Released on July 1st 2026.
New features
-
Added Safe MDX, Source string length, and Accelerator key quality checks for MDX files JSX expressions, source length limits, and accelerator key consistency.
-
Added Mistral machinery integration for Mistral LLM automatic suggestions.
-
Added Registering the GitHub App from Weblate for connecting GitHub repositories through a Weblate GitHub App.
-
Project level backups backups can now be created and downloaded via the Weblate’s REST API.
-
Added file format parameters for translating individual YAML front matter values in Markdown files and MDX files files and escaping formula-like values in CSV files files.
-
Added an option to capitalize the text in status badge widgets.
-
Added workspace translation memory with asynchronous scope backfill for existing translation memory entries.
-
Added
analyze_translator_workto estimate realistic daily translator throughput from change history.
Improvements
-
RTL editing and translation display now handle bidirectional text better, including Unicode isolate controls in the Visual keyboard.
-
Management interface access control is now more fine-grained with dedicated site-wide permissions.
-
Default commit and merge request message templates now use Conventional Commits, settings forms can restore installation defaults, and pull request messages use a compact language progress matrix.
-
Documented Legal module customizations and added options to hide legal pages or disable document numbering.
-
Expanded security documentation for data residency, EU cloud sovereignty, release artifacts, supported versions, release verification, SBOMs, dependency handling, vulnerability reporting, hosted-service incident response, and self-hosted operator responsibilities.
-
Update LINGUAS file better detects
LINGUASfile presence. -
Update POT file (xgettext) can now leave the xgettext language blank to let xgettext guess it from source file extensions.
-
Update POT file (xgettext), Update POT file (Meson), Update gettext template (Django), and Update POT file (Sphinx) can now keep source locations in generated POT files even when translated PO files omit locations.
-
Add-ons installed at higher scopes are now shown on lower-scope add-on pages, and broad-scope add-ons can list affected components with compatibility details.
-
WEBLATE_ALLOWED_ASSET_SIZEis now available in Docker container. -
LLM automatic suggestions now use translated examples, language-specific instructions, richer glossary context, and structured placeholder context for more reliable output.
-
Meta descriptions now better match single-project and self-hosted installations.
-
Zen mode, filtered searches, nearby strings, translation form submissions, and add-on management pages now load more efficiently on large sites.
-
Added Packaging Weblate for distributions guidance for distribution maintainers.
-
Large component imports now avoid duplicate translation-memory processing.
-
GNU gettext PO (Portable Object) files can now be configured to remove obsolete strings on save, including during repository maintenance.
-
Bulk accepting suggestions now confirms the number of affected suggestions, can approve them for reviewers, and processes the acceptance in the background.
-
Committing large numbers of pending translations now queues browser requests in the background and avoids duplicate repository commit tasks.
-
Change-event notification add-ons can now use presets for translation content events, all events, or selected individual events.
-
Fedora Messaging now validates secure broker connections and exposes delivery timing settings.
-
Component diagnostics now sort entries by severity, color-code severity badges, and show the error count on the Diagnostics tab.
-
Performance report now shows PostgreSQL database disk usage next to server disk usage and warns when the database usage cannot be collected.
-
Performance report now shows PostgreSQL database disk usage next to server disk usage and warns when the database usage cannot be collected or there is not enough free space in the backup destination to store a database dump.
-
The Search and replace preview now keeps the search parameters editable so the query can be refined before applying replacements.
Bug fixes
-
Regular expression and Placeholders now enforce regular expression timeouts when evaluating source-string flags (GHSA-r52j-4vjp-q949).
-
Restricted component changes are no longer exposed through nested project, component, or translation API change endpoints (GHSA-92m8-wv36-prmx).
-
ZIP downloads, including App store metadata files translation bundles, no longer follow child symbolic links outside the downloaded tree (GHSA-xwj4-fp82-r2rj).
-
Teams enforcing two-factor authentication now also withhold site-wide permissions from human members without 2FA configured (GHSA-x86c-ff69-cr2m).
-
Globally scoped HTML and AJAX object lookups no longer disclose object existence in private projects (CVE 2026-55227, GHSA-2p9g-x3cv-5hh4).
-
Team API access checks now prevent project managers from reading private-project team data or expanding scoped team assignments outside their allowed projects (CVE 2026-55228, GHSA-2q2q-jr9g-v9rf).
-
Malformed
replacementsflags no longer abort source length checks. -
Empty component lists are no longer exposed to users without component list management permission.
-
Glossary handling no longer duplicates TBX terms or shows source-language terms in both translation columns.
-
Duplicate string alerts now offer a cleanup action to remove repeated strings from translation files.
-
Gerrit review requests review pushes can again include Gerrit push options in the target branch.
-
Webhook target fallback matching is now stricter and reported in component diagnostics.
-
Creating components linked with
weblate://no longer waits on the shared repository lock during the request. -
Project and workspace translation license defaults now follow component and project licenses more closely.
-
Component and category API
PATCHrequests no longer remove the category when the field is omitted. -
Document and translation-memory uploads now enforce
TRANSLATION_UPLOAD_MAX_SIZE, and API document uploads validate file extensions. -
reStructuredText syntax error now detects inline roles wrapped in stray backticks.
-
Unsafe HTML now efficiently detects changed placeholder-only HTML attribute values in translations.
-
Maximum size of translation no longer wraps text configured to fit on one line, checks source strings, and refreshes rendered previews after source edits.
-
Repository reset and update history now keeps attribution, records remote update failures, and includes follow-up translation-file reconciliation.
-
Updating repository URLs now validates compatible Git history without requiring an immediate successful merge.
-
Automatic translation no longer validates hidden component fields when using machine translation.
-
Strings marked for edit links now include all strings needing editing, checking, or rewriting.
-
Anonymous permission checks no longer fail when loading teams scoped to projects or workspaces.
-
API project creation can again use the user’s only eligible workspace when no explicit workspace is supplied.
-
Git auto-maintenance is now disabled for Weblate-managed repositories to avoid concurrent detached maintenance jobs.
-
Interrupted Git repository operations are now either recovered and recorded or surfaced as a repository alert.
-
Watched translations on the dashboard now include category path segments.
-
Unsupported upload levels now show an upload placeholder pointing to individual translations.
-
Component API responses no longer expose repository export, push branch, or repository browser links to users without repository access.
Compatibility
-
DeepL now handles DeepL API versions internally, uses v3 for glossary management and language discovery, and no longer supports DeepL API v1.
-
Fedora Messaging topics now include category path segments, and broker settings are stored as an AMQP URL with existing host and SSL settings migrated automatically.
Upgrading
Please follow Generic upgrade instructions in order to perform update.
-
There are changes in
settings_example.py, most notably inSOCIAL_AUTH_PIPELINEandSOCIAL_AUTH_DISCONNECT_PIPELINE; please adjust your settings accordingly. -
Existing translation-memory entries are moved to scoped storage by a periodic Celery background task. Keep Celery running after the upgrade; translation-memory suggestions can be incomplete until the backfill finishes.
Contributors
Code contributions
Michal Čihař, Karen Konou, Weblate CI, michael-smt, Samuel Gomes, Dinis Sales, Gersona, Harsha C, Kartik Ohri, Besnik Bleta, fahadhewad
Translations contributions
Dick Groskamp, Michal Čihař, 為什麼不加空格, VfBFan, Любомир Василев, 이정희, Aindriú Mac Giolla Eoin, Yaron Shahrabani, jiahaisheng, Horus68, Andrei Stepanov, Martin Srebotnjak, Peter Vančo, Hotripak, 大王叫我来巡山, Milo Ivir, ℂ𝕠𝕠𝕠𝕝 (𝕘𝕚𝕥𝕙𝕦𝕓.𝕔𝕠𝕞/ℂ𝕠𝕠𝕠𝕝), Mickaël Binos, Besnik Bleta, Frank Paul Silye, Matthaiks, abd sak, Hoseok Seo, Fulup Jakez, Gaël TISSERAND (Gtisseran), Azamat Аituganov, Mahirə Həsənova, Pierfrancesco Passerini, Libre, Mohamed Aymane Farhi, Júlia Rosell Saldaña, پرویز قادر, Jim Kats, Miguel A. Bouzada, Manuela Silva, reducedradius, Hanssium, Uh idk, Arif Budiman, Feike Donia, Zahid Rizky Fakhri, Emin Tufan Çetin, ojppe, தமிழ்நேரம், António Oliveira, Rumuz AGO, justcontributor, Flynn, Ștefan Zaharia, Nozomu Matsui, H-Media, Ecron, Weblate CI, Balázs Meskó, Fjuro, goeran, Adam Havránek, Priit Jõerüüt, Astrid Høie Silden, Alan S. Muhammed (Alan Kurdish), hoanghuy309, Yamin Siahmargooei, MeahNunh, Kartik Ohri, Valeria Sofia Azañero, Tuomas Hietala, Rafael Fontenelle, Yuri Chornoivan, AWwue-work, Kristoffer Grundström, ssantos, Andi Chandler, Ldm Public, Alc4Traz45, Szafranek13, hms5232, Victor K, 大学没毕业
Documentation contributions
Michal Čihař, michael-smt, Karen Konou, Gersona, Weblate CI, Kartik Ohri, Besnik Bleta, fahadhewad, Harsha C