Highlights
- Fix: Block path traversal in log file download endpoint to prevent unauthorized file access.
- Feat: Add custom collection poster support, including upload, fetch, and clear endpoints, with integration for Plex and Jellyfin.
- Fix: Unstick rules-collections lock to resolve "Collection handling is already running" errors and improve rule execution reliability.
Features
- Cache Jellyfin collections and their children to reduce redundant queries during rule execution (#2800).
- Add ntfy.sh as a supported notification service (#2769).
- Replace Fider cc:user comment prefix with Discord notifications.
Fixes
- Block path traversal in log file download endpoint.
- Unstick rules-collections lock and clarify
sw_watcherslabels across media servers (#2801). - Fix overlay SSE EPIPE handling to prevent server crashes during transient failures (#2781).
- Fix UI TypeScript configuration and resolve hidden type errors (#2776).
- Fix overlays preset editing, cron discoverability, and tab gating (#2775).
- Bound Plex request timeout and propagate watch-history errors (#2773).
- Dedupe sibling-rule media events within a batch to reduce redundant notifications.
- Stop cross-rule contamination for same-titled automatic collections (#2766).
- Fix Fider stale-sweep to create the 'stale' tag on first run.
Performance
- Harden rule-executor job management and SSE listener handling to prevent lock leaks (#2801).
Internal
- Add automated Fider triage, invitation, re-evaluation, and stale workflows.
- Tighten Fider triage script and improve handling of pre-existing matches.
- Add "Behavioral fixes worth reviewing" section to docs-drift CI.
- Restore version header and add "New Contributors" section to release notes.
Dependencies
- Updated 10 dependencies, including typescript-eslint, react-hook-form, and nodemailer.
New Contributors
- @GitGitro made their first contribution in #2769
- @SmolSoftBoi made their first contribution in #2781
- @natekspencer made their first contribution in #2800