Added
- PR #526 Chinese Traditional translation, thanks to @olivertzeng
- PR #527 Allow pasting on upload page to add QR codes easily, thanks to @moritzuehlingo
New env vars
BLOCK_OPTAUTH_IMAGELINK_FETCHING: Enable or disable fetching of resources linked in theimagelinkparameter of OTPauth URIs encoded in QR codes (doc).THROTTLE_API_DURING_IMPORT: Specific rate limite for API calls made by the Import feature to prevent429error during large import (doc, #522).
Security fix
- Mitigate blind SSRF by adding URL validation before imagelink resources are fetched (thx @DenizParlak). This comes with the new
BLOCK_OPTAUTH_IMAGELINK_FETCHINGenv var, which is set totrueby default. - Installation fails due to CVE-2025-45769 in transitive dependency firebase/php-jwt < 7.0.0 (via laravel/passport) (thx @MickLesk)
Fixed
- issue #509 manifest.json cannot be accessed through a reverse proxy
- issue #516 Local iconsPack is greyout - cant be selected for item
- issue #517 Typo: "recommanded" instead of "recommended"
- issue #519 Docker Container keeps crashing on boot
- issue #522 Test email missed text
- Bad groupSwitch button label on group change