Weblate - Package Updates

Package Updates

[1.36.0]

Update weblate to 5.15.1
Full Changelog
Added GET /api/projects/(string:project)/languages/(string:language_code)/file/ to download a ZIP file of all component translations of a project for a specified language.
Updated list of OpenAI models.
Added Migrating to Weblate guide to help users migrate from other localization platforms.
Gracefully handle unreachable authentication providers.
Update language definitions to CLDR 48.
Git config file overwrite remote code execution (CVE 2025-68398 / GHSA-8vcg-cfxj-p5m3).
Arbitrary file read via symbolic links (CVE 2025-68279 / GHSA-g925-f788-4jh7).
Locking error that prevented updating linked components.
Invitations on sites with required authentication.

Package Updates

[1.36.1]

Package Updates

[1.37.0]

Package Updates

[1.38.0]

Package Updates

[1.38.1]

Update weblate to 5.16.2
Full Changelog
New setting <a href="https://docs.weblate.org/en/weblate-5.16.2/admin/config.html#std-setting-PUBLIC_ENGAGE" class="reference internal"><code class="xref std std-setting docutils literal notranslate">PUBLIC_ENGAGE</code></a> to make the engage page public even with <a href="https://docs.weblate.org/en/weblate-5.16.2/admin/config.html#std-setting-REQUIRE_LOGIN" class="reference internal"><code class="xref std std-setting docutils literal notranslate">REQUIRE_LOGIN</code></a>.
Improved matching in <a href="https://docs.weblate.org/en/weblate-5.16.2/admin/memory.html" class="reference internal">Translation Memory</a>.
Show the number of strings waiting for review in listings.
Avoid displaying confusing status icons for ghost languages on project or category level.
Fixed missing plural source strings when creating new bilingual plural units.
Crash on certain pages with nested categories.
Improved API validation when adding strings.
Disabled throttling for incoming webhooks.
Avoid displaying non-actionable ghost languages.
Fixed highlighting in the translation editor.

Package Updates

[1.39.0]

Update weblate to 5.17
Full Changelog
Added PROJECT_WEB_RESTRICT_ALLOWLIST to exempt selected project slugs from project website restriction settings.
Added WEBSITE_ALERTS_ENABLED setting to allow disabling project website availability checks and alerts.
Added bulk user invitations.
Added Forgejo notification webhook, see Automatically receiving changes from Forgejo Repos.
Hardened repository boundary checks for symlink targets (CVE 2026-40256 / GHSA-ffgh-3jrf-8wvh).
Dropped support for MySQL and MariaDB as the database engine.
Weblate now requires Django 6.0.
Weblate now requires Git 2.46 or newer.
The project_scope class attribute on add-ons has been removed. Third-party add-ons that used project_scope = True should override can_install() to return False when component is not None.
The daily() method signature on add-ons has changed. Add-ons that previously overrode daily(component) to perform per-component work should now override daily_component(component) instead.

Package Updates

[1.40.0]

Package Updates

[1.41.0]

Update weblate to 5.17.1
Full Changelog
Image URLs in Markdown are now escaped before rendering (GHSA-5cmv-3rc4-7279).
Tightened Weblate's REST API input validation to prevent translation enumeration (GHSA-gcg5-86jr-f7jg).
Project backup imports now revalidate component repository URLs before restoring from backup (CVE 2026-41654 / GHSA-cwcx-382v-8m9g).
Add-ons that opt in to manual triggering can now be run from add-on management and the Add-ons.
Admins can now clean up blocked or abusive users by reverting edits, rejecting pending suggestions, and deleting comments across project or site-wide scopes.
Admin user management can now find users by audit log IP address.
Added LTEngine machine translation service.
Password changes now regenerate personal API keys by default (CVE 2026-41519 / GHSA-6j8j-4qp3-36p2).
VCS_RESTRICT_PRIVATE and WEBHOOK_RESTRICT_PRIVATE now reject URLs whose hostnames cannot be resolved during validation unless the host is explicitly allowed.
Uploads now enforce TRANSLATION_UPLOAD_MAX_SIZE, COMPONENT_ZIP_UPLOAD_MAX_SIZE, and PROJECT_BACKUP_UPLOAD_MAX_SIZE before parsing. Component ZIP imports and project backup restores now share stricter ZIP archive safety checks, including total uncompressed data limits for project backup imports.

Package Updates

[1.41.1]

Package Updates

[1.42.0]

Update weblate to 2026.5
Full Changelog
Added MDX files support for translating Markdown text while preserving JSX syntax, with File format parameters shared with Markdown files for line wrapping, code blocks, front matter, and placeholder handling.
Added extended LLM translation context for automatic suggestions, covering string context, explanations, secondary-language translations, plurals, failing checks, and placeholders.
CSV and XLSX downloads in Downloading translations now export plural strings as separate plural-form rows that can be imported back.
Hardened search previews and Automatic suggestions suggestion origins against XSS, and stopped exposing database error details in upload failures.
Screenshot URL uploads, remote HTML extraction in JavaScript localization CDN, and URL health-check redirects now reject internal or non-public targets by default.
Per-project access tokens expiring today now remain valid until the end of the day.
The dos-eol flag is no longer supported. Use the dos_eol File format parameters instead.
The set_language_team project attribute has been replaced with the po_set_language_team file format parameter at the component level; see File format parameters.
Weblate now uses calendar versioning for releases, see Release cycle.
The upgrading policy was changed, and upgrades are only supported from the current or previous calendar year.

Cloudron Forum