v2.3.19

Latest

Latest

github-actions released this 07 Apr 14:21

· 70 commits to master since this release

e92a67b

Changelog

e92a67b Merge branch 'upstream-main'
0604418 Prevent mark entries as read on boosted history back
2be7dc6 Redirect back to category page after marking some feed as read
19f72e8 docs(docker-compose): add restart policy to postgres in basic example
bf573b0 Add more config validation rules
8a74392 Use scalar comparison for single-element slices in query builder
d6cfc56 Merge branch 'upstream-main'
9cd36ad Bump github.com/go-webauthn/webauthn from 0.16.1 to 0.16.3
f5dee89 Bump github.com/go-playground/validator/v10 from 10.30.1 to 10.30.2
26d9195 perf(storage): use scalar comparison for single-element slices in query builder
5f3049d perf(storage): factorize away a query
c591ea3 build(deps): bump github.com/lib/pq from 1.12.2 to 1.12.3
8df6b82 build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
fd75311 refactor(ui): skip app session creation for static asset routes
4e8a0e0 fix(ui): remove sensitive values from log messages
96989e2 fix(ui): render edit template on category update validation error
4f50449 fix(ui): redirect to category feeds page after marking feed as read
382e179 build(deps): bump github.com/go-webauthn/webauthn from 0.16.1 to 0.16.2
47ced3e build(deps): bump github.com/lib/pq from 1.12.1 to 1.12.2
e2f225f build(deps): bump github.com/andybalholm/brotli from 1.2.0 to 1.2.1
932e013 build(deps): bump github.com/lib/pq from 1.12.0 to 1.12.1
d5c37d7 perf(ui): reduce amount of sql queries to get unread entries
b160f92 refactor(config): move cross-field validation into config parser
31f077c refactor(oauth2): select provider explicitly by OAUTH2_PROVIDER value
0626413 refactor(oauth2): apply Go conventions and add GoDoc comments
c61c202 feat(locale): update gl_ES translation
873416f perf(ui): don't parse the keymap on every keypress
f8171fe perf(ui): batch changes in markPageAsRead
ba684ca perf(ui): add immutable to Cache-Control
9151dc5 perf(storage): extract a query from a cursor lock
ca7c38a perf(storage): Use SKIP LOCKED in ArchiveEntries
524d5e5 Merge branch 'upstream-main'
1ef7868 Protect lastStorageMetricsAt with sync.Mutex
f5bfd5a refactor(oauth2): make Google and OIDC providers mutually exclusive
f6c5f2f fix(oauth2): scope OIDC client secret warning to OIDC configuration
2de3427 refactor(oauth2): update Google OAuth endpoints to v2
21703c8 perf(sanitizer): Use an io.MultiReader
b79f22a perf(sanitizer): html.Parse already lowercases tag names
59bd092 build(deps): bump github.com/tdewolff/minify/v2 from 2.24.10 to 2.24.11
2fb3246 Merge branch 'upstream-main'
1d4ca6a fix(oauth2): check HTTP status from Google userinfo endpoint
b4c9719 fix(oauth2): clear state and code verifier from session after use
5c9edf3 fix(oauth2): verify OIDC ID token signature before trusting claims
2b21269 fix(oauth2): reject link overwrite when user already has a linked identity
d57774d build(deps): bump golang.org/x/image from 0.37.0 to 0.38.0
46ee27e Bump golang.org/x/image from 0.37.0 to 0.38.0
2e61fd8 http/response/html.OK -> http/response.HTML
2e680cf Fix order of assert.Equal args
13e3bbe Allow iframes from framatube.org
1f9269e Reuse ValidateDirection in user modification
c9f32c4 Merge branch 'upstream-main'
07a9685 ci(workflows): add consistent repository_owner guards
cc06154 fix(timezone): compare locations by name instead of pointer
fcde209 refactor(timezone): simplify AvailableTimezones and fix test typos
570227c refactor(validator): reuse ValidateDirection in user modification
2572809 refactor(worker): add graceful shutdown to worker pool
16ff071 feat(sanitizer): allow iframes from framatube.org
2932090 fix(sanitizer): strip inner elements of blocked iframes
478829a Fix some artefacts after refactoring of http/response
f34cdf8 Add Text response helper
480c7fa Refactor http/response using generics as much as possible for JSON responses
de10161 var nextRequestId uint64 may be simplified using atomic.Uint64
87074cf Replace hardcoded status labels with constants
1351aa8 Merge branch 'upstream-main'
64eea61 Bump github.com/jackc/pgx/v5 from 5.9.0 to 5.9.1
76452fa refactor(storage): return errors from count functions used by metrics
8c947e6 refactor(metric): replace hardcoded status labels with constants
96897a8 refactor(metric): support graceful shutdown of metrics collector
1b7619f Merge branch 'upstream-main'
fa9ab92 docs(googlereader): update README to reflect HMAC-SHA256 change
6ea078c fix(googlereader): use HMAC-SHA256 instead of HMAC-SHA1 for auth tokens
3105e1e fix(googlereader): use constant-time comparison for auth token validation
7a0ad7d Log write response body errors using correct logger
2509502 Bump github.com/jackc/pgx/v5 from 5.8.0 to 5.9.0
1b2c3c5 Bump github.com/klauspost/compress from 1.18.4 to 1.18.5
595855b Merge branch 'upstream-main'
9c28982 refactor(server): extract listen target resolution into testable functions
0162c46 refactor(ui): use consistent cache-busted URL pattern for all static assets
d33544e feat(ui): add cache busting for static icon assets
d07e82a Merge branch 'upstream-main'
f032858 refactor: remove dependency on gorilla/mux
323c995 CORS preflight requests should be a 204 response
1a8a503 Move status only responses into response package
ca13d1c Merge branch 'upstream-main'
cd3ea68 fix(api): CORS preflight requests should be a 204 response
925b05f fix(response): 204 responses should not include the Content-Type header
cc528b6 refactor(api): remove dependency on gorilla/mux
1e42cec feat(request): support ServeMux PathValue route params
6276d7e refactor(api): rename API handlers for consistency
5094731 refactor(mediaproxy): remove dependency on gorilla/mux in unit tests
fa7184e build(deps): bump github.com/lib/pq from 1.11.2 to 1.12.0
b1713dc refactor(mediaproxy): remove dependency on gorilla/mux
88ced7d Merge branch 'upstream-main'
a392b0d refactor(googlereader): remove dependency on gorilla/mux
6093819 docs(googlereader): add API documentation
4413c80 perf(googlereader): preallocate some slices
5c8810a Merge branch 'upstream-main'
f50c5dd refactor(fever): remove dependency on gorilla/mux
b965e45 perf(mediaproxy): convert to []byte in ProxifyAbsoluteURL only once
9660e8a perf(route): preallocate parameters in route.Path
8666cc4 Build correct ETag header from content hash
6f37a8a Merge branch 'upstream-main'
3f58f6d Merge branch 'upstream-main'
e9edda8 refactor(response): add Text response helper
d0f3c8a Bump github.com/dsh2dsh/gofeed/v2 from 2.4.3 to 2.4.4
b68d141 feat(response): support weak ETag comparison for If-None-Match header
ab0ea2d fix(response): add vary header for encoding negotiation
b570389 Merge branch 'upstream-main'
74b37e4 refactor(ui): remove superfluous spaces in sprite.svg
70f14e1 build(deps): bump github.com/PuerkitoBio/goquery from 1.11.0 to 1.12.0
aec3dc5 Finally replace (*Builder).WithBody with WithBodyAs*
f945517 Deny access to configured list of IP networks (100.64.0.0/10)
25d8065 Merge branch 'upstream-main'
83f05be Partly use explicit response body setters
3d2428b Reimplement ignore unsupported proxy targets
47619b9 Match MIME types case-insensitively
2fe10a0 Replace IsValidURL with urllib.IsAbsoluteURL
e591a1f Add 2 tests for ValidateUserModification
4b141b9 Remove unused template function truncate
5c414f5 refactor(http): use explicit response body setters
b18ecc0 refactor(http): move response format helpers into parent package
30c9ba9 fix(mediaproxy): ignore unsupported proxy targets
246b706 fix: enforce formatting in make lint and remove stale phony targets
de61a3c fix(mediaproxy): match MIME types case-insensitively
a89852a fix(locale): apply Arabic plural rules to ar_SA
7516bdf fix(locale): guard nil wrapped errors in Translate
7e5219e fix(icon): reject oversized favicons
2d3a9ae fix(template): avoid DoS in truncate() when processing untrusted input
7d0ed5d fix(cli): bypass logger setup for info and version flags
9cd7629 fix(cli): handle terminal credential input errors
4cd9dd6 refactor(validator): replace IsValidURL with urllib.IsAbsoluteURL
c2cbf53 fix(validator): allow clearing user filter rules on update

Assets 8