Released: 2026-03-19
Security
- CVE-2026-32597: PyJWT 2.8.0 to 2.12.0 (HIGH - crit header validation)
- CVE-2026-32274: black 24.3.0 to 26.3.1 (HIGH - arbitrary file write)
- Removed black from runtime requirements (dev tool only)
Bug Fixes
- Fix #197: Docker git errors eliminated on every health check; git_branch shown correctly in sidebar
- Fix #199: Installation wizard credentials now used for login instead of default admin/mvidarr
- Fix #200: Thumbnails downloaded immediately on video completion; YouTube URL fallback chain (maxresdefault, hqdefault, mqdefault)
Dev Environment
- Added docker-compose.dev.yml for local Docker dev on port 5001
Upgrade Notes
No database migrations required.