github knadh/listmonk v5.1.0
on GitHub

21 hours ago

listmonk-logo

v5.1.0 contains an important security update (CSRF prevention - CVE-2025-58430) along with other minor bug fixes and improvements.

What's new?

  • ALTCHA (self-contained proof-of-work CAPTCHA alternative) in addition to hCaptcha (deprecated)
  • Refactored media gallery with a new UI and improved UX.
  • Bulk subscriber blocklisting directly from the bounces UI.
  • Auto-creation of OIDC users with default user and list roles.

How to upgrade

As always, take a backup of your database before upgrading.

Binary

Download the latest binary. Stop and replace the old binary. Run ./listmonk --upgrade. Start the app again.

Docker 

# cd /directory/with/docker-compose.yml

docker-compose down
docker-compose pull && docker-compose run --rm app ./listmonk --upgrade
docker-compose up -d app db

Changelog

  • 30846f8 Ignore altcha.umd.js from frontend build so that goreleaser ignores it.
  • e27a390 Expand the warning on subscribers:sql_query permission on arbitrary SQL functions.
  • 6d99316 Auto-translate new i18n language strings.
  • d4007d5 Fix Go tpl expressions breaking in Visual editor HTML.
  • deb41f8 Add i18n translation helper script.
  • 81d05e4 Suppress optin e-mail send errors on subscriber insert/edit APIs.
  • fcbebc2 Update Cypress trests on the campaign file attach UI.
  • e8b0eaf Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 (#2634)
  • 301c13a Add optional subject param to tx API. Closes #2333.
  • ad66878 Fix list action icons not showing on the UI based on permissions. Closes #2640.
  • fbe4c5c Make session cookie samesite to prevent CSRF requests.
  • ea88b94 Add link for n8n node (#2649)
  • 7d38890 Change OIDC init to lazy-load instead of loading once on boot. Fixes #2626.
  • 9611164 Refresh i18n language files.
  • 09d291e Add support for built-in ALTCHA CAPTCHA implementation.
  • 38387d0 Fix List-Unsubscribe header incorrectly sent on opt-in confirmation. Closes #2619.
  • eef0021 Add support for loading secrets from *_FILE env vars in Docker environment.
  • 4a93184 Bump tmp from 0.2.3 to 0.2.4 in /frontend (#2617)
  • ad67fc6 Refactor landing page on the website.
  • 4d74cf4 Tweak log viewer to optionally hide filename from log lines (on the import UI).
  • 26c61f8 Bump form-data from 4.0.1 to 4.0.4 in /frontend (#2587)
  • fb39d61 Refactor media gallery UI.
  • ba24c64 Add subsriber blocklisting on the bounces UI (#2409)
  • c9c678c Add support for OIDC user auto-creation (#2578)
  • 66d7413 Update OpenAPI specification (#2581)
  • ae84fa3 Add listmonk-mcp to SDKs documentation (#2573)
  • 6b7e423 Update OIDC doc with latest KeyCloak realm URL (#2568)
  • 89b2704 Update deps and remove obsolete replace in go.mod. Closes #2567.
  • 98d2ad6 Add Korean i18n translation (#2565)
  • 38c784f Update release details on the static homepage.
Check out latest releases or
releases around knadh/listmonk v5.1.0

Don't miss a new listmonk release

NewReleases is sending notifications on new releases.

Get notifications