Part-DB 2.9.1

Improvements

• Removed MPN fallback from LCSC barcode scanner, the SPN field is used instead for part matching (#1302)
• Automatically detect the delimiter on generic CSV BOM imports

Bug fixes

• Fixed intendation of EDA visibility checkboxes
• Fixed SAML login button (#1308, thanks to @mowoe)
• Fixed problem of GenericWeb info provider when used behind traefik (#1296)
• Fixed 500 error, when mapping in generic CSV BOM import fails (#1298)
• Fixed 500 error with displaying part prices, when a user has a currency preference different of base currency, and there is no conversion rate known for it (#1317)

Miscellaneous

• Updated dependencies
• Updated translations
• Updated kicad symbols

New Contributors

• @mowoe made their first contribution in #1308

Full Changelog: v2.9.0...v2.9.1

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• Email/SMTP - The way BookStack sends messages has changed slightly (Specifically, the SMTP HELO domain). This isn't expected to be a breaking change but testing of emails (Using the test send action in Settings > Maintenance) is advised after updating to be sure there's no impact.
• Theme System - Within a theme directory, the modules/ folder is now dedicated to theme modules. If you happened to already have a folder of this name in your theme, it's advised to use a different folder name instead.

Full List of Changes

Released in v26.03

• Added new module system to the theme system. (#5998)
• Added logical theme events for page content render and pre-save. (#6049)
• Added logical theme event and class to allow inserting custom views before/after others. (#5998)
• Added logical theme event to allow customising the OIDC authentication URL. (#6014)
• Updated book delete to return to the parent shelf in a shelf context. (#6029)
• Updated book read API endpoint to provide parent shelf information. (#6006)
• Updated cursor to pointer for drawio diagrams. Thanks to @lublak. (#5864)
• Updated description for per-page display limits. (#6005)
• Updated emails to use the domain from the APP_URL in the SMTP HELO. (#5990)
• Updated translations with latest Crowdin changes. (#6007)
• Fixed empty extra space showing for descriptions when the input is left empty. (#5724)

The Debian project is pleased to announce the fourth update of its stable distribution Debian 13 (codename trixie). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

The Stable channel has been updated to 146.0.7680.80 for Windows/Mac  and 146.0.7680.80 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

• AMD Ryzen AI 7/PRO 450G/E, AI 5/PRO 440G/E & 435G/E (Kraken Point 2).
• AMD Ryzen AI 9 HX 470.
• Fix AMD Ryzen 5 5500U (Lucienne) reported as 7350U (Cezanne).
• Preliminary support of Intel Wildcat Lake.
• CQDIMM (4-ranks CUDIMM) memory support.
• Fix DLL hijacking vulnerability thanks to Kwangyun Kem.
• New Chinese translation thanks to Shinjo Kurumi.

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Gaming Linux FR has announced the release of GLF OS 25.11, code-named "Phoenix Pulsar", the latest update of the project's NixOS-based Linux distribution designed primarily for gaming. This release updates the Linux kernel to the long-term supported 6.18 version and the NVIDIA driver to version 590.48: "What's new....

26.1 Pre-Release 2 (known as 26.1-pre-2 in the launcher) is the second pre-release for Java Edition 26.1, released on March 13, 2026. Full changelog: https://minecraft.wiki/Java_Edition_26.1-pre-2

Bugfixes and minor changes:

• FTP: Fixed path display in NSLT output

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Bryan Poerwo has announced the release of EndeavourOS 2026.03.06, code-name "Titan". EndeavourOS is an Arch-based Linux distribution with a customised KDE Plasma desktop and Calamares system installer. This new major release updates the Linux kernel to version 6.19.6 and makes improvements to the installer. "Earlier this month, the....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The developers of LinuxHub Prime have announced the availability of an updated version of the project's Arch-based Linux distribution featuring a custom system installer. The user-friendly program offers a one-click option to install several popular desktop environments and window managers and the live image also ships with "Prime....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The Debian-based Univention Corporate Server (UCS) distribution has a new update. Version 5.2-5 introduces a few new features, including a restore option for user accounts which have been deleted. "With the latest updates for the connectors for Samba 4 and Active Directory, we have completed the planned functionality....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The Zentyal development team has announced the release of Zentyal Server 8.1, the latest version of the project's Ubuntu-based server distribution. The new release is a significant update, now based on Ubuntu 24.04: "The Zentyal development team today announced the availability of Zentyal Server Development Edition 8.1. Zentyal....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The Fedora project has published a new development snapshot, Fedora 44 beta. The release introduces some key changes to the system installer and unifies the KDE Plasma experience across editions: "Goodbye Anaconda-created default network profiles - this change impacts how Anaconda populates network device profiles. Only those devices....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The FreeBSD project has announced the launch of FreeBSD 14.4, the latest release of the 14.x series. The upgrade mostly updates core system packages, such as OpenSSH and ZFS, while also introducing bug fixes and the ability to share filesystems with Bhyve virtual machines. "The FreeBSD Release Engineering....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: Quick looks at three Linux distributions
News: Guix System offers 64-bit Hurd option, Ubuntu and Fedora communities discuss age declaration laws, Linux Mint unveils new Cinnamon screensaver, Redox OS introduces new COSMIC features
Questions and answers: Would one big collection of packages help?
Released last....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The CachyOS team have announced the release of a new version of its Arch-based Linux distribution. The new version places a focus on making the system installer more friendly, particularly when selecting which desktop environment to use. "First, the installer now shows animated GIF/WebP previews in the Desktop....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Zenclora OS, a desktop Linux distribution based on Debian's "Stable" branch with a customised GNOME desktop, has been updated to version 2.0. Code-named "Ardenweald", it now features a unified package management system called Zen Package Manager (ZPM). "This major release marks the transition to Zen Package Manager (ZPM),....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. iodéOS is an Android-based operating system (in the LineageOS family) which ships without Google trackers or proprietary software. The project has released version 7.3 which is based on LineageOS 23.2. "This month, iodéOS 7.3 arrives with a thrilling evolution-blending Material 3 Expressive design with unparalleled customization. Built on....

The Stable channel has been updated to 146.0.7680.75/76 for Windows/Mac  and 146.0.7680.75 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

Security Fixes and Rewards

Updated 2026-03-13: The previous version of these notes included CVE-2026-3909, the fix
for which will instead be available in a future update.

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 1 security fix. Please see the Chrome Security Page for more information.

[N/A][491410818] High CVE-2026-3910: Inappropriate implementation in V8. Reported by Google Threat Analysis Group on 2026-03-10

Google is aware that an exploit for CVE-2026-3910 exists in the wild.

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

There is a new PHP release in town!

💾

💾

💾

There is a new PHP release in town!

💾

💾

💾

Security Release

• Update Instructions
• Update details on blog

BookStack v25.12.9 has been released.

This is a security release to address a vulnerability where style code in page content could be used to manipulate the page beyond the expected content area in some revision views, opening up risk of potential phishing and/or tracking by bad page editors.

We advise that you update your instance if you allow untrusted users to create or edit pages.

Thanks to Alex Dan (@windbreaker555 on GitHub) for their responsible discovery and reporting of this issue.

Full List of Changes

• Updated page revision diffs to use content filtering.
• Updated preference change redirect with stronger origin checks.
• Updated application PHP dependencies.

{ Taipei, Taiwan, 12 maart 2026 – QNAP® Systems, Inc., een toonaangevend computerbedrijf, innovator op het gebied van netwerken en o ...} More

[p]\[ DEAD HAND COLLECTION ][/p]

• [p]The Dead Hand Collection is now available, featuring 17 finishes from community contributors, and including 22 all-new gloves as rare special items.[/p][/*]
• [p]Access items in the Dead Hand Collection via the Dead Hand Terminal, available as a weekly drop.[/p][/*]

[p][/p][p]\[ MAPS ][/p][p]Dust II[/p]

• [p]Fixed a pixel gap in a door Outside Long. [/p][/*]

[p]Alpine[/p]

• [p]Updated to the latest version from the Community Workshop (Update Notes)[/p][/*]

• View downloads

• View downloads

As of February 2026, the PostgreSQL Community Association (PGCA), the official non-profit organization chartered by the PostgreSQL Core Team in 2011 to protect the Postgres brand assets, has updated its sponsorship levels and sponsorship prospectus.

Updated PGCA sponsorship levels

The PGCA Board would not be able to protect the PostgreSQL trademarks and brand assets without the generous financial support we receive from corporations, small businesses, and individual donors. We are deeply grateful for that support.

After reviewing sponsorship models used by other open source foundations, and in light of the increasing costs required to protect the PostgreSQL brand assets, we have increased the top two sponsorship levels: Benefactor and Patron, effective February 1, 2026. All other sponsorship levels remain unchanged. As always, we welcome and value donations at all levels, in any amount.

Significant update to the PGCA non-profit website

We’ve also made a significant update to the PGCA website, to modernize it and bring it forward to the present. We hope the new site makes it easier to understand the PGCA’s non-profit mission, learn how to use PostgreSQL trademarks appropriately, and donate, whether as a one-time or monthly contribution.

The updated PGCA website is at the same URL as before: www.postgres.ca.

Updated sponsorship levels and the sponsorship prospectus can be found on the Sponsors page at www.postgres.ca/sponsors/.

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2026-03-08)

⚠️ ATTN: this release fixes an ftp/sftp issue with shares

• GHSA-67rw-2x62-mqqm: when a share is created for just one or more files inside a folder, it was possible to use FTP or SFTP to access the other files inside that folder by guessing the filenames
  • so ignore this issue if you did not enable ftp or sftp in the server config
• it was not possible to descend into subdirectories in this manner; only the sibling files were accessible
• NOTE: this does NOT affect filekeys; this is specifically regarding the shr global-option
• password-protected shares were not affected through SFTP, only FTP

this release also fixes GHSA-rcp6-88mm-9vgf but that one is nothing to worry about

recent important news

• v1.20.9 (2025-02-25) fixed CVE-2026-27948 (XSS)

🧪 new features

• features? in this econonmy?? ain't nobody got time for that

🩹 bugfixes

• 66f1ef6 GHSA-67rw-2x62-mqqm (shares)
• 9f9d30f GHSA-rcp6-88mm-9vgf (the other thing)

🌠 fun facts

• the first cve is still by far the worst, none of the others even close... so at least that's nice
  • if you saw the cve notification and got all worked up, here's some comfy music to relax and upgrade copyparty to

---

⚠️ not the latest version!

Postfix stable release 3.11.1

[A hyperlinked version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.11.1.html]

Postfix stable release 3.11.1 is available.

• Bugfix (defect introduced: 20260219): alias_maps errors when default_database_type was not set in main.cf. Fix by Michael Tokarev.

• Bugfix (defect introduced: Postfix 3.0): buffer over-read when Postfix is configured with an enhanced status code not followed by other text. For example, "5.7.2" without text after the three-number code, in an access(5) table, header or body checks, or with "$rbl_code $rbl_text" in rbl_reply_maps or default_rbl_reply. These are all uncommon configurations. Problem reported by Kamil Frankowicz.

• Bugfix (defect introduced: Postfix 3.3): null pointer in nbdb_reindexd(8) because the "service_name" value was not propagated. Report by Michael Tokarev.

• During Postfix start-up, avoid a spurious error message from nbdb_reindexd(8), when non_bdb_migration_level disables automatic re-indexing.

You can find the Postfix source code at the mirrors listed at https://www.postfix.org/.

✨ New Features & Improvements

• @directus/system-data
  • Updated latest models for Anthropic, Google, and OpenAI providers (#26865 by @bryantgillespie)
• @directus/ai
  • Updated latest models for Anthropic, Google, and OpenAI providers (#26865 by @bryantgillespie)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed creation of related item with empty or default state (#26844 by @powerseed)
  • Added field level MIME type restriction to file-image interface (#26831 by @AlexGaillard)
  • Fixed AI tool approval flow hanging after approving provider-executed tools. (#26839 by @bryantgillespie)
  • Fixed custom Vue operation options to persist edited values in Flow settings. (#26832 by @AbdelhamidKhald)
  • Fixed an invalid filter for M2M interfaces when the item Id is null (#26857 by @ComfortablyCoding)
  • Fixed folder navigation state being lost when reopening file selection drawer (#26649 by @costajohnt)
  • Enforced MIME type allow list on remaining v-uploads missed in first round (#26821 by @robluton)
  • Fixed client side validation breaking in drawer when dynamic variable is present. (#26795 by @powerseed)
  • Fixed Visual Editor stripping trailing slashes from URLs (#26823 by @formfcw)
  • Enabled conditional styling for string fields in pie and donut charts. (#26776 by @vizzv)
  • Updated AI SDK dependencies to latest version (#26856 by @bryantgillespie)
  • Fixed save-as-copy failing on collections with many duplication fields (#26814 by @gaetansenn)
  • Improved redirect handling (#26870 by @br41nslug)
  • Fixed unable to click on m2o fields arrow icon to open drawer (#26822 by @robluton)
• @directus/api
  • Updated AI SDK dependencies to latest version (#26856 by @bryantgillespie)
  • Improved redirect handling (#26870 by @br41nslug)
  • Fixed countAll generating an incorrect query (#26774 by @tysoncung)
  • Updated TUS validation (#26869 by @br41nslug)
  • Fixed AI assistant Fields tool call inconsistency (#26819 by @powerseed)
  • Added support for disabling OpenAPI output using OPENAPI_ENABLED (#26868 by @br41nslug)
  • Bumped underscore, tar, lodash, dompurify dependencies (#26860 by @br41nslug)
  • Fixed deleteMany returning unexpected error for non-admin with empty array (#26759 by @ComfortablyCoding)
• @directus/env
  • Added support for disabling OpenAPI output using OPENAPI_ENABLED (#26868 by @br41nslug)

📦 Published Versions

• @directus/app@15.5.1
• @directus/api@34.0.1
• @directus/ai@1.3.0
• @directus/composables@11.2.15
• create-directus-extension@11.0.31
• @directus/env@5.6.1
• @directus/extensions@3.0.21
• @directus/extensions-registry@3.0.21
• @directus/extensions-sdk@17.0.11
• @directus/memory@3.1.4
• @directus/pressure@3.0.19
• @directus/schema-builder@0.0.16
• @directus/storage-driver-azure@12.0.19
• @directus/storage-driver-cloudinary@12.0.19
• @directus/storage-driver-gcs@12.0.19
• @directus/storage-driver-s3@12.1.5
• @directus/storage-driver-supabase@3.0.19
• @directus/system-data@4.3.0
• @directus/themes@1.2.6
• @directus/types@14.3.1
• @directus/utils@13.3.1
• @directus/validation@2.0.19