Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.16

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.16

Changes

• upgrade dependencies (ab42325)
• fix PUBLIC_HOST_URL without a trailing slash (closes #959) (1a32eba)
• don't run workflow on README changes (29ccc42)
• add more CORS details (f2d71cb)

1.4.14 (2026-04-16)

Thank you for your donations:

• You? Become a sponsor!

One-time

• @mkorthaus-private
• @boris22100

Monthly

• @pr0ton11

Features

• Email: Add unified mailbox across accounts and sidebar icons toggle
• Email: Enhance email deletion and spam handling with improved parameterization
• Sieve: Enhance external rule handling in parser and store (#201)
• Plugins: Add i18n API, render hooks, and new intercept hooks to plugin system
• PWA: Dynamic PWA manifest with configurable name, description, and icons
• PWA: Show app name and logo in install prompt
• i18n: Add Ukrainian language with flags and missing translation keys
• i18n: Configurable locale prefix via NEXT_PUBLIC_LOCALE_PREFIX
• API: Add apiFetch helper for mount-prefix-aware API calls

Fixes

• Calendar: Send iMIP invitation emails when creating or updating calendar events (#192)
• Calendar: RFC 5545/6047 compliance for outgoing iMIP calendar emails
• Calendar: Add calendarAddress and replyTo to participants for Stalwart compatibility (#189, #192)
• Calendar: Improve CalDAV task detection for external clients like Thunderbird (#84)
• Email: Hide ICS attachments from attachment list when invitation banner is shown
• Email: Send before storing in Sent via onSuccessUpdateEmail (#188)
• Email: Standardize tag naming and fix unknown keyword display (#184, #185)
• i18n: Skip intl middleware for paths already containing a locale prefix
• Docs: Document PWA and branding env vars in .env.example
• Docs: Use company consistently in .env.example branding comments

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.13

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.13

Changes

• fix asterisk CORS_ALLOWED_ORIGINS, mentioned in #955 (03f71fd)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.12

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.12

Changes

• fix pnpm build (210c607)
• Bump softprops/action-gh-release from 2 to 3 in the github-actions group (3818969)
• fix yt-dlp options examples (4330d3b)
• update documentation (06c4a2c)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.10

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.10

Changes

• document CORS_ALLOWED_ORIGINS variable (aa60420)
• Don't mark live streams as seen (a6e8617)
• Fix permissive CORS policy that allows cross-origin attacks (0072d34)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.09

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.09

Changes

• upgrade dependencies (0b3645a)
• fix: handle playlists that don't supply video ids (d38d7bd)
• Bump astral-sh/setup-uv from 6 to 7 in the github-actions group (b7709d3)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.05

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.05

Changes

• fix: parse string boolean values when updating subscriptions (373692a)
• explain yt-dlp configuration in detail (54680c4)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.04

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.04

Changes

• change option presets to be multi-select (dd0f98d)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.03

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.03

Changes

• finalize custom options (closes #563, #482, #261, #681) (d41bdf6)
• Keep override controls on dedicated row (a02abf5)
• Fix frontend test typing for override flag (b16e597)
• Gate manual yt-dlp overrides behind flag (6e9b2dd)
• feat: add per-download yt-dlp presets and overrides (565a715)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.02

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.02

Changes

• update README (0cba61c)
• Add clarifying comments for n_entries and __last_playlist_index fields (closes #692) (d7eaaaa)
• Use PORT env variable in Dockerfile HEALTHCHECK instead of hardcoded 8081 (771ba52)
• Initial plan (1cc27d3)
• Propagate missing playlist context fields (playlist_count, playlist_autonumber, n_entries, __last_playlist_index) (981e6c1)
• Add explanatory comment for fake STR_FORMAT_RE_TMPL key group in tests (b17e1e5)
• Replace custom template substitution with yt-dlp's evaluate_outtmpl (c1b5540)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.01

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.01

Changes

• add subscriptions; change persistence file format to JSON (closes #901, #76, #113, #170, #242, #444, #503, #555, #566) (483575d)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.03.21

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.03.21

Changes

• fix pickle (closes #814) (84c6418)

Part-DB 2.10.0

Changes

• Frontend building now requires at least nodejs 22.
• For security hardening reasons Part-DB's generic web provider and the attachment download feature cannot download from local network IPs to avoid SSRF attacks. If you require internal attachment download, you can enable it via an env option.

New features

• Make format06 barcode checking more resiliant for non-standard conform labels and scanners by @mkne in #1321
• Implement parsing of TME QR codes by @alufers in #1324
• Ignore public/.well-known folder by @klausman in #1335
• Enable BOM sorting on part fields (Storage location, Manufacturing status) @mkne in #1338
• Allow to create custom kicad symbol/footprint autocomplete lists @DanTrackpaw in #1342
• Add price columns to project BOM table and build price summary by @MayNiklas in #1345
• Allow to sort by numeric value with SI prefix. This is realized via a separate optional column @wschopohl in #1344

Bugfixes

• Fix creating parts from TME if the SPN contains percent signs by @alufers in #1337

Miscellaneous

• Updated dependencies
• Updated translations
• Updated kicad symbols
• Improved documentation

New Contributors

• @alufers made their first contribution in #1324
• @klausman made their first contribution in #1335
• @DanTrackpaw made their first contribution in #1342
• @wschopohl made their first contribution in #1344

Full Changelog: v2.9.1...v2.10.0

✨ New Features & Improvements

• @directus/app
  • Replaced "All Users" tab with Active, Suspended, and Invited status tabs (#27036 by @robluton)
  • Added Save as New File option to image editor (#27084 by @JamesW1)
• @directus/api
  • Added a new /ai/object endpoint to generate structured objects for autocomplete and other inline experiences (#26862 by @bryantgillespie)
• @directus/composables
  • Eliminated redundant count requests in the useItems composable (#26906 by @okxint)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed export failing on collections with virtual fields like $thumbnail by excluding them from export defaults and the field picker (#27073 by @om-singh-D)
  • Added customizing of cache keys for flow endpoints. (#26935 by @costajohnt)
  • Fix "Use named routes instead of hardcoded path strings #26733" (#26809 by @powerseed)
  • Fixed VBadge intercepting pointer events on slotted elements (#27087 by @HZooly)
  • Fixed comparison modal footer responsive breakpoint (#27061 by @robluton)
  • Updated liquidjs, axios, vite, nodemailer, brace-expansion, basic-ftp, hono, fast-xml-parser, tar, (#27081 by @br41nslug)
    qs and defu dependencies
• @directus/api
  • Added customizing of cache keys for flow endpoints. (#26935 by @costajohnt)
  • Updated liquidjs, axios, vite, nodemailer, brace-expansion, basic-ftp, hono, fast-xml-parser, tar, (#27081 by @br41nslug)
    qs and defu dependencies
  • Fixed schema introspection for MSSQL text fields with max length of -1 to be normalized to null (#26934 by @begsaquib)
  • Trimmed leading and trailing spaces from search queries (#27089 by @robluton)
  • Fixed promotion of deleted relation returning invalid date time value error (#27040 by @gaetansenn)
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)
  • Fixed MARKETPLACE_REGISTRY env not being passed to registry list call when generating extension settings (#27076 by @gaetansenn)
  • Replaced INTERNAL_SERVER_ERROR with SERVICE_UNAVAILABLE for marketplace registry errors and improved error messages. (#26937 by @eric-pennecot)
• @directus/schema
  • Fixed schema introspection for MSSQL text fields with max length of -1 to be normalized to null (#26934 by @begsaquib)
• @directus/themes
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)
• @directus/types
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)

📦 Published Versions

• @directus/app@15.9.0
• @directus/api@35.1.0
• @directus/composables@11.4.0
• create-directus-extension@11.0.35
• @directus/extensions@3.0.24
• @directus/extensions-registry@3.0.25
• @directus/extensions-sdk@17.1.3
• @directus/schema@13.0.8
• @directus/schema-builder@0.0.19
• @directus/themes@1.3.2
• @directus/types@15.0.2

5.42.1 (2026-04-15)

🔥 Bug fix

• typo in Russian translation for upload button (#25946)
• fixed 9 typos, spelling errors, and duplicate words. (#25936)
• skip form onChange when markdown updates come from setValue (#25955)
• adjust typo in test (#25960)
• update snapshot (9b2501ceeb)
• increase test timeout (f50134dbae)
• preserve relations in fill from another locale (#25703)
• enable save button when re-ordering components or dynamic zones (#25959)
• made changes to resolve Firefox timepicker issue (#25129, #25438)
• admin: batch content manager permission checks and reuse session ability (#25911)
• core: add firstPublishedAt field to draft (#25947)
• document-service: preserve relations during publish (#25909)
• tests: type errors cause build to fail which cause tests to fail (072ad0d801)
• upload: cache busting for cross-origin images in crop (#25950)
• upload-aws-s3: trust S3 response Location URL for compatible providers (#25939)

⚙️ Chore

• fix typos in comments and docs (12dfbe97c9)
• adding finnish translation to Strapi Admin (#25620)
• fix typos in comments and docs (91407798c4)
• update Polish language translations (#23762)
• deps: bump lodash from 4.17.23 to 4.18.1 (#25919)
• deps: bump lodash-es from 4.17.23 to 4.18.1 (#25906)
• deps: bump nodemailer from 8.0.4 to 8.0.5 (#25963)
• deps: bump axios from 1.13.5 to 1.15.0 (#25980)
• deps: bump path-to-regexp from 8.4.1 to 8.4.2 (#25901)
• examples: delete config.server.url to restore port override capability (#26011)

❤️ Thank You

• Adrien L @Adzouz
• akash-dabhi-qed @akash-dabhi-qed
• Antti Tuppurainen
• Bassel Kanso @Bassel17
• Jamie Howard @jhoward1994
• Mark Kaylor @markkaylor
• mathildeleg @mathildeleg
• Michał Kleszczyński @Magiczne
• Nico André @nclsndr
• Shalabh Gupta @coding-shalabh
• Tony @tonytkachenko
• Yohaan Narayanan @yohaann196
• Yohei Yamamoto @NAM-MAN

1.4.13 (2026-04-12)

Thank you for your donations:

One-time

• @boris22100
• @mkorthaus-private

Monthly

• You? Become a sponsor!

Features

• Contacts: Store trusted senders in a dedicated JMAP address book (#176)
• Email: Warn on send when attachment keyword found but no file attached (#172)
• Email: Enable keyword reordering (#174) and multi-tag support per email (#173)
• PWA: Add "don't remind me again" option to install prompt
• Auth: Add SESSION_SECRET_FILE and OAUTH_CLIENT_SECRET_FILE environment variable support
• Plugins: Add onAvatarResolve plugin hook
• Docker: Publish main and dev branches as separate GHCR packages

Fixes

• Email: Style links in plain text emails
• Email: Seed list history entry when app initializes on an email view
• Email: Remount composer on draft edit and preserve identity (#60)
• Contacts: Display contact names stored in name.full (#179)
• Contacts: Fix category dropdown blocking Save button in contact form (#177)
• Contacts: Resolve TS error from optional name.components in vCard parser
• Search: Search all folders when filtering emails by tag (#175)
• Auth: Include mount prefix in SSO redirect URI when app is served under a subpath
• PWA: Correct PWA icons with proper sizing, transparency, and dark/light mode support

1.4.12 (2026-04-09)

Thank you for your donations:

One-time

• @mkorthaus-private

Monthly

• You? Become a sponsor!

Features

• PWA: Add PWA support with service worker and install prompt
• Calendar: Add birthday calendar feature with settings and localization
• Calendar: Clamp February 29 birthdays in non-leap years
• Identity: Add automatic identity synchronization (#167)
• Plugins: Disable plugins by default and require admin approval
• Plugins: Replace auth header exposure with a secure HTTP proxy API for plugins
• Auth: Add configurable OAuth scopes and cookie security via environment variables
• Email: Sync mail view to browser history for back/forward navigation
• Contacts: Add ability to rename address books (#152)
• UI: Add version badge in settings
• i18n: Add Latvian (lv) locale support
• i18n: Add Polish language support
• i18n: Add Korean language support
• i18n: Add Simplified Chinese (zh_CN) locale support

Fixes

• Email: Show recipient instead of sender in Sent and Drafts folder lists
• Email: Embed dropped images as data URLs and prevent duplicate attachments (#163)
• Email: Fix logic for marking email as read in EmailViewer
• Email: Fix archive action passing MouseEvent as argument
• Mailbox: Preserve search filters on push-triggered mailbox refresh (#164)
• Mailbox: Align shared account folders with primary folders (#151)
• Mailbox: Fetch mailboxes on mount in FolderSettings when store is empty
• Mailbox: Improve mailbox deletion error handling
• Calendar: Improve calendar event retrieval by batching requests to avoid server limits (#141)
• Calendar: Compute per-occurrence UTC start/end in recurrence expansion (#116)
• Calendar: Guard against undefined trigger in calendar event alert popover (#143)
• Files: Stream WebDAV PUT uploads to avoid buffering in memory (#162)
• Files: Prune recent files against server nodes on refresh (#146)
• Files: Fix file deletion logic to update recent files and handle errors (#146)
• Files: Extend file drop zone to fill remaining viewport height
• Files: Fallback to application/octet-stream for long MIME types
• Security: Replace unguarded crypto.randomUUID() with safe generateUUID() utility
• Security: Validate plugin HTTP post URL against origin with regression tests
• Security: Allow blob images in CSP for inline drag-and-drop (#163)
• Auth: Resolve settings sync identity mismatch for OAuth/SSO sessions (#127)
• Contacts: Fix address book ID namespacing for shared contacts in create and update operations (#133)
• UI: Fix focused mode expanding beyond screen bounds (#156)
• API: Handle 403 on principal fetch without console error
• API: Enhance error handling in Stalwart API responses

5.42.0 (2026-04-08)

🚀 New feature

• removing A/B testing from the prompt Currently A/B testing opt-in isn't used, so removing it from the CLI (8d5b04ece4)
• changing sonar variable (0d822ade04)
• data-transfer: add directory export/import format (#25867)

🔥 Bug fix

• change return to continue in deleteRelations when using foreign keys (#25857)
• hide legacy options (da9cdfc640)
• contains filter no longer returns empty data (#25810)
• typos in documentation plugin README (4ff54bff36)
• admin: p is not function error (#25663)
• content-manager: pass component schemas when rebuilding list view headers (#25872)
• content-manager: wrap single type displayName with formatMessage (#25880)
• core: relation handling preserves order during unpublish/republish cycles (#25764)
• create-strapi-app: generate .yarnrc.yml for Yarn projects (#25869)
• documentation: use dist extensions path in production (#25863)

📚 Documentation Changes

• fix typos in documentation plugin README (8e11e41247)

⚙️ Chore

• add .claude directory to gitignore (e85aa81cdf)
• sonarqube variables like in their docs (40f9ecd6c7)
• deps: bump minimatch from 10.2.4 to 10.2.5 (#25879)
• deps: bump @xmldom/xmldom from 0.8.6 to 0.8.12 (#25877)
• deps: bump path-to-regexp from 8.2.0 to 8.4.0 (#25850)
• deps: bump undici from 6.24.0 to 6.24.1 (#25785)
• deps: bump handlebars from 4.7.7 to 4.7.9 (#25841)
• deps: bump yauzl from 3.2.0 to 3.2.1 (#25729)
• deps: bump bn.js from 4.12.0 to 4.12.3 (#25691)
• deps: bump js-yaml from 3.14.1 to 3.14.2 (#25680)
• deps: bump mdast-util-to-hast from 13.2.0 to 13.2.1 (#25681)
• deps: bump path-to-regexp from 8.4.0 to 8.4.1 (#25888)
• deps: bump simple-git from 3.21.0 to 3.32.3 (#25704)
• deps: bump file-type from 21.0.0 to 21.3.2 (#25728)
• deps: bump @octokit/plugin-paginate-rest from 9.2.1 to 9.2.2 (#25693)
• deps: bump @octokit/request from 8.4.0 to 8.4.1 (#25694)
• deps: bump picomatch from 2.3.1 to 2.3.2 (#25828)
• deps: bump nodemailer from 8.0.1 to 8.0.4 (#25848)

❤️ Thank You

• Adrien L @Adzouz
• Adrien Lepoutre @Adzouz
• Alexandre BODIN
• Bassel Kanso @Bassel17
• Ben Irvin
• guoyangzhen
• Jamie Howard @jhoward1994
• Joshua Klinesmith
• Simon Norris

✨ New Features & Improvements

• @directus/app
  • Moved useShortcut and translateShortcut in @directus/composables (#26979 by @HZooly)
  • added timezone support to datetime display (#26184 by @u12206050)
  • Added comparison modal checkbox to allow viewing only modified fields (#27010 by @robluton)
• @directus/composables
  • Moved useShortcut and translateShortcut in @directus/composables (#26979 by @HZooly)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed alias fields being included when selecting all fields in export (#26775 by @tysoncung)
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)
  • Fixed relational field removals inside groups not persisting on draft items (#26917 by @HZooly)
  • Fixed search input not closing when focus changes on keyboard navigation (#26970 by @Zhey-on)
• @directus/api
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)
  • Updated lodash, samlify and @xmldom/xmldom dependencies and add defu override (#27033 by @br41nslug)
  • Fixed coercion of stringified JSON in AI assistant tool arguments (#27005 by @bryantgillespie)
  • Added cleanup handlers for disconnected file streams (#26992 by @Champ-Goblem)
• @directus/errors
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)

📦 Published Versions

• @directus/app@15.8.0
• @directus/api@35.0.2
• @directus/composables@11.3.0
• create-directus-extension@11.0.34
• @directus/errors@2.3.1
• @directus/extensions-registry@3.0.24
• @directus/extensions-sdk@17.1.2
• @directus/memory@3.1.7
• @directus/validation@2.0.22

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest Crowdin changes. (#6067)
• Updated PHP dependency versions.

What's Changed

• Add more disk I/O metrics (utilization, read/write time, await, queue depth) (#1866)
• Add ability to copy alerts between systems by @svenvg93 (#1853)
• Add SENSORS_TIMEOUT environment variable (#1871)
• Replace distatus/battery with an internal implementation by @svenvg93 (#1872)
• Restrict universal token API to non-superuser accounts (#1870)
• Fix macOS ARM64 crashes by upgrading gopsutil to v4.26.3 (#1881, #796)
• Fix text size for system names in grid view by @Malith-Rukshan (#1860)
• Fix NVMe capacity reporting for Apple SSDs by @svenvg93 (#1873)
• Fix Windows root disk detection when the executable is not on the root disk (#1863)
• Fix nested virtual filesystem inclusion in Docker when mounting host root by @svenvg93 (#1859)
• Fix OPNsense installation persistence by using the daemon user by @svenvg93 (#1880)
• Upgrade JS dependencies with dependabot security alerts by @svenvg93 (#1882)
• Upgrade PocketBase to latest version

New Contributors

• @Malith-Rukshan made their first contribution in #1860

Full Changelog: v0.18.6...v0.18.7

Changelog

• 0559807 Always write complete files in sidecar meta provider
• d8f9275 Do not expose directories that can't be buckets
• c32ddff Update stage constants for ongoing requests
• 686f58c chart/README.md hostPath usage warning
• 464a82d chore(deps): bump actions/checkout from 4 to 6
• d4c0e6b chore(deps): bump docker/build-push-action from 6 to 7
• a71e94f chore(deps): bump docker/login-action from 3 to 4
• 8351970 chore(deps): bump docker/metadata-action from 5 to 6
• 6c7b03c chore(deps): bump docker/setup-buildx-action from 3 to 4
• b27e42b chore(deps): bump docker/setup-qemu-action from 3 to 4
• d2152b0 chore(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0
• 1ec724b chore(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1
• fe61e30 chore(deps): bump the dev-dependencies group with 17 updates
• 504fe99 chore(deps): bump the dev-dependencies group with 22 updates
• 85b40a6 chore(deps): bump the dev-dependencies group with 25 updates
• 3a8d658 chore(deps): bump the dev-dependencies group with 5 updates
• 7f9c943 chore: add helm lint to pr tests
• 3b76df1 chore: consistent comments
• 2ed4d7d chore: remove the unnecessary AmazonS3.xsd from s3response.
• 97cc6bf chore: run go modernize tool
• baf5cbf feat(chart): add HTTPRoute configuration
• b47ef4e feat(chart): enable persistence by default, discuss more in README
• af1a99c feat: add Helm chart for versitygw
• 285d130 feat: add browser-based POST object upload support
• db956fb feat: add cosign signing to chart OCI artifact
• 9a3ccf6 feat: add option to change webui path prefix
• 56cb36d feat: add option to disable copy-file-range for multipart uploads
• 755029d feat: add persistence.hostPath to Helm chart
• 710003f feat: add unix domain socket listener support to port option
• 59002b2 feat: implement integration tests for browser-based POST object
• 33917ad feat: implement quicker backend/posix walk algorithm
• 052f236 feat: implement x-amz-source-expected-bucket-owner for CopyObject and UploadPartCopy
• 73730d9 feat: noop plugin for gateway load testing
• a152f29 feat: option to host webui on s3 port
• e023f00 feat: remove /api/gateways webserver endpoint
• 8795c15 feat: s3proxy default to credential chain with optional anonymous access
• 3b17f05 feat: support response header overrides in HeadObject
• 604848b fix(chart): fix cosign-installer tag
• b154707 fix(chart): fix multidoc separator when 2 routes are enabled
• 47af907 fix(chart): replace buggy chart-releaser action
• 53ce309 fix(chart): use docker login for helm and cosign
• 495b38a fix: abort scoutfs multipart uploads on error after successful moveblocks
• 21a636b fix: add request headers and metadata headers limit
• 3d47e7f fix: add x-amz-bucket-region to ListObjects(V2) response headers.
• b44952d fix: allow Helm chart users to use their own, existing PVC
• ffe7383 fix: allow list buckets to use default aws region us-east-1
• dc31696 fix: azure ListBuckets pagination to use client-side continuation tokens
• 929048c fix: azure PresignedAuth_UploadPart test failure
• 271313b fix: azure close download body in CopyObject to prevent resource leak
• afbeb7c fix: azure modernize part number loop check
• 8534d28 fix: bracket IPv6 addresses in auto-detected webui gateway URLs
• 90e240d fix: change ErrMissingDateHeader http status code to 403
• 97bb705 fix: change the way object metadata is stored in posix
• 927d1d6 fix: cleanup file descriptor leaks with chown fails
• 22f0431 fix: cleanup tempfiles when error prevents calling link
• bbe246e fix: enforce 5gb copy source object size threshold.
• 2ef6cc3 fix: fix admin cli update user --project-id retrieval
• a25408c fix: remove POST object multipart boundary prefix trimming
• c260129 fix: retry link on ENOENT caused by racing DeleteObject
• 13b3dc5 fix: serialize concurrent CompleteMultipartUpload calls via rename
• fbff3f6 fix: update deprecated StandardOutput/StandardError type
• 17e5e20 fix: webui location of tailwind.js asset
• e0275ba fix: webui move explorer styling to theme.css
• 07c970e fix: webui pass correct arguments to request() in putBucketPolicy

Changelog

Bug fixes

• 95d722b: fix: test udp (@seriousm4x)

Others

• 6caddf2: Update README.md - reorganized parts and linked to Wiki instead (#1719) (@invario)
• f7dc0b2: Update docker-compose.yml (#1721) (@invario)
• 8d461e0: add note for DEVICE_IP and DEVICE_MAC availability in cmds (#1716) (@invario)
• 314d338: build(deps): bump golang.org/x/image from 0.37.0 to 0.38.0 in /backend (@dependabot[bot])
• d8bdab2: build(deps): bump yaml from 1.10.2 to 1.10.3 in /frontend (@dependabot[bot])
• 6d53e9e: fix(cron/wake): fix closure bugs, add reload hooks, and improve command robustness (#1723) (@monstercjz)
• 49d4109: gh-actions: remove go and npm, will update manually (@seriousm4x)
• 59b1723: send additional 2 magic packets via IP address for routed WOL (#1718) (@invario)
• 65d6e9f: update deps (@seriousm4x)

5.41.1 (2026-04-01)

🔥 Bug fix

• load inquirer async (043798dbe8)

❤️ Thank You

• Ben Irvin

5.41.0 (2026-04-01)

🔥 Bug fix

• use strapi.fetch for remote uploads (#25661)
• Content types with attributes named filters, sort, fields, or populate no longer cause 400 validation errors on populate queries and countDraftRelations (#21338, #25762)
• check devDependencies when resolving required admin deps (#22130)
• use max batch sizes per dialect (#25390)
• content-type-builder: default draftAndPublish to true in AI CTB (#25781)
• document-service: re-insert cascade-deleted bidirectional relations (#25725)
• graphql: expose status and hasPublishedVersion on non–D&P root queries for nested relations (#25763)
• homepage: render widgets progressively and batch permission checks (#25846)
• upload: allow removal of file type filter in media library (#25399)
• upload: row duplicate-key warning (#25670)
• upload: allow upload of files with empty MIME type (#25844)

⚙️ Chore

• deps: bump undici from 6.23.0 to 6.24.0 (#25731)
• deps: bump effect from 3.19.19 to 3.21.0 (#25796)
• scripts/check-package-versions: support Yarn catalog (#25625)

💅 Enhancement

• add customField parameter to extendFields (#22521)
• content-manager: add documentid in listview and editview (#25759)

🚨 Security

• package upgrades to remove deprecated versions of boolean, tar, and glob (#25776)

❤️ Thank You

• Adrien Foulon @Tofandel
• akash-dabhi-qed @akash-dabhi-qed
• Bassel Kanso @Bassel17
• Ben Irvin
• Daniil Barkov @giollord
• Kai Gritun
• mathildeleg @mathildeleg
• Nico André
• Shuhrat Dehkanov
• Ziyi @butcherZ

1.4.11 (2026-03-31)

Features

• Logging: Add logging categories for better log management

Fixes

• Security: Harden security with CSP enforcement, SSRF redirect validation, reenabled S/MIME chain verify, IP spoofing prevention, and PDF iframe sandbox
• Security: Harden proxy authentication and SSRF defenses
• Security: Block plugins with dangerous JS patterns and enforce strict session secret length validation
• S/MIME: Add self-signed certificate detection and update status messages for S/MIME signatures
• Email: Auto-focus input fields in email composer for improved user experience (#126)
• Mailbox: Prevent orphaning of nested mailboxes by restricting deduplication to root-level folders
• JMAP: Strip server-immutable fields from updates before sending to JMAP (#128)
• Files: Update file feature disabled messages and add stability warnings
• i18n: Add missing translation keys to all non-English locales

1.4.10 (2026-03-31)

Features

• Plugins: Add plugin configuration UI with schema-driven admin config page, calendar event action slot, and Jitsi Meet plugin
• Calendar: Implement client-side recurrence expansion for calendar events
• Calendar: Add iCal subscription editing and batch event import
• Calendar: Add hover preview settings and functionality
• Calendar: Add virtual location input for calendar events (#121)
• Email: Add reply-to addresses support in email composer
• Email: Add mail layout settings and update email list components
• Email: Add auto-select reply identity feature with settings and localization
• Email: Enhance compose functionality with button integration and translations
• Filters: Preserve activation state when updating or creating Sieve scripts to avoid deactivating server-managed vacation scripts
• Filters: Skip server-managed vacation script in Sieve script handling
• Settings: Add support for custom JMAP server endpoints in login and settings
• Settings: Add folder expansion state management and settings navigation
• UI: Add options to hide account switcher and show account avatars on navigation rail
• i18n: Add JMAP server endpoint labels and hints in multiple languages
• i18n: Add missing translation keys to all non-English locales

Fixes

• Security: Patch critical auth bypass and credential leak vulnerabilities
• Security: Support 3DES S/MIME decryption by importing legacy RSAES-PKCS1-v1_5 keys and add diagnostic logging (#35)
• Security: Account isolation, auto-import signer certs, and no-key error handling (#35)
• Calendar: Fix JSCalendar 2.0 recurrenceRule single-object compatibility (#116)
• Calendar: Enhance calendar event handling to distinguish between events and tasks
• Calendar: Link existing events to target calendar during iCal import instead of skipping (#113)
• Calendar: Deduplicate UIDs during iCal import to prevent mass failures (#113)
• Calendar: Fix events disappearing after iCal import/subscription refresh
• Calendar: Enhance calendar event handling with full-day detection and layout adjustments
• Calendar: Use UTC timestamps for timed event rendering
• Calendar: Work around Stalwart not returning Task objects via CalendarEvent/query
• Email: Enhance email loading and deduplication logic in email store (#119)
• Email: Ensure draft editing function is called correctly in EmailViewer component (#60)
• Email: Match hover action background to selected row state
• Email: Align tag counts with mailbox folder counts in sidebar
• Auth: Handle 2FA/TOTP session expiry with basic auth (#117)
• Mailbox: Improve mailbox tree logic and enhance mailbox handling with logging (#118)
• UI: Improve dark mode handling for media elements and background images
• UI: Adjust account list spacing and remove push connection indicator
• UI: Fix nested button in theme card

1.4.9 (2026-03-27)

Features

• Admin: Add Stalwart admin authentication, sidebar access, and a reorganized dashboard with dedicated policy sections
• Plugins: Add plugin/theme admin dashboard, harness tooling, forced enable or disable controls, managed policy enforcement, and a resizable detail sidebar
• Filters: Add vacation responder management with Sieve generation and parsing, UI integration, and improved sync preservation
• Email: Add plain text only composer mode, optional conversation threading disable, configurable hover action placement, and OAuth app password support
• UI: Add drag-and-drop customization for sidebar apps
• Files: Use dynamic server-configured maximum upload sizes
• i18n: Add Russian locale support and complete missing translation strings for recent task features

Fixes

• Calendar: Improve date parsing and event normalization, prevent calendar page re-render loops, ensure unique ICal subscription IDs, and create all-day events with correct JSCalendar midnight handling
• Email: Respect the configured mark-as-read delay in EmailViewer and fetch full email content when needed while editing drafts (#60, #95)
• Auth: Improve network error handling, add JMAP rate limiting handling, and enhance settings retrieval and persistence diagnostics (#100, #104)
• UI: Improve mobile layout behavior on contacts and calendar pages (#103)
• Themes: Repair theme ZIP bundle handling and enforce admin theme locks correctly
• Code Quality: Resolve outstanding ESLint warnings across the codebase

chore: update version to 1.4.9

1.4.8 (2026-03-23)

Features

• Email: Add support for marking emails as answered or forwarded and display status icons in email list and thread views
• Email: Enhance identity selection by supporting sub-addressing (plus addressing) in email composer
• Settings: Add notification settings with sound picker, preview playback, and configurable alert sounds
• Settings: Add default mail program settings with localization support across all locales
• Auth: Implement path prefix handling for OAuth callbacks and login redirects, enabling reverse proxy deployments
• Validation: Add all multi-part TLDs for domain validation in favicon API (#81)

Fixes

• Calendar: Fix bugs in duration parsing, RFC compliance, and event handling across calendar components
• Calendar: Detect tasks created by external CalDAV clients such as Thunderbird
• Settings: Enhance account settings with username and authentication method display (#90)