v2.3.11

Features

• Integrate Atlas Cloud provider (d87e7785a) by @lucaszhu-hue.
• Add ACME CA directory presets (0f0fa1c08) by @0xJacky.
• Add batch status actions for sites (86ba59cbe) by @0xJacky.
• Optimize certificate application operations (a98bd9216) by @CarmJos.
• Add support for custom Nginx maintenance templates (4d0dcb92b) by @enwikuna.

Bug Fixes

• Update the nginx bundled in the Docker image to the latest 1.31.x release, fixing the critical CVE-2026-42945 ("NGINX Rift") heap buffer overflow in ngx_http_rewrite_module along with related advisories (CVE-2026-42926, CVE-2026-42946, CVE-2026-42934) (fc7150c15) by @0xJacky.
• Stabilize realtime chart timestamps on the dashboard (32c1fadc0) by @0xJacky.
• Inline nginx base image setup for Docker (5fc038f2e) by @0xJacky.
• Resolve websocket base from page url (a455e5902) by @0xJacky.
• Allow browserslist database updates (4f489c123) by @0xJacky.
• Preserve proxy path for websocket urls (c28fb16d5) by @0xJacky.
• Migrate ACME client to lego v5 (6859e18d4) by @0xJacky.
• Normalize legacy key types (98bb8903f) by @0xJacky.
• Configure pnpm build approvals in CI (c7c67c5a6) by @0xJacky.
• Resolve concurrent map iteration and map write crash in sitecheck (ba2bbe3ac) by @0xJacky.

Contributors

@0xJacky @lucaszhu-hue @CarmJos @enwikuna

v2.3.10

Features

• None.

Bug Fixes

• Render external notification placeholders before delivery so templated variables display correctly (030157829) by @0xJacky.
• Refresh translations, including corrected spacing for restricted nginx directive messages in Chinese locales (432a791ca) by @0xJacky.

Contributors

@0xJacky

v2.3.9

🎉 Features

• Harden config write paths across config, site, and stream operations to reject unsafe file names and invalid content earlier, improving write-path safety and frontend error reporting (3e411d38d, fd61e8ea6) by @0xJacky

🐛 Bug Fixes

• Restrict executable nginx directives in managed config content to reduce the risk of unsafe directives being written through the UI or API (fd61e8ea6) by @0xJacky
• Require a secure session before allowing backup restore operations (4e4174d89) by @0xJacky

❤️ Contributors

@0xJacky
@eeee2345

v2.3.8

🎉 Features

• Protect sensitive settings with a 2FA-gated reveal flow and improve sensitive value masking in the UI (80a6a7273, 4d96c3499) by @0xJacky

🐛 Bug Fixes

• Harden the first-run installation flow to make setup more reliable (25dea9f62) by @0xJacky
• Separate HTTP and WebSocket upstream routes to improve proxy behavior (05e544c8f) by @0xJacky
• Reduce certificate auto-renew retry churn and expose renewal errors more clearly (899c9f199) by @0xJacky
• Preserve the forwarded host during Docker WebSocket checks (57b6f982e) by @0xJacky
• Avoid a WebSocket keepalive race in analytics (d25c9975d) by @0xJacky
• Update the bundled uuid dependency to v14 (171bb5299) by @renovate[bot]

❤️ Contributors

@0xJacky
@renovate[bot]

v2.3.7

🎉 Features

• Add a WebSocket keepalive mechanism to improve node availability tracking and connection stability (7ed73f621) by @0xJacky
• Add global site check controls, including enable/disable, concurrency limits, and configurable check intervals (535c8efb3) by @0xJacky
• Honor the configured health check protocol during both scheduled checks and manual tests (c38e0a28b) by @0xJacky

🐛 Bug Fixes

• Restore the WebSocket connection used during certificate issuance so live progress updates work correctly again (329e8589e) by @0xJacky
• Reduce outbound connection pressure in site checks by reusing shared HTTP transports, deduplicating requests, and avoiding unnecessary repeated fetches (535c8efb3) by @0xJacky
• Improve upstream handling reliability and expand test coverage (89c1fdfb4) by @sleet0922
• Fix embedding for generated assets whose names contain underscores (32d5ce001) by @temasmirnov
• Update non-major dependencies and release tooling to improve overall reliability (f73aabb59, 20538d9c7, 513d5d6fb) by @renovate[bot]

❤️ Contributors

@0xJacky
@sleet0922
@temasmirnov
@renovate[bot]

v2.3.6

• Improved WebSocket security and stability with short-lived tokens, stricter authentication, better origin validation, and safer concurrent writes.
• Enhanced TLS and certificate workflows by auto-inserting required SSL directives and preventing incomplete TLS configs from being saved.
• Improved backup and restore reliability, including support for changed crypto secrets and compatibility with legacy manifest signatures.
• Made the Nginx config editor more stable by using unique keys for locations and directives during editing and drag-and-drop.
• Fixed an MCP panic on nil tool arguments and improved nginx log service initialization.
• Updated non-major frontend and backend dependencies.

v2.3.5

This update includes several security patches. It is recommended that all users update their systems immediately.

v2.3.4

This update includes several security patches. It is recommended that all users update their systems immediately.

v2.3.3

🎉 Features

• Integrate DNS record management into site configuration (#1519) by @NemerYTamimi
• Support OIDC login (#1488) by @Jraaay
• Implement PID path extraction from nginx -T output by @0xJacky
• Add Termux build support and update build configuration (#1479) by @0xJacky
• Refactor title generation for LLM sessions (#1540) by @0xJacky

🐛 Bug Fixes

• Add WebDAV methods (PROPFIND, PROPPATCH, MKCOL, etc.) to ValidHTTPMethods (#1546) by @0xJacky
• Explicitly negotiate Docker API version to ensure compatibility (#1543) by @0xJacky
• Fix image paths and enhance Japanese translations (#1541) by @mumeinosato
• Change input type from 'number' to 'numeric' (#1499) by @heintz06
• Fix Nginx duplicate includes (#1550) by @0xJacky
• Fix Access log dark mode font (#1545) by @0xJacky
• Disable dead links check for Weblate translation by @Hintay

❤️ Contributors

@0xJacky
@Jraaay
@NemerYTamimi
@mumeinosato
@heintz06
@Hintay
@renovate[bot]
@weblate

v2.3.2

🎉 Features

• DNS: Introduce DNS record management (Alibaba Cloud, Tencent Cloud, Cloudflare) #1466
• DNS: Add DDNS support #1194, #1140
• Nginx Logs: Deliver true incremental indexing with config improvements and stronger integration tests/logging.
• Health Checks: Allow full HTTP status code ranges; avoid network calls when health checks are disabled (#1457, #1458).
• Site/Assets: Add favicon auto-download with content-type validation; streamline frontend asset handling by removing the compression step.
• Tooling: Add and register the nginx_config_enable MCP tool with docs #1459 .
• Enhance site scanning to support include directives and improve listen directive handling #1378, #1463

🐛 Bug Fixes

• Nginx Sandbox: Correctly handle symlinked entries during config copy; fix sandbox test config locking.
• Proxy: Strip internal identifiers from upstream requests (#1463).
• UI: Disable pagination in SocketList to prevent missing data; fix site navigation sorting; update translations.
• Stability: Dependency refreshes and debugging tweaks to improve reliability.

❤️ Contributors

• @0xJacky
• @FelipeGCaetano
• @PeterDaveHello
• @weblate