Full Changelog: v4.2.5...v4.2.6
Note
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
New uNmINeD development snapshot is available for download!
Changes:
uNmINeD now can read biome and block metadata from datapacks/mods and behavior/resource packs, and it calculates map colors for custom blocks automatically by averaging their textures instead of displaying them as pink.
By default, uNmINeD displays each block as a square filled with a single color. When textured rendering is enabled, it still does not render blocks in 3D, instead it fills the squares with an image (the in-game texture of a block) rather than a solid color.
Textured rendering can be enabled on the render settings side panel (the tab with a cog wheel icon). It works for zoom-in levels 4:1 or higher. It works well with cube-like blocks, but fences, walls and other blocks with a complex 3D model look off. Upcoming releases will be able to render fences and walls correctly, and images to be used for complex blocks will be customizable.
Using textures or datapacks/mods with Java Edition worlds requires a Minecraft client JAR file. If you have Minecraft installed, uNmINeD will automatically find your client JAR file, otherwise you have to copy it from another machine, and select it in uNmINeDโs app settings.
Using textures or behavior packs with Bedrock Edition worlds requires a vanilla resource pack. You can download it from Mojang: https://github.com/Mojang/bedrock-samples/releases. Find your version (or use the latest), click on Assets, and download the full package named bedrock-samples-xxxxx-full.zip (or the source code zip package, either one is good), then select the downloaded file in uNmINeDโs app settings.
Use --java-client-jar=/path/to/1.21.11.jar to select your Minecraft client JAR.
Use --bedrock-vanilla-pack=/path/to/bedrock-samples-v1.26.0.2-full.zip to select your vanilla resource pack.
Use --textures=true for textured rendering (effective at zoom-in levels 4:1 or higher).
Selecting a client JAR or a vanilla resource pack is required for all datapack related functions, including automatic color calculation for custom blocks and textured rendering.
Oh The Biomes Weโve Gone:
Biomes OโPlenty:
Regions Unexplored:
Terralith:
Wilder Wild:
Note
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
Donations are appreciated. There is now a PayPal option.
Updates:
Changes:
Fixes:
Subtitle downloads from OpenSubtitles may fail depending on time of day. This is due to our daily download quota being exceeded. Current amount of donations is barely enough to pay for the existing quota. So it is unlikely that quota can be increased and situation will get worse over time.
If you create an OpenSubtitles account and configure it in MPC-HC settings then you may be able to bypass the quota.
Options > Subtitles > Misc > Right-click on OpenSubtitles.com > Setup > Fill in username/password
A lot of people seem to be unaware of some of the awesome features that have been added to MPC-HC in the past years. Here is a list of useful options and features that everyone should know about:
Note
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
The Stable channel has been updated to 146.0.7680.153/154 for Windows/Macย andย 146.0.7680.153 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in theย Log
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but havenโt yet fixed.
This update includes 26 security fixes. Please see the Chrome Security Page for more information.
[TBD][475877320] Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15
[TBD][485935305] Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-20
[TBD][489381399] Critical CVE-2026-4441: Use after free in Base. Reported by Google on 2026-03-03
[TBD][484751092] High CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse on 2026-02-16
[TBD][485292589] High CVE-2026-4443: Heap buffer overflow in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18
[TBD][486349161] High CVE-2026-4444: Stack buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-21
[TBD][486421953] High CVE-2026-4445: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22
[TBD][486421954] High CVE-2026-4446: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22
[TBD][486657483] High CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge on 2026-02-23
[TBD][486972661] High CVE-2026-4448: Heap buffer overflow in ANGLE. Reported by M. Fauzan Wijaya (Gh05t666nero) on 2026-02-23
[TBD][487117772] High CVE-2026-4449: Use after free in Blink. Reported by Syn4pse on 2026-02-24
[TBD][487746373] High CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c on 2026-02-26
[TBD][487768779] High CVE-2026-4451: Insufficient validation of untrusted input in Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-26
[TBD][487977696] High CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga on 2026-02-26
[TBD][488400770] High CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip on 2026-02-27
[TBD][488585488] High CVE-2026-4454: Use after free in Network. Reported by heapracer (@heapracer) on 2026-03-01
[TBD][488585504] High CVE-2026-4455: Heap buffer overflow in PDFium. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-01
[TBD][488617440] High CVE-2026-4456: Use after free in Digital Credentials API. Reported by sean wong on 2026-02-28
[TBD][488803413] High CVE-2026-4457: Type Confusion in V8. Reported by Zhenpeng (Leo) Lin at depthfirst on 2026-03-01
[TBD][489619753] High CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim on 2026-03-04
[TBD][490246422] High CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-06
[TBD][490254124] High CVE-2026-4460: Out of bounds read in Skia. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-06
[TBD][490558172] High CVE-2026-4461: Inappropriate implementation in V8. Reported by Google on 2026-03-07
[TBD][491080830] High CVE-2026-4462: Out of bounds read in Blink. Reported by heapracer (@heapracer) on 2026-03-09
[TBD][491358681] High CVE-2026-4463: Heap buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-10
[TBD][487208468] Medium CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun on 2026-02-24
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
Interested in switching release channels? Find out howย here. If you find a new issue, please let us know byย filing a bug. Theย community help forumย is also a great place to reach out for help or learn about common issues.
Srinivas Sista
Hi,
The OpenWrt community is proud to announce the newest stable release of the OpenWrt 24.10 stable series.
Download firmware images using the OpenWrt Firmware Selector:
Download firmware images directly from our download servers:
Only the main changes are listed below. See changelog-24.10.6 for the full changelog.
OpenWrt components (Trail of Bits audit, February 2026):
LuCI:
OpenSSL:
With the release of OpenWrt 25.12 stable series, the OpenWrt 24.10 stable series will go end of life in 6 months. We will not provide security updates for OpenWrt 24.10 after September 2026. We encourage everyone to upgrade to OpenWrt 25.12 before September 2026.
Sysupgrade can be used to upgrade a device from 23.05 to 24.10, and configuration will be preserved in most cases.
For for upgrades inside the OpenWrt 24.10 stable series for example from a OpenWrt 24.10 release candidate Attended Sysupgrade is supported in addition which allows preserving the installed packages too.
Sysupgrade from 22.03 to 24.10 is not officially supported.
There is no configuration migration path for users of the ipq806x target for Qualcomm Atheros IPQ806X SoCs because it switched to DSA. You have to upgrade without saving the configuration.
''Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed''
User of the Linksys E8450 aka. Belkin RT3200 running OpenWrt 23.05 or earlier will need to run installer version v1.1.3 or later in order to reorganize the UBI layout for the 24.10 release. A detailed description is in the OpenWrt wiki. Updating without using the installer will break the device. Sysupgrade will show a warning before doing an incompatible upgrade.
Users of the Xiaomi AX3200 aka. Redmi AX6S running OpenWrt 23.05 or earlier have to follow a special upgrade procedure described in the wiki. This will increase the flash memory available for OpenWrt. Updating without following the guide in the wiki break the device. Sysupgrade will show a warning before doing an incompatible upgrade.
Users of Zyxel GS1900 series switches running OpenWrt 23.05 or earlier have to perform a new factory install with the initramfs image due to a changed partition layout. Sysupgrade will show a warning before doing an incompatible upgrade and is not possible. After upgrading, the config file /etc/config/system should not be restored from a backup, as this will overwrite the new compat_version value.
Full release notes and upgrade instructions are available at
https://openwrt.org/releases/24.10/notes-24.10.6
In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/24.10/notes-24.10.6#known_issues
For a detailed list of all changes since 24.10.5, refer to
https://openwrt.org/releases/24.10/changelog-24.10.6
To download the 24.10.6 images, navigate to:
https://downloads.openwrt.org/releases/24.10.6/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org?version=24.10.6
As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.
Have fun!
The OpenWrt Community
To stay informed of new OpenWrt releases and security advisories, there
are new channels available:
a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listinfo/openwrt-announce
a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14
other announcement channels (such as RSS feeds) might be added in the
future, they will be listed at https://openwrt.org/contact
Hi,
The OpenWrt community is proud to announce the first service release of the OpenWrt 25.12 stable series.
Download firmware images using the OpenWrt Firmware Selector:
Download firmware images directly from our download servers:
Only the main changes are listed below. See the full changelog for details.
OpenWrt components (Trail of Bits audit, February 2026):
LuCI:
Additional hardening from the same Trail of Bits audit (no CVE assigned):
Log in--force-reinstall option to reinstall already-installed packages without requiring a version changeUpgrading from 24.10 to 25.12 should be transparent on most devices, as most configuration data has either remained the same or will be translated correctly on first boot by the package init scripts.
For upgrades within the OpenWrt 25.12 stable series, Attended Sysupgrade is also supported, which allows preserving the installed packages.
Sysupgrade from 23.05 or earlier to 25.12 is not officially supported.
Cron log level was fixed in busybox. system.@system[0].cronloglevel should be set to 7 for normal logging. 7 is the default now. If this option is not set, the default is used and no manual action is needed. fc0c518
Bananapi BPI-R4: Interface eth1 was renamed to sfp-lan or lan4, and interface eth2 was renamed to sfp-wan to match the labels. You have to upgrade without saving the configuration. cd8dcfe
TP-Link RE355 v1, RE450 v1 and RE450 v2: The partition layout and block size changed in this release to fix configuration loss on sysupgrade. Users upgrading from OpenWrt 25.12.0 or earlier must use sysupgrade -F to force the upgrade. The image must not exceed 5.875 MB (6016 KiB).
eth1 to wan โ check and update your network configuration after upgrading.cake_mq): throughput may be unexpectedly low on some configurations after the scheduler fixes in this release. #22344Full release notes and upgrade instructions are available at
https://openwrt.org/releases/25.12/notes-25.12.1
In particular, make sure to read the known issues before upgrading:
https://openwrt.org/releases/25.12/notes-25.12.1#known_issues
For a detailed list of all changes, refer to
https://openwrt.org/releases/25.12/changelog-25.12.1
To download the 25.12.1 images, navigate to:
https://downloads.openwrt.org/releases/25.12.1/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org?version=25.12.1
As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.
Have fun!
The OpenWrt Community
To stay informed of new OpenWrt releases and security advisories, there
are new channels available:
a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listinfo/openwrt-announce
a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14
other announcement channels (such as RSS feeds) might be added in the
future, they will be listed at https://openwrt.org/contact
This is a security release to address a vulnerability where page content, which should be hidden by permissions, could be visible during certain markdown exports.
We strongly advise that you update your instance if you use permissions to control page visibility.
Thanks to Ghufran Raza Khan (GitHub Profile, LinkedIn Profile) for responsibly reporting this issue.
Also thanks to Alex Dan (GitHub Profile) for also reporting this before public announcement.
