Note
This release includes important security fixes, please make sure to upgrade as soon as possible.
What's Changed
v0.11.6 includes security updates in dependencies as well as an IDOR (Insecure Direct Object Reference) fix for an API endpoint. The security issue was reported on the 18th of March 2026 (yesterday) by @tunelko. It was caused by an incorrect permission check on an API endpoint that is not currently used in the main application but is documented in the API spec. The fix was implemented quickly to ensure the originally intended behaviour and is running stable in our testing systems.
Credits to @tunelko reaching out to us via the appropriate channels and cooperating in order to ensure the quick resolution of the issue.
Full Changelog: v0.11.5...v0.11.6