new-usemame/Calibre-Web-NextGen v4.0.54

v4.0.54 — mobile Safari metadata search + KOReader plugin fixes + container start guard

on GitHub

What this release fixes

Three reported bugs, all shipping in one hotfix.

Mobile Safari: metadata search now works

On iPhone Safari, tapping Fetch Metadata in the book editor would silently fail or return an error — Safari does not reliably attach the CSRF header to fetch() requests, and the server rejected the POST. The search button now sends the CSRF token in the request body instead of relying on the header, and a new cwaFetch() wrapper attaches the header proactively to every other admin action in the same templates. iPhone users can now search metadata, schedule library converts, and run the epub fixer like everyone else.

KOReader plugin: no more crash when tapping push/pull outside a book + new bulk-pull action

Tapping Push progress or Pull progress from the KOReader menu when no book was open used to crash the plugin or do nothing silently. It now shows a clear "No book is currently open" message and refuses to dispatch a half-built request. A new Pull progress for all action is also added: finish a book on one device, switch to another, pull every downloaded book's progress at once.

The bundled plugin version now mirrors the CWNG release tag (4.0.54) so users diagnosing "did I copy the right plugin file for my server?" can answer it at a glance instead of trying to remember which release shipped 1.0.2.

Container won't start: TLS-bytes-on-plain-HTTP crash guard

Containers behind some reverse proxies (notably Traefik v3) or with frequent healthcheck probes were crashing with AttributeError: 'NoneType' object has no attribute 'get' from cps/gevent_wsgi.py. The crash fires when the listener receives TLS handshake bytes on the plain-HTTP port (or any malformed request that fails HTTP parsing) — the request log formatter assumed environ would be populated, but for parse-failures it stays None. Added a one-line guard with a 4-case regression test pinning the behavior. Container now returns HTTP 400 and keeps running.

Pull image

docker pull ghcr.io/new-usemame/calibre-web-nextgen:v4.0.54

Or use :latest.

Credits

• Mobile Safari CSRF fix: @jgoguen — backport of crocodilestick/Calibre-Web-Automated#1295 (resolves the symptoms in CWA #1266).
• KOReader plugin no-book guards: @jgoguen — backport of crocodilestick/Calibre-Web-Automated#1271.
• KOReader bulk-pull: @jgoguen — backport of crocodilestick/Calibre-Web-Automated#1272.
• Plugin version-display question that set the new mirror-the-release-tag rule: @SethMilliken on #150.
• Container-won't-start report + sharp reproduction details: @iroQuai on #147.

Closes fork issues

• #147 — Container won't start on v4.0.49+, gevent_wsgi NoneType crash
• #154 — Upstream PR merge request: mobile Safari CSRF token for metadata search
• #155 — Upstream PR merge request: kosync plugin updates

Verification

Each change has a regression test under tests/unit/. Live exercise on cwn-local: Safari user-agent metadata search returns 200 with real provider results; container survives printf '\x16\x03\x01\x00\x05hello\n' | nc localhost 8086 (the original #147 reproducer) without a traceback; kosync routes respond correctly.

Full diff details: CHANGES-vs-upstream.md.