Minimalist and opinionated feed reader
changed_at
and published_at
github.com/tdewolff/minify/v2
, github.com/prometheus/client_golang
, golang.org/x/*
dependenciesilpost.it
theverge.com
PROXY_IMAGES
option is backward compatible with PROXY_OPTION
and PROXY_MEDIA_TYPES
word-wrap
rule to break very long entry title into multiple linesnone
, double-tap
, and swipe
.Quay.io
(RedHat)golang.org/x/*
, github.com/lib/pq
, mvdan.cc/xurls/v2
and github.com/prometheus/client_golang
dependenciesAvoid XSS when opening a broken image due to unescaped ServerError in proxy handler (CVE-2023-27592)
Creating an RSS feed item with the inline description containing an <img>
tag
with a srcset
attribute pointing to an invalid URL like
http:a<script>alert(1)</script>
, we can coerce the proxy handler into an error
condition where the invalid URL is returned unescaped and in full.
This results in JavaScript execution on the Miniflux instance as soon as the user is convinced to open the broken image.
Use r.RemoteAddr
to check /metrics
endpoint network access (CVE-2023-27591)
HTTP headers like X-Forwarded-For
or X-Real-Ip
can be easily spoofed. As
such, it cannot be used to test if the client IP is allowed.
The recommendation is to use HTTP Basic authentication to protect the metrics endpoint, or run Miniflux behind a trusted reverse-proxy.
Add HTTP Basic authentication for /metrics
endpoint
Add proxy support for several media types
Parse feed categories from RSS, Atom and JSON feeds
Ignore empty link when discovering feeds
Disable CGO explicitly to make sure the binary is statically linked
Add CSS classes to differentiate between category/feed/entry view and icons
Add rewrite and scraper rules for blog.cloudflare.com
Add color-scheme
to themes
Add new keyboard shortcut to toggle open/close entry attachments section
Sanitizer: allow id
attribute in <sup>
element
Add Indonesian Language
Update translations
Update Docker Compose examples:
depends_on
version
elementUpdate scraping rules for ilpost.it
Bump github.com/PuerkitoBio/goquery
from 1.8.0
to 1.8.1
Bump github.com/tdewolff/minify/v2
from 2.12.4
to 2.12.5
Bump github.com/yuin/goldmark
from 1.5.3
to 1.5.4
Bump golang.org/x/*
dependencies
golang.org/x/*
dependenciesilpost.it
golang.org/x/net/*
dependenciesContent-Type
and Accept
headers in CORS policygithub.com/mitchellh/go-server-timing
continuation
parameter and result for Google Reader API ID callsrecalbox.com
/v1/
Basic
authorization headermake run
command to execute migrations automaticallytheverge.com
, royalroad.com
, swordscomic.com
, and smbc-comics.com
golang.org/x/*
dependenciesgithub.com/tdewolff/minify/v2
from 2.12.0
to 2.12.4
github.com/yuin/goldmark
from 1.4.13
to 1.5.2
github.com/lib/pq
from 1.10.6
to 1.10.7
Make sure to use the new Debian and RPM repositories instead of the old ones:
List of changes:
github.com/prometheus/client_golang
from 1.12.2
to 1.13.0
parse_markdown
rewrite functionexplosm.net
scraper rulegithub.com/tdewolff/minify/v2
from 2.11.7
to 2.12.0
srcset
attribute with commawidth
and height
attributes for img
tags-config-dump
command line argument shows sensitive infoRequestBuilder.getCsrfToken()
methodgithub.com/tdewolff/minify/v2
from 2.10.0
to 2.11
github.com/prometheus/client_golang
from 1.12.1
to 1.12.2
github.com/lib/pq
from 1.10.4
to 1.10.6
+
keyboard shortcut for new subscription page(+)
action next to Feeds to quickly add new feedsundefined
when clicking on read/unreadM
to toggle read/unread, and go to previous itemonClick()
function call/unread
pagemvdan.cc/xurls/v2
from 2.3.0 to 2.4.0github.com/prometheus/client_golang
from 1.11.0 to 1.12.1github.com/tdewolff/minify/v2
from 2.9.28 to 2.10.0