Postfix stable release 3.10.8 and legacy releases 3.9.9, 3.8.15, 3.7.20

[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.10.8.html]

Fixes for all supported Postfix releases:

• Improved Milter error handling for messages that arrive over a long-lived SMTP connection, by changing the default milter_default_action from "tempfail" to the new "shutdown" action (i.e. disconnect the remote SMTP client).

  The problem was that after a single Milter error, Postfix could tempfail all messages that the client sends over a long-lived connection, even if the Milter error was only temporary. This problem was reported by Ankit Kulkarni.

• Bugfix (defect introduced: Postfix 2.11): "posttls-finger -v -v -v" terminated with a panic, caused by recursive logging. Reported by Geert Hendrickx, diagnosed by Viktor Dukhovni, and fixed by Wietse.

With one simple change, the patch for Postfix 3.7 should also apply to older Postfix versions, because the patch affects code that has not changed in a decade or so. The simple change is to remove the Prereq: line, and to remove the part that updates the HISTORY file.

You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.

The Extended Stable channel has been updated to 144.0.7559.220 for Windows and Mac which will roll out over the coming days/weeks.

This release specifically addresses issues introduced in v25.12.4, where drawings could become non-editable in certain scenarios due to content filtering rules.

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated content filter to allow required drawio diagram attributes. (#6026)

Below are development builds for testing purposes.

Latest development build: 2.6.2.25 (March 1st 2026)

Latest stable release build: 2.6.2.1
https://github.com/clsid2/mpc-hc/releases/tag/2.6.2

26.1 Snapshot 9 (known as 26.1-snapshot-9 in the launcher) is the ninth snapshot for Java Edition 26.1, released on February 18, 2026, which fixes some major issues. Full changelog: https://minecraft.wiki/Java_Edition_26.1-snapshot-9

26.1 Snapshot 8 (known as 26.1-snapshot-8 in the launcher) is the eighth snapshot for Java Edition 26.1, released on February 17, 2026, which adds new textures and models for the remaining baby mobs: the hoglin, panda, sniffer, strider, and zoglin. It also adds new stonecutter recipes for existing blocks, and fixes bugs. Full changelog: https://minecraft.wiki/Java_Edition_26.1-snapshot-8

This release specifically addresses folder permission issues (often showing as an error when attempting to access content) which could occur from changes introduced in v25.12.4.

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated filter caching folder handling to avoid server filesystem permission issues. (#6023)

✨ New Features & Improvements

• @directus/app
  • Added collaboration state (is viewing, is editing) and minor design updates (#26574 by @alvarosabu)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed translation interface being disabled when delete permission not allowed (#26669 by @AlexGaillard)
  • Fixed item comparison failing when special characters are present in manual primary keys (#26668 by @AlexGaillard)
  • Fixed non-editable state for relational fields with custom permissions (#26676 by @HZooly)
  • Added restriction of allowed MIME types to the system file upload interface (#26646 by @AlexGaillard)
• @directus/api
  • Added restriction of allowed MIME types to the system file upload interface (#26646 by @AlexGaillard)

📦 Published Versions

• @directus/app@15.4.0
• @directus/api@33.3.1

Security Release

• Update Instructions
• Update details on blog

BookStack v25.12.4 has been released.

This is a security release to address a vulnerability where style code in page content could be used to manipulate the page beyond the expected content area, opening up risk of potential phishing and/or tracking by bad page editors.

We advise that you update your instance if you allow untrusted users to create or edit pages.

Thanks to SeongYun Moon (@Moonster8282 on GitHub) for their responsible discovery and reporting of this issue.

Additional Update Notices

• Page Content - As of this release, extra layers of filtering have been applied to page content. While we have tried to ensure this has minimal impact on content, it's possible this will lead to extra elements being filtered.
• Option Change - The ALLOW_CONTENT_SCRIPTS env option is now considered deprecated. It's advised to use the APP_CONTENT_FILTERING option, as documented here, instead if needed.

If you experience issues with your page content being over-filtered feel free to raise an issue on GitHub where we can check if the behaviour is intentional or something which needs to be patched.

You can use the new page content filtering option, with a value of jhf which should match the prior version filtering, but this will remove a layer of content filtering security so is not recommend.

Full List of Changes

• Added new option for more granular page filter control.
• Updated page content filtering to detect extra cases, and to apply a more aggressive allow-list style filter.
• Updated application PHP dependencies.

Changes from 2.6.1 to 2.6.2:

Updates:

• Updated LAV Filters to version 0.81-5-g5aa4b
• Updated MediaInfo DLL to version 26.01

Fixes:

• Several small fixes and improvements.

Part-DB 2.7.1

Bug fixes

• Fixed problem that stocktake date of part lot was required when editing part (#1250)
• Fixed problem that part tables had wrong sorting on initial loading
• Fixed german translations related to update manager
• Fixed visual styling of lot table

• View downloads
• View release notes

• View downloads
• View release notes

The PostgreSQL Global Development Group is planning for an out-of-cycle release on February 26, 2026 due to regressions introduced in the February 12, 2026 update release, which included releases 18.2, 17.8, 16.12, 15.16, and 14.21. This release will provide fixes for all supported versions (18.3, 17.9, 16.13, 15.17, 14.22). While these fixes may not impact all PostgreSQL users, the PostgreSQL Global Development Group wants to address these issues before the next scheduled release on May 14, 2026.

The regressions from this release include:

• The substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database column.
• A standby may halt and return an error "could not access status of transaction".

For the substring() regression, the fix for CVE-2026-2006, which closed a vulnerability in the database server, introduced a regression causing substring() to improperly return an error on multi-byte (non-ASCII) text values if the source of that value was a database column. If you've upgraded to 18.2, 17.8, 16.12, 15.16, or 14.21, and need the fix ahead of the February 26, 2026 release, you should consider manually applying the changes. Release specific information can be found here: https://wiki.postgresql.org/wiki/2026-02_Regression_Fixes.

Ahead of this release, you can find additional information about the regressions and fixes here: https://wiki.postgresql.org/wiki/2026-02_Regression_Fixes.

✨ New Features & Improvements

• @directus/app
  • Added activity logging for explicit user logout (#26638 by @JamesW1)
• @directus/api
  • Added activity logging for explicit user logout (#26638 by @JamesW1)
• @directus/constants
  • Added activity logging for explicit user logout (#26638 by @JamesW1)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed date picker month select offset (#26655 by @HZooly)
  • Fixed issue with opening multiple drawers when editing tree view item (#26656 by @AlexGaillard)
  • Fixed vertical alignment of button fields set to half-width by restoring align-self: baseline in form-field component. (#26653 by @omkarg01)
• @directus/api
  • Fixed GraphQL groupBy collision when a field is named group (#26626 by @dstockton)

📦 Published Versions

• @directus/app@15.3.0
• @directus/api@33.3.0
• @directus/composables@11.2.13
• @directus/constants@14.1.0
• create-directus-extension@11.0.29
• @directus/env@5.5.3
• @directus/extensions@3.0.19
• @directus/extensions-registry@3.0.19
• @directus/extensions-sdk@17.0.9
• @directus/memory@3.1.2
• @directus/pressure@3.0.17
• @directus/schema-builder@0.0.14
• @directus/storage-driver-azure@12.0.17
• @directus/storage-driver-cloudinary@12.0.17
• @directus/storage-driver-gcs@12.0.17
• @directus/storage-driver-s3@12.1.3
• @directus/storage-driver-supabase@3.0.17
• @directus/themes@1.2.4
• @directus/types@14.2.1
• @directus/utils@13.2.2
• @directus/validation@2.0.17

Part-DB 2.7.0

New features

• Allow to set GTIN / EAN numbers for parts
• Some info providers allow to provide GTIN infos
• Allow to mark if supplier prices contain VAT or not. This is especially useful in combination with info providers
• Allow to restrict on which element types attachment types can be applied. For example the "Avatars" attachmen type can only be shown on user attachments
• Added ability to stocktake part lots from info page. This easily allows for setting a specific amount, instead of just adding/removing from an database value. The stocktake date is stored, to give a hint on how reliable the amount left is.
• Delegate part retrieval to buerklin info provider when an buerklin URL is given (@mkne, PR #1235)
• Added API endpoint for label generation (@MayNiklas, PR #1234)
• Added functions to twig labels to retrieve associated parts. This allows to print all parts contained in a storage location (#1239)

Improvements

• Performance optimizations for parts tables
• Autofocus fields for easier workflow (@d-buchmann, PR #1240)
• Allow more functions and filters in twig labels

Bug fixes

• Fixed issue when parts contained % in name (@d-buchmann, PR #1238)
• Do not show a 500 error, if twig labels contains invalid code
• Fixed german translations

Docker

• Removed nodejs from docker images as it is only needed for frontend building. This makes images ~ 25% smaller
• Optimized docker image build flow

Miscellaneous

• Updated dependencies
• Updated GNU Unifont to 17.0.3

Full Changelog: v2.6.0...v2.7.0

• read-only demo server at https://a.ocv.me/pub/demo/
• docker image ╱ similar software ╱ client testbed

there is a discord server with an @everyone in case of future important updates, such as vulnerabilities (most recently 2025-09-07)

🧪 new features

• now possible to upload/delete files while the filesystem-indexer is still busy d44ea24 0ca4c1b
  • global-option fika decides which actions to allow while still indexing; default is upload+copy+delete
  • full deduplication is only guaranteed if this option is set blank, as dupes are allowed while indexing
• #1266 browsers can request thumbnails as jxl images, and view jxl files in the gallery (thx @intelfx!) b2711e0 720c83b 93ffc65 a65a30b a7a25de 59de5e2 16403d8 48c1017 0e8913c
  • only works in browsers which support jxl, which is FINALLY happening (sure took a while)
  • some notes on memory/RAM usage though -- it is fine on Alpine Linux, so docker is also fine, just don't enable mimalloc
    • jxl can be disabled with global-option th-no-jxl if necessary on baremetal deployments until libvips fixes this
• #1265 audioplayer can "skip silence" now (thx @icxes!) 6694998
• #1287 opensearch support for opds (thx @philips!) 84e687a
• #1276 option rw-edit is the list of file-extensions that can be edited as textfiles with only permissions read+write (default is md like before); all other files still require read+write+delete 312f48e d692838
• #1288 option to customize the links copied when selecting files and pressing ctrl-c (thx @icxes!) e5d0a05
• docker: add env-var DI_PREPARTY to run an arbitrary script during startup, for customizations and such bf01ca4

🩹 bugfixes

• #1279 the textfile-viewer would refuse to load huge documents when hotlinked f02e9cf
• #1280 the custom rightclick-menu was enabled in the textfile viewer fc8a4b8
• #1262 logtail now works on windows; would previously take an exclusive-lock on the monitored file, as windows does by default a368fc6

🔧 other changes

• volumes are hidden from the treeview if the name starts with a dot 76041fd
• #1277 descript.ion files no longer require the e2d and e2t options to be enabled 4cb4e82
• chunked PUT-uploads are now terminated if they exceed a configured size limit dfadb5a
• #1282 improved compatibility with GraalPy (thx @vgskye!) e8609b8
• #1292 #1296 updated Esperanto translation (thx @slashdevslashurandom!) 418bf2f 914f84c
• thumbnails: use libvips as fallback for rawpy 27ae2e1
  • libvips doesn't support .arw files (sony) yet, so still need rawpy
• make server config slightly easier:
  • improve xff warnings 96aeb89
  • warn if config-values are quoted 598df44
  • lowercase headernames in configs fd09638

🌠 fun facts

• the fika option sends the filesystem-indexer on a coffee break
• exci wants me to mention aoi yuuki here for some reason :^) so here's gekisou gungnir

---

⚠️ not the latest version!

[0.15.5] - 2026-02-14

If you are upgrading from v0.14.x and below, this version includes multiple breaking changes. Please read the upgrading documentation for more information on how to upgrade from previous versions.
If you are upgrading from v0.15.x, replace the binary and update the webadmin.

Added

Changed

Fixed

• IMAP/JMAP: OOM when mail-parser returns cyclical MIME structures (CVE-2026-26312).
• Tracing: Fix tracing indexing when using separate stores.
• JMAP: Fix upToId computation in */queryChanges.
• JMAP: Include createdIds when the property is present.
• JMAP: Respect query arguments in Email/queryChanges.
• JMAP: Return the correct container/item change id when there are no changes.

---

Check binary attestation at here

 The Extended Stable channel has been updated to 144.0.7559.177 for Windows and Mac which will roll out over the coming days/weeks.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 1 security fix. Please see the Chrome Security Page for more information.

[TBD][483569511] High CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim on 2026-02-11

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2026-2441 exists in the wild.


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

The Stable channel has been updated to 145.0.7632.75/76 for Windows/Mac  and 145.0.7632.75 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 1 security fix. Please see the Chrome Security Page for more information.

[TBD][483569511] High CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim on 2026-02-11

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2026-2441 exists in the wild.


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

The MariaDB Foundation is pleased to announce the availability of MariaDB 12.3.1, the release candidate (RC) in the new long-term support (LTS) release, and MariaDB 12.2.2, the latest stable rolling release. …

Continue reading \"MariaDB 12.3.1 and 12.2.2 now available\"

The post MariaDB 12.3.1 and 12.2.2 now available appeared first on MariaDB.org.

• Improved Intel Voltage Regulator monitoring.
• Support of Thermal Grizzly WireView PRO II monitoring device.
• Monitoring of MSI MEG Ai1000P, Ai1300P and Ai1600T PSUs.
• Preliminary support of Intel Wildcat Lake.
• AMD Ryzen AI 9 HX 470.
• New CSV logging feature.

• AMD Ryzen 7 9850X3D (Granite Ridge).
• AMD Ryzen 5 7500X3D (Raphael).
• Preliminary support of AMD Medusa Point.
• Intel Arrow Lake Refresh.

• Intel Core Ultra X9 388H, Core Ultra X7 368H and 358H, Core Ultra X5 338H (Panther Lake-H).
• Intel Core Ultra 9 375H, Core Ultra 7 355H and 345H, Core Ultra 5 325H (Panther Lake-H).
• Intel Core Ultra 7 360U, Core Ultra 5 350U and 340U, Core Ultra 3 320U (Panther Lake-U).
• Intel Core Ultra 3 205 (Arrow Lake).
• Intel Core 3/5/7 2xxE (Bartlett Lake).
• Intel Core i5 110 (Comet Lake).
• AMD Ryzen 5 5600F (Vermeer).
• AMD Ryzen 9 PRO 9945, Ryzen 7 PRO 9745, Ryzen 5 PRO 9645 (Granite Ridge).
• Improved support of AMD Ryzen AI 7 350 and Ryzen AI 5 340 (Kraken Point).

• AMD Ryzen Z2 and Z2 Extreme (Strix Point).
• AMD Ryzen Threadripper 9000 (Shimada Peak).
• NVIDIA RTX 5060 Ti (GB206), RTX 5050 (GB207).

• AMD Radeon RX 9060 XT (Navi 44).
• NVIDIA RTX 5060 (GB206).

• AMD Ryzen 9 8945HX, 8940HX, Ryzen 7 8840HX, 8745HX (Dragon Range refresh).
• AMD Ryzen AI Max+ 395 & AI Max+ PRO 395, Ryzen AI Max 390 & AI Max 385 (Strix Halo).
• AMD Ryzen AI 7 350, Ryzen AI 5 340 (Kraken Point).
• AMD Ryzen 7 5705G, 5705GE, Ryzen 5 5605G, 5605GE, Ryzen 3 5305G, 5305GE (Cezanne).
• AMD Radeon RX 9070 XT & 9070 (Navi 48).
• Zhaoxin KaiXian KX-U6780A and KX-U6580 (LuJiaZui, 8 cores).
• NVIDIA RTX 5070 Ti (GB203) & 5070 (GB205), RTX 5060 Ti (GB206).
• NVIDIA PCI-E error counters.
• Fix NVIDIA GPU temperature bug (drivers GeForce 576.02).
• Asus RTX Astral 5080 & 5090 12VHPWR per-pin currents.

• Intel Arc B580 GPU.
• Intel Arrow Lake-U preliminary support.
• Improved support of Intel Lunar Lake.
• Intel Q870, B860, H810, W880, HM870, WM890, WM880 chipsets.
• Intel Core Ultra 9 285HX, Ultra 7 275HX/265HX/255HX, Ultra 5 245HX/235HX (Arrow Lake-HX).
• Intel Core Ultra 9 285H, Ultra 7 265H/255H, Ultra 5 235H/225H (Arrow Lake-H).
• Intel Core 7 160HL, 150HL, 160UL, 150UL, 150U (Raptor Lake).
• Intel Core 5 130HL, 120HL, 130UL, 120U (Raptor Lake).
• Intel Core 3 100HL, 100UL, 100U (Raptor Lake).
• AMD Ryzen 9 9955HX3D, 9955HX, 9950HX3D, 9950HX, 9850HX, 9845HX (Fire Range).
• AMD Ryzen 7 9800X3D (Granite Ridge).
• AMD X870/B840 chipsets.
• NVIDIA RTX 5090 & 5080 GPUs.
• CAMM2 memory modules type.
• CUDIMM DDR5 memory.
• Remember window position.

• Added Intel Voltage Regulator (VR) monitoring.
• Added GPU memory utilization in MBytes.
• Added CPU and SOC BCLK.
• Added Intel ICC Max.
• Improved support of AMD Granite Ridge and Strix Point.
• Improved support of Intel Arrow Lake clock granularity.
• Intel Core Ultra 5 235, 225 & 225F (Arrow Lake).
• Intel Core i9 14901KE & 14901E, Core i7 14701KE, Core i5 14501E & 14401E/F (Raptor Lake).
• Battery charge rate (in W)

• AMD Ryzen 9 9950X (16C/32T), 9900X (12C/24T), Ryzen 7 9700X (8C/16T) and Ryzen 5 9600X (6C/12T) Granite Ridge (Zen 5).
• AMD Ryzen AI 9 HX 375 (4x Zen 5 + 8x Zen 5c), Ryzen AI 9 365 (4x Zen 5 + 6x Zen 5c) Strix Point APUs.
• AMD Ryzen 9 8945H, Ryzen 7 8845HS (Hawk Point).
• Intel Core Ultra 9 285K & 275, Core Ultra 7 265K & 255, Core Ultra 5 245K & 240 (Arrow Lake).
• Intel Core Ultra 9 288V ; Ultra 7 268V, 266V, 258V, 256V ; Ultra 5 236V, 228V, 2266V (Lunar Lake).
• AMD Radeon RX 7600 XT (Navi 33 XT).