miniflux/v2 2.2.17 on GitHub

Do not expose the Miniflux version on unauthenticated endpoints (deprecated since version 2.0.49).
Improve HTML sanitizer by switching from the tokenizer to the golang.org/x/net/html parser to better match browser behavior and reduce the risk of injection issues.
Enforce blocked resource checks on srcset URLs.
Improve blocked resource handling (including updates to blocked URL substrings).
Add validation for TRUSTED_REVERSE_PROXY_NETWORKS configuration to prevent silent misconfiguration.
Prevent possible deadlock when cleaning removed entries.
Ensure HTTP response bodies are always closed, even on client errors.

Rewrite srcset parser to follow HTML specifications (WebKit-style parsing) and handle edge cases more correctly.
Improve sanitizer performance (various optimizations, including reduced allocations and better attribute handling).
Handle deeply nested HTML more robustly in the sanitizer.
Add scraper and rewrite rules for:
- bleepingcomputer.com
- vnexpress.net
Improve JSON Feed support:
- Support malformed feeds with author objects in the authors array.
- Avoid panic when parsing null feeds.
- Improve title fallback logic.
- Include external_url in JSON entry hash fallback.
Ignore WordPress wp-json API endpoint during JSON feed discovery.
Add unread status filter to search results.
Improve timezone handling internals and performance.
Improve API payload structures and Godoc comments.
Improve JavaScript code readability and keyboard shortcut handling.
Restore cmd/ctrl/shift-click behavior on main navigation.
Fix Safari PWA behavior for the v shortcut to open links in the main browser.

Removed FILTER_ENTRY_MAX_AGE_DAYS.
This option can be replaced with a filter rule such as max-age:<duration>.
Global environment variables should be reserved for process-level configuration.

As always, thank you to all contributors who helped improve Miniflux in this release.

miniflux/v2 2.2.17 Miniflux 2.2.17 on GitHub