github ZoeyVid/NPMplus 2026-02-14-b1
on GitHub

pre-release4 hours ago

What's Changed since last release

  • Make sure to create a backup first
  • Testing and feedback in discussions is welcome (only create issues if you can exactly describe how to reproduce issues)
  • Breaking: this sadly comes again with many breaking changes that require manual intervention, the values of the following buttons were reset:
    • Disable Request/Response Buffering: This was split in two buttons
    • Send noindex header and block some user agents
    • Enable fancyindex/compression by upstream: This was split in two buttons
    • HTTP/3 Support
    • (this also effects the undocumented API)
  • This release will regenerate all your hosts
  • The X_FRAME_OPTIONS env was removed, you can now set this header directly in the WebUI per proxy host/location
  • Add button to disable Crowdsec Appsec in the WebUI per proxy host/location
  • The old Auth Request examples from the README are not supported anymore, you can now easily enable auth providers (anubis/tinyauth/authelia/authentik) by setting some envs and selecting them in the WebUI per proxy host/location, see the README
  • Custom locations can now be turned on and off in the UI without deleting them
  • the SKIP_IP_RANGES env was inverted by renaming it to TRUST_CLOUDFLARE
  • the NGINX_LOAD_GEOIP_MODULE env and module was removed (the NGINX_LOAD_GEOIP2_MODULE env and module is still there)
  • A Content Security Policy was added to goaccess and the NPMplus WebUI, please note that this will break uncached gravatar images, to fix this you need to edit a users profile (where you can edit the name) and save it without changes
  • Proxy hosts protected with basic auth were very slow, this was fixed by reducing the bcrypt level
  • basic auth password are not saved in plain text anymore in the database, this does not apply to existing access lists
  • setting the ACME_PROFILE env to none will now unset the acme profile for all existing certs
  • streams and proxy hosts which do not proxy to sub paths it will now work (again) with dynamic dns
  • the referrer-policy sent by and upstream will not be overridden anymore
  • fix #2704
  • fix #2652, this does not apply to existing custom certs
  • fix upload of custom certificates
  • contrast of selected text in the WebUI in dark mode has been improved
  • merge upstream, no changes since the "Trust Upstream Forwarded Proto Headers" button is excluded in NPMplus
  • dep updates

Image tags:

  • docker.io/zoeyvid/npmplus:2026-02-14-b1 (fixed to this release)
  • ghcr.io/zoeyvid/npmplus:2026-02-14-b1 (fixed to this release)
  • docker.io/zoeyvid/npmplus:beta (latest beta/stable)
  • ghcr.io/zoeyvid/npmplus:beta (latest beta/stable)

Full Changelog: bb42866...2026-02-14-b1

Check out latest releases or
releases around ZoeyVid/NPMplus 2026-02-14-b1

Don't miss a new NPMplus release

NewReleases is sending notifications on new releases.

Get notifications