github ZoeyVid/NPMplus 2026-01-17-r2
on GitHub

6 hours ago

What's Changed since last release (2026-01-16-r2)

  • run bulk host generation sequential

Image tags:

  • docker.io/zoeyvid/npmplus:2026-01-17-r2 (fixed to this beta release)
  • ghcr.io/zoeyvid/npmplus:2026-01-17-r2 (fixed to this beta release)
  • docker.io/zoeyvid/npmplus:latest (latest stable)
  • ghcr.io/zoeyvid/npmplus:latest (latest stable)
  • docker.io/zoeyvid/npmplus:beta (latest beta/stable)
  • ghcr.io/zoeyvid/npmplus:beta (latest beta/stable)

Full Changelog: 2026-01-17-r1...2026-01-17-r2

What's Changed in yesterdays release 2026-01-16-r1

  • Sorry for taking so long for a new release, but thanks for the many stars since the last release (I think over 1000 Stars in this time)
  • Feedback is welcome! If you have questions/issues please create a discussion and an issue if you can confirm it is reproducible
  • For all people who used the develop or beta tag in the last time, please switch now to the latest image, as develop can always break
  • Make sure to create a backup of the NPMplus data folder!
  • For a more complete list, see: #2299 and previous betas changelogs
  • NPMplus is now licensed under the AGPLv3, based on MIT licensed upstream
  • Note: this release will regenerate all your hosts
  • NPMplus now uses Lets Encrypts shortlived certs by default, which only support up to 25 domains per cert (and with this there is acme profile support)
  • on cert creation you can now choose to always reuse they (except on forced renewal), this is useful for TLSA
  • Some nginx modules which could be loaded via env are removed, because of build time, also modsec was removed
  • since modsec and coreruleset are removed these two buttons are currently unused, I created a poll of what these buttons should do in the future: #2524
  • Some envs are removed, if you used them NPMplus will refuse to start and inform you
  • some new envs were added
  • the path of the logs have moved from nginx/<filename>.log to nginx/logs/<filename>.log, there is still a symlink so crowdsec should not break
  • OIDC (and secure httponly cookies for tokens)
  • Upstreams new frontend was merged, also some things that got lost with the new frontend were re-added
  • changes to upstreams totp implementation: render qr code locally, so the secret is not exposed to api.qrserver.com
  • when using x86-64, then x86-64-v2 is now required
  • secpr1 is not used by default anymore, can cause issues like with element x on ios element-hq/element-x-ios#3655 (not classic element on ios and both not on android), there is an env to re-enable them
  • versions are now better shown in the UI
  • fixes, improvements, doc updates and dep updates (openssl 3.5.1 brings native quic and mlkem)
  • cache gravatars locally
  • option to edit custom certs
  • support: zstd, early hints, file server, proxy protocol in streams, bcrypt for access lists and more
  • watchtower and wud are now blocked to automatically update NPMplus (it will still it and send notifications, but not redeploy automatically)
  • clients incorrectly requiring a Certificate Common Name in a cert break when using certs from the shortlived/tlsserver profile. Certificate Common Name are deprecated in today's standards and with that should not be required when checking if certs are valid.

Full Changelog: 2025-05-07-r1...2026-01-17-r1

Check out latest releases or
releases around ZoeyVid/NPMplus 2026-01-17-r2

Don't miss a new NPMplus release

NewReleases is sending notifications on new releases.

Get notifications