Update updates-patch-minor

[truenasbot]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
amir20/dozzle	patch	v10.5.0 → v10.5.1
docker.elastic.co/elasticsearch/elasticsearch (source)	patch	9.3.3 → 9.3.4
elasticsearch	patch	9.3.3 → 9.3.4
ghcr.io/autobrr/autobrr	minor	v1.76.0 → v1.77.0
ghcr.io/calibrain/shelfmark	patch	v1.2.1 → v1.2.2
ghcr.io/damongolding/immich-kiosk	minor	0.37.0 → 0.38.0
ghcr.io/directus/directus	patch	11.17.3 → 11.17.4
ghcr.io/home-operations/jackett (source)	patch	0.24.1806 → 0.24.1807
ghcr.io/linuxserver/calibre (source)	minor	9.7.0 → 9.8.0
ghcr.io/linuxserver/lazylibrarian (source)	patch	652b2d0d-ls276 → 322dba1e-ls277
ghcr.io/lldap/lldap	patch	v0.6.2-alpine-rootless → v0.6.3-alpine-rootless
ghcr.io/louislam/uptime-kuma	minor	2.2.1 → 2.3.0
ghcr.io/maintainerr/maintainerr	minor	3.9.0 → 3.10.0
ghcr.io/n8n-io/n8n (source)	patch	2.19.1 → 2.19.2
ghcr.io/n8n-io/runners (source)	patch	2.19.1 → 2.19.2
ghcr.io/requarks/wiki	patch	2.5.313 → 2.5.314
ghcr.io/slskd/slskd (source)	minor	0.24.5 → 0.25.1
ghcr.io/stalwartlabs/stalwart	minor	v0.15.5 → v0.16.3
ghcr.io/we-promise/sure	minor	0.6.9 → 0.7.0
ghcr.io/windmill-labs/windmill	patch	1.693.2 → 1.693.4
gitea/act_runner	patch	0.6.0 → 0.6.1
gotenberg/gotenberg	minor	8.31.0 → 8.32.0
itzg/minecraft-bedrock-server	patch	2026.4.3 → 2026.4.4
jesec/flood	patch	4.13.9 → 4.13.10
jvmilazz0/kavita	minor	0.8.9 → 0.9.0
mongo	patch	7.0.31 → 7.0.32
nats	minor	2.12.8 → 2.14.0
nextcloud	patch	33.0.2 → 33.0.3
ollama/ollama	patch	0.22.0-rocm → 0.22.1-rocm
ollama/ollama	patch	0.22.0 → 0.22.1
paradedb/paradedb	patch	0.23.1-pg18 → 0.23.2-pg18
qmcgaw/ddns-updater	minor	v2.9.0 → v2.10.0
shaneisrael/fireshare	patch	1.6.7 → 1.6.8
woodpeckerci/woodpecker-agent	minor	v3.13.0 → v3.14.0
woodpeckerci/woodpecker-server	minor	v3.13.0 → v3.14.0

---

Release Notes

amir20/dozzle (amir20/dozzle)

v10.5.1

Compare Source

   🚀 Features

• Host grouping with bug fixes and hardening  -  by @​amir20, Mikhail Gorbachev and Claude Opus 4.7 (1M context) in #​4662 (84c4d)
• cloud: Per-replica cloud connections in swarm mode  -  by @​amir20 and Claude Opus 4.7 (1M context) in #​4665 (c5c30)

   🐞 Bug Fixes

• cloud: Reconnect on unlink/relink so new key takes effect  -  by @​amir20 and Claude Opus 4.7 (1M context) in #​4667 (a9c77)

    View changes on GitHub

elastic/elasticsearch (docker.elastic.co/elasticsearch/elasticsearch)

v9.3.4: Elasticsearch 9.3.4

Compare Source

Downloads: https://elastic.co/downloads/elasticsearch
Release notes: https://www.elastic.co/docs/release-notes/elasticsearch#elasticsearch-9.3.4-release-notes

autobrr/autobrr (ghcr.io/autobrr/autobrr)

v1.77.0

Compare Source

Changelog

New Features

• 1bbe0fc: feat(actions): support multiple comma separated labels for Transmission (#​2444) (@​GianniBYoung)
• b6db7dd: feat(indexers): PTFiles update announcers (#​2437) (@​zze0s)
• 552cba9: feat(indexers): add MidnightScene (#​2434) (@​cmd430)
• 60997aa: feat(indexers): add Nexum (#​2438) (@​zze0s)
• 00904c0: feat(web): add Norwegian language (#​2427) (@​NoeRi9n)

Bug fixes

• 40e8bbf: fix(feeds): support magnetURI from torznab enclosure (#​2439) (@​zze0s)
• fc8e1c6: fix(i18n): mismatched filter tooltips (#​2431) (@​crafty5999)
• af9e89c: fix(indexers): update RocketHD announce format and announcer (#​2440) (@​sudo2k16)
• d605c26: fix(web): adjust layout for new languages (#​2425) (@​martylukyy)

Other work

• adaa313: chore(indexers): add new EMP domain (#​2433) (@​martylukyy)

calibrain/shelfmark (ghcr.io/calibrain/shelfmark)

v1.2.2

Compare Source

New

• Newznab - New release source: Configure a newznab indexer directly (#​867 by @​blades)
• PrimaryTitle field + path template improvements — new field for renaming templates, plus live preview and custom field picker in the template editor (#​908)
• Non-root support - Installs with user: "1000:1000” will now run as non-root. Note: This does not impact those with just PUID/PGID as 1000:1000, the docker user must be explicitly set too. (#​871)
• Kubernetes users can use runAsNonRoot and runAsUser/Group at 1000:1000 to run as non-root. (#​871)
• User folder permission checks / corrections removed and replaced by “test destination” button in settings (#​871)
• Combined search improvements - Now continue a combined search when one option is unfulfilled, and deselect previously chosen releases.
• Direct source refactoring - Decoupled the direct source from the core of the app. It can now be disabled, and users must supply working mirror URLs to use going forward. Existing users updating will keep their existing mirror configs.

Fixes

• Moved Shelfmark runtime from /app to /home. Fixes internal bypasser issues with newer Chromium release. (#​919)
• Temp filename length capped to avoid OS limits (#​912)
• OIDC discovery URL no longer has trailing slash stripped (#​887)
• Fixed JSON script blocking behavior (#​862)
• Fixed orchestrator timeout and exception handling (#​832)
• Fixed env variable config lookup in various places (#​817)
• Retry states now persist across restarts (#​817)
• Prowlarr downloads now offer retries (#​817)
• Fixed seedtime parsing for prowlarr release source (#​805)

Misc / Tooling

• Large tooling update
  • Backend: Added uv, ruff, basedpyright, vulture, pytest-xdist, prek, pytest-cov.
  • Frontend: Added oxlint, oxfmt, vitest, knip
• Major lint / typecheck / formatting rewrites to improve code quality

v1.2.2

Compare Source

New

• Newznab - New release source: Configure a newznab indexer directly (#​867 by @​blades)
• PrimaryTitle field + path template improvements — new field for renaming templates, plus live preview and custom field picker in the template editor (#​908)
• Non-root support - Installs with user: "1000:1000” will now run as non-root. Note: This does not impact those with just PUID/PGID as 1000:1000, the docker user must be explicitly set too. (#​871)
• Kubernetes users can use runAsNonRoot and runAsUser/Group at 1000:1000 to run as non-root. (#​871)
• User folder permission checks / corrections removed and replaced by “test destination” button in settings (#​871)
• Combined search improvements - Now continue a combined search when one option is unfulfilled, and deselect previously chosen releases.
• Direct source refactoring - Decoupled the direct source from the core of the app. It can now be disabled, and users must supply working mirror URLs to use going forward. Existing users updating will keep their existing mirror configs.

Fixes

• Moved Shelfmark runtime from /app to /home. Fixes internal bypasser issues with newer Chromium release. (#​919)
• Temp filename length capped to avoid OS limits (#​912)
• OIDC discovery URL no longer has trailing slash stripped (#​887)
• Fixed JSON script blocking behavior (#​862)
• Fixed orchestrator timeout and exception handling (#​832)
• Fixed env variable config lookup in various places (#​817)
• Retry states now persist across restarts (#​817)
• Prowlarr downloads now offer retries (#​817)
• Fixed seedtime parsing for prowlarr release source (#​805)

Misc / Tooling

• Large tooling update
  • Backend: Added uv, ruff, basedpyright, vulture, pytest-xdist, prek, pytest-cov.
  • Frontend: Added oxlint, oxfmt, vitest, knip
• Major lint / typecheck / formatting rewrites to improve code quality

damongolding/immich-kiosk (ghcr.io/damongolding/immich-kiosk)

v0.38.0

Compare Source

Added: filter_exclude_faces

Excludes assets where Immich has detected a face. Useful for slideshows focused on scenery, landscapes, or architecture.

Note: Requires Immich to have already processed face detection on your assets.

Example
http://URL?album=XXX&filter_exclude_faces=true

---

What's Changed

🚀 New Features

• Feature/filter exclude faces by @​damongolding in #​739

Other changes

• v0.38.0 by @​damongolding in #​740

Full Changelog: damongolding/immich-kiosk@v0.37.0...v0.38.0

directus/directus (ghcr.io/directus/directus)

v11.17.4

Compare Source

✨ New Features & Improvements

• @​directus/app
  • Updated the token field on the user detail page to require confirmation before regenerating or removing a token, and saved those changes immediately without requiring a page-level save. (#​27108 by @​LZylstra)
• @​directus/api
  • Added opt-in must-revalidate and ETag headers for assets via ASSETS_CACHE_REVALIDATE env var (#​27027 by @​gaetansenn)
  • Added a force option to schema apply to bypass hash check (#​27136 by @​Nitwel)
• @​directus/env
  • Added opt-in must-revalidate and ETag headers for assets via ASSETS_CACHE_REVALIDATE env var (#​27027 by @​gaetansenn)
• @​directus/sdk
  • Added a force option to schema apply to bypass hash check (#​27136 by @​Nitwel)

🐛 Bug Fixes & Optimizations

• @​directus/app
  • Fixed UI freeze when navigating items with WYSIWYG translations for non-admin users (#​27154 by @​gaetansenn)
  • Fixed selection not being cleared after running a manual flow from the collection list view sidebar (#​27330 by @​kropsi)
  • Fixed "Save as copy" in the file library throwing a 403 Forbidden error (#​27181 by @​sanskar-soni-9)
  • Fixed user token not being displayed after generation when collaboration is enabled (#​27319 by @​LZylstra)
  • Prevented filter popup being closed when reordering filters (#​27324 by @​HZooly)
  • Fixed icon flash in navigation sidebar for bookmarks without an icon (#​27329 by @​HZooly)
  • Migrated @​directus/visual-editing into the monorepo (#​27157 by @​formfcw)
• @​directus/api
  • Removed duplicate @directus/schema-builder dependency (#​27166 by @​ComfortablyCoding)
  • Bumped basic-ftp, liquidjs, xmldom, protobufjs, vite dependencies (#​27335 by @​br41nslug)
  • Fixed flows not awaiting reload (#​27137 by @​Nitwel)
  • Fixed VERSION_SAVE activity/revisions not respecting collection tracking settings (#​27096 by @​yogeshwaran-c)
  • Denied creating collections with / in name (#​27114 by @​costajohnt)
• @​directus/types
  • Added a force option to schema apply to bypass hash check (#​27136 by @​Nitwel)
• @​directus/visual-editing
  • Migrated @​directus/visual-editing into the monorepo (#​27157 by @​formfcw)
  • Fixed the edit handler firing twice when clicking an overlay button directly (#​27157 by @​formfcw)
• @​directus/utils
  • Migrated @​directus/visual-editing into the monorepo (#​27157 by @​formfcw)
• @​directus/sdk
  • Fixed SDK types linking to directus_access junction collection (#​27152 by @​yogeshwaran-c)
• @​directus/composables
  • Fixed useShortcut attempting to access document before available (#​27155 by @​ComfortablyCoding)

📦 Published Versions

• @directus/app@15.10.0
• @directus/api@35.2.0
• @directus/composables@11.4.1
• create-directus-extension@11.0.36
• @directus/env@5.8.0
• @directus/extensions@3.0.25
• @directus/extensions-registry@3.0.26
• @directus/extensions-sdk@17.1.4
• @directus/memory@3.1.8
• @directus/pressure@3.0.22
• @directus/schema-builder@0.0.20
• @directus/storage-driver-azure@12.0.22
• @directus/storage-driver-cloudinary@12.0.22
• @directus/storage-driver-gcs@12.0.22
• @directus/storage-driver-s3@​12.1.8
• @directus/storage-driver-supabase@3.0.22
• @directus/themes@1.3.3
• @directus/types@15.0.3
• @directus/utils@13.4.1
• @directus/validation@2.0.23
• @directus/visual-editing@2.0.1
• @directus/sdk@21.3.0
• @directus/sandbox@0.0.0

Jackett/Jackett (ghcr.io/home-operations/jackett)

v0.24.1807

Compare Source

Changes:

• 05b76df afun: removed resolves #​15940

This list of changes was auto generated.

linuxserver/docker-lazylibrarian (ghcr.io/linuxserver/lazylibrarian)

v322dba1e-ls277

Compare Source

CI Report:

https://ci-tests.linuxserver.io/linuxserver/lazylibrarian/322dba1e-ls277/index.html

LinuxServer Changes:

Full Changelog: linuxserver/docker-lazylibrarian@652b2d0d-ls276...322dba1e-ls277

Remote Changes:

Remove directories if only .ll_ignore file in them, remove book entries with no title

lldap/lldap (ghcr.io/lldap/lldap)

v0.6.3

Compare Source

[0.6.3] 2026-05-01

Small release, focused on LDAP compatibility, TLS maintenance, dependency upgrades and documentation/examples.

Added

• LDAP schema definitions for memberOf, modifyTimestamp and pwdChangedTime
• Support for configuring the healthcheck listen addresses
• Usernames are now included in password recovery emails

Changed

• JWT exp and iat claims are now serialized as NumericDate values to comply with RFC7519
• Migrated to rustls 0.23 and centralized TLS handling
• The login form no longer enforces a password length limit

Fixed

• pwdChangedTime is now emitted as LDAP GeneralizedTime instead of RFC3339
• LDAP base-scope searches for non-existent entries now return NoSuchObject
• cn equality filters are now case insensitive
• The server now shuts down the database connection pool gracefully
• The bootstrap script now handles empty globs correctly

Security

• Updated the LDAP dependency stack, including ldap3_proto, in response to
  security advisory
  GHSA-qcxq-75wr-5cm8,
  where a specially crafted LDAP query could make the server crash

Cleanups

• Split GraphQL queries and mutations into smaller modules
• Refactored configuration and user update logic
• Upgraded the Rust toolchain and shared dependencies

New services

• Apache WebDAV
• Continuwuity
• Gerrit
• Gogs
• Open WebUI
• OpenCloud
• Pocket ID
• Semaphore
• TrueNAS

louislam/uptime-kuma (ghcr.io/louislam/uptime-kuma)

v2.3.0

Compare Source

⚠️ Breaking changes

• #​7194 fix: Revert "add sorting to status pages"
  • No more sorting feature in status pages.
  • Due to bad performance.
• #​7312 fix(database): add UPTIME_KUMA_SQLITE_SINGLE_CONNECTION
  • For Raspberry Pi users, you may have to set it to true to avoid SQLite locking issues.
  • Mainly affected Raspberry Pi users only, you can ignore it if you are not using devices like Raspberry Pi.

🆕 New Features

• #​7304 feat: websocket improve to fix issue #​7268 including support authentication (Thanks @​sofia-fernandez-six)
• #​7207 feat(notification): add custom message template support for Evolution provider (Thanks @​kbrianps)
• #​7201 feat: add Telnyx messaging provider (Thanks @​LuvForAirplanes)
• #​7182 feat: Add VK notification provider (Thanks @​FunNikita)
• #​7160 feat: Add MAX messenger notification provider (Thanks @​Redleks)
• #​7156 feat: add OracleDB monitor (Thanks @​sitiom)
• #​7154 feat: add collapsible groups to status page (Thanks @​marco-carvalho)

💇‍♀️ Improvements

• #​7303 feat(ui): add a helptext that RTT for the ping monitor is not avaliable on linux (Thanks @​stchigel)
• #​7300 feat(ux): changed warning msg (Thanks @​hemanth5544)
• #​7128 fix: Update Home Assistant notification help text for HA 2024 Services→Actions rename (Thanks @​tr4nt0r)

🐞 Bug Fixes

• #​7248 fix(notification): check for monitorJSON in Stackfield provider (Thanks @​jlbrt)
• #​7166 fix: Handle SSL in setup database temp server
• #​7235 fix(uptime): ensure correct handling of missing time buckets in uptime calculations (Thanks @​adrianceding)
• #​7221 fix(notification): ensure applyExisting is not saved to database
• #​7198 fix: Domain expiry doesn't seem to update #​7189 (Thanks @​shanto)
• #​7155 fix: propagate create errors (Thanks @​otbutz)
• #​7159 fix: monitor graph gaps for sub-millisecond TCP pings (Thanks @​0xRozier)
• #​7125 fix: prometheus metrics have two series for a single monitor when that monitor has tags (Thanks @​nicjansma)

🦎 Translation Contributions

• #​7108 feat: Add English (United Kingdom) language support (Thanks @​andibing)
• #​7292 #​7197 #​7132 chore: Translations Update from Weblate (Thanks @​aindriu80 @​Ale1x @​Aluisio @​andibing @​AnnAngela @​CammarataLudovico @​cyril59310 @​dodog @​efenow @​fcordeiro @​firedur @​FunNikita @​Gringit @​Hamstio1 @​helakostain @​ivanbratovic @​kevinheyer-dev @​mlopezcoria @​Mo7amm1d @​MrEddX @​numarkpro @​Redleks @​rodis120 @​samsilveira @​thisisjaymehta @​ttymayor @​Virenbar @​wibe01204 @​Zeromskas)

Others

• #​7317 #​7195 #​7133 chore: Update dependencies
• #​7204 chore: Add agents.md - anti AI slop
• #​7146 chore: Add monthly workflow to build push Docker image

Maintainerr/Maintainerr (ghcr.io/maintainerr/maintainerr)

v3.10.0

Compare Source

Highlights

• Added a compact image picker in the overlay Properties panel, allowing users to upload images for overlay Image elements directly from the UI (#​2814).
• Fixed overlay template selection reverting to "Default" after saving a rule group by ensuring templates are loaded before applying changes (#​2815).
• Scaled overlay shape strokes in previews and renders to ensure consistent appearance between the editor and server output (#​2803).

Features

• Added a cumulative cleanup totals section to the Storage Metrics page, displaying aggregated counts of items, movies, and episodes handled across all collections (#​2804).
• Introduced the ability to upload images for overlay Image elements directly from the UI (#​2814).

Fixes

• Tightened upload filename guards and improved error handling for missing directories in overlay image and font uploads.
• Replaced Intl.ListFormat with a custom helper to fix type-checking issues in the UI.
• Fixed overlay template selection reverting to "Default" after saving a rule group (#​2815).
• Hardened server logging against stdio EPIPE errors to prevent crashes (#​2812).
• Guarded collection template mode in overlays.

Internal

• Updated repository instructions to consolidate agent and Copilot guidance into a single AGENTS.md file (#​2813).
• Added new contributors to the changelog (#​2806).

Dependencies

• Updated 3 dependencies, including rolldown, @tanstack/eslint-plugin-query, and knip.

slskd/slskd (ghcr.io/slskd/slskd)

v0.25.1

Compare Source

What's Changed

• Add case for legacy docker behavior (running as root) by @​jpdillingham in #​1708
• Fix bug preventing configuration changes from being applied by @​jpdillingham in #​1711

Full Changelog: slskd/slskd@0.25.0...0.25.1

v0.25.0

Compare Source

🎉 Big Release!

This release contains a number of mostly unrelated changes.

Licensing

I have added 'Additional Terms' to the AGPLv3 that clarify the conditions under which folks can distribute and modify slskd, which Section 7 of the AGPLv3 allows. These terms include preservation of notices and licenses (already required by the AGPLv3, the terms spell the requirements out explicitly), mandatory identification of modifications (again, already required), mandatory rebranding (renaming forks to something that won't be confused with slskd), and the mandatory modification of the client version supplied to the server at login.

The full text of these Additional Terms can be found at the bottom of the LICENSE in the root of the repository. I've also added a NOTICE in the hopes that folks will be drawn to it and see that the LICENSE includes Additional Terms, and I've added a FORKING.md that explains the new terms in plain English.

To explain why I've done this, I'll share an excerpt from FORKING.md:

The requirements exist for two reasons, and both are about the people who use the software.

The first is to make sure users always know they are using software licensed under the AGPL. That matters because the AGPL gives users meaningful rights: the right to know that the source code exists, the right to access it, and the right to understand what they are running. Those rights only mean something if users are actually informed of them. Requiring that the full LICENSE be included with every distribution, and that license notices be preserved everywhere they appear, ensures that no user ever ends up with a copy of this software that hides or obscures the terms under which it was released.

The second is to make sure users understand who made the software they are using. They should be able to tell where it came from, who maintains it, what has been changed and by whom, and whether it is the original project or a fork. A user who installs a fork deserves to know it is a fork. The requirements around naming, branding, source file headers, and identification notices all serve this goal. They are not intended to discourage forking — they are intended to make sure that anyone who uses a fork has an accurate picture of what they have.

With AI becoming mainstream it is now incredibly easy to fork a project and manipulate it in ways that are harmful to users and/or the server(s) the software connects to. This behavior, unfortunately, is permissible under the AGPLv3. All I can do is ensure that users aren't deceived into using these untrusted and potentially harmful forks.

Docker User/Permissions

The slskd Docker container now supports both Docker's built in --user/user: and now the Linuxserver/*arr style PUID/PGID methods for running the container as a specific user. The built-in method is objectively superior, but I noticed that people frequently got hung up on permissions because they were using PUID/PGID without understanding that it wasn't supported.

These methods are mutually exclusive; users must choose one or the other. Users should also be aware that when using the PUID/PGID method, the container will chown the mounted /app directory on startup. This may be unexpected, but it is the intended behavior. The chown isn't recursive; users will need to do that themselves if needed.

Examples in the README and Docker docs have been updated to reflect these changes. I welcome any feedback about the approach in the Dockerfile or contents of the docs.

Configuration May Be Broken

Users who have configured things under the global, groups, or integration keys in the configuration file will find that the app will log an error and exit early until they apply the necessary changes. This is unfortunate, but the alternative was to not do that and allow people to continue using the app without their configuration being respected.

Pull request #​1704 outlines the changes and provides an example of what needs to be done by correcting the configuration docs. tl;dr:

1. Rename the global key to transfers
2. Move all limits keys so that they appear nested under the upload key of the associated group
3. Rename the integration key to integrations

These changes were made to make room for upcoming features (stay tuned!). The rename of the integration key was admittedly not necessary for that, but I figured I would sneak it in.

What's Changed

• BREAKING: Move all transfer options under a 'transfers' key by @​jpdillingham in #​1672
• Add errors for deprecated keys by @​jpdillingham in #​1698
• Update docs to reflect config changes by @​jpdillingham in #​1704
• Append Additional Terms to the AGPLv3 license by @​jpdillingham in #​1675
• Adjust NOTICE indent, add license info to startup banner by @​jpdillingham in #​1690
• Fix "Search Again" by @​rfletcher in #​1666
• Fix bug causing an error when updating the config file while the app is running by @​jpdillingham in #​1682
• fix favicon.ico relative path by @​deepsweet in #​1696
• Add BatchId and Attempts to Transfers database, change migration naming scheme by @​jpdillingham in #​1670
• Add the ability to specify base delay for exponential backoff, add onRetry delegate for Retry.Do by @​jpdillingham in #​1671
• Interlock updates of shared scanner vars by @​jpdillingham in #​1687
• Add support for PUID/PGID to Docker by @​jpdillingham in #​1695
• Bump Soulseek.NET to 9.0.0, set minor version to 760 by @​jpdillingham in #​1674
• Bump picomatch from 2.3.1 to 2.3.2 in /src/web by @​dependabot[bot] in #​1684
• Bump flatted from 3.2.7 to 3.4.2 in /src/web by @​dependabot[bot] in #​1676
• Bump yaml in /src/web by @​dependabot[bot] in #​1680
• Bump Soulseek.NET to 10.0.0 by @​jpdillingham in #​1691
• Bump lodash from 4.17.23 to 4.18.1 in /src/web by @​dependabot[bot] in #​1692
• Bump lodash-es from 4.17.23 to 4.18.1 in /src/web by @​dependabot[bot] in #​1689
• Upgrade to .NET 10 by @​jpdillingham in #​1693
• Bump axios from 1.13.5 to 1.15.0 in /src/web by @​dependabot[bot] in #​1694

New Contributors

• @​rfletcher made their first contribution in #​1666
• @​deepsweet made their first contribution in #​1696

Full Changelog: slskd/slskd@0.24.5...0.25.0

stalwartlabs/stalwart (ghcr.io/stalwartlabs/stalwart)

v0.16.3

Compare Source

[0.16.3] - 2026-04-30

If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

Changed

• Replaced STALWART_HTTPS_PORT with STALWART_PUBLIC_URL.
• App Passwords now begin with app_ instead of app to avoid issues with some clients that do not support spaces in passwords.

Fixed

• Directory:
  • Invalidate caches when group memberships change on an external directory.
  • OIDC: errors instead of "failed to decode token".
  • OIDC: Recovery admin access.
  • User impersonation.
• Tasks:
  • Delete locked tasks.
  • Queue pagination by anchor.
• Log viewer: All events show as INFO.
• Registry: Allow changing object variants.
• Node id renewal.
• DNS Updater: Fix Route53 serialization format.

---

Check binary attestation here

v0.16.2

Compare Source

[0.16.2] - 2026-04-28

If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

• OIDC: Fallback to userinfo endpoint when JWT token does not contain an email claim.
• S3: verifyAfterWrite option to verify that objects have persisted after writing.

Changed

• Allow HTTP to be used for configuring the server.

Fixed

• LDAP: Generate valid credentialId when there are password changes.
• TLS: Disable cipher suited option disables wrong ciphers.
• DNS Updater:
  • BunnyDNS: Use subdomain as name of record instead of FQDN.
  • RFC2136: Chunk TXT records.
• Skip invalid entries in log files.

---

Check binary attestation here

v0.16.1

Compare Source

[0.16.1] - 2026-04-25

This version includes multiple breaking changes. If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

• OIDC: Extract username from JWT token.
• system('node_hostname') and system('node_role') expression variables to retrieve the local node hostname and cluster role respectively.

Changed

Fixed

• JMAP:
  • Invalid receivedAt headers after importing (#​2939).
  • Sorting order issues when emails lack receivedAt headers.
• IMAP: Fix BINARY fetch responses (#​2940).
• WebDAV: Fix ACL validation for target folders.
• ACME: Allow requesting apex domain certificates.
• Hostname issues:
  • Accept RFC 6761 reserved TLDs during bootstrap.
  • Allow hostnames without TLDs in remote server settings.
• Reverse proxy issues.
• OSS builds.
• DNS Updater:
  • RFC2136: TSIG secret not base64 decoded.
  • Google DNS: Chunk TXT records when they exceed 255 characters.
  • Cloudflare:
    • Fix CAA record updates.
    • Check zone subdomains when finding zones

---

Check binary attestation here

v0.16.0

Compare Source

[0.16.0] - 2026-04-20

This version includes multiple breaking changes. If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

• Web UI rewritten from the ground up using the JMAP management API, featuring a refreshed design and addressing 76 enhancement requests and bug fixes.
• CLI rewritten from the ground up to use the JMAP management API.
• Security enhancements:
  • Password strength enforcement using the zxcvbn algorithm
  • Password expiration, rotation policies and IP address restrictions for user accounts
  • App Passwords with limited access (#​1609), labels (#​2255), IP address restrictions and expiration dates
  • API keys with limited access, labels, IP address restrictions and expiration dates
  • Auto-ban comments and details about the triggering event (#​1321)
  • Auto-ban expiration after a configurable time period (#​964)
• DNS Management:
  • Automatic DNS management of MX, TXT, CNAME, SRV, CAA and TLSA records (#​463 #​1017 #​1419 #​2438 #​1370 #​1406 #​1371)
  • Automatic update of TLSA records when ACME certificates change (#​1664)
  • RFC2136 SIG(0) support (#​856)
  • Route53 provider support (contributed by @​jimmystewpot)
  • Google Cloud DNS provider support (contributed by @​jimmystewpot)
  • Bunny provider support (contributed by @​angeloanan)
  • Porkbun provider support (contributed by @​jeffesquivels)
  • DNSimple provider support (contributed by @​NelsonVides)
  • Spaceship provider support (contributed by @​matserix)
• DKIM:
  • Automatic DKIM key generation, rotation and DNS management (#​368 #​961)
  • Store DKIM keys in the database (#​1264)
  • Ignore insecure signatures when verifying DKIM (#​1068 #​467)
• ACME/TLS:
  • DNS-PERSIST-01 ACME challenge support (#​2837)
  • Renew certificates on demand, view certificate details (#​675 #​1162 #​2566)
  • CAA record support (#​468) with accounturi parameter (#​1933)
  • TLSA records publishing restricted to 3 1 1 and 2 1 1 (#​2193)
• OIDC and OAuth:
  • JWT token validation without requesting userinfo from the OIDC provider.
  • Audience (aud) claim (#​2603) and scope validation support.
  • Groups support (#​1448)
  • RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients
• LDAP:
  • Separate filter for groups (#​1841)
  • Improve support for OpenLDAP schemas (#​760)
  • Improve and simplify LDAP settings (#​2194 #​2174)
• Directory:
  • Masked email addresses for enhanced privacy (Enterprise)
  • Domain aliases (#​583)
  • E-mail alias descriptions and option to disable aliases (#​506)
  • Account archiving and un-deletion (#​2767) (Enterprise)
  • Per-domain directory backends (Enterprise)
• Account configuration and discovery:
  • Automatic Configuration of Email, Calendar, and Contact Server Settings (draft-mailmaint-uaautoconf-04) (#​2201)
  • MS Autodiscover V2 support (#​679)
• Sieve: Allow deactivating scripts without deleting them (#​1251).
• Tracing: Enable events only mode (#​2276)
• Clu

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[github-actions]

Stable

Diskoverdata

Affected areas: metadata, static_config
Modified files:

• app.yaml
• ix_values.yaml

---

Elastic-Search

Affected areas: metadata, static_config
Modified files:

• app.yaml
• ix_values.yaml

---

Nextcloud

Affected areas: metadata, static_config
Modified files:

• app.yaml
• ix_values.yaml

---

Notifying the following about changes to the trains:
@truenas/docs-team