Tandoor - Package Updates

Package Updates

[1.12.0]

Update recipes to 2.6.0
Full Changelog
added Households
added Pantry (Inventory Booking)
added batch editing to user spaces
added loading indicator to meal plan card on start page
added AND/OR option to meal plan auto planner (thanks to @smilerz #4516)
added dark mode for markdown editor (thanks to @smilerz #4546)
improved search (thanks to @smilerz #4500)
changed MealTypes are no longer private to a user but global within a space (duplicates are automatically merged)
changed the default MealType is now configured in the meal plan settings (old defaults are migrated automatically)
changed Bookmarklet and Export log API to only return entries created by the current user

Package Updates

[1.12.1]

Update recipes to 2.6.1
Full Changelog
fixed forbidden issue on login (thanks to @smilerz #4556)
fixed insecure default setting for ALLOWED_HOSTS https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-x636-4jx6-xc4w
fixed storage editor URL field missing

Package Updates

[1.12.2]

Package Updates

[1.12.4]

Update recipes to 2.6.4
Full Changelog
added Household setup page and default creation to welcome stepper
added django migration records to admin
fixed food shopping sub endpoint not validating amount and unit inputs https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-8w8h-3pv2-3554
fixed a shared user could make changes to a book trough the API https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-xvmf-cfrq-4j8f
fixed style tags allowed in rendered markdown could lead to CSS injection in third party clients that did not properly clean the output on the frontend https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-9hhh-g2fc-r8x2
fixed recipe batch update endpoint could be used to update private recipes of other space members if the ID was known https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-v8x3-w674-55p5
fixed performance issues on some admin views
fixed admins can accidentally lock themselves out of their space
fixed category order jumping in shopping list when checking and not having any supermarket selected #4446
fixed selecting no supermarket in shopping not working

Package Updates

[1.12.5]

Update recipes to 2.6.5
Full Changelog
fixed docs link to gunicorn docs #4563 (thanks to @igordiogobp #4608)
fixed vite error (thanks to @smilerz #4592)
fixed shopping list error when item has no amount
fixed minus in meal plan editor could remove the date completely
fixed move ingredient dialog not working #4552
fixed potential DDoS by limiting uploaded zip file sizes https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-w8pq-4pwf-r2m8

Package Updates

[1.12.6]

Package Updates

[1.12.7]

Package Updates

[1.12.8]

Package Updates

[1.12.9]

Package Updates

[1.12.10]

Update recipes to 2.6.11
Full Changelog
improved pantry booking dialog and table
fixed another order parameter
fixed recipes marked as private could be viewed trough API utility endpoints GHSA-cqj3-64qw-4w52
fixed recipe search and recipe book API endpoints accepting any order by attribute GHSA-4x57-2q4q-xwpp
fixed regex ddos possibility in automation engine GHSA-f2gw-c2c7-59v7
fixed AI Providers could be configured with malicious URLs to allow SSRF GHSA-wq4h-2r8x-cv65
if you are using custom AI backends you need to add them to the new AI_ALLOWED_URLS settings (see docs)
fixed bookmarklets of other users in your own space could be accessed/deleted GHSA-4vw7-c646-g23w
updated lots of dependencies
updated translations for various languages

Cloudron Forum