Releases: louislam/uptime-kuma
1.23.15
1.23.14
πββοΈ Improvements
- #4723 Fix: Show API Keys disabled msg when disabled auth (Thanks @chakflying)
- #4757 Fix: Status Page icon do not display correctly after uploaded (Thanks @jmolnar-comparative)
β¬οΈ Security Fixes
- #5132 Update dependencies
1.23.13
π Bug Fixes
- #4692 Fixed language setting issues: Localisation-matching algorithm missing some edgecase (Thanks @CommanderStorm)
- #4700 Fixed TLS issues: Getting TLS certificate through proxy & prometheus update (Thanks @chakflying)
1.23.12
Warning
The i18n detection mehanism which matches your languages and our languages introduced in #4244 was too basic (depending on your setup you might or might not be affected)
See #4692 for further details.
Warning
If you use proxys, please use 1.23.11
instead, as the more reliable events from #4630 don't take this part into consideration.
If you want to prevent such breakages in the future, we would be very happy with increasing the test-coverage in general ^^
πββοΈ Improvements
- #4477 Improved helptext of how to send mail via the systems mail subsystem (Thanks @apio-sys)
- #4630 Feat: Use keylog event to obtain TLS certificate for better reliability [1.23.X] (Thanks @chakflying)
π Bug Fixes
- #4326 Fix
encodeBase64
for empty password or user in HTTP Basic Authentication (Thanks @Saibamen) - #4244 made sure that the i18n does use
navigator.languages
instead ofnavigator.language
for automatic language detection (Thanks @CommanderStorm) - #3598 fix(notification-dingding): throw error when failed (Thanks @AnnAngela)
- #4417 Fix: Make sure browser is connected before returning (Thanks @chakflying)
- #4425 Fix: [JSON-Query] Prevent parsing string-only JSON (Thanks @chakflying)
- #4631 Fix: Add missing FK for monitor-tls-info table [1.23.X] (Thanks @chakflying)
β¬οΈ Security Fixes
- GHSA-23q2-5gf8-gjpp
- #4653 fix: Update nodemailer to fix GHSA-9h6g-pr28-7cqp [1.23.X] (Thanks @Saibamen)
- #4652 fix: Update
axios
,@actions/github
anddompurify
[1.23.X] (Thanks @Saibamen) - Update all dependencies
π¦ Translation Contributions
Others
- #4633 Fix: Fix CI on Windows Runner [1.23.X] (Thanks @chakflying)
- Other small changes, code refactoring and comment/doc updates in this repo:
1.23.11
1.23.10
β¬οΈ Improvements
- #4216 Due to a security patch in 1.23.9, some Uptime Kuma setups behind a reverse proxy required re-configuration. It is no longer necessary now.
- If you added
UPTIME_KUMA_WS_ORIGIN_CHECK=bypass
in the previous version, you should remove it to enhance protection, unless you are using some 3rd-party plugins/apps.
- If you added
β¬οΈ Security Fixes
- #4213 GHSA-88j4-pcx8-q4q3 was not fully patched due to a careless mistake (Thanks @chakflying)
1.23.9
Caution
If you are using a reverse proxy, the security fix may cause connection issue to the WebSocket server. You should add ProxyPreserveHost on
in your <VirtualHost>
for Apache, and proxy_set_header Host $host;
for Nginx. Read more: #4210 (comment)
Warning
If you are using a 3rd-party frontend/tools this may be a breaking change, as the WebSocket Origin has to now match your server hostname.
Set the environment variable UPTIME_KUMA_WS_ORIGIN_CHECK=bypass
to skip this check.
See GHSA-mj22-23ff-2hrr for further details.
β¬οΈ Improvements
- #4163 Add an
aria-label
to the monitor search box (Thanks @CommanderStorm) - #4175 chore: added a helptext for
ntfy
'spriority
field (Thanks @CommanderStorm)
π Bug Fixes
- #4186 Fix: Correct Maintenance Start/End Time Input to Use Explicitly Specified Timezone (Thanks @Ritik0102)
- #4162 Fixed the buttons of
ActionsSelect
andActionsInput
having a defaulttype="submit"
(Thanks @CommanderStorm)
β¬οΈ Security Fixes
- GHSA-88j4-pcx8-q4q3 Fix: Changing Password did not close all logged in socket connections immediately
- GHSA-mj22-23ff-2hrr WebSocket server can only be connected from the same origin only (Similar to the CORS policy)
- Added an environment variable
UPTIME_KUMA_WS_ORIGIN_CHECK
:cors-like
(default) andbypass
Others
- Other small changes, code refactoring and comment/doc updates in this repo:
- #4158 (Thanks @Saibamen)
Please let me know if your username is missing, if your pull request has been merged in this version, or your commit has been included in one of the pull requests.
1.23.8
πββοΈ Improvements
- #4139 Default
Retries
values from1
to0
- #4132 #4133 Improved accessibility (Thanks @CommanderStorm)
- #4141 Added support for /snap/bin/chromium (Ubuntu's default Chromium path)
π Bug Fixes
- #4123 Fixed an issue that Tailscale monitor could freeze Uptime Kuma, which is caused by the last Tailscale monitor security fix.
Dependencies
1.23.7
πββοΈ Improvements
- #4053 Show the original timeout message again and +10 seconds for abort signal
- #4054 Improved error message on abort signal timeout (Thanks @chakflying)
π Bug Fixes
- #4084 Fixed a memory leak issue. Close the client postgresql connection after rejection. (Thanks @mvaled)
- #4088 Reverted "Restart running monitors if no heartbeat", which causes some issues from 1.23.4 to 1.23.6.
β¬οΈ Security Fixes
- f28dccf An XSS issue in the "Google Analytics ID" text field (Reported by @gtg2619) GHSA-v4v2-8h88-65qj
- #4095 Rewrite Tailscale ping using spawnSync (Reported by @vaadata-pascala) GHSA-hfxh-rjv7-2369
- b689733
getGameList
,testChrome
are no longer accessible without login
Others
- Other small changes, code refactoring and comment/doc updates in this repo: