Weblate - Package Updates

Package Updates

[1.34.1]

• Update weblate to 5.14.2
• Full Changelog
• Performance when adding strings.
• Adding terms to glossary was not working in some situations.

Package Updates

[1.34.2]

• Update weblate to 5.14.3
• Full Changelog

Package Updates

[1.35.0]

• Update weblate to 5.15
• Full Changelog
• Batch automatic translation can now be manually triggered at project language, category or component level, see Automatic translation.
• Added ability to completely disable the admin contact form by setting CONTACT_FORM to "disabled".
• Added new Ollama machinery tool for local Ollama AI model integration, see Ollama.
• Added GET /api/units/(int:id)/comments/ to get a list of comments for the given translation unit.
• Memory contents imported from TMX files include string context.
• XLIFF 2.0, Nextcloud Apps JSON files, JavaScript Resource Files (RESJSON), and TOML are now supported file formats.
• Fedora Messaging integration is now available as add-on.
• Added Laravel format quality check.
• Improper invitation validation upon accepting (CVE 2025-64725 / GHSA-m6hq-f4w9-qrjj).
• Server-Side Request Forgery while cloning repository (CVE 2025-66407 / GHSA-hfpv-mc5v-p9mm).

Package Updates

[1.36.0]

• Update weblate to 5.15.1
• Full Changelog
• Added GET /api/projects/(string:project)/languages/(string:language_code)/file/ to download a ZIP file of all component translations of a project for a specified language.
• Updated list of OpenAI models.
• Added Migrating to Weblate guide to help users migrate from other localization platforms.
• Gracefully handle unreachable authentication providers.
• Update language definitions to CLDR 48.
• Git config file overwrite remote code execution (CVE 2025-68398 / GHSA-8vcg-cfxj-p5m3).
• Arbitrary file read via symbolic links (CVE 2025-68279 / GHSA-g925-f788-4jh7).
• Locking error that prevented updating linked components.
• Invitations on sites with required authentication.

Package Updates

[1.36.1]

• Update weblate to 5.15.2
• Full Changelog
• Statistics generator is now triggered upon installation.
• Screenshots updated from the repository have proper history.
• reStructuredText syntax error now reports unintended list conversion.
• Unchanged translation check ignores AsciiDoc source code blocks.
• Information leak via screenshots (CVE 2026-21889 / GHSA-3g2f-4rjg-9385).
• Explanation sync in TermBase eXchange format.
• User interface fixes.
• Clarified needs editing/checking/rewriting states.
• Automatically translated flag with bulk approvals.
• GitHub forks no longer trigger actions.

Package Updates

[1.37.0]

• Update weblate to 5.16
• Full Changelog

Package Updates

[1.38.0]

• Update weblate to 5.16.1
• Full Changelog
• Improved plurals handling for language variants.
• Fixed API access control.
• Users can manage their own notification subscriptions via the API.

Package Updates

[1.38.1]

• Update weblate to 5.16.2
• Full Changelog
• New setting <a href="https://docs.weblate.org/en/weblate-5.16.2/admin/config.html#std-setting-PUBLIC_ENGAGE" class="reference internal"><span class="pre"><code class="xref std std-setting docutils literal notranslate">PUBLIC_ENGAGE</code></span></a> to make the engage page public even with <a href="https://docs.weblate.org/en/weblate-5.16.2/admin/config.html#std-setting-REQUIRE_LOGIN" class="reference internal"><span class="pre"><code class="xref std std-setting docutils literal notranslate">REQUIRE_LOGIN</code></span></a>.
• Improved matching in <a href="https://docs.weblate.org/en/weblate-5.16.2/admin/memory.html" class="reference internal"><span class="doc">Translation Memory</span></a>.
• Show the number of strings waiting for review in listings.
• Avoid displaying confusing status icons for ghost languages on project or category level.
• Fixed missing plural source strings when creating new bilingual plural units.
• Crash on certain pages with nested categories.
• Improved API validation when adding strings.
• Disabled throttling for incoming webhooks.
• Avoid displaying non-actionable ghost languages.
• Fixed highlighting in the translation editor.

Package Updates

[1.39.0]

• Update weblate to 5.17
• Full Changelog
• Added PROJECT_WEB_RESTRICT_ALLOWLIST to exempt selected project slugs from project website restriction settings.
• Added WEBSITE_ALERTS_ENABLED setting to allow disabling project website availability checks and alerts.
• Added bulk user invitations.
• Added Forgejo notification webhook, see Automatically receiving changes from Forgejo Repos.
• Hardened repository boundary checks for symlink targets (CVE 2026-40256 / GHSA-ffgh-3jrf-8wvh).
• Dropped support for MySQL and MariaDB as the database engine.
• Weblate now requires Django 6.0.
• Weblate now requires Git 2.46 or newer.
• The project_scope class attribute on add-ons has been removed. Third-party add-ons that used project_scope = True should override can_install() to return False when component is not None.
• The daily() method signature on add-ons has changed. Add-ons that previously overrode daily(component) to perform per-component work should now override daily_component(component) instead.

Package Updates

[1.40.0]

• Upgrade git to latest version

Package Updates

[1.41.0]

• Update weblate to 5.17.1
• Full Changelog
• Image URLs in Markdown are now escaped before rendering (GHSA-5cmv-3rc4-7279).
• Tightened Weblate's REST API input validation to prevent translation enumeration (GHSA-gcg5-86jr-f7jg).
• Project backup imports now revalidate component repository URLs before restoring from backup (CVE 2026-41654 / GHSA-cwcx-382v-8m9g).
• Add-ons that opt in to manual triggering can now be run from add-on management and the Add-ons.
• Admins can now clean up blocked or abusive users by reverting edits, rejecting pending suggestions, and deleting comments across project or site-wide scopes.
• Admin user management can now find users by audit log IP address.
• Added LTEngine machine translation service.
• Password changes now regenerate personal API keys by default (CVE 2026-41519 / GHSA-6j8j-4qp3-36p2).
• VCS_RESTRICT_PRIVATE and WEBHOOK_RESTRICT_PRIVATE now reject URLs whose hostnames cannot be resolved during validation unless the host is explicitly allowed.
• Uploads now enforce TRANSLATION_UPLOAD_MAX_SIZE, COMPONENT_ZIP_UPLOAD_MAX_SIZE, and PROJECT_BACKUP_UPLOAD_MAX_SIZE before parsing. Component ZIP imports and project backup restores now share stricter ZIP archive safety checks, including total uncompressed data limits for project backup imports.

Package Updates

[1.41.1]

• Do not re-create admin, if admin was deleted

Package Updates

[1.42.0]

• Update weblate to 2026.5
• Full Changelog
• Added MDX files support for translating Markdown text while preserving JSX syntax, with File format parameters shared with Markdown files for line wrapping, code blocks, front matter, and placeholder handling.
• Added extended LLM translation context for automatic suggestions, covering string context, explanations, secondary-language translations, plurals, failing checks, and placeholders.
• CSV and XLSX downloads in Downloading translations now export plural strings as separate plural-form rows that can be imported back.
• Hardened search previews and Automatic suggestions suggestion origins against XSS, and stopped exposing database error details in upload failures.
• Screenshot URL uploads, remote HTML extraction in JavaScript localization CDN, and URL health-check redirects now reject internal or non-public targets by default.
• Per-project access tokens expiring today now remain valid until the end of the day.
• The dos-eol flag is no longer supported. Use the dos_eol File format parameters instead.
• The set_language_team project attribute has been replaced with the po_set_language_team file format parameter at the component level; see File format parameters.
• Weblate now uses calendar versioning for releases, see Release cycle.
• The upgrading policy was changed, and upgrades are only supported from the current or previous calendar year.

Package Updates

[1.43.0]

• Update weblate to 2026.6
• Full Changelog
• Announcements can now also be managed via the Weblate's REST API for specific project languages.
• Team memberships can now be limited to selected languages for per-user translation permissions.
• Added cost estimates to translation reports.
• Added Workspaces to group related projects, with workspace project listings, workspace-scoped teams and project creation permissions, inherited workspace, project, and category defaults for selected component settings, and billing details when available.
• Outbound URL validation now rejects additional non-public targets (GHSA-vmfc-9982-2m45).
• Project-language Announcements no longer appear across the whole project.
• Gitea and Forgejo pull requests no longer reconfigure existing fork remotes to point to the source repository.
• Gettext POT update add-ons now rescan translations after committing updated POT and PO files.
• Git repositories now update branches correctly when the remote also has a tag with the same name.
• There is a change in INSTALLED_APPS; weblate.workspaces should be added.