Selfoss Versions Save

This version requires PHP 5.6 7.2 (see known regressions section) or newer. It is also likely the last version to support PHP 7.

Known regressions

• Values in config.ini containing special characters need to be quoted. Will be fixed by https://github.com/fossar/selfoss/commit/ba9339372a7bc0678c6c1f74336406ab1bbb4ecb.
• Updating sources that already contain items will fail on PHP < 7.2.0. Will be fixed by https://github.com/fossar/selfoss/commit/d6e9bc8b01a7d58630772f6dc9938e88a28be706.
• Updating RSS sources without a valid date fails. Will be fixed by #1385.

New features

• Thumbnails can be disabled (#897)
• Reddit spout replaced fragile imgur heuristics with previews provided by the JSON API (#1033)
• Experimental support for using selfoss offline was added. Note that this is only available in secure contexts, that is, over HTTPS, and can be very buggy. (#1014)
• Long articles that do not fit on a single screen will no longer be arranged into columns, allowing for smoother reading experience (#1081)
• Diaspora share button was added, you can enable it with d. (#1121)
• “Copy to clipboard” share button was added, you can enable it with c. (#1142)
• Native sharer is available in secure contexts in browsers that support it. You can enable it by adding a to share key in your config. (#1035)
• Data directory can be configured (#1043)
• New spout for searching Twitter (e.g. following hashtags) was added. (#1213)
• Added option reading_speed_wpm for showing estimated reading time, set it to the number of words you can read in a minute. (#1232)
• Added option db_socket for connecting to MySQL database through UNIX domain. (#1284)
• Search query is now part of URL. (#1216)
• A page that will pre-fill a form for adding a source with URL has been added. You can find it on https://yourselfossurl.com/manage/sources/add?url=some-feed-url. (#1310, #254)
• Search will be carried out using regular expressions when the search query is wrapped in forward slashes, e.g. /regex/. The expression syntax is database specific. (#1205)
• YouTube spout now supports following playlists. (#1260)
• Confirmation is now required when leaving the setting page with unsaved source changes. (#1300)
• Add link from settings page to individual sources and vice versa. (#1329, #1340)
• Tag colour can be now changed using keyboard. (#1335)
• YouTube spout now supports all YouTube URLs that provide feeds. (#1273)
• Add open_in_background_tab option to try to make v shortcut open articles in a background tab (does not work in Chromium-based browsers). (#1354)
• GitHub sources now include author. (#1367)
• Twitter sources now indicate author using the author field rather than including in the title. (#1367)
• Translations into several new languages were added:
  • English (United Kingdom): en-GB
  • French (Canada): fr-CA
  • Galician: gl
  • Hebrew: he
  • Indonesian: id
  • Portuguese (European): pt

Bug fixes

• Reddit spout allows wider range of URLs, including absolute URLs and searches (#1033)
• Improved compatibility with newer versions of PHP (#1049, #1157, #1236, #1294)
• logger_level=NONE is now handled correctly (#1077)
• URLs containing special characters like commas in query string are now handled correctly (#1082)
• Set 60 second timeout to spout HTTP requests to prevent a single feed blocking other updates (#1104)
• Significantly improved accessibility (#1133, #1134, #1141 and #1345)
• Fixed marking more than 1000 items as read at the same time (#1182)
• Fixed loading full text on pages containing ampersands in URLs (#1188)
• Fixed missing styling in article contents (#1221)
• Golem, Lightreading and Heise spouts now use Graby for extracting article contents instead of our own defunct extraction rules. (#1245)
• The tag colour picker now pre-selects the current colour instead of a placeholder colour. (#1269)
• OPML import now correctly handles valid files. (#1366)
• OPML import will prefer title attribute over text for feed names. (#1366)
• OPML import is now able to read files when the browser sends an incorrect MIME type. (#1366)

API changes

• tags attribute is now consistently array of strings, numbers are numbers and booleans are booleans. This might break third-party clients that have not updated yet. (#948)
• API is now versioned separately from selfoss and follows semantic versioning (#1137)
• API 2.21.0: /mark now accepts list of item IDs encoded as JSON. Requests using application/x-www-form-urlencoded are deprecated. (#1182)
• Dates returned as part of items now strictly follow ISO8601 format. (#1246)
• The following are deprecated and will be removed in next selfoss version:
  • Passing credentials in query string, use cookies instead. (#1360)
  • GET /login endpoint, use POST /login. (#1360)
  • GET /logout was deprecated in favour of newly introduced (API 4.1.0) DELETE /api/session/current. (#1360)
  • POST /source/delete/:id in favour of DELETE /source/:id. (#1360)
• API 6.0.0: Makes the author field null when an item author is not known (#1367)

Customization changes

• selfoss.shares.register was removed. Instead you should set selfoss.customSharers to an object of sharer objects. The action callback is now expected to open a window on its own, instead of returning a URL. A label and a HTML code of an icon (you can use a <img> tag, inline <svg>, emoji, etc.) are now expected.

  To demonstrate, if you previously had

  selfoss.shares.register('moo', 'm', true, function(url, title) {
      return 'http://moo.foobar/share?u=' + encodeURIComponent(url) + '&t=' + encodeURIComponent(title);
  });
  

  in your user.js file, you will need to change it to

  selfoss.customSharers = {
      'm': {
          label: 'Share using Moo',
          icon: '🚛',
          action: ({url, title}) => {
              window.open(`http://moo.foobar/share?u=${encodeURIComponent(url)}&t=${encodeURIComponent(title)}`);
          },
      },
  };
  

  (#1017, #1035, #1359)

• Custom FullTextRss filter were moved to fulltextrss directory in data directory (#1043)

• Spouts can now implement getSourceIcon() instead of getIcon() when icon is associated with the feed, not individual icons. (#1190)

• Some language files have been renamed to use correct IETF language tag and you might need to change the language key in your config.ini:

  • Simplified Chinese zh-CN
  • Traditional Chinese zh-TW
  • Norwegian Bokmål nb
  • Swedish sv

• Wallabag sharer now targets Wallabag 2 by default. This is potentially breaking change but hopefully, no one uses Wallabag 1 any more. (#1261)

• defaults.ini file is no longer used, it is only provided for convenience under a new name config-example.ini (#1261, #1267)

• spout classes no longer need to implement Iterator, instead they should return Iterator of newly introduced Item objects from getItems() method. The types of properties of items have also been revisited. (#1341, #1342)

Other changes

• Amine and others have rewritten the Android app from scratch, you will want to install the new one from F-Droid to keep receiving updates.
• The front-end has been modernized using React framework, this will greatly simplify future development. (#1216)
• The front-end routing no longer relies on hash fragment, resulting in nicer URLs. (#1299)
• Prevent sending referrer headers when opening links and sharing for improved privacy. (#1301)
• Removed broken instapaper scraping from Reddit spout (#1033)
• RSS feed will be fetched more reliably (#1052)
• Guzzle is now used for Twitter as well, allowing users to install certificates on outdated hosts easily. (#1102)
• More of user interface is now translatable (#1054)
• Open Sans font is no longer bundled, resulting in smaller installations. Additionally, use_system_font option was removed. The typeface is still set as the default font family, so if you want to use it, install it to your devices. If you want to use a different typeface, add body { font-family: 'Foo Face'; } to your user.css. (#1072)
• The file name of exported sources now includes a timestamp (#1078)
• Developers, we no longer use Grunt. Build the package using npm run dist and check the code using npm run check; see the scripts section in top-level package.json. (#1093)
• Developers, we are now building the styles and client-side code statically, using Parcel. If you update any such assets, you will need to run npm run build for the changes to be reflected. You can also use npm run dev to watch for asset changes. (#1137)
• Developers, CSS files are now checked using stylelint and formatted using Prettier. You can use npm run lint:styles and npm run fix:styles respectively in the assets directory to run those tools. (#1153)
• Google+ and del.icio.us share button were removed (#1121)
• Windows 8 tiles are no longer supported. (#1137)
• Strong password hashes are now supported. (#844, #1137)
• RSS spout now prefers the feed logo to website favicon. (#1152)
• RSS spout now tries to use favicon from the feed domain when there is no logo or home page favicon. (#1152)
• Setting DEBUG to 1 in src/common.php no longer logs HTTP bodies, only headers. Set it to 2 if you need the bodies as well. (#1152)
• PHP startup errors are now logged, instead of having F3 crash with Error 500 (#1195)
• In order to support offline mode, we moved much of the UI to the browser. (#1150, #1184, #1215, #1216)
• We carried out a significant internal refactoring (#1164, #1190)
• Removed Instapaper spout since it has been broken since its acquisition. Sources using it were migrated to “RSS Feed (with content extraction)”. (#1245)
• Placeholders are now used for images before they are loaded to avoid content jumping around (#1204)
• Search button is now always on the screen, avoiding the need to scroll to top to be able to use it. (#1231)
• Button for opening articles, tags, sources and filters in the sidebar, as well as the source and tag links in articles are now real links, allowing to open them in a new tab by middle-clicking them. (#1216, #695)
• The way config.ini is parsed has changed. If you use any of the following characters ?{}|&~!()^", e.g. for database password, you will need to quote the config value like db_password="life0fD4ng3r!". This is a consequence of replacing F3 framework with PHP’s built-in INI parser. (#1261)
• Removed anonymizer configuration option. (#1358)

New features

• Full-text RSS spout is now able to extract content from PDFs (#897)
• URL is no longer cleaned when changing spout (#906)
• It is possible to set tag or source to be opened after user logs in (#927)
• Displaying multiple images from tweets with galleries is supported (#934)
• Quoted tweets are supported (#934)
• Logging destination can be changed (#1004)

Bug fixes

• Fixed Full-text RSS spout (#897)
• It is now unlikely that the client browser gets outdated JS or CSS (#907) On Lighttpd, you might need to update your configuration.
• Fixed back button not working correctly on small screens (#906)
• When using PostgreSQL, vacuuming is left to the database (#906)
• Items from different spouts but with the same uid will not be ignored anymore (#906)
• GitHub spout was modified to correctly escape the data (#906)
• YouTube spout was changed to allow wider range of URLs (#915)
• The items without a date will no longer be added again after clean-up (#914)
• Changed favicon fetcher for RSS spout to be more resilient (#920)
• Tweets are no longer truncated (#934)
• Using arrow keys in photo galleries will no longer change opened item (#942)
• Facebook spout is finally working again (#936)
• PSR-4 autoloading is now used, fixing the compatibility with custom spouts. If you use custom spouts, please make sure to check compliance. (#959)

Other changes

• Fixed compatibility with PHP 7.2 (#1005)
• Improved translations (#932, #981, #985, #1003)
• Changed library for handling ico files (#926)
• Upgraded FancyBox, the gallery looks much slicker now (#942)
• For developers: JavaScript libraries now have to be obtained using NPM (#942)
• Login is now done using AJAX, a step towards progressive web app (#931)
• Guzzle is used for HTTP requests making them more reliable (#936)
• Ironed out some inconsistencies in database schema (#955)
• For developers: JavaScript client code is now checked using eslint (#951)
• Increased resolution of the favicon (#961)
• Added warning when autoloader is missing (#957)
• Removed redundant alt attribute from favicons (#978)
• Favicons are now easier to click on mobile (#992)
• Tables that do not fit into columns will now show a scrollbar (#1001)
• For developers: Coding style and other code requirements can be easily checked using grunt check. (#943)
• Warning will be logged when icon/thumbnail directories are not writeable (#1009)
• Removed readability spout and sharing (#1012)

New features

• Spout title can be fetched automatically (#851)
• selfoss is now navigable (#869)
• Refreshing the sources using the button no longer blocks the user interface (#846)
• State of the items is synced periodically (#846)
• Added option for sharing with Wallabag 2 (#887)

Notable changes

• Composer is used for dependency management, if you downloaded selfoss from git repository you will need to use composer for installing dependencies. (#845)
• Simplified detecting selfoss root URL which should fix some cookie problems (#889)
• Made the db_port configuration key optional (#843)
• Migrated to .htaccess to Apache 2.4 syntax (#833)

Bug fixes

• Fixed YouTube spout (#842)
• DeviantArt, Reddit, Golem and Twitter spouts changed to use HTTPS (#835)
• Fixed reddit spout redirects (#835)
• Fixed Wordpress emoji size on HTTPS sites (#835)
• Fixed twitter links when tweet contains < (#852)
• Fixed encoding problems caused by camo (#826)
• Fixed “$HTTP_RAW_POST_DATA is deprecated” error when updating a single source (#841)
• Fixed twitter spout error reporting (#847)
• Improved error reporting for reddit spout (#860)
• Removed the need for MySQL 5.6; MySQL 5.5.3 or greater is now required again (#863)
• Made RSS feed generated by selfoss valid (#862)
• Fixed #774 “Incorrectly calculated offset for loading new items” (#869)
• Fixed code listings overflowing to different column (#889)

• update Datebase bug on db change to version 9
• clean the Golem.de content a little bit
• allow to collapse/expand filter list
• fix a problem with "tags list" height on collapse/expand filter list
• fix styling issues
• fix read count of secondary tags
• fix and update language files
• fix php 7 bug
• link item source to source listing
• heise spout: Use HTTPS to retrieve feeds
• added the scroll_to_article_header option
• spouts\twitter: Add support for private feeds
• fetch and show emoji icons
• fix reddit spout
• prevents window.opener vulnerability

• improved handling of load list errors
• Bugfix: f3/Web: workaround CURLOPT_FOLLOWLOCATION not allowed when open_basedir is set
• Bugfix: MySQL update time default field
• improvement of translations
• Add spout "RSS Feed (with enclosures)" to support feed enclosures
• Added keyboard shortcut to refresh sources (Shift+r)
• add support for private (@) and hidden (#) tags
• Optimize SQL request to look for icon usage
• Bugfix: Restore pgsql compatibility
• Bugfix: fix tags filtering
• Remove useless debug log
• tweak browser icons
• add toolbar color from Chrome for Android
• added new auto_collapse option
• added rewrite rule for ACME well known location. (folder for lets encrypt)
• improve accesibility of selfoss
• added no-referrer meta tag
• Bugfix: fixed the search offset
• Bugfix: fixed the "active" flag in the sources list
• Rename floIcon constructors for PHP 7 support
• indicator of below the fold unread entries

• Implemented settings overwrite through prefixed ENV variables.
• Fix: F3 would not launch when "magic_quotes_gpc" is not set.
• Multiple enhancements to unread count user interface
• Allow configuration of html <title>
• inline and resize emojis to fit into text flow
• fix blockquote and pre overflow-x resetting
• Wordpress share
• add <strike/> to allowed HTML-elements
• Add functionality to show when the last post was found for a source
• Change MySQL engine to InnoDB
• fix file permissions
• fix bad failure handling when using mobile mark these read button
• fix typos
• refresh event handlers upon mark these read ajax call error
• rename CLI update script (Fix #587)
• fix db_prefix not working (#686)
• mobile: add unread count near logo at the top
• periodicaly poll for stats updates, and reload list if it is empty
• fixed "$HTTP_RAW_POST_DATA is deprecated" error
• fix bad failure handling when using mobile mark these read button
• rename CLI update script (Fix #587)
• some refactorings

• add fulltext rss spout for loading full content from any rss feed
• show unread count in the document title
• add titles to buttons
• fix the author color on smartphones
• fix reload shortcut after hitting last element of list
• enable the app behaviour on android
• add option 'auto_hide_read_on_mobile' support. Allows to hide read it when closing fullscreen view. Default to 0
• fix tag names not case sensitive in mysql
• fix bad encoding with selfoss-android app
• avoid sql syntax error for spouts with zero items
• avoid pgsql error on editing source
• fix favicon parsing
• enable secure cookie if using https and prevent cookie access from js
• fix 'trying to get property of non-object' error
• fix cannot run when base url contains a ~
• fix cannot login when not using HTTPS
• fix front-end nginx (through https:443) forward to apache2 (through http:80) the base url was http and not https
• correctly return 403 permission denied when auth is lacking
• correctly style sup and sub elements in entry content
• scroll entry into view when not completely visible
• github spout: use f3 internals and log errors in db
• improvement of UTF-8 decoding
• selfoss user agent for spouts
• fix parsing href to get icon url
• also try to use feed logo as icon
• show and log error with stacktrace
• added spout that is capable to retrieve a twitter list
• allowing strike-through tag
• new filter support for sources
• allow windows 8 start screen pinning with notifications
• pgsql upgrade to v6: please use transactions
• new translation for brazilian portuguese
• fix error during opml import
• allow code html element in feed content
• fixup feed icon in html homepage regexp
• unbreak twitter spout: allow inline HTML elements in title
• cleanup database abstraction code duplication
• optimize database access
• fix multiple database connections
• hide passwords in source edit view
• fix cookie not being set over HTTP
• convert thumbnails to jpg
• allow target attribute
• add custom javascript file: user.js
• ensure proper failure when feed url return HTTP/406
• improvement of hungarian translation
• improvement of polish translation
• improvement of japanese translation
• improvement of czech translation

• fix prefix bug on mysql
• integrate fancybox for images
• improved twitter integration
• show authors of feeds
• wallbag support added
• update third party libraries
• allow ajax based update of feeds
• fix utf8 feed title bug
• fix #405: extra spaces on login screen
• fix #518: sorting of sources

• hash password (you can set the salt in the config.ini and you can generate a password with following URL: http://your_selfoss_url.com/password)
• remove unused CSS
• minify JavaScript and CSS and collect them all in one all.js and all.css file
• activate caching and compression in .htaccess (if supported by current apache installation)
• code optimization and smaller bugfixes

• new json API for external software
• support for Android selfoss app
• improved heise spout
• some smaller bugfixes (e.g. increased session timeout)