible to customize the thank you for playing ban-message ce2eeba
  • #964 option to change the default value of the Cache-Control response-header 3bc0bf1

🩹 bugfixes

  • #1010 correctly replace illegal characters in filenames according to underlying filesystem ba017f7
    • for example, uploading a folder named COMPLE:X into an exFAT flashdrive on linux is now possible
    • and, to make that possible, filesystem-detection now sees the true filesystem behind FUSE (for example ntfs-3g) 3bbed1b
  • audio-playback would skip into the next folder rather than play the rest of the current one if the folder was sufficiently massive 8e2fb05
  • #1094 fix ipu with idp users 594ec39
  • commandline uploader: fix termsize detection on windows 7d526ea
  • #1104 the rss feature now complains loudly if e2d is not enabled (because that was always necessary but not obvious) 9219540
  • ui/ux:
    • #1102 the option to cosmetically hide server info did not apply for all themes e440578
    • the metadata-property date (default-disabled) was renamed to tdate to avoid colliding with the last-modified timestamp if enabled fecc3fd
  • docs:

πŸ”§ other changes

  • add a loud warning in logs if X-Forwarded-Proto is not added by the reverseproxy ad45de9 1b222fb
    • almost did the same for X-Forwarded-Host too before realizing that's generally not a thing
  • #1038 creating a blank chpw.json before starting copyparty is now supported and no longer crashes on startup efc6a09
  • #1105 better feedback in the login ui (thx @stackxp!) 08474db
  • mtag/audio-key.py: replaced the melodic key detector since ffmpeg-8 / alpine-3.23 broke it 67ddc64
  • updated deps:
    • webdeps: dompurify-3.3.1 e0b04d9
    • copyparty.exe: python-3.13.11 9e64fe0

🌠 fun facts

⚠️ not the latest version!

  •  
  • ↗️
Ontvangen β€” 10 December 2025 ⏭ Selfhosted

v11.14.0

βœ‡Directus
Door: github-actions[bot]
10 December 2025 om 00:21

⚠️ Potential Breaking Changes

✨ New Features & Improvements

πŸ› Bug Fixes & Optimizations

  • @directus/app
    • Fixed an issue where input focus ring disappears on hover (#26315 by @formfcw)
    • Fixed display template not appearing for relations inside translations on new items (#26219 by @gaetansenn)
    • Ensured the created revision uses the correct label (#26289 by @vizzv)
    • Added reactive primaryKey prop to useFlows composable (#26287 by @AlexGaillard)
  • @directus/api
    • Added redirect validation (#26346 by @br41nslug)
    • Moved fetchRolesTree,fetchGlobalAccess, fetchGlobalAccessForUser and fetchGlobalAccessForRoles to the public utility package (#26248 by @ComfortablyCoding)
    • Updated synchronization of remotely stored extensions (#26192 by @br41nslug)
    • Fixed missing accountability for files.upload when TUS is enabled (#26247 by @br41nslug)
  • @directus/types
    • Moved fetchRolesTree,fetchGlobalAccess, fetchGlobalAccessForUser and fetchGlobalAccessForRoles to the public utility package (#26248 by @ComfortablyCoding)
    • Updated synchronization of remotely stored extensions (#26192 by @br41nslug)
  • @directus/storage-driver-cloudinary
  • @directus/storage-driver-supabase
  • @directus/extensions-sdk
  • @directus/system-data
  • @directus/sdk
  • @directus/themes
  • @directus/utils
  • @directus/composables

πŸ“¦ Published Versions

  • @directus/app@14.4.0
  • @directus/api@32.2.0
  • @directus/composables@11.2.8
  • create-directus-extension@11.0.24
  • @directus/env@5.3.3
  • @directus/errors@2.1.0
  • @directus/extensions@3.0.15
  • @directus/extensions-registry@3.0.15
  • @directus/extensions-sdk@17.0.4
  • @directus/memory@3.0.13
  • @directus/pressure@3.0.13
  • @directus/schema-builder@0.0.10
  • @directus/storage-driver-azure@12.0.13
  • @directus/storage-driver-cloudinary@12.0.13
  • @directus/storage-driver-gcs@12.0.13
  • @directus/storage-driver-s3@12.0.13
  • @directus/storage-driver-supabase@3.0.13
  • @directus/stores@2.0.0
  • @directus/system-data@3.5.0
  • @directus/themes@1.2.0
  • @directus/types@13.5.0
  • @directus/utils@13.1.0
  • @directus/validation@2.0.13
  • @directus/sdk@20.3.0

  •  
  • ↗️
Ontvangen β€” 9 December 2025 ⏭ Selfhosted

BookStack v25.11.6

βœ‡BookStack
Door: ssddanbrown
9 December 2025 om 22:08

Security Release

BookStack v25.11.6 has been released.

This is a security release to address a vulnerability in our dependencies related to XML
handling, which could allow users to replay SAML authentication requests with specially crafted & manipulated requests.

It's strongly advised to update if you're using SAML authentication for BookStack.

Full List of Changes

  • Updated application PHP dependencies.

  •  
  • ↗️
Ontvangen β€” 7 December 2025 ⏭ Selfhosted

Part-DB 2.3.0

βœ‡Part-DB
Door: jbtronics
7 December 2025 om 23:01

Part-DB 2.3.0

Warning

After upgrade, you need to run php bin/console doctrine:migrations:migrate (or equivalent) as webserver user after upgrade.. If you are running a docker container, use sudo docker exec --user=www-data partdb php bin/console doctrine:migrations:migrate, or sudo -E inside the docker container, to ensure that the migrations are applied to the correct database.

Tip

If you like Part-DB, consider donating to support the development. Press the sponsor button on the main github page, for more info.

Important

If you are using Part-DB it would be helpful if you fill out this short survey on your usage of Part-DB (Google Forms): https://forms.gle/Q15twx3YYq3qCNfe8

New features

  • Added the ability to define custom part states (PR #1053, thanks to @webdevinition)
  • Added the ability to automatically suggest and generate IPNs (PR #1054, thanks to @webdevinition)
  • Added experimental ability to rename datastructure types with the new synonym system, which allows you to define domain specific names for concepts of "parts", "categories", etc. (thanks @webdevinition)

Improvements

  • Improved ability to determine category from info provider (#1113)
  • Do not require a trailing slash for DEFAULT_URI (#1118)
  • Define preview images for partkeepr imports (#1115)

Bug fixes

  • Allow long URLs for attachments (#1022)
  • Fixed issues related to mass import form (#1102, #1103, #1104)

Docker

  • Added COMPOSER_EXTRA_PACKAGES env to docker containers, to install additional composer packages, like email bridges (#1138)

Miscellaneous

  • Improved translations
  • Updated dependencies
  • Improved documentation

New Contributors

Full Changelog: v2.2.1...v2.3.0

  •  
  • ↗️
Ontvangen β€” 4 December 2025 ⏭ Selfhosted

v2.5.3

βœ‡Cloudpanel
Door: cloudpanel-io
4 December 2025 om 15:36

New

  • PHP 8.5 Support

Bug Fixes

  • #684 Cron Jobs interface do not accept a range of months
  • #693 Unfortunately, there are problems installing from the cloud on Debian 13.
  • Translation Fixes

Enhancements:

  • Updated phpMyAdmin to 5.2.3
  • Updated WP-CLI to 2.12.0

Security

  • Security improvements (Yell Phone Naing)

  •  
  • ↗️
Ontvangen β€” 3 December 2025 ⏭ Selfhosted

BookStack v25.11.5

βœ‡BookStack
Door: ssddanbrown
3 December 2025 om 15:51

Links

Full List of Changes

This release contains the following fixes and changes:

  • Updated OIDC state handling to prevent other requests causing the process to fail, which was occurring in Chromium based browsers. (#5929)
  • Updated session history handling to prevent redirects to common asset locations. (#5925)
  • Updated PHP dependency versions.

  •  
  • ↗️
❌