github BEDOLAGA-DEV/remnawave-bedolaga-telegram-bot v3.56.0
on GitHub

4 hours ago

3.56.0 (2026-05-16)

New Features

  • antilopay: expose apay-tag site-verification via cabinet (20f5d72)
  • deleted-users: auto-revive via Telegram signature, friendly cabinet 403, OAuth merge (1561077)
  • devices: per-user local aliases for HWID devices (19e7bf7)

Bug Fixes

  • admin: allow custom device count when MAX_DEVICES_LIMIT=0 (unlimited) (eef8dfb)
  • antilopay: correct return annotation + lift imports + no-store cache (85d5305)
  • backup: skip empty/corrupted backup files in get_backup_list gracefully (389a5b4)
  • cabinet: support multi-kty Telegram OIDC JWKS (RSA + EC + OKP) (86f97e6)
  • cabinet: tighten OIDC algorithm list + align PyJWT pin (9ef5f90)
  • devices: harden alias upsert + cabinet fallback + FSM filter (431a50d)
  • devices: multi-tariff hwid validation + unconditional delete commit (7b0fe38)
  • freekassa: read client IP from X-Forwarded-For header (b016244)
  • lava: switch outgoing signature to Signature HTTP header (raw body HMAC) (d19b39e)
  • notifications: graceful shutdown drain + strong-ref task tracking (5862385)
  • notifications: harden coalescing buffer and redact bot token from logs (0461279)
  • notifications: migrate to lifespan, env-tune coalescer, harden defense-in-depth (31fa43f)
  • notifications: preserve fail-fast startup semantics in lifespan (f5ad777)
  • notifications: stop flood-control feedback loop on RemnaWave node webhook bursts (3756ad6)
  • oauth: return 409 instead of 500 when local email is unverified (010a3fa)
  • payment: dedup post-topup notification and respect MAIN_MENU_MODE=cabinet (aa5e8ba)
  • referral: close 3 security gaps surfaced by audit (HIGH/MED/MED) (bb26394)
  • referral: close the race where miniapp opens before /start finishes (593cb36)
  • referral: dedupe cross-session race + lazy-create bot for cabinet attach (418f1d5)
  • stars: credit user the payload-encoded amount, not stars×rate (7e8e354)
  • stars: default rate 1.3 → 1.0 ₽/⭐ to match Telegram cash-out (1f32fed)
  • stars: migration to drop stale TELEGRAM_STARS_RATE_RUB=1.3 from system_settings (0f09132)
  • subscription: apply 36-char username helper to admin extend-subscription path (33037fb)
  • subscription: apply 36-char username limit fix to admin sync + bulk-sync (e57f496)
  • subscription: keep RemnaWave username within 36-char API limit (506af16)
  • subscription: remove SubscriptionStates re-import that broke bot startup (e971449)

Refactoring

  • devices: close all MED/LOW review items (599ab07)
Check out latest releases or
releases around BEDOLAGA-DEV/remnawave-bedolaga-telegram-bot v3.56.0

Don't miss a new remnawave-bedolaga-telegram-bot release

NewReleases is sending notifications on new releases.

Get notifications