The Stable channel has been updated to 146.0.7680.80 for Windows/Mac  and 146.0.7680.80 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

• AMD Ryzen AI 7/PRO 450G/E, AI 5/PRO 440G/E & 435G/E (Kraken Point 2).
• AMD Ryzen AI 9 HX 470.
• Fix AMD Ryzen 5 5500U (Lucienne) reported as 7350U (Cezanne).
• Preliminary support of Intel Wildcat Lake.
• CQDIMM (4-ranks CUDIMM) memory support.
• Fix DLL hijacking vulnerability thanks to Kwangyun Kem.
• New Chinese translation thanks to Shinjo Kurumi.

Bugfixes and minor changes:

• FTP: Fixed path display in NSLT output

The Stable channel has been updated to 146.0.7680.75/76 for Windows/Mac  and 146.0.7680.75 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

Security Fixes and Rewards

Updated 2026-03-13: The previous version of these notes included CVE-2026-3909, the fix
for which will instead be available in a future update.

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

Security Release

• Update Instructions
• Update details on blog

BookStack v25.12.9 has been released.

This is a security release to address a vulnerability where style code in page content could be used to manipulate the page beyond the expected content area in some revision views, opening up risk of potential phishing and/or tracking by bad page editors.

We advise that you update your instance if you allow untrusted users to create or edit pages.

Thanks to Alex Dan (@windbreaker555 on GitHub) for their responsible discovery and reporting of this issue.

Full List of Changes

• Updated page revision diffs to use content filtering.
• Updated preference change redirect with stronger origin checks.
• Updated application PHP dependencies.

• [p]The Dead Hand Collection is now available, featuring 17 finishes from community contributors, and including 22 all-new gloves as rare special items.[/p][/*]
• [p]Access items in the Dead Hand Collection via the Dead Hand Terminal, available as a weekly drop.[/p][/*]

• [p]Fixed a pixel gap in a door Outside Long. [/p][/*]

• [p]Updated to the latest version from the Community Workshop (Update Notes)[/p][/*]

• View downloads

• View downloads

As of February 2026, the PostgreSQL Community Association (PGCA), the official non-profit organization chartered by the PostgreSQL Core Team in 2011 to protect the Postgres brand assets, has updated its sponsorship levels and sponsorship prospectus.

Updated PGCA sponsorship levels

The PGCA Board would not be able to protect the PostgreSQL trademarks and brand assets without the generous financial support we receive from corporations, small businesses, and individual donors. We are deeply grateful for that support.

After reviewing sponsorship models used by other open source foundations, and in light of the increasing costs required to protect the PostgreSQL brand assets, we have increased the top two sponsorship levels: Benefactor and Patron, effective February 1, 2026. All other sponsorship levels remain unchanged. As always, we welcome and value donations at all levels, in any amount.

Significant update to the PGCA non-profit website

We’ve also made a significant update to the PGCA website, to modernize it and bring it forward to the present. We hope the new site makes it easier to understand the PGCA’s non-profit mission, learn how to use PostgreSQL trademarks appropriately, and donate, whether as a one-time or monthly contribution.

The updated PGCA website is at the same URL as before: www.postgres.ca.

Updated sponsorship levels and the sponsorship prospectus can be found on the Sponsors page at www.postgres.ca/sponsors/.

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2026-03-08)

⚠️ ATTN: this release fixes an ftp/sftp issue with shares

• GHSA-67rw-2x62-mqqm: when a share is created for just one or more files inside a folder, it was possible to use FTP or SFTP to access the other files inside that folder by guessing the filenames
  • so ignore this issue if you did not enable ftp or sftp in the server config
• it was not possible to descend into subdirectories in this manner; only the sibling files were accessible
• NOTE: this does NOT affect filekeys; this is specifically regarding the shr global-option
• password-protected shares were not affected through SFTP, only FTP

this release also fixes GHSA-rcp6-88mm-9vgf but that one is nothing to worry about

recent important news

• v1.20.9 (2025-02-25) fixed CVE-2026-27948 (XSS)

🧪 new features

• features? in this econonmy?? ain't nobody got time for that

🩹 bugfixes

• 66f1ef6 GHSA-67rw-2x62-mqqm (shares)
• 9f9d30f GHSA-rcp6-88mm-9vgf (the other thing)

🌠 fun facts

• the first cve is still by far the worst, none of the others even close... so at least that's nice
  • if you saw the cve notification and got all worked up, here's some comfy music to relax and upgrade copyparty to

⚠️ not the latest version!

Postfix stable release 3.11.1

[A hyperlinked version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.11.1.html]

Postfix stable release 3.11.1 is available.

• Bugfix (defect introduced: 20260219): alias_maps errors when default_database_type was not set in main.cf. Fix by Michael Tokarev.

• Bugfix (defect introduced: Postfix 3.0): buffer over-read when Postfix is configured with an enhanced status code not followed by other text. For example, "5.7.2" without text after the three-number code, in an access(5) table, header or body checks, or with "$rbl_code $rbl_text" in rbl_reply_maps or default_rbl_reply. These are all uncommon configurations. Problem reported by Kamil Frankowicz.

• Bugfix (defect introduced: Postfix 3.3): null pointer in nbdb_reindexd(8) because the "service_name" value was not propagated. Report by Michael Tokarev.

• During Postfix start-up, avoid a spurious error message from nbdb_reindexd(8), when non_bdb_migration_level disables automatic re-indexing.

You can find the Postfix source code at the mirrors listed at https://www.postfix.org/.

✨ New Features & Improvements

• @directus/system-data
  • Updated latest models for Anthropic, Google, and OpenAI providers (#26865 by @bryantgillespie)
• @directus/ai
  • Updated latest models for Anthropic, Google, and OpenAI providers (#26865 by @bryantgillespie)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed creation of related item with empty or default state (#26844 by @powerseed)
  • Added field level MIME type restriction to file-image interface (#26831 by @AlexGaillard)
  • Fixed AI tool approval flow hanging after approving provider-executed tools. (#26839 by @bryantgillespie)
  • Fixed custom Vue operation options to persist edited values in Flow settings. (#26832 by @AbdelhamidKhald)
  • Fixed an invalid filter for M2M interfaces when the item Id is null (#26857 by @ComfortablyCoding)
  • Fixed folder navigation state being lost when reopening file selection drawer (#26649 by @costajohnt)
  • Enforced MIME type allow list on remaining v-uploads missed in first round (#26821 by @robluton)
  • Fixed client side validation breaking in drawer when dynamic variable is present. (#26795 by @powerseed)
  • Fixed Visual Editor stripping trailing slashes from URLs (#26823 by @formfcw)
  • Enabled conditional styling for string fields in pie and donut charts. (#26776 by @vizzv)
  • Updated AI SDK dependencies to latest version (#26856 by @bryantgillespie)
  • Fixed save-as-copy failing on collections with many duplication fields (#26814 by @gaetansenn)
  • Improved redirect handling (#26870 by @br41nslug)
  • Fixed unable to click on m2o fields arrow icon to open drawer (#26822 by @robluton)
• @directus/api
  • Updated AI SDK dependencies to latest version (#26856 by @bryantgillespie)
  • Improved redirect handling (#26870 by @br41nslug)
  • Fixed countAll generating an incorrect query (#26774 by @tysoncung)
  • Updated TUS validation (#26869 by @br41nslug)
  • Fixed AI assistant Fields tool call inconsistency (#26819 by @powerseed)
  • Added support for disabling OpenAPI output using OPENAPI_ENABLED (#26868 by @br41nslug)
  • Bumped underscore, tar, lodash, dompurify dependencies (#26860 by @br41nslug)
  • Fixed deleteMany returning unexpected error for non-admin with empty array (#26759 by @ComfortablyCoding)
• @directus/env
  • Added support for disabling OpenAPI output using OPENAPI_ENABLED (#26868 by @br41nslug)

📦 Published Versions

• @directus/app@15.5.1
• @directus/api@34.0.1
• @directus/ai@1.3.0
• @directus/composables@11.2.15
• create-directus-extension@11.0.31
• @directus/env@5.6.1
• @directus/extensions@3.0.21
• @directus/extensions-registry@3.0.21
• @directus/extensions-sdk@17.0.11
• @directus/memory@3.1.4
• @directus/pressure@3.0.19
• @directus/schema-builder@0.0.16
• @directus/storage-driver-azure@12.0.19
• @directus/storage-driver-cloudinary@12.0.19
• @directus/storage-driver-gcs@12.0.19
• @directus/storage-driver-s3@12.1.5
• @directus/storage-driver-supabase@3.0.19
• @directus/system-data@4.3.0
• @directus/themes@1.2.6
• @directus/types@14.3.1
• @directus/utils@13.3.1
• @directus/validation@2.0.19

The Chrome team is delighted to announce the promotion of Chrome 146 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

• Crimson Desert: Game crashes when launched on R595 drivers [5861012]
• Resident Evil Requiem: White glowing light/dots may appear in game when Subsurface Scattering is enabled [5915673]
• Star Citizen: Game client crashes when launched [5935027]

• When the graphics card is overclocked, GPU voltage may become capped, preventing it from boosting to expected levels [5934973]
• Intermittent application crash or driver timeout may be observed when playing multi-key DRM content in a browser on HDCP 1.x monitors [5934450]