github aquantumofdonuts/mixarr v2.1.2
on GitHub

latest releases: v2.1.4, v2.1.3
9 hours ago

v2.1.2 Release Notes

Release Date: March 2026

Patch release focused on error logging visibility, security hardening, and Lidarr connection reliability.

Bug Fixes

Subscription Worker Error Logging

Job failures were logged as "error":{} — a JSON serialization bug where Error.message and Error.stack are non-enumerable properties and don't appear in JSON.stringify. All job failure logs now include the full error message and stack trace, making diagnosis of failing subscriptions possible.

Lidarr Auto-Add Silent Failures

When adding an artist to Lidarr failed, the error was silently caught and the result recorded as status: 'failed' with no diagnosis information. The error message is now logged as a warning before the failure is recorded.

SSRF Vulnerability (CodeQL #50)

Service URLs (Lidarr, Last.fm, Spotify, etc.) are now validated before any HTTP request is made. This prevents server-side request forgery attacks where a malicious URL could cause the API server to make requests to internal network addresses.

DISABLE_CADDY Support (#42)

Added a DISABLE_CADDY environment variable for users running Mixarr behind an existing reverse proxy (nginx, Traefik, etc.) who don't need Caddy. When set, the Caddy entrypoint exits cleanly without starting.

Lidarr Form Stale State (#43)

The Lidarr connection form was not re-mounting when the connection config finished loading during an edit. This caused the form to display stale values from a previous load. The form now uses a key based on the config load state to force a fresh mount.

rootFolderPath Normalization (#43)

Empty string rootFolderPath values are now normalized to undefined before use. Previously, an empty string would bypass the "use first available" fallback and cause Lidarr to either reject the request or use an unexpected folder.

TypeScript Build Errors

Downstream transitive dependency upgrades caused type conflicts. ioredis has been pinned to a compatible version. Resolves compilation failures that could affect Docker image builds.

Update Checker False Positive

After upgrading Mixarr, the sidebar would show "update available" for up to 6 hours because the Redis cache retained the previous update check result. The cache now stores the current version alongside the check result, so stale entries are detected and invalidated on the next request.

Version Constant

The /api/health/live endpoint previously read the version from npm_package_version (unreliable in Docker). It now reads from the VERSION constant, which is always correct.

Changes

Automated Version Sourcing

version.ts and constants.ts now derive their version strings from package.json at build time. This eliminates the risk of version strings getting out of sync between the API, web, and package files.

Upgrade Instructions

docker compose down
docker compose pull
docker compose up -d

No database migration required.

Full Changelog

See CHANGELOG.md or compare v2.1.1...v2.1.2 on GitHub.

Check out latest releases or
releases around aquantumofdonuts/mixarr v2.1.2

Don't miss a new mixarr release

NewReleases is sending notifications on new releases.

Get notifications