Tech news stream

Security update fixes path traversal vulnerability in GLiNET mode and adds new query parameter for query log

Security update fixes critical path traversal vulnerability in GLiNET mode and corrects blocked services issues

New SMS and chat notification providers, bearer token support for monitors, fix for remote code execution security vulnerability and various bug fixes

Prometheus v3.12.0 adds service discovery for DigitalOcean Managed Databases and Outscale VMs. New experimental PromQL functions (start(), end(), range(), step()) and enhanced rate/irate/increase functions with start timestamp support are introduced. The web interface now supports deleting time series and cleaning tombstones. A new API endpoint /api/v1/status/self_metrics and AIX/ppc64 compilation support complete the update.

Jellyfin Server 10.11.10 fixes multiple security vulnerabilities and resolves issues with UserData cache and user management

Security update with fixes for permissions, token scopes, OAuth validation and various authentication issues

Prometheus v3.12.0-rc.0 adds service discovery for DigitalOcean Managed Databases and Outscale VMs. New experimental PromQL functions start(), end(), range(), and step() are available for testing. The web interface now supports deleting time series and cleaning tombstones directly. Auto-reload-config functionality has been promoted to stable. Additional improvements include a new self-metrics API endpoint and enhanced timestamp support for rate(), irate(), and increase() functions.

Critical security vulnerability in DNS-over-QUIC and DNS-over-HTTPS fixed, Go version updated and various UI issues resolved

Major beta release introducing AI features, remote OCR, document versioning, and new search backend. Contains multiple breaking changes including removal of encryption support, API v1 compatibility, Python 3.10 support, and database migration restructuring. Significant upgrade requiring careful migr

Critical security fixes for SSO CSRF, user enumeration, SSRF and other vulnerabilities plus new item archiving feature

Security patch release fixing authentication endpoint vulnerabilities and mail account enumeration issues. Also includes fixes for custom field query events and API notes endpoint validation. Upgrade recommended for all users due to security fixes.

Security update with frontend libraries and Go version updates plus fixes for domain-specific upstreams and TLS configuration

Prometheus v3.11.2 addresses a medium-severity security vulnerability (CVE-2026-40179) and adds a health_filter field to Consul Service Discovery for Health API filtering. The update is recommended with no breaking changes. Operators can upgrade without migration requirements and benefit from improved filtering capabilities in Consul integration.

Critical security fixes for organization management and token invalidation, admin templates changed, 2FA tokens limited to 30 days

Fixes critical bug in two-factor authentication where remember tokens and recovery tokens were not accepted

Jellyfin Server 10.11.7 fixes multiple critical security vulnerabilities and various bugs

Security patch release fixing workflow filename clobbering vulnerability, along with improvements to file handling, authentication scope, API documentation, and dark mode UI elements.

Security patch release addressing vulnerability GHSA-59xh-5vwx-4c4q along with UI fixes for dark mode dropdown colors, tag display wrapping on small cards, dropdown selection behavior, and database filename handling during workflow actions.

Security update fixing multiple critical vulnerabilities in OAuth2, user permissions and path resolution along with various bug fixes

Security patch release addressing vulnerability GHSA-386h-chg4-cfw9, plus fixes for configuration option reset functionality and tag page count display issues.

Security update fixes critical vulnerabilities in cipher access and organization permissions

Security patch release addressing vulnerability GHSA-7qqc-wrcw-2fj9, recommended for all users to upgrade immediately.

Security release that restricts filename template rendering context, potentially breaking templates using undocumented document properties. Also fixes user interface styling, Docker classifier command, and improves performance for large installations.

Security update fixes critical vulnerability allowing authenticated attackers to access organization collections they don't belong to

Security patch release addressing two security vulnerabilities with fixes for nested tag extraction, note deletion prevention, performance improvements for tree nodes, date calculation corrections, rootless management script issues, and field override problems.

Security update fixes critical vulnerability for authenticated remote code execution and container escape

Security update with fixes for repository permissions, attachments, LFS locks and various authentication issues

Security patch release fixing a reported vulnerability along with several bug fixes including metadata override propagation, storage path ordering, PostgreSQL integer validation, index error handling, and recurring workflow timing issues.

Security patch release that addresses a reported security vulnerability, recommended for all users to upgrade immediately.

Paperless-ngx v2.20.2 is a recommended update that adds a new feature to dim inactive users in the users-groups list for better visibility. The release updates several dependencies including Angular, webpack, playwright, and uv. No breaking changes or migrations are required, making this a straightforward update to deploy.

Security update fixes critical access control vulnerability and improves recording playback efficiency plus certificate generation

Security update with cryptography library upgrade and fixes for various permission and login bugs plus numerous bugfixes

Security update fixes critical vulnerability allowing unauthorized file access via export thumbnail parameter and improves UI performance

Frigate 0.16.0 introduces multiple breaking changes including removal of TensorRT detector, audio handling updates, object detection disabled by default, and new authentication requirements

Frigate 0.15.0 introduces major breaking changes including rewritten SHM system, modified recording configuration, FFmpeg 7 update, and new Explore feature with AI-powered search capabilities