theantipopau/slimarr v1.2.0.0

Slimarr - v1.2.0.0

on GitHub

[1.2.0.0] - 2026-05-04

Release focus

Eliminated the only C-compiled Python dependency (lxml) and tightened Python version
guards to make source installs seamless on any supported Python version.

lxml dependency removed

• backend/integrations/newznab.py now uses xml.etree.ElementTree (Python stdlib) instead
  of lxml to parse Newznab RSS/Atom responses. The API is identical, so behaviour is
  unchanged. This removes the last dependency that required a C++ compiler or prebuilt wheel.
• lxml==5.3.0 removed from requirements.txt.
• Source installs now require zero native compilers — all remaining packages have
  prebuilt wheels for Python 3.11, 3.12, and 3.13 on Windows.

Tightened Python 3.14 guard in install.ps1

• Added a post-venv-creation version check: even if the venv somehow ends up on Python 3.14
  (e.g. leftover venv from an old install), the script now aborts with a clear error message
  before attempting pip install, rather than letting pip fail with cryptic build errors.
• Updated pip-failure message to reflect that pydantic-core (not lxml) is the remaining
  reason Python 3.14 is unsupported.

Milestone A safety hardening

• Added centralized API error envelopes with code, message, details, and
  correlation_id fields, plus global exception mapping in backend/main.py.
• Added correlation ID middleware (X-Correlation-ID) so API errors and server logs can be
  traced per request.
• Updated core API routes to use shared error helpers instead of mixed ad-hoc HTTPException
  responses.

Milestone A backend tests

• Added focused backend unit tests for comparison decisions, Radarr post-replace policy
  behavior, and replacer-to-Radarr policy bridge dispatch.
• New test files:
  • tests/backend/test_comparer.py
  • tests/backend/test_radarr_policy.py
  • tests/backend/test_replacer_policy_bridge.py

Audit and observability improvements

• Added system audit events for auth and settings actions:
  • login success/failure
  • active lockout checks
  • first-user registration
  • settings update writes and integration enabled/disabled toggles
• Extended activity_log with actor and details fields (additive migration) and exposed
  them in the Activity API output.
• Added correlation-id-enriched logging format and request lifecycle logs with method, path,
  response status, and latency.

Task idempotency safeguards

• Added guarded background-task start logic for manual task triggers to prevent duplicate starts
  while a matching task key is already running.
• Applied guards to scheduler task runs, full scan trigger, cleanup trigger, and full cycle start.

Diagnostics bundle

• Added a one-click diagnostics export endpoint at /api/v1/system/diagnostics/bundle that
  packages redacted config, system/integration health snapshots, and recent log tail into a zip
  for easier support troubleshooting.
• Updated system API runtime version constant to 1.2.0.0 for accurate /system/info and
  /system/update-check reporting.

API contract improvements

• Added shared Pydantic response models and wired them into core API routes for clearer OpenAPI
  docs and safer frontend type expectations.
• Covered auth check, dashboard stats/history/activity, library movie/search/action endpoints,
  queue endpoints, and activity list responses.
• Aligned auth dependency failures (API key/JWT/auth required) with centralized error envelopes
  for consistent unauthorized response payloads.
• Expanded response-model coverage to system, settings, and tv routers for health,
  preflight, matrix, update/task actions, blacklist, settings test, and TV cleanup endpoints.
• Added API contract test coverage to assert key routes keep declared response models.

Final release additions and platform polish

• Added stricter preferred-language filtering behavior in the comparison engine:
  • candidates with explicit language tags must include the configured preferred language
  • English preference now rejects explicit non-English title markers (for example ITA/French/German tags) when English is not present
• Added schedule-window enforcement with timezone support for overnight cross-check workflows:
  • new schedule.timezone config setting (local by default)
  • scheduler now runs window-aware checks and skips cycles outside configured start/end times
  • overnight windows spanning midnight (for example 23:00 -> 05:00) are supported
• Added cycle guardrails so long-running cycles stop processing new movies once the configured schedule window closes.
• Added regression test coverage for:
  • English-preferred language rejection of Italian-tagged candidates
  • overnight schedule-window evaluation logic
• Centralized application version metadata in backend/version.py and wired runtime/system APIs to that source for consistent version reporting.
• Aligned release metadata to 1.2.0.0 across backend runtime, frontend package metadata, installer metadata, and docs.
• Updated updater behavior messaging and safeguards:
  • clarified that update.bat is for git source checkouts only
  • added early guard when .git is not present to avoid misleading "updated" flows on installer deployments
• Improved installer build output quality:
  • removed obsolete/deprecated Inno Setup directives from installer config to eliminate packaging warnings
  • ensured installer config template generation includes schedule defaults for timezone/window settings
• Reduced startup noise in common Windows deployments by pinning bcrypt to a passlib-compatible version (bcrypt==4.0.1).
• Refreshed GitHub Pages docs site visuals and content hierarchy to highlight v1.2.0.0 improvements and improve release discoverability.