Miniflux Versions Save

• Add media player to listen to audio and video podcasts with the possiblity to resume to last playback position
• Add default tag names for Linkding integration
• Mark only globally visible entries when marking all entries from UI
• Use image included in feeds as feed icon when available
• Order history by changed_at and published_at
• Remove title attribute from entry title links
• Fix reading time that is not aligned correctly with the latest version of Safari
• Use glyphs of the same size on keyboard shortcuts page
• Add maskable versions of the PWA icon
• Replace copyright header with SPDX identifier
• Remove the "í" letter from the Portuguese "lido" word
• Increase golangci-lint timeout value
• Bump github.com/tdewolff/minify/v2, github.com/prometheus/client_golang, golang.org/x/* dependencies

• Add link to the URL rewrite rules documentation
• Update scraping rules for ilpost.it
• Update rewrite rules for theverge.com
• Add a rewrite rule to remove clickbait titles
• Make sure PROXY_IMAGES option is backward compatible with PROXY_OPTION and PROXY_MEDIA_TYPES
• Add new rule to remove tables
• Add support for searching well-known URLs in subdirectory
• Add CSS word-wrap rule to break very long entry title into multiple lines
• Add swipe as option for gesture navigation between entries. There are now 3 possible choices: none, double-tap, and swipe.
• Prefer typographic punctuation in English translation
• Process older entries first:
  • Feed entries are usually ordered from most to least recent.
  • Processing older entries first ensures that their creation timestamp is lower than that of newer entries.
  • This is useful when we order by creation, because then we get a consistent timeline.
• Fix Grafana dashboard
• Push Docker images to Quay.io (RedHat)
• Bump golang.org/x/*, github.com/lib/pq, mvdan.cc/xurls/v2 and github.com/prometheus/client_golang dependencies

• Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler (CVE-2023-27592) Creating an RSS feed item with the inline description containing an <img> tag with a srcset attribute pointing to an invalid URL like http:a<script>alert(1)</script>, we can coerce the proxy handler into an error condition where the invalid URL is returned unescaped and in full.

  This results in JavaScript execution on the Miniflux instance as soon as the user is convinced to open the broken image.

• Use r.RemoteAddr to check /metrics endpoint network access (CVE-2023-27591) HTTP headers like X-Forwarded-For or X-Real-Ip can be easily spoofed. As such, it cannot be used to test if the client IP is allowed.

  The recommendation is to use HTTP Basic authentication to protect the metrics endpoint, or run Miniflux behind a trusted reverse-proxy.

• Add HTTP Basic authentication for /metrics endpoint

• Add proxy support for several media types

• Parse feed categories from RSS, Atom and JSON feeds

• Ignore empty link when discovering feeds

• Disable CGO explicitly to make sure the binary is statically linked

• Add CSS classes to differentiate between category/feed/entry view and icons

• Add rewrite and scraper rules for blog.cloudflare.com

• Add color-scheme to themes

• Add new keyboard shortcut to toggle open/close entry attachments section

• Sanitizer: allow id attribute in <sup> element

• Add Indonesian Language

• Update translations

• Update Docker Compose examples:

  • Run the application in one command
  • Bring back the health check condition to depends_on
  • Remove deprecated version element

• Update scraping rules for ilpost.it

• Bump github.com/PuerkitoBio/goquery from 1.8.0 to 1.8.1

• Bump github.com/tdewolff/minify/v2 from 2.12.4 to 2.12.5

• Bump github.com/yuin/goldmark from 1.5.3 to 1.5.4

• Bump golang.org/x/* dependencies

• Fix header items wrapping
• Add option to enable or disable double tap
• Improve PWA display mode label in settings page
• Bump golang.org/x/* dependencies
• Update translations
• Add scraping rule for ilpost.it
• Update reading time HTML element after fetching the original web page
• Add category feeds refresh feature

• Reverted PR #1290 (follow the only link) because it leads to several panics/segfaults that prevent feed updates
• Disable double-tap mobile gesture if swipe gesture is disabled
• Skip integrations if there are no entries to push
• Enable TLS-ALPN-01 challenge for ACME
  • This type of challenge works purely at the TLS layer and is compatible with SNI proxies. The existing HTTP-01 challenge support has been left as-is.
• Preconfigure Miniflux for GitHub Codespaces
• Updated golang.org/x/net/* dependencies

• Update dependencies
• Pin Postgres image version in Docker Compose examples to avoid unexpected upgrades
• Make English and Spanish translation more consistent:
  • Use "Feed" everywhere instead of "Subscription"
  • Use "Entry" instead of "Article"
• Allow Content-Type and Accept headers in CORS policy
• Use dirs file for Debian package
• Use custom home page in PWA manifest
• Fix scraper rule that could be incorrect when there is a redirect
• Improve web scraper to fetch the only link present as workaround to some landing pages
• Add Matrix bot integration
• Proxify images in API responses
• Add new options in user preferences to configure sorting of entries in the category page
• Remove dependency on github.com/mitchellh/go-server-timing
• Add support for the continuation parameter and result for Google Reader API ID calls
• Use automatic variable for build target file names
• Add rewrite rule for recalbox.com
• Improve Dutch translation

• Add support for date filtering in Google Reader API item ID calls
• Handle RSS entries with only a GUID permalink
• Go API Client: Accept endpoint URLs ending with /v1/
• CORS API headers: Allow Basic authorization header
• Log feed URL when submitting a subscription that returns an error
• Update make run command to execute migrations automatically
• Add option to send only the URL to Wallabag
• Do not convert anchors to absolute links
• Add config option to use a custom image proxy URL
• Allow zoom on mobile devices
• Add scraping rules for theverge.com, royalroad.com, swordscomic.com, and smbc-comics.com
• Add Ukrainian translation
• Update golang.org/x/* dependencies
• Bump github.com/tdewolff/minify/v2 from 2.12.0 to 2.12.4
• Bump github.com/yuin/goldmark from 1.4.13 to 1.5.2
• Bump github.com/lib/pq from 1.10.6 to 1.10.7

Make sure to use the new Debian and RPM repositories instead of the old ones:

• https://miniflux.app/docs/howto.html#apt-repo
• https://miniflux.app/docs/howto.html#rpm-repo

List of changes:

• Rename default branch from master to main
• Update GitHub Actions
• Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0
• Fix some linter issues
• Handle Atom links with a text/html type defined
• Add parse_markdown rewrite function
• Build RPM and Debian packages automatically using GitHub Actions
• Add explosm.net scraper rule
• Make default home page configurable
• Add title attribute to entry links because text could be truncated
• Highlight categories with unread entries
• Allow option to order by title and author in API entry endpoint
• Update Russian translation
• Make reading speed user-configurable
• Added translation for Hindi language used in India
• Add rewrite rules for article URL before fetching content
• Bump github.com/tdewolff/minify/v2 from 2.11.7 to 2.12.0
• Support other repo owners in GitHub Docker Action
• Proxify empty URL should not crash
• Avoid stretched image if specified width is larger than Miniflux's layout
• Add support for OPML files with several nested outlines
• sanitizer: handle image URLs in srcset attribute with comma
• Allow width and height attributes for img tags
• Document that -config-dump command line argument shows sensitive info
• Add System-V init service in contrib folder
• Fix syntax error in RequestBuilder.getCsrfToken() method

• Add rewrite rule to decode base64 content
• Add Linkding integration
• Add comment button to Telegram message
• Add API endpoint to fetch unread and read counters
• Fixes logic bug in Google Reader API sanity check
• Reduce number of CORS preflight check to save network brandwidth
• Add Espial integration
• Allow API search for entries which are not starred
• Try to use outermost element text when title is empty
• Make swipe gestures feel more natural
  • Removes opacity transition when swiping an article read/unread
  • Adds "resistance" to the swiped entry when the 75px threshold is reached
  • Fixes an issue in which a swiped article couldn't be moved <15px
• Add support for feed streams to Google Reader API IDs API
• Fix invalid parsing of icon data URL
• Add Traditional Chinese translation
• Add distroless Docker image variant
• Add Go 1.18 to GitHub Action
• Bump github.com/tdewolff/minify/v2 from 2.10.0 to 2.11
• Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2
• Bump github.com/lib/pq from 1.10.4 to 1.10.6

• Gray out pagination buttons when they are not applicable
• Use truncated entry description as title if unavailable
• Do not fallback to InnerXML if XHTML title is empty
• Add + keyboard shortcut for new subscription page
• Add (+) action next to Feeds to quickly add new feeds
• Fix unstar not working via Google Reader API
• Remove circles in front of page header list items
• Fix CSS hover style for links styled as buttons
• Avoid showing undefined when clicking on read/unread
• Add new keyboard shortcut M to toggle read/unread, and go to previous item
• Add several icons to menus according to their roles
• Add missing event argument to onClick() function call
• Add links to scraper/rewrite/filtering docs when editing feeds
• Add a rewrite rule for Castopod episodes
• Fix regression: reset touch-item if not in /unread page
• Add API endpoint to fetch original article
• Show the category first in feed settings
• Add pagination on top of all entries
• Display Go version in "About" page
• Bump mvdan.cc/xurls/v2 from 2.3.0 to 2.4.0
• Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1
• Bump github.com/tdewolff/minify/v2 from 2.9.28 to 2.10.0