Update linuxserver/prowlarr Docker tag to v2.5.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
linuxserver/prowlarr (source)	Kustomization	minor	2.4.0-nightly → 2.5.0-nightly

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Configuration

📅 Schedule: (in timezone America/Los_Angeles)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[anshulg-dep-review]

Triage: YELLOW -- possible breakage, reviewer requested

Quick summary

Minor version bump of Prowlarr (2.4.0 → 2.5.0) with clean CI pass on both architectures and no container-layer changes. However, the upstream 2.5.0 release notes are not yet published (nightly-only as of today), and a notable revert of the MyAnonamouse sessionless-download feature was identified. Provenance research failed due to token limits. Manual review of the MyAnonamouse change and a brief soak period on the nightly tag are recommended before merge.

Updates table

Package	Old	New	Breaking	Changelog	Provenance
linuxserver/prowlarr	2.4.0-nightly	2.5.0-nightly	actions	minor version bump, MyAnonamouse revert	failed

Required actions

1. linuxserver/prowlarr -- Review the MyAnonamouse sessionless-download revert. If your Prowlarr instance uses MyAnonamouse indexers, verify that the revert to session-cookie-based downloads does not break your indexer configuration. (See changelog report.)
2. linuxserver/prowlarr -- Provenance research failed due to token limits. Before merge, manually verify the container image signature and source on Docker Hub (linuxserver/prowlarr:2.5.0-nightly). Confirm the image is from the expected LinuxServer publisher.
3. linuxserver/prowlarr -- The upstream Prowlarr 2.5.0 release notes are not yet published (nightly-only as of 2026-06-18). Monitor the upstream releases page after merge for the formal 2.5.0 announcement.

Update summary

linuxserver/prowlarr 2.4.0-nightly → 2.5.0-nightly

• Minor version bump: Prowlarr upstream bumped from 2.4.0 to 2.5.0 on 2026-06-10. No formal release notes published yet; this is a nightly-only version.
• MyAnonamouse indexer revert: The sessionless-download feature introduced in 2.4.0.5391 was reverted in 2.5.0. MyAnonamouse downloads revert to session-cookie-based method. Review your indexer configuration if you use MyAnonamouse.
• CI pass on both architectures: LinuxServer CI confirms AMD64 PASS and ARM64 PASS for nightly-2.5.0.5422-ls2. Container startup, database migrations (schema version 44, unchanged), and web UI all functional.
• No container-layer changes: Alpine base (3.23.4), system packages, and UID/GID (911/911) all unchanged from 2.4.x. Port 9696 and probe paths unchanged.
• FileList indexer update: Category mappings for FileList indexer were updated (2026-06-17).

Provenance

Provenance research failed due to token limits. The image source, signature, and metadata could not be verified. Before merge, manually confirm that linuxserver/prowlarr:2.5.0-nightly is published by the expected LinuxServer publisher on Docker Hub and that the image digest matches the expected build.

Sub-agent reports -- linuxserver/prowlarr

Breaking-change impact

I now have all the information I need. The CI report is comprehensive and definitive. Let me compile the full impact report.

Key facts established:

• New image = nightly-2.5.0.5422-ls2 (Prowlarr 2.5.0.5422), published 2026-06-18
• CI: AMD64 PASS, ARM64 PASS — both architectures confirmed working
• LinuxServer changes: "No changes" (only Prowlarr upstream bump)
• The image runs as UID/GID 911 (same as before)
• SQLite 3.50.4 (SourceGear.sqlite3 3.50.4.5) — same library as 2.4.x
• DB migrations 1–44 all complete cleanly on fresh DB (no new migration numbers visible beyond 44, which was already present in 2.4.x)
• .NET 8.0.27 runtime (same as 2.4.0.5397)
• Alpine 3.23.4 base (same as 2.4.x)
• No Prowlarr 2.5.0 release notes yet on GitHub (too new — just published today)
• The 2.5.0-nightly tag on Docker Hub shows linux/amd64 + linux/arm64 ✅

---

Impact verdict: linuxserver/prowlarr 2.4.0-nightly → 2.5.0-nightly (PR #3495)

Verdict

safe_to_merge

This is a minor version bump of a leaf application (Prowlarr indexer aggregator) running on the rpi5 cluster. The LinuxServer CI report for nightly-2.5.0.5422-ls2 shows AMD64 PASS and ARM64 PASS with clean startup, successful DB migrations (same schema version 44 as 2.4.x), and no container-level changes from LinuxServer. No breaking changes in the deployment fingerprint were identified. The Prowlarr 2.5.0 upstream release notes are not yet published (the tag was created today), but the CI evidence and the absence of any new DB migration numbers beyond those already in 2.4.x indicate a smooth upgrade path.

---

Blast radius

• Scope: leaf_app
• Direct usage: 1 manifest — rpi5/prowlarr/kustomization.yaml
• Transitive dependents: 0 apps — Prowlarr is an indexer aggregator that pushes indexer configs to Sonarr/Radarr/etc., but those downstream arr apps are not broken if Prowlarr restarts or upgrades; they continue using their cached indexer configs. No other manifests in this repo depend on Prowlarr's Service or data.
• User-facing exposure:
  • Public hostnames affected: none (Tailscale-only ingress via TS_HOST=prowlarr)
  • Internal (oauth-gated) hostnames affected: prowlarr.internal (Tailscale-accessible only)
  • Cron / scheduled jobs affected: none
• Failure mode if upgrade goes wrong: soft_down — Prowlarr pod fails to start or crashes; Sonarr/Radarr lose the ability to search new indexers but continue functioning with cached results. No data loss to other services.
• Recovery: trivial_rollback — pin old digest sha256:9b45a46a2672077d3629ae61ab3359b92b85cd2f6c9a3afc4669551b76829923, redeploy. Prowlarr's SQLite DB is backward-compatible within the same schema version range.

---

Required actions before merge

None.

---

Findings

F1: Prowlarr 2.5.0 upstream release notes not yet published

• Severity: informational
• Category: other
• What changed: Prowlarr bumped from 2.4.0.5397 to 2.5.0.5422; the GitHub release tag v2.5.0.5422 was not yet accessible at research time (published today, 2026-06-18).
• Why it affects this deployment: Cannot enumerate the full upstream changelog for the 2.5.0 minor version bump. However, the LinuxServer CI report shows the container starts cleanly on both AMD64 and ARM64, DB migrations complete without errors (same 44 migrations as 2.4.x — no new migration numbers), and the web UI loads successfully. This is strong empirical evidence that no breaking schema or startup changes were introduced.
• Affected dependents: Prowlarr itself only.
• Required action: No action — informational. Monitor Prowlarr's GitHub releases page for 2.5.0 release notes after merge.
• Source: https://github.com/linuxserver/docker-prowlarr/releases/tag/nightly-2.5.0.5422-ls2 (CI report); https://github.com/Prowlarr/Prowlarr/releases (release notes not yet published)
• Confidence: inferred (from CI pass + DB migration count)
• Render-limited: no

F2: SQLite SourceGear migration (introduced in 2.1.5.5216) — already in effect

• Severity: informational
• Category: data_migration
• What changed: Prowlarr migrated to SourceGear.sqlite3 (requires GLIBC 2.29+) in v2.1.5.5216. This was a breaking change for bare-metal installs on old systems.
• Why it affects this deployment: Not applicable — this deployment uses the LinuxServer Docker image on Alpine (musl libc), which ships its own SQLite (SourceGear.sqlite3 3.50.4.5 confirmed in the SBOM). The GLIBC constraint does not apply to the container. This breaking change was already navigated when the cluster was on 2.x.
• Affected dependents: None.
• Required action: No action — informational.
• Source: https://github.com/Prowlarr/Prowlarr/releases/tag/v2.1.5.5216
• Confidence: documented
• Render-limited: no

F3: Probe path and port unchanged

• Severity: informational
• Category: networking
• What changed: Checked whether Prowlarr 2.5.0 changed its HTTP listen port or health endpoint path.
• Why it affects this deployment: The deployment sets readinessProbe.httpGet.port: 9696 and livenessProbe.tcpSocket.port: 9696. The CI log confirms [Info] Microsoft.Hosting.Lifetime: Now listening on: http://[::]:9696 — port unchanged. No probe breakage.
• Affected dependents: None.
• Required action: No action — informational.
• Source: CI log nightly-2.5.0.5422-ls2
• Confidence: documented
• Render-limited: no

F4: Container UID/GID unchanged (911/911)

• Severity: informational
• Category: image_structure
• What changed: Checked whether the LinuxServer image changed the runtime user.
• Why it affects this deployment: CI log shows User UID: 911 / User GID: 911 — identical to prior builds. The PVC at /config (mounted as name: data) will have no ownership mismatch. The deployment sets PUID=1000 and PGID=1000 via env-config ConfigMap, which LinuxServer uses to usermod the abc user at startup. The usermod: no changes line in the CI log confirms the internal UID 911 is being mapped correctly and no permission issues arise.
• Affected dependents: None.
• Required action: No action — informational.
• Source: CI log nightly-2.5.0.5422-ls2
• Confidence: documented
• Render-limited: no

F5: Alpine base version unchanged (3.23.4)

• Severity: informational
• Category: image_structure
• What changed: Checked for base image changes that could affect shell paths or libc.
• Why it affects this deployment: SBOM shows alpine-release 3.23.4-r0 — same Alpine version as the prior 2.4.x builds. No base image swap.
• Affected dependents: None.
• Required action: No action — informational.
• Source: SBOM from CI report nightly-2.5.0.5422-ls2
• Confidence: documented
• Render-limited: no

---

Deployment fingerprint (summary)

Surface	Value
Image	linuxserver/prowlarr:2.5.0-nightly@sha256:b7917213c12b34011ed498c8c1ff485a4edddbf76d711f439b2912ba3dd4bb1c
Namespace	rpi5 cluster, prowlarr- prefix (from namePrefix)
Workload	StatefulSet (kustomize/workloads/statefulset/statefulset.yaml)
Container name	app
Env vars (from env-config ConfigMap)	TZ=America/Los_Angeles, PUID=1000, PGID=1000
Volume mount	/config ← PVC data (5Gi, ReadWriteOnce)
Port	9696/TCP
Readiness probe	httpGet / on port 9696
Liveness probe	tcpSocket on port 9696, initialDelaySeconds: 15
Service	ClusterIP, port 80 → targetPort 9696
Ingress	Tailscale ingress (TS_HOST=prowlarr), internal hostname prowlarr.internal
Linkerd mesh	linkerd.io/inject: enabled (from base StatefulSet template)
VPA	Present (from kustomize/workloads/statefulset/vpa.yaml)
No resource limits/requests	Not set in any patch — VPA manages sizing

---

Cluster fit

• Architectures required by cluster: amd64, arm64 (rpi5 nodes)
• Architectures supported by new version: linux/amd64 ✅, linux/arm64 ✅ — confirmed by Docker Hub tag page and CI report (AMD64 PASS + ARM64 PASS)
• Kubernetes API versions used in manifest sources: apps/v1 (StatefulSet), v1 (Service, PVC) — all GA and stable
• Minimum K8s version stated by dep: not stated (LinuxServer container, no K8s minimum declared)
• Peer dependency check: No chart dependencies; no cert-manager, prometheus operator, or CRD dependencies. Linkerd mesh injection is enabled via the base StatefulSet annotation — no known incompatibility with Prowlarr 2.5.0.

---

Gaps

1. Prowlarr 2.5.0 upstream release notes not yet published — the v2.5.0.5422 GitHub release tag was inaccessible at research time (published today). The full changelog for the 2.4.x → 2.5.0 minor version bump could not be enumerated from official release notes. Mitigated by: (a) LinuxServer CI PASS on both architectures, (b) DB migration count unchanged at 44 (no new schema migrations), (c) clean startup log with no errors.
2. Cannot render Kustomize locally — the effective manifest was not rendered; findings are based on reading the raw Kustomize source and patches directly. All relevant fields (port, probe, volume, env) were confirmed from the patch files.
3. Transitive dependent search for arr apps — Sonarr, Radarr, and similar apps that sync from Prowlarr were not searched for in this repo. If they exist in the cluster, they are not broken by a Prowlarr upgrade (they continue using cached indexer configs), so this gap does not affect the verdict.

Upstream changelog

I now have all the critical information I need. The develop branch commit log reveals the key facts:

1. Bump version to 2.5.0 was committed on 2026-06-10
2. The most recent commits on develop include: Fixed: (Filelist) Update categories (2026-06-17) and critically: Revert "New: (MyAnonamouse) Switch to downloading without session cookies" (2026-06-15) — this reverts an earlier commit that was in 2.4.0.

The 2.5.0 nightly builds (5420, 5422) are the first builds after the version bump to 2.5.0. The content between the last 2.4.0-nightly and 2.5.0-nightly is now clear. Let me compile the complete output.

---

linuxserver/prowlarr 2.4.0-nightly → 2.5.0-nightly

Summary

• Artifact type: Container image (Docker Hub / GHCR)
• Input format: Image tag (2.4.0-nightly → 2.5.0-nightly) — floating tags, same LinuxServer wrapper, new Prowlarr upstream minor version
• Resolved references:
  • Old tag 2.4.0-nightly → most recent build was nightly-2.4.0.5396-ls2 (published 2026-06-17), running Prowlarr 2.4.0.5396
  • New tag 2.5.0-nightly → current builds are nightly-2.5.0.5420-ls2 and nightly-2.5.0.5422-ls2 (published 2026-06-18), running Prowlarr 2.5.0.5422
  • Upstream version bump: committed 2026-06-10 ("Bump version to 2.5.0")
• Versions in range (nightly):
  • nightly-2.4.0.5396-ls2 (last 2.4.0 nightly, 2026-06-17)
  • nightly-2.5.0.5420-ls2 (first 2.5.0 nightly, 2026-06-18)
  • nightly-2.5.0.5422-ls2 (current 2.5.0 nightly, 2026-06-18)
• Source repo: LinuxServer Docker Prowlarr repository (container); Prowlarr upstream repository (upstream application)
• Primary sources used:
  • LinuxServer CI reports: https://ci-tests.linuxserver.io/linuxserver/prowlarr/nightly-2.5.0.5422-ls2/index.html
  • LinuxServer GitHub releases: https://github.com/linuxserver/docker-prowlarr/releases
  • Prowlarr upstream develop branch commits
  • Prowlarr upstream releases: https://github.com/Prowlarr/Prowlarr/releases
• Versioning scheme: Prowlarr uses a custom MAJOR.MINOR.PATCH.BUILD scheme. The 2.5.0 bump is a minor version increment from 2.4.0. The LinuxServer container uses {prowlarr-version}-ls{N} tags. The floating nightly tag always points to the latest nightly build.
• Major version boundary crossed: No (both are 2.x). However, this is a minor version boundary (2.4.x → 2.5.x), which in Prowlarr's scheme can carry meaningful changes.
• Confidence: medium — The version bump is confirmed, the CI reports confirm the running version is 2.5.0.5422. However, no formal v2.5.0 release notes exist yet on the upstream Prowlarr GitHub (latest release is still v2.4.0.5397). The content of 2.5.0 is assembled from the develop branch commit log, which is the authoritative pre-release source. One notable revert was identified.

---

Breaking Changes

Revert of MyAnonamouse Sessionless Download Change

• What changed: The commit introducing "Switch to downloading without session cookies" for MyAnonamouse (introduced in 2.4.0.5391) was reverted in the 2.5.0 nightly branch (2026-06-15). MyAnonamouse downloads revert to the prior session-cookie-based method.
• Affects: Users of the MyAnonamouse indexer who may have adapted to or relied on the sessionless download behavior introduced in 2.4.0. The behavior reverts to the pre-2.4.0.5391 state.
• Migration: No action required if you were on 2.4.0-nightly before 2.4.0.5391 was introduced. If you specifically configured anything around the sessionless download behavior, review your MyAnonamouse indexer settings.
• Confidence: inferred — the revert is documented in the commit log, but no official release notes explain why it was reverted or what the user-facing impact is.
• Introduced in: nightly-2.5.0.5420-ls2 (first 2.5.0 nightly build, 2026-06-18)

---

Other Notable Changes

• Version bump to 2.5.0 — Prowlarr upstream bumped the minor version from 2.4.0 to 2.5.0 on 2026-06-10. No formal release notes published yet; this is a nightly-only version as of 2026-06-18.

• Fixed: (Filelist) Update categories — FileList indexer category mappings updated (2026-06-17).

• LinuxServer container: No container-layer changes — Both nightly-2.5.0.5420-ls2 and nightly-2.5.0.5422-ls2 CI reports show "No changes" in LinuxServer Changes. The Alpine base, system packages (libcrypto3 3.5.7-r0, libssl3 3.5.7-r0, libxml2 2.13.9-r1), and all other container-layer packages are identical to the prior nightly-2.4.0.5396-ls2. Source: https://ci-tests.linuxserver.io/linuxserver/prowlarr/nightly-2.5.0.5422-ls2/index.html

• CI status: PASS (AMD64 + ARM64) — Both architectures pass all CI tests for nightly-2.5.0.5422-ls2. Source: https://ci-tests.linuxserver.io/linuxserver/prowlarr/nightly-2.5.0.5422-ls2/index.html

• SQLite version: 3.50.4 (via SourceGear.sqlite3 3.50.4.5) — unchanged from prior nightly builds. Source: CI container logs.

• Prowlarr application version in container: 2.5.0.5422 (confirmed from container startup log: [Info] Bootstrap: Starting Prowlarr - /app/prowlarr/bin/Prowlarr - Version 2.5.0.5422). Source: CI report.

---

Deprecations Introduced

None found. No deprecation notices identified in the develop branch commits between 2.4.0 and 2.5.0.

---

Gaps and Caveats

1. No formal v2.5.0 release notes exist. The upstream Prowlarr GitHub releases page shows v2.4.0.5397 as the latest release as of 2026-06-18. The 2.5.0 version exists only on the nightly branch. The full changelog for 2.5.0 is not yet published; this analysis is based on the develop branch commit log.

2. Sparse commit range between 2.4.0.5397 and 2.5.0.5422. The develop branch shows only 3 commits beyond 2.4.0.5397 that are new to 2.5.0: the version bump itself, the FileList category fix, and the MyAnonamouse revert. The 2.5.0 nightly is very early in its development cycle — more changes are expected before a formal release.

3. Reason for MyAnonamouse revert not documented. The commit message for the revert only indicates that an earlier commit was reverted with no explanation. The reason for the revert (bug, regression, policy change) is unknown from available sources.

4. 2.5.0 minor version significance unclear. Prowlarr's versioning does not follow strict SemVer semantics. The minor version bump from 2.4.0 to 2.5.0 may not indicate a specific set of breaking changes — it may simply reflect a development cycle boundary. No migration guide or announcement was found.

5. Rapid nightly cadence. Two 2.5.0 nightly builds were published within hours of each other on 2026-06-18 (5420 and 5422). The 2.5.0-nightly tag currently points to 5422. Additional builds are likely imminent.

6. No migration guide found at standard paths (UPGRADING.md, MIGRATING.md, wiki) for the 2.4.0 → 2.5.0 transition.

Provenance

RESEARCH_FAILED: provenance researcher could not complete.

Reason: Prompt error: CompletionError: ProviderError: {"error":{"message":"{\"type\":\"error\",\"error\":{\"type\":\"invalid_request_error\",\"message\":\"prompt is too long: 213135 tokens > 200000 maximum\"},\"request_id\":\"req_011CcBQ6qSNhPce9qaGXy7fE\"}. Received Model Group=claude-haiku-4-5\nAvailable Model Group Fallbacks=['claude-haiku-4-5-fallback']\nError doing the fallback: {\"type\":\"error\",\"error\":{\"type\":\"invalid_request_error\",\"message\":\"prompt is too long: 212991 tokens > 200000 maximum\"},\"request_id\":\"req_011CcBQ6t4syqLjCdjRY5La8\"}","type":"None","param":"None","code":"400"}}\n\nThe categorizer must treat this as an unverified signal and downgrade the verdict accordingly (do not assume safety).