new-usemame/Calibre-Web-NextGen v4.0.46

v4.0.46 — Thumbnail deadlock fix, in-fork updater, three OPDS bugs

on GitHub

What changed

Three user-reported issues fixed plus one upstream CWA backport.

Cover-thumbnail DB deadlock fixed (#134, backport of CWA #1346 by @navels)

Editing a book's metadata could trigger 504/502 timeouts in the Web UI on libraries with concurrent ingest activity. The thumbnail regeneration ran during the Calibre metadata-edit transaction; the worker then re-opened metadata.db while the editing transaction still held a write lock, blocking the gevent loop until the lock cleared.

Fix defers the thumbnail queue until after calibre_db.session.commit() returns, and passes the committed book path + last-modified directly into the worker via a new BookCoverSource dataclass so the worker no longer needs to re-query metadata.db at all for single-book refreshes. Refs long-standing CWA #1256. Requested in fork issue #134 by @Onkeyuk.

"Check for Update" actually checks this fork now (#125)

The admin → Version Information → Check for Update button was still hitting janeczku/calibre-web despite the s6-init bootstrap probe being pointed at this fork back in v4.0.8. Users on the fork would never see an update notification even when a newer fork release existed.

Two changes:

1. cps/updater.py now resolves the release target through the same CWA_RELEASE_REPO env contract PR #28 introduced — default is new-usemame/Calibre-Web-NextGen, downstreams can pin elsewhere.
2. New _normalize_tag() helper accepts both vX.Y.Z (fork) and X.Y.Z (upstream) and returns None for unparseable tags. The pre-fix code did int(tag.split('.')[0]) directly, which would have raised ValueError on every fork tag once the URL pointed at the fork.

Reported in fork issue #125 by @SpookyUSAF.

Three OPDS bugs fixed (#121, reporter @droM4X on Readest)

One report, three independent bugs:

1. Log spam. Every OPDS catalogue fetch logged OPDS Login failed for user "" at WARN because OPDS clients issue an unauthenticated probe before sending credentials. verify_password now short-circuits on empty username — no DB query, no WARN. Genuine auth failures still log normally.

2. Anonymous-mode regression. When anonymous browsing was enabled AND the OPDS client sent (possibly stale) credentials, the server returned 401 instead of falling back to the Guest catalog. Anon-enabled deployments now behave the same whether the client tries to authenticate or not. Auth-only deployments keep their 401 behavior unchanged.

3. Hardcoded English on three OPDS root entries. "Alphabetical Books", "Recently added Books", and "Magic Shelves" rendered in English on a Hungarian-locale UI while sibling entries (Hot Books → Népszerű könyvek, Read Books → Elolvasott könyvek) localized correctly. Root cause: OPDS_ROOT_ENTRY_DEFS held bare Python literals; pybabel-extract can't follow _(variable) at extract time. Every title and description is now wrapped with N_() (flask_babel.lazy_gettext); next extract cycle picks them up.

Reported in fork issue #121.

To get the update

docker pull ghcr.io/new-usemame/calibre-web-nextgen:v4.0.46

Or :latest. No data migration step. The OPDS fixes and the updater fix take effect on container restart; the thumbnail-deadlock fix takes effect on the next metadata edit.

Test verification

• 3 new tests for the thumbnail deferral (CWA backport).
• 12 new tests for the updater fork target + tag normalizer.
• 7 new tests for the three OPDS bugs.
• Live container verification on localhost:8086:
  • OPDS log spam: probe with no auth, empty Basic auth, bad creds, valid creds — only the bad-creds case logs a WARN (correct).
  • OPDS anon fallback: with anon enabled, bad creds returns the Guest catalog (200, smaller payload) instead of 401; valid creds returns the larger admin catalog.
  • OPDS i18n: all 16 root entries render; LazyString wrappers in place for pybabel-extract.
  • Updater target: container has _REPOSITORY_SLUG=new-usemame/Calibre-Web-NextGen, _normalize_tag('v4.0.45') returns (4, 0, 45), real GitHub API call against the fork returns the actual release list with all tags parsing.
  • Thumbnail deferral: metadata edit on book #2 completes in ~96 ms with HTTP 200, no deadlock signatures in logs; source-pin confirms FLAG-SET < COMMIT < BRANCH ordering and WorkerThread.add receives TaskGenerateCoverThumbnails(book_id, book_path, last_modified).

Credit

• Upstream CWA backport: @navels (CWA #1346).
• Reporters who filed the issues that drove this release: @Onkeyuk (#134), @SpookyUSAF (#125), @droM4X (#121).