1.26.3-ls273

CI Report:

https://ci-tests.linuxserver.io/linuxserver/freshrss/1.26.3-ls273/index.html

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

• Milestone

This is a bug-fix release for FreshRSS 1.26.x

A few highlights ✨:

• Keep sort and order criteria during navigation
• Implement loading spinner for marking as favourite/read
• Many bug fixes

This release has been made by @Alkarex, @Inverle and newcomers @CarelessCaution, @the7thNightmare

Full changelog:

• Features
  • Keep sort and order criteria during navigation #7585
  • Add info about PDO::ATTR_CLIENT_VERSION (relevant for MySQL / MariaDB with obsolete driver) #7591
• Bug fixing
  • Fix SQL request for user labels with custom sort (affecting PostgreSQL) #7588
  • Fix regression for favicon in GReader and Fever APIs #7573
  • Fix newest articles (within last second) not shown #7577
  • Fix duplicate HTTP header for POST #7556
  • Fix important articles on reader view #7602
  • Fix remove last share method #7613
  • Fix API handling of default category #7610
  • Fix user self-deletion #7626
  • Move PHP minimum version check #7560
• Security
  • Fix encoding of themes #7565
  • Fix .htaccess.dist for access to /scripts/vendor/ #7598
• SimplePie
  • Strip more HTML deprecated styles attributes: bgcolor, text, background, link, alink, vlink #7606
• UI
  • Implement loading spinner for marking as favourite/read #7564
  • Provide theme class for CSS #7559
• Deployment
  • Use HTTP Cache-Control: immutable for some files #7552
  • Drop Apache 2.2 (only support Apache 2.4+) #7561
• I18n
  • Improve Indonesian #7622
  • Improve Polish #7587
• Misc.
  • Update to PHPMailer 6.10.0 #7542
  • Update dev dependencies #7630, #7631, #7632
    #7633, #7634, #7635

1.26.3-ls272

CI Report:

https://ci-tests.linuxserver.io/linuxserver/freshrss/1.26.3-ls272/index.html

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

• Milestone

This is a bug-fix release for FreshRSS 1.26.x

A few highlights ✨:

• Keep sort and order criteria during navigation
• Implement loading spinner for marking as favourite/read
• Many bug fixes

This release has been made by @Alkarex, @Inverle and newcomers @CarelessCaution, @the7thNightmare

Full changelog:

• Features
  • Keep sort and order criteria during navigation #7585
  • Add info about PDO::ATTR_CLIENT_VERSION (relevant for MySQL / MariaDB with obsolete driver) #7591
• Bug fixing
  • Fix SQL request for user labels with custom sort (affecting PostgreSQL) #7588
  • Fix regression for favicon in GReader and Fever APIs #7573
  • Fix newest articles (within last second) not shown #7577
  • Fix duplicate HTTP header for POST #7556
  • Fix important articles on reader view #7602
  • Fix remove last share method #7613
  • Fix API handling of default category #7610
  • Fix user self-deletion #7626
  • Move PHP minimum version check #7560
• Security
  • Fix encoding of themes #7565
  • Fix .htaccess.dist for access to /scripts/vendor/ #7598
• SimplePie
  • Strip more HTML deprecated styles attributes: bgcolor, text, background, link, alink, vlink #7606
• UI
  • Implement loading spinner for marking as favourite/read #7564
  • Provide theme class for CSS #7559
• Deployment
  • Use HTTP Cache-Control: immutable for some files #7552
  • Drop Apache 2.2 (only support Apache 2.4+) #7561
• I18n
  • Improve Indonesian #7622
  • Improve Polish #7587
• Misc.
  • Update to PHPMailer 6.10.0 #7542
  • Update dev dependencies #7630, #7631, #7632
    #7633, #7634, #7635

1.26.3-ls271

CI Report:

https://ci-tests.linuxserver.io/linuxserver/freshrss/1.26.3-ls271/index.html

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

• Milestone

This is a bug-fix release for FreshRSS 1.26.x

A few highlights ✨:

• Keep sort and order criteria during navigation
• Implement loading spinner for marking as favourite/read
• Many bug fixes

This release has been made by @Alkarex, @Inverle and newcomers @CarelessCaution, @the7thNightmare

Full changelog:

• Features
  • Keep sort and order criteria during navigation #7585
  • Add info about PDO::ATTR_CLIENT_VERSION (relevant for MySQL / MariaDB with obsolete driver) #7591
• Bug fixing
  • Fix SQL request for user labels with custom sort (affecting PostgreSQL) #7588
  • Fix regression for favicon in GReader and Fever APIs #7573
  • Fix newest articles (within last second) not shown #7577
  • Fix duplicate HTTP header for POST #7556
  • Fix important articles on reader view #7602
  • Fix remove last share method #7613
  • Fix API handling of default category #7610
  • Fix user self-deletion #7626
  • Move PHP minimum version check #7560
• Security
  • Fix encoding of themes #7565
  • Fix .htaccess.dist for access to /scripts/vendor/ #7598
• SimplePie
  • Strip more HTML deprecated styles attributes: bgcolor, text, background, link, alink, vlink #7606
• UI
  • Implement loading spinner for marking as favourite/read #7564
  • Provide theme class for CSS #7559
• Deployment
  • Use HTTP Cache-Control: immutable for some files #7552
  • Drop Apache 2.2 (only support Apache 2.4+) #7561
• I18n
  • Improve Indonesian #7622
  • Improve Polish #7587
• Misc.
  • Update to PHPMailer 6.10.0 #7542
  • Update dev dependencies #7630, #7631, #7632
    #7633, #7634, #7635

1.26.3-ls270

CI Report:

https://ci-tests.linuxserver.io/linuxserver/freshrss/1.26.3-ls270/index.html

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

• Milestone

This is a bug-fix release for FreshRSS 1.26.x

A few highlights ✨:

• Keep sort and order criteria during navigation
• Implement loading spinner for marking as favourite/read
• Many bug fixes

This release has been made by @Alkarex, @Inverle and newcomers @CarelessCaution, @the7thNightmare

Full changelog:

• Features
  • Keep sort and order criteria during navigation #7585
  • Add info about PDO::ATTR_CLIENT_VERSION (relevant for MySQL / MariaDB with obsolete driver) #7591
• Bug fixing
  • Fix SQL request for user labels with custom sort (affecting PostgreSQL) #7588
  • Fix regression for favicon in GReader and Fever APIs #7573
  • Fix newest articles (within last second) not shown #7577
  • Fix duplicate HTTP header for POST #7556
  • Fix important articles on reader view #7602
  • Fix remove last share method #7613
  • Fix API handling of default category #7610
  • Fix user self-deletion #7626
  • Move PHP minimum version check #7560
• Security
  • Fix encoding of themes #7565
  • Fix .htaccess.dist for access to /scripts/vendor/ #7598
• SimplePie
  • Strip more HTML deprecated styles attributes: bgcolor, text, background, link, alink, vlink #7606
• UI
  • Implement loading spinner for marking as favourite/read #7564
  • Provide theme class for CSS #7559
• Deployment
  • Use HTTP Cache-Control: immutable for some files #7552
  • Drop Apache 2.2 (only support Apache 2.4+) #7561
• I18n
  • Improve Indonesian #7622
  • Improve Polish #7587
• Misc.
  • Update to PHPMailer 6.10.0 #7542
  • Update dev dependencies #7630, #7631, #7632
    #7633, #7634, #7635

1.26.3-ls269

CI Report:

https://ci-tests.linuxserver.io/linuxserver/freshrss/1.26.3-ls269/index.html

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

• Milestone

This is a bug-fix release for FreshRSS 1.26.x

A few highlights ✨:

• Keep sort and order criteria during navigation
• Implement loading spinner for marking as favourite/read
• Many bug fixes

This release has been made by @Alkarex, @Inverle and newcomers @CarelessCaution, @the7thNightmare

Full changelog:

• Features
  • Keep sort and order criteria during navigation #7585
  • Add info about PDO::ATTR_CLIENT_VERSION (relevant for MySQL / MariaDB with obsolete driver) #7591
• Bug fixing
  • Fix SQL request for user labels with custom sort (affecting PostgreSQL) #7588
  • Fix regression for favicon in GReader and Fever APIs #7573
  • Fix newest articles (within last second) not shown #7577
  • Fix duplicate HTTP header for POST #7556
  • Fix important articles on reader view #7602
  • Fix remove last share method #7613
  • Fix API handling of default category #7610
  • Fix user self-deletion #7626
  • Move PHP minimum version check #7560
• Security
  • Fix encoding of themes #7565
  • Fix .htaccess.dist for access to /scripts/vendor/ #7598
• SimplePie
  • Strip more HTML deprecated styles attributes: bgcolor, text, background, link, alink, vlink #7606
• UI
  • Implement loading spinner for marking as favourite/read #7564
  • Provide theme class for CSS #7559
• Deployment
  • Use HTTP Cache-Control: immutable for some files #7552
  • Drop Apache 2.2 (only support Apache 2.4+) #7561
• I18n
  • Improve Indonesian #7622
  • Improve Polish #7587
• Misc.
  • Update to PHPMailer 6.10.0 #7542
  • Update dev dependencies #7630, #7631, #7632
    #7633, #7634, #7635

1.26.3-ls268

CI Report:

https://ci-tests.linuxserver.io/linuxserver/freshrss/1.26.3-ls268/index.html

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

• Milestone

This is a bug-fix release for FreshRSS 1.26.x

A few highlights ✨:

• Keep sort and order criteria during navigation
• Implement loading spinner for marking as favourite/read
• Many bug fixes

This release has been made by @Alkarex, @Inverle and newcomers @CarelessCaution, @the7thNightmare

Full changelog:

• Features
  • Keep sort and order criteria during navigation #7585
  • Add info about PDO::ATTR_CLIENT_VERSION (relevant for MySQL / MariaDB with obsolete driver) #7591
• Bug fixing
  • Fix SQL request for user labels with custom sort (affecting PostgreSQL) #7588
  • Fix regression for favicon in GReader and Fever APIs #7573
  • Fix newest articles (within last second) not shown #7577
  • Fix duplicate HTTP header for POST #7556
  • Fix important articles on reader view #7602
  • Fix remove last share method #7613
  • Fix API handling of default category #7610
  • Fix user self-deletion #7626
  • Move PHP minimum version check #7560
• Security
  • Fix encoding of themes #7565
  • Fix .htaccess.dist for access to /scripts/vendor/ #7598
• SimplePie
  • Strip more HTML deprecated styles attributes: bgcolor, text, background, link, alink, vlink #7606
• UI
  • Implement loading spinner for marking as favourite/read #7564
  • Provide theme class for CSS #7559
• Deployment
  • Use HTTP Cache-Control: immutable for some files #7552
  • Drop Apache 2.2 (only support Apache 2.4+) #7561
• I18n
  • Improve Indonesian #7622
  • Improve Polish #7587
• Misc.
  • Update to PHPMailer 6.10.0 #7542
  • Update dev dependencies #7630, #7631, #7632
    #7633, #7634, #7635

1.26.2-ls268

CI Report:

https://ci-tests.linuxserver.io/linuxserver/freshrss/1.26.2-ls268/index.html

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

• Milestone

This is a security-focussed release for FreshRSS 1.26.x, addressing several CVEs (thanks @Inverle) 🛡

A few highlights ✨:

• Implement JSON string concatenation with & operator
• Support multiple JSON fragments in HTML+XPath+JSON mode (e.g. JSON-LD)
• Multiple security fixes with CVEs
• Bug fixes

Notes ℹ:

• Favicons will be reconstructed automatically when feeds gets refreshed. After that, you may need to refresh your Web browser as well.

This release has been made by @Alkarex, @Frenzie, @hkcomori, @loviuz, @math-GH
and newcomers @dezponia, @glyn, @Inverle, @Machou, @mikropsoft

Full changelog:

• Features
  • Implement JSON string concatenation with & operator #7414
  • Support multiple JSON fragments in HTML+XPath+JSON mode #7369
• Bug fixing
  • Fix escaping of tag search #7468
  • Fix CLI parsing of Boolean flags #7430
  • Fix API for labels with slash #7437
• SimplePie
  • Fix support for feeds with XML preamble + DTD #7515, simplepie#914
  • Merged upstream #7434
    • Upstream fix simplepie#912
• Security
  • Disallow <iframe srcdoc=""> #7494, CVE-2025-32015
  • Disallow <button formaction=""> #7506
  • Improve favicons hash to avoid favicon pollution #7505, CVE-2025-46339
  • Add Content-Security-Policy HTTP headers to favicons #7471, CVE-2025-31136
  • Web scraping forbid security HTTP headers in cURL #7496, CVE-2025-46341
  • Add some HTTP headers Referrer-Policy: same-origin #6303, #7478
  • Use HTTP POST for logout #7489, CVE-2025-31482
  • Make update URL read-only #7477
  • Fix for extensions: Restrict valid paths in ext.php #7479, CVE-2025-31134
  • Fix for extensions: Secure serving of user files #7495
• Extensions
  • Fix file serving for symlinked extensions #7545
  • Catch extension exceptions in override #7475
  • JavaScript: new event to detect context loaded #7452
• Deployment
  • Apache: add check for mod_filter to ensure that AddOutputFilterByType works #7419
• UI
  • Accessibility: Add :focus style to some dropdown menus #7491
  • New size option for the Mark as read button #7314
  • Update bcrypt.js from 2.4.4 to 3.0.2 #7449
  • Various UI and style improvements: #7168, #7526
• I18n
  • Rework credits #7426
  • Improve French #7432
  • Improve Italian #7540
  • Improve Polish #7508
  • Improve Turkish #7442
• Misc.
  • Improve PHP code #7431, #7488, #7534
  • Update dev dependencies #7480, #7482, #7483,
    #7484, #7485, #7486,
    #7487, #7533, #7535,
    #7536, #7537, #7538

1.26.2-ls267

CI Report:

https://ci-tests.linuxserver.io/linuxserver/freshrss/1.26.2-ls267/index.html

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

• Milestone

This is a security-focussed release for FreshRSS 1.26.x, addressing several CVEs (thanks @Inverle) 🛡

A few highlights ✨:

• Implement JSON string concatenation with & operator
• Support multiple JSON fragments in HTML+XPath+JSON mode (e.g. JSON-LD)
• Multiple security fixes with CVEs
• Bug fixes

Notes ℹ:

• Favicons will be reconstructed automatically when feeds gets refreshed. After that, you may need to refresh your Web browser as well.

This release has been made by @Alkarex, @Frenzie, @hkcomori, @loviuz, @math-GH
and newcomers @dezponia, @glyn, @Inverle, @Machou, @mikropsoft

Full changelog:

• Features
  • Implement JSON string concatenation with & operator #7414
  • Support multiple JSON fragments in HTML+XPath+JSON mode #7369
• Bug fixing
  • Fix escaping of tag search #7468
  • Fix CLI parsing of Boolean flags #7430
  • Fix API for labels with slash #7437
• SimplePie
  • Fix support for feeds with XML preamble + DTD #7515, simplepie#914
  • Merged upstream #7434
    • Upstream fix simplepie#912
• Security
  • Disallow <iframe srcdoc=""> #7494, CVE-2025-32015
  • Disallow <button formaction=""> #7506
  • Improve favicons hash to avoid favicon pollution #7505, CVE-2025-46339
  • Add Content-Security-Policy HTTP headers to favicons #7471, CVE-2025-31136
  • Web scraping forbid security HTTP headers in cURL #7496, CVE-2025-46341
  • Add some HTTP headers Referrer-Policy: same-origin #6303, #7478
  • Use HTTP POST for logout #7489, CVE-2025-31482
  • Make update URL read-only #7477
  • Fix for extensions: Restrict valid paths in ext.php #7479, CVE-2025-31134
  • Fix for extensions: Secure serving of user files #7495
• Extensions
  • Fix file serving for symlinked extensions #7545
  • Catch extension exceptions in override #7475
  • JavaScript: new event to detect context loaded #7452
• Deployment
  • Apache: add check for mod_filter to ensure that AddOutputFilterByType works #7419
• UI
  • Accessibility: Add :focus style to some dropdown menus #7491
  • New size option for the Mark as read button #7314
  • Update bcrypt.js from 2.4.4 to 3.0.2 #7449
  • Various UI and style improvements: #7168, #7526
• I18n
  • Rework credits #7426
  • Improve French #7432
  • Improve Italian #7540
  • Improve Polish #7508
  • Improve Turkish #7442
• Misc.
  • Improve PHP code #7431, #7488, #7534
  • Update dev dependencies #7480, #7482, #7483,
    #7484, #7485, #7486,
    #7487, #7533, #7535,
    #7536, #7537, #7538

1.26.1-ls267

CI Report:

https://ci-tests.linuxserver.io/linuxserver/freshrss/1.26.1-ls267/index.html

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

• Milestone

This is a bugfix release for 1.26.0, addressing some regressions 🐛

A few highlights ✨:

• Fix regression with cURL HTTP headers breaking conditional HTTP requests
• Fix regression with saving states of user queries
• Fix regression with dynamic OPML

This release has been made by @Alkarex, @FromTheMoon85, @marienfressinaud, @math-GH
and newcomers @abackstrom, @BryanButlerGit, @culbrethj, @EricDiao, @Karvel, @ViPeR5000

Full changelog:

• Features
  • Add cURL version to page about system information #7409
• Bug fixing
  • Fix regression with cURL HTTP headers breaking conditional HTTP requests #7403, FreshRSS/simplepie#33
  • Fix regression with saving states of user queries #7400
  • Fix regression with dynamic OPML #7394
  • Fix update of the user’s last activity on login action #7406
  • Fix setting category option Maximum number of articles to keep per feed #7416
  • Fix priority field when processing a new feed from an extension #7354
• Deployment
  • Fix regression with 64-bit timestamps on 32-bit platforms #7375
  • Fix back-compatibility with cURL 7.51 (we require cURL 7.52+ for CURLPROXY_HTTPS) #7409
• UI
  • Use case-insensitive sort for categories #7402
  • Improve dark mode of Origine theme #7413
  • Added API password indicator #7340
• I18n
  • Fix (es, fa, sk): do not translate XPath code #7404
  • Fix date bug in Finish #7423
  • Add Portuguese from Portugal #7329
  • Improve Hungarian #7391
• Misc.
  • Improve PHP code #7339
  • Update dev dependencies #7386, #7387, #7388

1.26.1-ls266

CI Report:

https://ci-tests.linuxserver.io/linuxserver/freshrss/1.26.1-ls266/index.html

LinuxServer Changes:

Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.

Remote Changes:

• Milestone

This is a bugfix release for 1.26.0, addressing some regressions 🐛

A few highlights ✨:

• Fix regression with cURL HTTP headers breaking conditional HTTP requests
• Fix regression with saving states of user queries
• Fix regression with dynamic OPML

This release has been made by @Alkarex, @FromTheMoon85, @marienfressinaud, @math-GH
and newcomers @abackstrom, @BryanButlerGit, @culbrethj, @EricDiao, @Karvel, @ViPeR5000

Full changelog:

• Features
  • Add cURL version to page about system information #7409
• Bug fixing
  • Fix regression with cURL HTTP headers breaking conditional HTTP requests #7403, FreshRSS/simplepie#33
  • Fix regression with saving states of user queries #7400
  • Fix regression with dynamic OPML #7394
  • Fix update of the user’s last activity on login action #7406
  • Fix setting category option Maximum number of articles to keep per feed #7416
  • Fix priority field when processing a new feed from an extension #7354
• Deployment
  • Fix regression with 64-bit timestamps on 32-bit platforms #7375
  • Fix back-compatibility with cURL 7.51 (we require cURL 7.52+ for CURLPROXY_HTTPS) #7409
• UI
  • Use case-insensitive sort for categories #7402
  • Improve dark mode of Origine theme #7413
  • Added API password indicator #7340
• I18n
  • Fix (es, fa, sk): do not translate XPath code #7404
  • Fix date bug in Finish #7423
  • Add Portuguese from Portugal #7329
  • Improve Hungarian #7391
• Misc.
  • Improve PHP code #7339
  • Update dev dependencies #7386, #7387, #7388