Miniflux - Package Updates

Package Updates

[1.6.7]

• Update v2 to 2.2.13
• Full Changelog
• UI: Added a "Back to top" link for easier navigation.
• Integrations: Added support for Wallabag tags.
• Added support for LinkTaco service to save articles.
• API: Fixed issue where removed entries could still be returned. It was generating an error when fetching entries.
• Icons: Improved handling of relative icon URLs within subfolders.
• Timezone: Ensured only current IANA time zones are used. This avoids issues with Debian Trixie where deprecated time zones have been removed.

Package Updates

[1.6.8]

• Update v2 to 2.2.14
• Full Changelog
• Go Client: Allow passing a custom http.Client and add context support to API methods.
• UI: Redirect users back to the original page after logging in.
• Template: Improved Content Security Policy: extracted CSP generation into a function, added systematic nonces, and changed default-src to 'none' for stronger security.
• Integrations: Added tags option for the Karakeep integration.
• Integrations: Added new Archive.org integration.
• Rewrite Rules: Added remove_img_blur_params rule.
• Rewrite Rules: Added add_image_title rule for explainxkcd.com.
• Fixed CSS layout overflow when external links are too long.
• Fixed JSON Feed parser to fallback to external_url when url is missing.
• Updated scraper rule for Dark Reading.

Package Updates

[1.6.9]

• Update v2 to 2.2.15
• Full Changelog
• New configuration option to disable the Miniflux API
• Added option to save entries to a specific Linkwarden collection
• YouTube subscription improvements:
• Allow feed entries with <i> and <small> tags
• URL Cleaner: Remove additional trackers from URLs
• YouTube embeds: Avoid Error 153 (video player configuration error) in various scenarios
• API: fetchContent endpoint now properly rewrites media URLs when using the media proxy
• Security: Only relative paths are now allowed for the redirectURL parameter

Package Updates

[1.6.10]

• Update v2 to 2.2.16
• Full Changelog
• Disallow the media proxy from fetching resources on private networks to mitigate potential SSRF issues. This behavior is configurable at the instance level.
• Disallow fetching feed icons from private networks to reduce the SSRF attack surface. This is also configurable at the instance level.
• Add the TRUSTED_REVERSE_PROXY_NETWORKS configuration option to prevent spoofing of HTTP headers such as X-Forwarded-For, X-Forwarded-Proto, and X-Real-Ip. This option must be configured when AUTH_PROXY_HEADER is enabled.
• Stop logging generated Google Reader API tokens, even when debug mode is enabled.
• Remove the CORS handler from the Google Reader API, as it is not intended to be used by web clients, reducing the overall attack surface.
• Avoid indexing the content of removed entries, significantly reducing database index size after cleanup.
• Add a new API endpoint to import entries into an existing feed.
• Execute the content sanitizer when updating or importing entries through the API to ensure consistent sanitization.
• Improve Google Reader API compatibility by removing unnecessary output parameter checks and aligning behavior with other open-source RSS readers.
• Add smooth page transitions for a more polished navigation experience.