github Yeraze/meshmonitor v4.0.0-beta14
on GitHub

pre-release15 hours ago

MeshMonitor v4.0.0-beta14

⚠️ Pre-release — this is a beta. Back up your database before upgrading and report any issues.

This beta lands a JSON export for the Channel Database alongside the existing import flow, complete with documented format on meshmonitor.org. Several stability fixes follow up on the v4.0 multi-source architecture: ignored-nodes are now per-source, auto-favorite reads are properly scoped, the dashboard respects ignored/active filters, and the Packets by Device breakdown no longer reports >100%. A pg-pool starvation under NodeInfo bursts is resolved, login errors are no longer misleading during rate-limit or CSRF-expiry, and a new IFRAME_ALLOWED_ORIGINS env var lets operators control embedding. Production npm-audit vulnerabilities are cleared via lockfile dedupe, and translations are refreshed from Weblate.

Features

  • Channel Database: JSON export button + documented import/export format (#2801)
  • Ignored Nodes: list is now per-source (#2791)
  • Security: add `IFRAME_ALLOWED_ORIGINS` env var for embed control (#2789)

Bug Fixes

  • Dashboard: respect ignored/active filters and add Unified source (#2800)
  • Packets by Device: scope to source — fixes >100% percentages (#2795)
  • Database: resolve pg-pool starvation under NodeInfo burst (#2792)
  • Auto-favorite: scope reads per-source and align status endpoint (#2790)
  • Auth: distinguish rate-limit and CSRF expiry from bad credentials on login (#2785)

Documentation

  • Align README / docs / Helm with 4.0 multi-source architecture (#2793)

Dependencies & Chores

  • npm audit fix — clear production vulnerabilities via lockfile dedupe (#2798)
  • Translations update from Hosted Weblate (#2674)
  • Version bump to 4.0.0-beta14 (#2803)

Issues Resolved

  • #2799 — [FEAT] Channel database export and example
  • #2797 — [MAINTENANCE] Enable Dependabot to automatically fix npm audit vulnerabilities
  • #2794 — [BUG] "Packets by Device" percentages exceed 100%
  • #2788 — [FEAT] `ALLOW_IFRAME=true` env var
  • #2786 — [BUG] v4.0.0-beta12 — Android app can't connect to Virtual Node on 4404
  • #2784 — v4 rate-limit rejection displays misleading login error
  • #2783 — v4 login error message misleads on stale CSRF
  • #2781 — [BUG] v4.0.0-beta11 migration silently zeroes api_tokens
  • #2780 — [BUG] DrizzleQueryError on NodeInfo writes after v3.12.0 → v4.0.0-beta11

Upgrade Notes

  • Per-source ignored-nodes is a behavior change: lists previously global will be migrated. Verify your ignore configuration after upgrade.
  • New optional env var `IFRAME_ALLOWED_ORIGINS` for operators who want to embed MeshMonitor; defaults are unchanged.

Full Changelog: v4.0.0-beta13...v4.0.0-beta14

🚀 MeshMonitor v4.0.0-beta14

📦 Installation

Docker (recommended): 

docker run -d \
  --name meshmonitor \
  -p 8080:3001 \
  -v meshmonitor-data:/data \
  ghcr.io/Yeraze/meshmonitor:4.0.0-beta14

🧪 Testing

✅ All tests passed
✅ TypeScript checks passed
✅ Docker images built for linux/amd64, linux/arm64, linux/arm/v7

📋 Changes

See commit history for detailed changes.

Check out latest releases or
releases around Yeraze/meshmonitor v4.0.0-beta14

Don't miss a new meshmonitor release

NewReleases is sending notifications on new releases.

Get notifications