Paperless-ngx - Package Updates

Package Updates

[1.48.1]

• Update paperless-ngx to 2.20.9
• Full Changelog
• Fixhancement: config option reset @​shamoon (#​12176)
• Fix: correct page count by separating display vs collection sizes for tags @​shamoon (#​12170)

Package Updates

[1.48.3]

• Update paperless-ngx to 2.20.11
• Full Changelog
• Fix: correct dropdown list active color in dark mode @​shamoon (#​12328)
• Fixhancement: clear descendant selections in dropdown when parent toggled @​shamoon (#​12326)
• Fix: prevent wrapping with larger amounts of tags on small cards, reset moreTags setting to correct count @​shamoon (#​12302)
• Fix: prevent stale db filename during workflow actions @​shamoon (#​12289)

Package Updates

[1.48.4]

• Update paperless-ngx to 2.20.12
• Full Changelog
• Fix: Scope the workflow saves to prevent clobbering filename/archive_filename @​stumpylog (#​12390)
• Fix: don't try to usermod/groupmod when non-root + update docs (#<!---->12365) @​stumpylog (#​12391)
• Fix: avoid moving files if already moved @​shamoon (#​12389)
• Fix: remove pagination from document notes api spec @​shamoon (#​12388)
• Fix: fix file button hover color in dark mode @​shamoon (#​12367)
• Fixhancement: only offer basic auth for appropriate requests @​shamoon (#​12362)
• Fix: Scope the workflow saves to prevent clobbering filename/archive_filename @​stumpylog (#​12390)
• Fix: avoid moving files if already moved @​shamoon (#​12389)
• Fix: remove pagination from document notes api spec @​shamoon (#​12388)
• Fix: fix file button hover color in dark mode @​shamoon (#​12367)

Package Updates

[1.50.0]

• Update gotenberg to 8.29.0
• Full Changelog
• ExifTool Arbitrary File Write: The /forms/pdfengines/metadata/write endpoint allowed users to pass FileName and Directory pseudo-tags in the metadata JSON, enabling file rename/move to arbitrary paths. User-supplied metadata is now filtered through a blocklist before being passed to ExifTool.
• Chromium file:// Sub-Resource Restriction: When converting HTML/Markdown via file://, sub-resources are now restricted to the request's working directory, preventing cross-request file access in /tmp.
• Full OpenTelemetry Support: Distributed tracing, metrics export, and structured logging: all configurable via standard OTEL environment variables (OTEL_TRACES_EXPORTER, OTEL_METRICS_EXPORTER, OTEL_LOGS_EXPORTER, OTEL_EXPORTER_OTLP_ENDPOINT, etc.). Every HTTP request gets a span. External tool calls (Chromium, LibreOffice, QPDF, pdfcpu, pdftk, ExifTool, webhook delivery, download-from) create child spans. Trace context is propagated to outbound HTTP calls via W3C headers.
• Structured Logging Migration: Migrated from custom logging module to slog-based structured logging with OTEL log bridge. Supports auto/JSON/text formats with optional GCP-compatible field names.
• Binary Path as Peer Service: server.address span attribute now uses the actual binary path (e.g., /usr/bin/qpdf) instead of the software name.
• Telemetry Control for System Routes: New flags to disable telemetry for noisy system routes, all defaulting to disabled: --api-disable-root-route-telemetry, --api-disable-debug-route-telemetry, --api-disable-version-route-telemetry, --prometheus-disable-route-telemetry. The existing --api-disable-health-check-route-telemetry default changed from false to true.
• Idle Shutdown: New --chromium-idle-shutdown-timeout flag (default: 0s, disabled) to automatically stop Chromium after a configurable idle period, reclaiming memory on low-traffic servers. The process re-launches lazily on the next request.
• Network Almost Idle Event: New skipNetworkAlmostIdleEvent form field (default: true). When set to false, Gotenberg waits for a "network almost idle" event (at most 2 open connections for 500ms) before conversion. This provides a middle ground between the existing skipNetworkIdleEvent (strict, 0 connections) and no wait at all useful for pages with long-polling or analytics connections that never fully close.
• PDF Viewer Preferences (#​1316 15 new form fields for controlling PDF viewer behavior: initialView, initialPage, magnification, zoom, pageLayout, firstPageOnLeft, resizeWindowToInitialPage, centerWindow, openInFullScreenMode, displayPDFDocumentTitle, hideViewerMenubar, hideViewerToolbar, hideViewerWindowControls, useTransitionEffects, openBookmarkLevels.
• Event Callbacks (#​1473 New optional Gotenberg-Webhook-Events-Url header. When set, structured JSON events (webhook.success, webhook.error) are POSTed after each webhook operation, with correlationId and timestamp. Additive: existing Gotenberg-Webhook-Url and Gotenberg-Webhook-Error-Url continue to work unchanged.

Package Updates

[1.50.1]

• Update gotenberg to 8.29.1
• Full Changelog
• Assets were no longer being correctly loaded in HTML files. This is now fixed. Thanks @​ARawles-GFSC for the heads up!

Package Updates

[1.51.0]

• Update gotenberg to 8.30.1

Package Updates

[1.51.1]

• Update paperless-ngx to 2.20.14
• Full Changelog
• Fix: do not submit permissions for non-owners @​shamoon (#​12571)
• Fix: prevent duplicate parent tag IDs @​shamoon (#​12522)
• Fix: dont defer tag change application in workflows @​shamoon (#​12478)
• Fix: limit share link viewset actions @​shamoon (#​12461)
• Fix: add fallback ordering for documents by id after created @​shamoon (#​12440)
• Fixhancement: default mail-created correspondent matching to exact @​shamoon (#​12414)
• Fix: validate date CF value in serializer @​shamoon (#​12410)

Package Updates

[1.51.2]

• Update gotenberg to 8.31.0

Package Updates

[1.51.3]

• Update paperless-ngx to 2.20.15
• Full Changelog
• Fix: use only allauth login/logout endpoints @shamoon (#12639)
• Fix: correctly scope mail account enumeration @shamoon (#12636)
• Fix: prevent intermediate change event when CustomFieldQueryAtom operator changes type @ggouzi (#12597)
• Fix: reject invalid requests to API notes endpoint @ggouzi (#12582)

Package Updates

[1.52.0]

• Update gotenberg to 8.32.0
• Full Changelog
• Reverted SSRF defaults (breaking vs 8.31.0). 8.31.0 blocked private-IP destinations by default, which broke deployments running Gotenberg inside a private network. 8.32.0 restores the 8.30.x permissive defaults. Operators with internet-facing APIs opt into the strict posture via the new flags below.
• Rejected file:// at /forms/chromium/convert/url. Submitting url=file:///tmp/... used to let an unauthenticated caller enumerate the request working directory and read other in-flight uploads as rendered PDFs. The route now returns HTTP 400 for any file:// URL.
• Required uploaded file for image / pdf stamp and watermark sources. Twelve callsites accepted stampSource=pdf or watermarkSource=pdf with an expression pointing at any path the Gotenberg process could open, even when no file was uploaded. Handlers now return HTTP 400 unless the caller uploaded a matching file.
• Scoped file:// sub-resources to the request working directory. Crafted HTML could reference another request's file:///tmp/<reqdir>/.... The CDP request handler now restricts file:// sub-resources to the current request's directory. /convert/url and /screenshot/url reject every file:// sub-resource outright.
• Hardened Chromium against DNS rebinding. A short-TTL DNS authority could return a public IP at validation and a private IP at connect. A loopback HTTP / CONNECT proxy now sits between Chromium and the network, resolves DNS once, and pins the dial to the resolved IP. Skipped when --chromium-proxy-server or --chromium-host-resolver-rules is set.
• Filtered LibreOffice outbound fetches through a proxy. Uploaded OOXML, RTF, and ODF files can embed external URLs that LibreOffice's libcurl resolves below every Go-side SSRF filter. LibreOffice now routes every outbound fetch through an in-process forward proxy on the same gotenberg.DecideOutbound path Chromium and webhook delivery use. See the four new flags below.
• Recovered webhook async panics. High-concurrency webhooks could panic the async goroutine and crash the whole process. The goroutine now snapshots the request context and recovers any future panic through the existing error path.
• LibreOffice outbound URL filtering. Four flags mirror the Chromium and webhook layout: --libreoffice-allow-list, --libreoffice-deny-list, --libreoffice-deny-private-ips, --libreoffice-deny-public-ips. All default permissive.
• IP-class filtering on four modules. chromium, webhook, api-download-from, and libreoffice each accept matching deny-private-ips and deny-public-ips flags. All default to false.
• Charts print as blank rectangles (#1531, #1532, #1534, #1535 chromedp v0.15.0 suspended the BeginFrame-driven callback dispatch loop under emulatedMediaType=print. requestAnimationFrame, ResizeObserver, IntersectionObserver, CSS transitionend, and CSS animationend all stopped firing. Pinning chromedp back to v0.14.2 restores native dispatch.