Update docker.io/miniflux/miniflux Docker tag to v2.0.43 #1147
Loading…
Reference in New Issue
No description provided.
Delete Branch "renovate/docker.io-miniflux-miniflux-2.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
2.0.38
->2.0.43
Release Notes
miniflux/v2
v2.0.43
Compare Source
Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler (CVE-2023-27592)
Creating an RSS feed item with the inline description containing an
<img>
tagwith a
srcset
attribute pointing to an invalid URL likehttp:a<script>alert(1)</script>
, we can coerce the proxy handler into an errorcondition where the invalid URL is returned unescaped and in full.
This results in JavaScript execution on the Miniflux instance as soon as the
user is convinced to open the broken image.
Use
r.RemoteAddr
to check/metrics
endpoint network access (CVE-2023-27591)HTTP headers like
X-Forwarded-For
orX-Real-Ip
can be easily spoofed. Assuch, it cannot be used to test if the client IP is allowed.
The recommendation is to use HTTP Basic authentication to protect the
metrics endpoint, or run Miniflux behind a trusted reverse-proxy.
Add HTTP Basic authentication for
/metrics
endpointAdd proxy support for several media types
Parse feed categories from RSS, Atom and JSON feeds
Ignore empty link when discovering feeds
Disable CGO explicitly to make sure the binary is statically linked
Add CSS classes to differentiate between category/feed/entry view and icons
Add rewrite and scraper rules for
blog.cloudflare.com
Add
color-scheme
to themesAdd new keyboard shortcut to toggle open/close entry attachments section
Sanitizer: allow
id
attribute in<sup>
elementAdd Indonesian Language
Update translations
Update Docker Compose examples:
depends_on
version
elementUpdate scraping rules for
ilpost.it
Bump
github.com/PuerkitoBio/goquery
from1.8.0
to1.8.1
Bump
github.com/tdewolff/minify/v2
from2.12.4
to2.12.5
Bump
github.com/yuin/goldmark
from1.5.3
to1.5.4
Bump
golang.org/x/*
dependenciesv2.0.42
Compare Source
golang.org/x/*
dependenciesilpost.it
v2.0.41
Compare Source
with SNI proxies. The existing HTTP-01 challenge support has been left
as-is.
golang.org/x/net/*
dependenciesv2.0.40
Compare Source
github.com/mitchellh/go-server-timing
continuation
parameter and result for Google Reader API ID callsrecalbox.com
v2.0.39
Compare Source
/v1/
Basic
authorization headermake run
command to execute migrations automaticallytheverge.com
,royalroad.com
,swordscomic.com
, andsmbc-comics.com
golang.org/x/*
dependenciesgithub.com/tdewolff/minify/v2
from2.12.0
to2.12.4
github.com/yuin/goldmark
from1.4.13
to1.5.2
github.com/lib/pq
from1.10.6
to1.10.7
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
Update docker.io/miniflux/miniflux Docker tag to v2.0.39to Update docker.io/miniflux/miniflux Docker tag to v2.0.4009d92bbf45
tod5dabe8d42
Update docker.io/miniflux/miniflux Docker tag to v2.0.40to Update docker.io/miniflux/miniflux Docker tag to v2.0.41d5dabe8d42
toae2edd9f6a
Update docker.io/miniflux/miniflux Docker tag to v2.0.41to Update docker.io/miniflux/miniflux Docker tag to v2.0.42ae2edd9f6a
to6845156ced
6845156ced
to2153a6fb06
2153a6fb06
to7b86af7ef6
Update docker.io/miniflux/miniflux Docker tag to v2.0.42to Update docker.io/miniflux/miniflux Docker tag to v2.0.437b86af7ef6
toedae3940e0