Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps - Status | Demo | Docs | Install
  1. Cloudron Forum
  2. ntfy
  3. ntfy - Package Updates

ntfy - Package Updates

Scheduled Pinned Locked Moved ntfy
39 Posts 3 Posters 11.9k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Package UpdatesP Online
    Package UpdatesP Online
    Package Updates
    wrote on last edited by
    #30

    [1.22.0]

    • Update ntfy to 2.19.0
    • Full Changelog
    • 888850d Add blurp
    1 Reply Last reply
    0
    • Package UpdatesP Online
      Package UpdatesP Online
      Package Updates
      wrote on last edited by
      #31

      [1.22.1]

      • Update ntfy to 2.19.1
      • Full Changelog
      • This is a bugfix release to avoid PostgreSQL insert failures due to invalid UTF-8 messages. It also fixes database-url validation incorrectly rejecting postgresql:// connection strings.
      • Fix invalid UTF-8 in HTTP headers (e.g. Latin-1 encoded text) causing PostgreSQL insert failures and dropping entire message batches
      • Fix database-url validation rejecting postgresql:// connection strings (#​1657/#​1658)
      1 Reply Last reply
      0
      • Package UpdatesP Online
        Package UpdatesP Online
        Package Updates
        wrote on last edited by
        #32

        [1.22.2]

        • Update ntfy to 2.19.2
        • Full Changelog
        • This is another small bugfix release for PostgreSQL, avoiding races between primary and read replica, as well as to further reduce primary load.
        • Bug fixes + maintenance:
        • Fix race condition in web push subscription causing FK constraint violation when concurrent requests hit the same endpoint
        • Route authorization query to read-only database replica to reduce primary database load
        1 Reply Last reply
        0
        • Package UpdatesP Online
          Package UpdatesP Online
          Package Updates
          wrote on last edited by
          #33

          [1.23.0]

          • Update ntfy to 2.20.0
          • Full Changelog
          • Add S3-compatible object storage as an alternative attachment store via attachment-cache-dir config option (#​1656/#​1672)
          • Reject invalid e-mail addresses (e.g. multiple comma-separated recipients) with HTTP 400
          • Add OpenRC init service file (#​1650, thanks to @​ageru for the contribution)
          • ⚠ Important note: With this release, ntfy will take full control over the attachment directory or S3 bucket. Files/objects in the configured attachment-cache-dir that match the message ID format (12 chars, matching ^[A-Za-z0-9]{12}$), and have no entries in the message database will be deleted. Do not use a directory or S3 bucket as attachment-cache-dir that is also used for something else.
          1 Reply Last reply
          0
          • Package UpdatesP Online
            Package UpdatesP Online
            Package Updates
            wrote on last edited by
            #34

            [1.24.0]

            • Update ntfy to 2.21.0
            • Full Changelog
            • This release adds the ability to verify email addresses using the smtp-sender-verify flag. This is a change that is required because ntfy.sh was used to send unsolicited emails and the AWS SES account was suspended. Going forward, ntfy.sh won't be able to send emails unless the email address was verified ahead of time.
            • Add verified email recipients feature with smtp-sender-verify config flag, allowing server admins to require email
            • address verification before sending email notifications (#​1681)
            1 Reply Last reply
            0
            • Package UpdatesP Package Updates locked this topic on
            • Package UpdatesP Online
              Package UpdatesP Online
              Package Updates
              wrote on last edited by
              #35

              [1.25.0]

              • Update ntfy to 2.22.0
              • Full Changelog
              • Tighten web push endpoint allow-list regex to prevent SSRF via unanchored pattern matching (GHSA-w9hq-5jg7-q4j7, thanks to @MightyNawaf for reporting)
              • Fix web app not allowing access tokens to be changed to never expire (#1693/#1694, thanks to @lastsamurai26 for reporting and to @ShipItAndPray for fixing)
              • Fix web app crashing on account page for tokens without a last access time (#1651, #1684, thanks to @Pulsar7 and @rzhli for reporting)
              1 Reply Last reply
              0
              • Package UpdatesP Online
                Package UpdatesP Online
                Package Updates
                wrote on last edited by
                #36

                [1.25.1]

                • fix: update doc links from /apps/ to /packages/
                1 Reply Last reply
                0
                • Package UpdatesP Online
                  Package UpdatesP Online
                  Package Updates
                  wrote on last edited by
                  #37

                  [1.26.0]

                  • Update ntfy to 2.23.0
                  • Full Changelog
                  • Add per-visitor rate limit on new topic creations (visitor-topic-creation-limit-burst / visitor-topic-creation-limit-replenish, defaults 100 burst / 1m replenish) to mitigate topic-enumeration / squatting attacks that inflate the in-memory topic map
                  • Remove stacktrace-js, stacktrace-gps, humanize-duration, and js-base64 from the web app to reduce dependency and security footprint
                  • Restrict the publish dialog's local file preview to safe image types (png/jpg/gif/webp) to prevent same-origin script execution from blob URLs when previewing a crafted SVG (GHSA-j8hr-p342-xrmh, thanks to @Venukamatchi for reporting)
                  1 Reply Last reply
                  0
                  • Package UpdatesP Online
                    Package UpdatesP Online
                    Package Updates
                    wrote last edited by
                    #38

                    [1.27.0]

                    • Update ntfy to 2.24.0
                    • Full Changelog
                    • Fix case-insensitive ACL topic matching on SQLite: an access control rule for secret no longer also matches a request for SECRET. SQLite's LIKE is case-insensitive for ASCII by default. PostgreSQL was unaffected. It's honestly incredible that this issue remained undetected for so long, especially while ntfy.sh was running on SQLite (it now runs on PostgreSQL).
                    • Add opt-in in-memory ACL cache (auth-access-cache) that serves topic authorization without a database round-trip; off by default, intended for high-volume servers
                    • Add ntfy --version flag to the CLI (#1722, #1748, thanks to @sskender for the contribution, and @Saucy9607 for reporting)
                    • Extend account token automatically from the PWA service worker, so installed PWAs don't get logged out (#1669, #1203, #1533, thanks to @nihalgonsalves for the contribution)
                    • Fix rel attribute on auto-linked notification URLs so noreferrer/noopener are actually applied (#1720, thanks to @dmitrylyzo for the contribution)
                    • Add systemd sandboxing/hardening to the ntfy.service unit (#1467, thanks to @Velocifyer for the contribution)
                    • Fix cmd package build on macOS (darwin) so the server compiles from source (#1631, #1696, thanks to @ShipItAndPray for the contribution, and @XYenon for reporting)
                    1 Reply Last reply
                    0
                    • Package UpdatesP Online
                      Package UpdatesP Online
                      Package Updates
                      wrote last edited by
                      #39

                      [1.28.0]

                      • Update ntfy to 2.25.0
                      • Full Changelog
                      • Generate access tokens, IDs, and magic-link tokens with a cryptographically secure RNG (crypto/rand) instead of a clock-seeded PRNG
                      • Add password reset via emailed magic link, with a "Forgot password" link on the login page and a ntfy user reset-pass CLI command for admins
                      • Rework email verification to use durable, single-use, expiring magic links instead of in-memory 6-digit codes, and add a "primary" email (used for account recovery and as the X-Email: yes target) with verified/unverified state in the account UI
                      • You can now clear/read messages and delete messages with a GET request (#1771, thanks to @lemmi for reporting and to @wunter8 for implementing)
                      • Add a reload button to the web app's action bar when running as an installed PWA, which clears the service worker caches and hard-refreshes the app
                      • X-Email: yes (also true/1) now sends to your primary verified email regardless of the smtp-sender-verify setting (previously it was rejected unless verification was enabled); it requires being logged in with a verified address
                      • Grant users full access to their own sync topic (st_...) so cross-device subscription sync works under auth-default-access: deny-all (#733, #1795, thanks to @lmorchard for the contribution)
                      • Support HTTP (non-TLS) S3-compatible endpoints by preserving the endpoint scheme, e.g. for a local MinIO instance (#1794, #1734, thanks to @sskender for the contribution, and @Kernald for reporting)
                      • Stop silently stripping spaces from passwords while typing in the web app's login, signup, and password-reset forms (#1246, thanks to @aldem for reporting)
                      • Stop escaping <, >, and & as \u003c/\u003e/\u0026 in JSON responses (#1511, #1512, thanks to @wunter8 for the contribution)
                      1 Reply Last reply
                      0

                      Hello! It looks like you're interested in this conversation, but you don't have an account yet.

                      Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

                      With your input, this post could be even better 💗

                      Register Login
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes


                      • Login

                      • Don't have an account? Register

                      • Login or register to search.
                      • First post
                        Last post
                      0
                      • Categories
                      • Recent
                      • Tags
                      • Popular
                      • Bookmarks
                      • Search