changedetection.io Release Notes
Last updated: Mar 14, 2026
- Mar 13, 2026
- Date parsed from source:Mar 13, 2026
- First seen by Releasebot:Mar 14, 2026
changedetection.io by dgtlmoon
0.54.5
dgtlmoon rolls out 0.54.5 with a broad payload from encoding hardening and UTF-8 fixes to UI tweaks, API changes, and performance gains. It adds Spanish translation, adds a POST tag/group API tweak, and credits new contributor work, signaling a real product release.
What's Changed
- Restock - No need to extract the text because it's not used anyway by @dgtlmoon in #3951
- Content fetching -Better detection of other encodings, Replace/upgrade broken UTF-8 , Ensure rest of retrieved content is UTF-8 for the app by @dgtlmoon in #3954
- UI - Price amount is sometimes string or integer by @dgtlmoon in #3950
- CI - Bump the all group with 5 updates by @dependabot[bot] in #3955
- Various memory and CPU improvements by @dgtlmoon in #3960
- Add complete Spanish translation (es) by @adriangc24 in #3961
- Create (POST) tag/group through API do not save processor_config_restock_diff values by @dgtlmoon in #3968
- UI - Fixing Preview "GO" version button by @dgtlmoon in #3969
- API - Invert changes_only flag for include_equal parameter by @dgtlmoon in #3976
New Contributors
- @adriangc24 made their first contribution in #3961
Full Changelog: 0.54.4...0.54.5
Original source Report a problem - Mar 4, 2026
- Date parsed from source:Mar 4, 2026
- First seen by Releasebot:Mar 14, 2026
changedetection.io by dgtlmoon
0.54.4
dgtlmoon announces a notable release with fixes to i18n confirmation text when clearing snapshot history, Python CI/test and API docs improvements, several CVEs addressed (XSS and XPath risks), backups security patches, plus new contributor acknowledgments; changelog spans 0.54.3 to 0.54.4.
What's Changed
- fix(i18n): accept translated confirmation text when clearing snapshot history by @eren-karakus0 in #3940
- Python 3.14 CI test and support by @dgtlmoon in #3941
- Updating API docs with better processor plugin info by @dgtlmoon in #3942
- CVE-2026-29038 - Reflected XSS in RSS Tag Error Response
- CVE-2026-29039 - XPath - Arbitrary File Read via unparsed-text()
- CVE-2026-29065 - fix(backups): patch zip slip advisory, zip bomb, upload size limit, UUID validation, secret.txt leakage, and download edge cases
New Contributors
- @eren-karakus0 made their first contribution in #3940
Full Changelog: 0.54.3...0.54.4
Original source Report a problem All of your release notes in one feed
Join Releasebot and get updates from dgtlmoon and hundreds of other software products.
- Feb 28, 2026
- Date parsed from source:Feb 28, 2026
- First seen by Releasebot:Mar 14, 2026
changedetection.io by dgtlmoon
0.54.3
dgtlmoon unveils 0.54.3 with French and Ukrainian translations, a small hostnames fetch-time fix, and a CVE-2026-27696 patch.
What's Changed
- Update messages.po in French translation by @RithyNicolasTAN in #3926
- Adding Ukrainian (uk) translations, rebuilding translations. by @dgtlmoon in #3936
- CVE-2026-27696 Small fix - Restricted hostnames can still be added but are only checked at fetch-time (not when rendering lists etc) by @dgtlmoon in #3938
New Contributors
- @RithyNicolasTAN made their first contribution in #3926
Full Changelog: 0.54.2...0.54.3
Original source Report a problem - Feb 27, 2026
- Date parsed from source:Feb 27, 2026
- First seen by Releasebot:Mar 14, 2026
changedetection.io by dgtlmoon
0.54.2
dgtlmoon announces 0.54.2 release with improved notification tokens, extensible processor API, jsonpath-ng upgrade, and security checks.
What's Changed
- Fixing change_datetime notification token (and adding test) by @dgtlmoon in #3922
- Notification Token {{diff}} can accept arguments like {{diff_added(lines=5, context=2)}} by @dgtlmoon in #3923
- Processor extensible API for updating by @dgtlmoon in #3902
- Update jsonpath-ng requirement from ~=1.7.0 to ~=1.8.0 by @dependabot[bot] in #3929
- Bump the all group with 2 updates by @dependabot[bot] in #3931
- Unresolvable hostnames should still be added, they are security checked at fetch time by @dgtlmoon in #3933
Full Changelog: 0.54.1...0.54.2
Original source Report a problem - Feb 23, 2026
- Date parsed from source:Feb 23, 2026
- First seen by Releasebot:Mar 14, 2026
changedetection.io by dgtlmoon
0.54.1
dgtlmoon patches SSRF and XSS in Watch URLs with changelog spanning 0.53.7 to 0.54.1.
CVE-2026-27696 - Server-Side Request Forgery (SSRF) via Watch URLs
set env var ALLOW_IANA_RESTRICTED_ADDRESSES to true to access IANA reserved URLs such as http://169.254.169.254, http://10.0.0.1/, http://127.0.0.1/, etc.
CVE-2026-27645 - Reflected XSS in RSS Single Watch request
Full Changelog
0.53.7...0.54.1
Original source Report a problem - Feb 23, 2026
- Date parsed from source:Feb 23, 2026
- First seen by Releasebot:Mar 14, 2026
changedetection.io by dgtlmoon
0.53.7
dgtlmoon announces a release featuring upgrading flask-socketio, a dependency bump to 0.37.0, and full changelog coverage from 0.53.6 to 0.53.7.
What's Changed
- Upgrading flask-socketio ( #3910 ) by @dgtlmoon in #3918
- Bump referencing from 0.35.1 to 0.37.0 by @dependabot[bot] in #3677
- Dont pin referencing library by @dgtlmoon in #3919
- Full Changelog: 0.53.6...0.53.7
- Feb 21, 2026
- Date parsed from source:Feb 21, 2026
- First seen by Releasebot:Mar 14, 2026
changedetection.io by dgtlmoon
0.53.6
dgtlmoon announces Pip install updates removing a Flask patch and pinning, plus a fix for compression memory leak with flask-socketio, covering 0.53.5 to 0.53.6.
What's Changed
Pip installs - remove flask patch and pin library versions by @dgtlmoon in #3912 #3910
Fixing exclude compression (which has some kind of memory leak with flask-socketio)
Full Changelog: 0.53.5...0.53.6
Original source Report a problem - Feb 19, 2026
- Date parsed from source:Feb 19, 2026
- First seen by Releasebot:Mar 14, 2026
changedetection.io by dgtlmoon
0.53.5
dgtlmoon releases 0.53.4 to 0.53.5 with backup restore improvements and metadata replacement fixes.
What's Changed
- Backup restore by @dgtlmoon in #3899
- Fixing bad replacement of metadata causing possible content removal #3906 by @dgtlmoon in #3908
Full Changelog: 0.53.4...0.53.5
Original source Report a problem - Feb 18, 2026
- Date parsed from source:Feb 18, 2026
- First seen by Releasebot:Mar 14, 2026
changedetection.io by dgtlmoon
0.53.4
dgtlmoon unveils a new patch with UI fixes, watch processing hooks and real time status updates plus Puppeteer cleanup. It tackles time schedule edge cases, large HTML to text quirks, long content SPAs, and a migration cleanup from 0.53.3 to 0.53.4, signaling a formal release.
What's Changed
- Pluggy plugin hook for before and after a watch is processed by @dgtlmoon in #3888
- UI - Fixing realtime updates for status updates when checking by @dgtlmoon in #3889
- Fix time schedule off-by-one bug at exact end times for all durations and add comprehensive edge case tests Re #3846 by @dgtlmoon in #3890
- "Error 200 no content" - Some very large SPA pages make HTML to Text fail by dumping 10Mb+ into page header, strip extras. by @dgtlmoon in #3892
- Large html to text error 200 blank by @dgtlmoon in #3893
- Fix: Some SPAs with long content - Stripping tags must also find matching close tag by @dgtlmoon in #3895
- Puppeteer - Adding extra browser cleanup by @dgtlmoon in #3897
- Updates/migration - Re-run tag update, re-save to cleanup changedetection.json, code refactor by @dgtlmoon in #3898
- Full Changelog: 0.53.3...0.53.4
- Feb 16, 2026
- Date parsed from source:Feb 16, 2026
- First seen by Releasebot:Mar 14, 2026
changedetection.io by dgtlmoon
0.53.3
dgtlmoon announces an API update that skips server path validation to work on sub-paths and reverse proxies across 0.53.2 to 0.53.3.
What's Changed
API - Skip validation errors about server path (allows use on sub-paths/reverse proxy etc) by @dgtlmoon in #3886
Full Changelog: 0.53.2...0.53.3
Original source Report a problem