knadh/listmonk v6.0.0

on GitHub

v6.0.0 is a major release with a significant number of improvements and fixes.

As always, take a backup of your Postgres database before upgrading.

What's new?

• TOTP two-factor authentication.
• E-mail based Forgot password reset flow.
• Ability to archive lists.
• Subscriber activity in the Subscriber profile UI.
• Ability to send transactional mails to non-subscribers via the /api/tx API.
• Campaign-level JSON JSON {} attributes just like subscriber attributes.
• Granular override on subscriptions / subscriber profile in bulk import.
• In-built Postgres VACUUM cron in Maintenance settings for large databases.
• CORS origin configuration in Security settings

In addition, there are several other bug fixes and improvements.

Security

This version addresses the issue of arbitrary <script>s in a campaign created by a non-admin user with the campaign management permission executing when a super admin previews that campaign, allowing API calls on the super admin user's account to execute on their session.

How to upgrade

As always, take a backup of your database before upgrading.

Binary

Download the latest binary. Stop and replace the old binary. Run ./listmonk --upgrade. Start the app again.

Docker

# cd /directory/with/docker-compose.yml

docker-compose down
docker-compose pull && docker-compose run --rm app ./listmonk --upgrade
docker-compose up -d app db

Changelog

• 00f303c Add v6.0.0 migration file.
• 5673e61 Add attribs to campaign docs.
• 2d560fa Upgrade altcha JS to latest version.
• d7a41f7 Auto-translate new i18n language strings.
• 556cb37 Fix Cypres tests.
• e20ed06 Rename v5.2.0 migration to v6.0.0.
• 9552865 Apply minor style fixes to admin.
• f1dd8a4 Add support for campaign-level JSON attributes.
• e49c8d0 Refresh i18n language files.
• a65608c Split 'overwrite' on import UI into 2 separate options (userinfo and subscription status). Closes #2496
• 77fb9dd Fix invalid syntax in bundled visual template.
• 576309d Add viewport meta tag to visual builder default template. Closes #2751.
• c6bc9a6 Show duration in seconds also on campaigns page. Closes #2796.
• 5f93543 Fix user menu not showing in responsive view on the UI. Closes #2793.
• 74dc5a0 Add sandboxing to campaign preview iframe.
• d802793 Bump qs from 6.13.1 to 6.14.1 in /frontend (#2844)
• 373682a Fix and imporve bulk deletion in campaigns and queries.
• 3f5bc8d Improve zh-TW (Traditional Chinese) translation (#2840)
• 183d0ea Bump github.com/altcha-org/altcha-lib-go from 0.2.2 to 1.0.0 (#2819)
• 787c758 Fix #2778 'Track Link' status is lost when re-saving an existing link in the Rich Text Editor (#2829)
• 1a68363 Add missing i18n German translations (#2830)
• e215e1e Added Cloudron install button in doc (#2826)
• e8fb9d5 Fix incorrect --new-config file write error message. Closes #2818.
• c651117 fix confusing formatting issue in dev setup docs (#2813)
• 55540a2 Remove confusing field validation behaviour on S3 settings UI. Closes #2806.
• e703c37 Add env var support for static-dir and i18n-dir flags (#2807)
• 9feb59f Update it.json (#2803)
• a998c91 Correct status field reference in documentation (#2808)
• 1c36164 Translate English phrases to Slovak in sk.json (#2810)
• 045f0eb Fix broken language string on CAPTCHA settings on UI. Closes #2781.
• 570bb46 Add cron-based VACUUM ANALYZE support for DB maintenance.
• 67ad4d5 Add external recipient support to /api/tx endpoint.
• 583f92a Add bulk deletion (by id or query) to lists and campaigns.
• 2b60907 Add list permission check to campaign creation.
• b46e0d6 Fix list update query returning incorrect state on lists with no campaigns.
• c108a61 Change LISTMONK_db__host from 'listmonk_db' to 'db' (#2787)
• c888b7f Update default sample visual template with tracked link examples (#2788)
• 06e6b67 Add Cloudzy logo to providers list on the homepage (#2777)
• e526a5f Fix list name not being updated in campaign_lists on list update. Closes #2734.
• 2074604 Add archival support to lists.
• 6417f30 Stop recording to send count on campaign creation.
• 12b8069 Remove incorrect settings dependency on Media UI.
• 581aad4 Add SMTP status check and basic heuristics to classify hard/soft bounce in POP3 scan.
• 3bf8bdb Split queries.sql into multiple files for better readability and maintainability. Closes #2738. (#2776)
• 8170489 Split models file to domain specific files (#2775)
• 750ce91 Fix incorrect doc for query param in /api/campaign. Closes #2772.
• 60f7ac9 Bump js-yaml from 4.1.0 to 4.1.1 in /frontend/email-builder (#2767)
• 296245a Add 2FA TOTP support for authentication.
• 4c3b58c Bump golang.org/x/crypto from 0.40.0 to 0.45.0 (#2766)
• 75998ca Add Forgot password reset flow to the admin. Closes #2753.
• ea1eb3f Add warning to users:manage permission in docs. Closes #2752.
• a2bfc0b feat: add subscriber activity tracking UI in admin panel (#2756)
• b3f60a9 Bump js-yaml from 4.1.0 to 4.1.1 in /frontend (#2761)
• 425c0d7 Update 3rd party instructions re Fly.io install (#2757)
• e469296 Fix duplicate operationId in OpenAPI spec (#2758)
• 22bcd70 feat: add Northflank deploy button (#2736)
• 60c069d Fix per_page=all not working on GET bounces API. Closes #2678.
• b7e8b1e Fix tx handler incorrectly sanitizing subscriber_emails[]. Closes #2726.
• cdf0a5c Add CORS configuration to security settings.
• 827a208 Bump vite from 5.4.20 to 5.4.21 in /frontend (#2722)
• e8156e0 Update Czech translation (#2694)
• c666c4f Bump vite from 5.4.19 to 5.4.20 in /frontend (#2691)
• 39658c4 Add minor security enhancements (#2682)
• 2085abe Handle Postmark spam complaints. (#2679)
• fb60455 Bump vite from 5.4.18 to 5.4.20 in /frontend/email-builder (#2660)
• 27f58ef Bump axios from 1.8.2 to 1.12.0 in /frontend (#2666)
• 06275f1 Update Czech translations (#2688)
• 2c5dc61 Update it.json (#2667)
• d661fa8 Fix typo in docs (#2664)
• a76099e incorrect ALTCHA Form challengeurl (#2654)
• 943a961 Update release details on the static homepage.