v2.0.46

Compare Source

• Add scraper and rewrite rules for Webtoons
• Fix regression in integration page and simplify SQL query
• Wallabag integration: add more information in log messages
• Add support for custom Youtube embed URL
• Fix accessibility issues in modal component
  • Fix modal aria role
  • Trap focusing with tab / shift+tab inside the modal
  • Restore keyboard focus when closing modal
  • Automatically move keyboard focus to first focusable element unless specified otherwise
  • Keyboard shortcut help modal: move keyboard focus to modal title
  • Keyboard shortcut help modal: change close control from link to button
• Add Notion integration
• Update golang.org/x/* dependencies and go-oidc to v3.6.0
• Improve responsive design
• Add user setting for marking entry as read on view
• Improve Russian translation
• Add the possibility to run cleanup tasks from the command line
• Add the possibility to run Miniflux as a cronjob
• Use go-httpbin to run tests locally and avoid remote calls to httpbin.org
• Display tags when viewing entries
• Update categories API endpoint to return total_unread and feed_count
• Improve date parser to handle various broken date formats
• Avoid pq: time zone displacement out of range errors
• Improve entry existance check to make better use of index
• Add unique index enclosures_user_entry_url_idx
• Add mark as unread for Linkding integration
• Add sub-folder support for Wallabag integration
• Use RockyLinux to build RPM package
• Disable CGO when building RPM package
• Disable CGO when building Docker images

v2.0.45

Compare Source

• Add media player to listen to audio and video podcasts with the possiblity to resume to last playback position
• Add default tag names for Linkding integration
• Mark only globally visible entries when marking all entries from UI
• Use image included in feed as feed icon when available
• Order history by changed_at and published_at
• Remove title attribute from entry title links
• Fix reading time that is not aligned correctly with the latest version of Safari
• Use glyphs of the same size on keyboard shortcuts page
• Add maskable versions of the PWA icon
• Replace copyright header with SPDX identifier
• Remove the "í" letter from the Portuguese "lido" word
• Increase golangci-lint timeout value
• Bump github.com/tdewolff/minify/v2, github.com/prometheus/client_golang, golang.org/x/* dependencies

v2.0.44

Compare Source

• Add link to the URL rewrite rules documentation
• Update scraping rules for ilpost.it
• Update rewrite rules for theverge.com
• Add a rewrite rule to remove clickbait titles
• Make sure PROXY_IMAGES option is backward compatible with PROXY_OPTION and PROXY_MEDIA_TYPES
• Add new rule to remove tables
• Add support for searching well-known URLs in subdirectory
• Add CSS word-wrap rule to break very long entry title into multiple lines
• Add swipe as option for gesture navigation between entries. There are now 3 possible choices: none, double-tap, and swipe.
• Prefer typographic punctuation in English translation
• Process older entries first:
  • Feed entries are usually ordered from most to least recent.
  • Processing older entries first ensures that their creation timestamp
    is lower than that of newer entries.
  • This is useful when we order by creation, because then we get a
    consistent timeline.
• Fix Grafana dashboard
• Push Docker images to Quay.io (RedHat)
• Bump golang.org/x/*, github.com/lib/pq, mvdan.cc/xurls/v2 and github.com/prometheus/client_golang dependencies

v2.0.43

Compare Source

• Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler (CVE-2023-27592)

  Creating an RSS feed item with the inline description containing an <img> tag
  with a srcset attribute pointing to an invalid URL like
  http:a<script>alert(1)</script>, we can coerce the proxy handler into an error
  condition where the invalid URL is returned unescaped and in full.

  This results in JavaScript execution on the Miniflux instance as soon as the
  user is convinced to open the broken image.

• Use r.RemoteAddr to check /metrics endpoint network access (CVE-2023-27591)

  HTTP headers like X-Forwarded-For or X-Real-Ip can be easily spoofed. As
  such, it cannot be used to test if the client IP is allowed.

  The recommendation is to use HTTP Basic authentication to protect the
  metrics endpoint, or run Miniflux behind a trusted reverse-proxy.

• Add HTTP Basic authentication for /metrics endpoint

• Add proxy support for several media types

• Parse feed categories from RSS, Atom and JSON feeds

• Ignore empty link when discovering feeds

• Disable CGO explicitly to make sure the binary is statically linked

• Add CSS classes to differentiate between category/feed/entry view and icons

• Add rewrite and scraper rules for blog.cloudflare.com

• Add color-scheme to themes

• Add new keyboard shortcut to toggle open/close entry attachments section

• Sanitizer: allow id attribute in <sup> element

• Add Indonesian Language

• Update translations

• Update Docker Compose examples:

  • Run the application in one command
  • Bring back the health check condition to depends_on
  • Remove deprecated version element

• Update scraping rules for ilpost.it

• Bump github.com/PuerkitoBio/goquery from 1.8.0 to 1.8.1

• Bump github.com/tdewolff/minify/v2 from 2.12.4 to 2.12.5

• Bump github.com/yuin/goldmark from 1.5.3 to 1.5.4

• Bump golang.org/x/* dependencies

v2.0.42

Compare Source

• Fix header items wrapping
• Add option to enable or disable double tap
• Improve PWA display mode label in settings page
• Bump golang.org/x/* dependencies
• Update translations
• Add scraping rule for ilpost.it
• Update reading time HTML element after fetching the original web page
• Add category feeds refresh feature

v2.0.41

Compare Source

• Reverted PR #​1290 (follow the only link) because it leads to several panics/segfaults that prevent feed updates
• Disable double-tap mobile gesture if swipe gesture is disabled
• Skip integrations if there are no entries to push
• Enable TLS-ALPN-01 challenge for ACME
  • This type of challenge works purely at the TLS layer and is compatible
    with SNI proxies. The existing HTTP-01 challenge support has been left
    as-is.
• Preconfigure Miniflux for GitHub Codespaces
• Updated golang.org/x/net/* dependencies

v2.0.40

Compare Source

• Update dependencies
• Pin Postgres image version in Docker Compose examples to avoid unexpected upgrades
• Make English and Spanish translation more consistent:
  • Use "Feed" everywhere instead of "Subscription"
  • Use "Entry" instead of "Article"
• Allow Content-Type and Accept headers in CORS policy
• Use dirs file for Debian package
• Use custom home page in PWA manifest
• Fix scraper rule that could be incorrect when there is a redirect
• Improve web scraper to fetch the only link present as workaround to some landing pages
• Add Matrix bot integration
• Proxify images in API responses
• Add new options in user preferences to configure sorting of entries in the category page
• Remove dependency on github.com/mitchellh/go-server-timing
• Add support for the continuation parameter and result for Google Reader API ID calls
• Use automatic variable for build target file names
• Add rewrite rule for recalbox.com
• Improve Dutch translation

v2.0.39

Compare Source

• Add support for date filtering in Google Reader API item ID calls
• Handle RSS entries with only a GUID permalink
• Go API Client: Accept endpoint URLs ending with /v1/
• CORS API headers: Allow Basic authorization header
• Log feed URL when submitting a subscription that returns an error
• Update make run command to execute migrations automatically
• Add option to send only the URL to Wallabag
• Do not convert anchors to absolute links
• Add config option to use a custom image proxy URL
• Allow zoom on mobile devices
• Add scraping rules for theverge.com, royalroad.com, swordscomic.com, and smbc-comics.com
• Add Ukrainian translation
• Update golang.org/x/* dependencies
• Bump github.com/tdewolff/minify/v2 from 2.12.0 to 2.12.4
• Bump github.com/yuin/goldmark from 1.4.13 to 1.5.2
• Bump github.com/lib/pq from 1.10.6 to 1.10.7