Join the discord to stay up to date and have early previews

Little dev note

Sorry been a while since the last update, I am at low capacity. I think this is the only repo where I didn't announce what's going on, sorry about that.

My kid had his SECOND liver transplant and we are currently in intensive care making sure he's well, I'm only able to work on things during down times while he's asleep or while nothing is going on (and obviously if I'm in the mood to do so).

He's doing amazingly and hopefully he'll be back to the ward soon as he's recovering like a superstar ❤️

Changelog

This is a security release, the package vulnerabilities were stacking up a bit too much for my liking and there was a security incident report #88 which is addressed with this release. I'll wait a week for as many people to update as possible and publish the full advisory report. This obviously only affects you if your instance is public, but I'd update regardless.

bufixes

• Fix issue where @ syntax jobs disappear when paused #82

security updates

• CWE-306 | CWE-287 | CWE-693 - High (thank you @comfyfyfy )
• systeminformation: Fixed Command Injection in versions() and wifi.js - High
• minimatch: Fixed multiple ReDoS vulnerabilities (wildcards, matchOne backtracking, and nested extglobs) - High
• flatted: Fixed Prototype Pollution in the parse() function - High
• Next.js: Fixed next/image disk cache exhaustion and postponed resume buffering DoS - Moderate
• Next.js: Fixed HTTP request smuggling in rewrites - Moderate
• Next.js: Fixed CSRF bypasses for Server Actions - Moderate
• Next.js: Fixed CSRF bypasses for HMR websockets (null origin) - Low