This release adds a new security option, fixes Prowlarr seedtime preferences, and implements several fixes and security hardening changes.
New:
- Added
DISABLE_LOCAL_AUTHenvironment variable for OIDC-only configs - Changed Prowlarr seedtime preference to opt-in (Enable in Settings > Prowlarr). Fixed an issue with user-specified seed time configs not pulling into shelfmark correctly.
Fixes
- Fixed Google Books error responses being cached as search results. (#958)
- Fixed language filter matching by normalising language strings more consistently. (#960)
- Improved download copy/hardlink handling on FUSE & NFS. (#957, #961)
- Streamed archive extraction instead of loading archive contents into memory. (#965)
- Fixed Tor routing and healthchecks so Tor can bootstrap correctly, private networks can bypass Tor, and healthchecks no longer require a clear-net probe. (#944, #966)
Security
- Updated frontend, Python, and CodeQL dependencies, including fixing an 11th May
urllib3CVE (#952, #953, #954) - Hardened cover-image fetching and download prefetch flows against unsafe remote URLs, redirects, and untrusted origins. (#943, #967, #976)
- Tightened download and queue authorization, including queue ownership checks, release-source availability checks, and request policy source validation. (#970, #971, #975)
- Contained remote path mappings and qBittorrent fallback path handling to prevent unsafe path resolution. (#973, #974)
- Validated IRC DCC offers and AudiobookBay detail URLs before using them. (#964, #972)
- Redacted release URLs more safely in Newznab/Prowlarr download flows. (#968)
- Required verified OIDC email claims before linking external identities to existing accounts. (#963)
- Made container startup fail closed when the config directory remains unwritable instead of falling back to root. (#985)
- Pinned Docker base image digests and removed installer tooling from runtime images. (#969, #978)