github prefect421/mvidarr v0.12.3
v0.12.3 - Playlist Sync & Logging
on GitHub

7 hours ago

What's New in v0.12.3

Playlist Sync Fixes

  • VEVO Name Cleanup: YouTube channel suffixes (VEVO, Official, Music, Records, Channel, TV) automatically stripped before artist lookup/creation during playlist sync, preventing duplicate artists with ugly names
  • Celery Worker Logging: All scheduled task logs (playlist sync, discovery, downloads) were silently dropped because the worker process lacked logger configuration. Fixed via after_setup_logger signal handler
  • Logger Namespace: Added "src" to configured logger namespaces for FastAPI process coverage

Also Included (v0.12.0 - v0.12.2)

v0.12.2 - Authentication & Stability

  • Added authentication to 36 unprotected API endpoints across 6 files
  • Global 401 interceptor redirects unauthenticated users to login page
  • Fixed discovery setting videos to WANTED regardless of artist auto_download setting
  • Fixed artist deletion 500 error from orphaned playlist/download foreign key references
  • YouTube monitored playlists now auto-sync every 6 hours via Celery scheduled task
  • Removed obsolete po-token-provider process causing FATAL crashes on startup

v0.12.1 - Security Hardening Stabilization

  • Fixed WAF false positives blocking URLs, cookies, and Range headers
  • Fixed video streaming (Range header no longer blocked by security middleware)
  • Fixed Flask-to-FastAPI session bridge for consistent authentication
  • Fixed YouTube playlist sync not detecting new videos
  • Rate limiting set to 300/min with static files exempt

v0.12.0 - Security Hardening Sprint

  • Consolidated auth system (SimpleAuth + SessionStore)
  • Removed backdoor endpoints (/test-login, credential reset)
  • Upgraded passwords from SHA-256 to bcrypt with lazy migration
  • SSRF protection, safe tar extraction, upload sanitization
  • Redis authentication, secure cookies, restricted proxy hosts
  • 49 vulnerabilities fixed (8 critical, 12 high, 16 medium, 13 low)

Upgrade Notes

  • Docker image rebuild required
  • Restart server after upgrade
  • Existing VEVO-named artists in the database should be manually renamed (e.g., KornVEVOKorn)

Full Changelog: v0.11.9...v0.12.3

Check out latest releases or
releases around prefect421/mvidarr v0.12.3

Don't miss a new mvidarr release

NewReleases is sending notifications on new releases.

Get notifications