Freshrss Release Notes

Features

• New sort order preferences at global, category, and feed levels
• Add option to enable/disable notifications, also for PWA
• Allow WebSub hub push from same private network

Bug fixing

• Fix wrong search toString in case of regex-looking string

Security

• Add allowfullscreen to
• Rewrite Set-Cookie using native PHP support of SameSite
• Sanitize lifetime of session cookies from session.cookie-lifetime in php.ini

I18n

• Improve Simplified Chinese

Misc.

• Initial conventions for AI agents and humans: AGENTS.md, SKILLS.md, instructions.md
• Update to PHPMailer 7.0.2
• Update dev dependencies

Original source Report a problem

Features

• Handle Web scraping of text/plain as

• New customisable message for closed registrations

Bug fixing

• Fix unwanted expansion of user queries (saved searches) applied to filters
• Fix encoding of filter actions for labels
• Fix searching of tags
• Fix refreshing feeds with token while anonymous refresh is disabled
• Fix RSS and OPML access by token
• Fix MySQL/MariaDB transliterator_transliterate fallback (when the php-intl extension is unavailable)
• Fix regression with MySQL/MariaDB index hint
• Auto-add lastUserModified database column also during mark-as-read action
• Do not include hidden feeds when counting unread articles in categories
• Remove wrong PHP deprecation of OPML export action
• Fix shortcut for next unread article
• Fix custom session.cookie-lifetime
• Fix feed validator button when changing the feed URL

Performance

• Disable counting articles in user labels for Ajax requests (unused)

Security

• Change Content-Disposition: inline to attachment in f.php
• Hardened user methods exists, mtime, ctime

Deployment

• Add username in Apache access logs (also in Docker logs): for GReader API, and for HTTP Basic Auth from reverse proxy

SimplePie

• Update of CURLOPT_ACCEPT_ENCODING
• Fix don’t preserve children inside disallowed element
• Fixes before PHPStan 2

Extensions

• Update .gitignore to ignore installed extensions

UI

• Add data-category="3" to ease custom CSS styling of articles
• Fix space between By: and the author’s name

I18n

• Improve Brazilian Portuguese, Dutch, German, Polish, Spanish

Misc.

• Initial conventions for AI agents and humans: AGENTS.md, SKILLS.md, instructions.md
• Update to PHPMailer 7.0.2
• Update dev dependencies

Original source Report a problem

Milestone

This is a release focussing on bug fixing, in particular regressions from the release 1.28.0.

Selected new features

• New customisable message for closed registrations
• Add username in Apache access logs (also in Docker logs): for GReader API, and for HTTP Basic Auth from reverse proxy
• Improved performance 🏎️:
• Disable counting articles in user labels for Ajax requests (unused)
• Many bug fixes 🐛

This release has been made by @Alkarex, @Frenzie, @Inverle and newcomers @ciro-mota, @eveiscoull, @hackerman70000, @Hufschmidt, @johan456789, @martgnz, @mmeier86, @netsho, @neuhaus, @RobLoach, @rupakbajgain.

Full changelog:

Features

• Handle Web scraping of text/plain as <pre class="text-plain"> #8340
• New customisable message for closed registrations #8462

Bug fixing

• Fix unwanted expansion of user queries (saved searches) applied to filters #8395
• Fix encoding of filter actions for labels #8368
• Fix searching of tags #8425
• Fix refreshing feeds with token while anonymous refresh is disabled #8371
• Fix RSS and OPML access by token #8434
• Fix MySQL/MariaDB transliterator_transliterate fallback (when the php-intl extension is unavailable) #8427
• Fix regression with MySQL/MariaDB index hint #8460
• Auto-add lastUserModified database column also during mark-as-read action #8346
• Do not include hidden feeds when counting unread articles in categories #8357
• Remove wrong PHP deprecation of OPML export action #8399
• Fix shortcut for next unread article #8466
• Fix custom session.cookie-lifetime #8446
• Fix feed validator button when changing the feed URL #8436

Performance

• Disable counting articles in user labels for Ajax requests (unused) #8352

Security

• Change Content-Disposition: inline to attachment in f.php #8344
• Hardened user methods exists, mtime, ctime #26c1102

Deployment

• Add username in Apache access logs (also in Docker logs): for GReader API, and for HTTP Basic Auth from reverse proxy #8392

SimplePie

• Update of CURLOPT_ACCEPT_ENCODING #8376, simplepie#960, simplepie#962
• Fix don’t preserve children inside disallowed <template> element #8443
• Fixes before PHPStan 2 #8445, simplepie#957

Extensions

• Update .gitignore to ignore installed extensions #8372

UI

• Add data-category="3" to ease custom CSS styling of articles #8397
• Fix space between By: and the author’s name #8422

I18n

• Improve Brazilian Portuguese #8411
• Improve Dutch #8403
• Improve German #8402
• Improve Polish #8408
• Improve Spanish #8464

Misc.

• Update dev dependencies #8387, #8388, #8389,

#8390, #8391, #8393,
#8453

Original source Report a problem

Features

• New sorting and filtering by date of User modified
  • Corresponding search operator, e.g. userdate:PT1H for the past hour
  • Allows finding articles marked by the local user as read/unread or starred/unstarred at specific dates for e.g. undo action.
• New sorting by article length
• New advanced search form
• Add compatibility with PCRE word boundary \b and \B for regex search using PostgreSQL
• More uniform SQL search and PHP search for accents and case-sensitivity (e.g. for automatically marking as read)
• New overview of dates with most unread articles
• Allow marking as read articles older than 1 or 7 days also when sorting by publication date
• New option to show user labels instead of tags in RSS share
• Add new feed visibility (priority) Show in its feed
• New ability to share feed visibility through API (implemented by e.g. Capy Reader)
• Configurable notification timeout
• OPML export/import of unicity criteria
• Ensure stable IDs (categories, feeds, labels) during export/import
• Add username and timestamp to SQLite export from Web UI
• Add option to apply filter actions to existing articles
• Support CSS selector ~ subsequent-sibling
  • Upstream PR phpgt/CssXPath#231
• Rework saving of configuration files for more reliability in case of e.g. full disk
• Web scraping support date format as milliseconds for Unix epoch
• Allow negative category sort numbers

Performance

• Improve SQL speed for updating cached information
• Fix SQL performance issue with MySQL, using an index hint
• Scaling of user statistics in Web UI and CLI, to help instances with 1k+ users
• API streaming of large responses for reducing memory consumption and increasing speed

Security

• 💥 Move unsafe autologin to an extension
• Fix some CSRFs
• Strengthen some crypto (login, tokens, nonces)
• Create separate HTTP Retry-After rules for proxies
• Add data: to CSP in subscription controller
• Improve anonymous authentication logic
• Enable GitHub release immutability

Bug fixing

• Exclude local networks for domain-wide HTTP Retry-After
• Fix OpenID Connect with Debian 13
• Fix MySQL / MariaDB bug wrongly sorting new articles
• Fix MySQL / MariaDB database size calculation
• Fix SQLite bind bug when adding user label
• Fix SQL auto-update of field f.kind to ease migrations from FreshRSS versions older than 1.20.0
• Fix search encoding and quoting
• Fix handling of database unexpected null content (during migrations)
• Fix drag & drop of user query losing information
• Fix DOM error while filtering retrieved full content
• Fix config.custom.php during install
• Fix do not mark important feeds as read from category
• Fix regression of warnings in Web browser console due to lack of window.bcrypt object
• Fix chart resize regression due to chart.js v4 update
• Fix CLI user creation warning when language is not given
• Fix merging of custom HTTP headers
• Fix bug in the case of duplicated mark-as-read filters

SimplePie

• Fix support of HTTP trailer headers
• Apply HTTPS policy also on GUIDs and permalinks
• Fix WordPress.com HTTP duplicates with WebSub
• Implement HTML whitelist for SimplePie sanitizer
• Various upstream contributions

Deployment

• Docker default image updated to Debian 13 Trixie with PHP 8.4.11 and Apache 2.4.65
• Docker alternative image updated to Alpine 3.23 with PHP 8.4.15 and Apache 2.4.65
• Fix Docker healthcheck cli/health.php compatibility with OpenID Connect
• Improve Docker for compatibility with other base images such as Arch Linux
  • Improve cli/access-permissions.sh to detect the correct permission Web group such as www-data, apache, or http
• Update PostgreSQL volume for Docker
• Catch lack of exec() function for git update
• Work around DOMDocument::saveHTML() scrambling charset encoding in some versions of libxml2
• Improve configuration checks for PHP extensions (in Web UI and CLI), including recommending e.g. php-intl

UI

• New button for toggling sidebar on desktop view
• Better transitions between groups of articles
• New links in transitions and jump ⏭ to next transition
• More visible selected article
• Show the parsed search query instead of the original user input
• Show search query in the page title
• Scroll into filtered feed/category on page load in the sidebar
• Fix autocomplete issues in change password form
• Fix navigating between read feeds using shortcut shift + j / k
• Dark background in Web app manifest to avoid white flash when opening
• Increase button visibility in UI to change theme
• Replace arrow navigation in theme switcher with
• Improve scroll of article after load of user labels
• Keep scroll state of page when closing the slider
• Scroll into filtered feed/category on page load
• Display sidebar dropdowns above if no space below
• Use native CSS instead of SCSS
  • Using CSS nesting and relative colours.
• Various UI and style improvements
• JavaScript finalise migration from Promise to async / await :

API

• API performance optimisation: streaming of large responses
• Fever API: Add with_ids parameter to mass-change read/unread/saved/unsaved on lists of articles
• Misc API: better REST error semantics

Extensions

• Add support for extension priority
• Add support for extension compatibility
• Improve PHP code with hook enums
• New hook nav_entries
• Rename Extensions default branch from master to main

I18n

• Translation status as text in README
• Add new translate CLI commands move
• Change some regional language codes to comply with RFC 5646 / IETF BCP 47 / ISO 3166 / ISO 639-1
• Improve German
• Improve Greek
• Improve Finnish
• Improve Hungarian
• Improve Italian
• Improve Polish
• Improve Russian
• Improve Simplified Chinese

Misc.

• Add code to modify a search expression
• Remove Pocket sharing service
• Update to PHPMailer 7.0.1
• 💥 Housekeeping of lib_rss.php with potential breaking changes for some extensions
• Use native PHP #[Deprecated]
• Improve PHP code
• GitHub Actions: --no-progress
• Update dev dependencies

Original source Report a problem

Milestone

This is a major release, just in time for the holidays 🎄

Selected new features

• New sorting and filtering by date of User modified, with corresponding search operator, e.g. userdate:PT1H for the past hour
• New sorting by article length
• New advanced search form
• New overview of dates with most unread articles
• New ability to share feed visibility through API (implemented by e.g. Capy Reader)
• Bonus: Capy Reader is also the first open source Android app to support user labels
• Better transitions UI between groups of articles
• New links in UI for transitions between groups of articles, and jump to next transition
• Docker default image updated to Debian 13 Trixie with PHP 8.4.11
• And much more…

Improved performance 🏎️

• Scaling of user statistics in Web UI and CLI, to help instances with 1k+ users
• Improve SQL speed for some critical requests for large databases
• API performance optimisation thanks to streaming of large responses

Selected bug fixes 🐛

• Fix OpenID Connect with Debian 13
• Fix MySQL / MariaDB bug wrongly sorting new articles
• Fix SQLite bind bug when adding tag

Breaking changes 💥

• Move unsafe autologin to an extension
• Potential breaking changes for some extensions (which have to rename some old functions)

This release has been made by @Alkarex, @Frenzie, @Inverle, @aledeg, @andris155, @horvi28, @math-GH, @minna-xD and newcomers @Darkentia, @FollowTheWizard, @GreyChame1eon, @McFev, @jocmp, @larsks, @martinhartmann, @matthew-neavling, @pudymody, @raspo, @scharmach, @scollovati, @stag-enterprises, @vandys, @xtmd, @yzx9.

Full changelog

Features

• New sorting and filtering by date of User modified #7886, #8090,

#8105, #8118, #8130

• Corresponding search operator, e.g. userdate:PT1H for the past hour #8093
• Allows finding articles marked by the local user as read/unread or starred/unstarred at specific dates for e.g. undo action.
• New sorting by article length #8119
• New advanced search form #8103, #8122, #8226
• Add compatibility with PCRE word boundary \b and \B for regex search using PostgreSQL #8141
• More uniform SQL search and PHP search for accents and case-sensitivity (e.g. for automatically marking as read) #8329
• New overview of dates with most unread articles #8089
• Allow marking as read articles older than 1 or 7 days also when sorting by publication date #8163
• New option to show user labels instead of tags in RSS share #8112
• Add new feed visibility (priority) Show in its feed #7972
• New ability to share feed visibility through API (implemented by e.g. Capy Reader) #7583, #8158
• Configurable notification timeout #7942
• OPML export/import of unicity criteria #8243
• Ensure stable IDs (categories, feeds, labels) during export/import #7988
• Add username and timestamp to SQLite export from Web UI #8169
• Add option to apply filter actions to existing articles #7959, #8259
• Support CSS selector ~ subsequent-sibling #8154
• Upstream PR phpgt/CssXPath#231
• Rework saving of configuration files for more reliability in case of e.g. full disk #8220
• Web scraping support date format as milliseconds for Unix epoch #8266
• Allow negative category sort numbers #8330

Performance

• Improve SQL speed for updating cached information #6957, #8207,

#8255, #8254, #8255

• Fix SQL performance issue with MySQL, using an index hint #8211
• Scaling of user statistics in Web UI and CLI, to help instances with 1k+ users #8277
• API streaming of large responses for reducing memory consumption and increasing speed #8041

Security

• 💥 Move unsafe autologin to an extension #7958
• Fix some CSRFs #8035
• Strengthen some crypto (login, tokens, nonces) #8061, #8320
• Create separate HTTP Retry-After rules for proxies #8029, #8218
• Add data: to CSP in subscription controller #8253
• Improve anonymous authentication logic #8165
• Enable GitHub release immutability #8205

Bug fixing

• Exclude local networks for domain-wide HTTP Retry-After #8195
• Fix OpenID Connect with Debian 13 #8032
• Fix MySQL / MariaDB bug wrongly sorting new articles #8223
• Fix MySQL / MariaDB database size calculation #8282
• Fix SQLite bind bug when adding tag #8101
• Fix SQL auto-update of field f.kind to ease migrations from FreshRSS versions older than 1.20.0 #8148
• Fix search encoding and quoting #8311, #8324, #8338
• Fix handling of database unexpected null content (during migrations) #8319, #8321
• Fix drag & drop of user query losing information #8113
• Fix DOM error while filtering retrieved full content #8132, #8161
• Fix config.custom.php during install #8033
• Fix do not mark important feeds as read from category #8067
• Fix regression of warnings in Web browser console due to lack of window.bcrypt object #8166
• Fix chart resize regression due to chart.js v4 update #8298
• Fix CLI user creation warning when language is not given #8283
• Fix merging of custom HTTP headers #8251
• Fix bug in the case of duplicated mark-as-read filters #8322

SimplePie

• Fix support of HTTP trailer headers #7983, simplepie#943
• Apply HTTPS policy also on GUIDs and permalinks #8037, simplepie#951
• Fix WordPress.com HTTP duplicates with WebSub Automattic/pushpress#16
• Implement HTML whitelist for SimplePie sanitizer #7924, simplepie#947
• Various upstream contributions simplepie#940, simplepie#944

Deployment

• Docker default image updated to Debian 13 Trixie with PHP 8.4.11 and Apache 2.4.65 #8032
• Docker alternative image updated to Alpine 3.23 with PHP 8.4.15 and Apache 2.4.65 #8285
• Fix Docker healthcheck cli/health.php compatibility with OpenID Connect #8040
• Improve Docker for compatibility with other base images such as Arch Linux #8299
• Improve cli/access-permissions.sh to detect the correct permission Web group such as www-data, apache, or http
• Update PostgreSQL volume for Docker #8216, #8224
• Catch lack of exec() function for git update #8228
• Work around DOMDocument::saveHTML() scrambling charset encoding in some versions of libxml2 #8296
• Improve configuration checks for PHP extensions (in Web UI and CLI), including recommending e.g. php-intl #8334

UI

• New button for toggling sidebar on desktop view #8201, #8286
• Better transitions between groups of articles #8174
• New links in transitions and jump to next transition #8294
• More visible selected article #8230
• Show the parsed search query instead of the original user input #8293,

#8306, #8341

• Show search query in the page title #8217
• Scroll into filtered feed/category on page load in the sidebar #8281, #8307
• Fix autocomplete issues in change password form #7812
• Fix navigating between read feeds using shortcut shift+j/k #8057
• Dark background in Web app manifest to avoid white flash when opening #8140
• Increase button visibility in UI to change theme #8149
• Replace arrow navigation in theme switcher with <select> #8190
• Improve scroll of article after load of user labels #7962
• Keep scroll state of page when closing the slider #8295, #8301
• Scroll into filtered feed/category on page load #8281
• Display sidebar dropdowns above if no space below #8335, #8336
• Use native CSS instead of SCSS #8200, #8241
• Using CSS nesting and relative colours.
• Various UI and style improvements: #8171, #8185, #8196
• JavaScript finalise migration from Promise to async/await: #8182

API

• API performance optimisation: streaming of large responses #8041
• Fever API: Add with_ids parameter to mass-change read/unread/saved/unsaved on lists of articles #8312
• Misc API: better REST error semantics #8232

Extensions

• Add support for extension priority #8038
• Add support for extension compatibility #8081
• Improve PHP code with hook enums #8036
• New hook nav_entries #8054
• Rename Extensions default branch from master to main #8194

I18n

• Translation status as text in README #7842
• Add new translate CLI commands move #8214
• Change some regional language codes to comply with RFC 5646 / IETF BCP 47 / ISO 3166 / ISO 639-1 #8065
• Improve German #8028
• Improve Greek #8146
• Improve Finnish #8073, #8092
• Improve Hungarian #8244
• Improve Italian #8115, #8186
• Improve Polish #8134, #8135
• Improve Russian #8155, #8197
• Improve Simplified Chinese #8308, #8313

Misc.

• Add code to modify a search expression #8293
• Remove Pocket sharing service #8127, #8128
• Update to PHPMailer 7.0.1 #8048, #8180, #8272
• 💥 Housekeeping of lib_rss.php with potential breaking changes for some extensions #8193,
• Use native PHP #[Deprecated] #8325
• Improve PHP code #8156, #8203, #8284,

#8292, #8297

• GitHub Actions: --no-progress #8315
• Update dev dependencies #8043, #8044,

#8045, #8046, #8047,
#8052, #8176, #8177,
#8178, #8179, #8210,
#8270, #8271, #8273,
#8274, #8275, #8276

Original source Report a problem

Features

• Automatic database recovery: skip broken entries during CLI export/import
• Add security option for CSP frame-ancestors
• Lazy-load

Security

• Regenerate session ID on login
• Disallow setting non-existent language
• Safer calling of install.php
• Prevent log CR/LF injection
• Restrict allowed cURL parameters
• Fix reauthentication while updating
• Fix some CSRFs

Bug fixing

• Include port number for HTTP Retry-After
• Fix logic for searching labels
• Fix cURL response parsing for HTTP redirections
• Fix fetching OPML URL with special characters
• Fix validation when creating a new user label
• Fix bug in user self-deletion
• Fix displaying of current date in main statistics
• Fix default values on stat processing
• Fix UI JavaScript error when navigating to last article with keyboard
• Fix some links in anonymous mode
• Fixes for no-cache.txt
• Fix Docker Traefik .yml and SERVER_DNS example

SimplePie

• Upstream contribution: Normalize encoding uppercase
• Sync upstream, including bump to 1.9.0 with better PHP 8.5+ support

Deployment

• Docker improve CMD compatibility
• Add possibility of Docker healthcheck

UI

• Keep sort and order after marking as read
• Improve leave validation
• Improve Origine theme visibility of toggle buttons
• Improve Dark pink theme
• Improve Mapco and Ansum themes: read all button in mobile view
• Improve Swage theme
• Use standard CSS overflow-wrap instead of word-wrap
• Various UI and style improvements
• Accessibility: Add :focus style to some dropdown menus
• New size option for the Mark as read button
• Update bcrypt.js from 2.4.4 to 3.0.2
• Various UI and style improvements
• Show translation status in README
• Improve Indonesian
• Improve Persian

Extensions

• Add entry_before_update and entry_before_add hooks for extensions

Misc.

• Improve make
• Update dev dependencies

Original source Report a problem

Milestone

This is a security-fix and bug-fix release for FreshRSS 1.27.x.

A few highlights ✨:

• Keep sort and order criteria after marking as read
• Automatic database recovery: skip broken entries during CLI export/import
• Add possibility of Docker healthcheck
• Add security option for CSP frame-ancestors
• Several security fixes
• Several bug fixes
• New translation to Ukrainian
• Improvements of some themes
• And much more…

This release has been made by @Alkarex, @Frenzie, @Inverle, @aledeg, @math-GH and newcomers @beerisgood, @nykula, @horvi28, @nhirokinet, @rnkln, @scmaybee.

Full changelog

Features

• Automatic database recovery: skip broken entries during CLI export/import #7949
• Add security option for CSP frame-ancestors #7857, #8021
• Lazy-load <track src> #7997

Security

• Regenerate session ID on login #7829
• Disallow setting non-existent language #7878, #7934
• Safer calling of install.php #7971
• Prevent log CR/LF injection #7883
• Restrict allowed cURL parameters #7979, #8009
• Fix reauthentication while updating #7989
• Fix some CSRFs #8000

Bug fixing

• Include port number for HTTP Retry-After #7875
• Fix logic for searching labels #7863
• Fix cURL response parsing for HTTP redirections #7866
• Fix fetching OPML URL with special characters #7843
• Fix validation when creating a new user label #7890
• Fix bug in user self-deletion #7877
• Fix displaying of current date in main statistics #7892
• Fix default values on stat processing #7891
• Fix UI JavaScript error when navigating to last article with keyboard #7957
• Fix some links in anonymous mode #8011, #8012
• Fixes for no-cache.txt #7907
• Fix Docker Traefik .yml and SERVER_DNS example #7858

SimplePie

• Upstream contribution: Normalize encoding uppercase simplepie#936, #7967
• Sync upstream, including bump to 1.9.0 with better PHP 8.5+ support #7955

Deployment

• Docker improve CMD compatibility #7861
• Add possibility of Docker healthcheck #7945

UI

• Keep sort and order after marking as read #7974
• Improve leave validation #7830
• Improve Origine theme visibility of toggle buttons #7956
• Improve Dark pink theme #8020
• Improve Mapco and Ansum themes: read all button in mobile view #7873
• Improve Swage theme #7608
• Use standard CSS overflow-wrap instead of word-wrap #7898
• Various UI and style improvements: #7868, #7872,

#7882, #7893, #7904,
#7952

I18n

• Clarify the concepts of visibility hidden vs. archived in feeds settings #7970
• Translate the API information page #7922
• Add a default language constant #7933
• Label config delete label #7871
• Add Ukrainian #7961
• Improve Dutch #7940
• Improve German #7833
• Improve Hungarian #7986
• Improve Japanese #7903, #7918
• Improve Polish #7963
• Improve Simplified Chinese #7943, #7944
• Minor improvements #7881
• Add CLI command to add i18n file #7917
• Add make target to generate the translation progress #7905

Extensions

• Add entry_before_update and entry_before_add hooks for extensions #7977

Misc.

• Improve make #7901
• Improve PHP code #7906, #7916, #7939,

#7941, #7960, #7991

• Upgrade to PHP_CodeSniffer 4 #7993
• Update dev dependencies #7902, #7895, #7896,

#7899, #7966, #7969

Original source Report a problem

Features

• Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After
• Add sort by category title, or by feed title
• Add search operator c: for categories like c:23,34 or !c:45,56
• Custom feed favicons
• Rework fetch favicons for fewer HTTP requests
• Add more unicity criteria based on title and/or content
• Automatically restore user configuration from backup
• API add support for states in s parameter of streamId
• Improve sharing via Print
• Redirect to the login page from bookmarklet instead of 403
• Clean local cache more often, when refreshing feeds

Security

• Implement reauthentication (sudo mode)
• Add Content-Security-Policy: frame-ancestors
• Ensure CSP everywhere
• Show warning when unsafe CSP policy is in use
• Fix access rights when creating a new user
• Improve security of form for user details
• Disallow setting non-existent theme
• Regenerate cookie ID after logging out
• Require current password when setting new password
• Add missing access checks for feed-related actions
• Strip more unsafe attributes such as referrerpolicy, ping
• Remove unneeded execution permissions

Bug fixing

• Fix redirections when scraping from HTML
• Fix multiple authentication HTTP headers
• Fix HTML queries with a single feed
• WebSub: only perform a redirection when coming from WebSub
• Include enclosures in entries’ hash
• • Negative side-effect: users of the option to automatically mark updated articles as unread will once have some articles with enclosures re-appear as unread
• Fix cancellation of slider exit UI
• Honor disable update on update page
• Fix no registration limit setting
• Fix XML encoding of sharing functions

SimplePie

• Fix propagation of HTTP error codes
• Fix support for XML feeds with HTML entities
• Fix feeds encoded in UTF-16LE
• Various upstream contributions

Deployment

• Docker default image (Debian 12 Bookworm) updated to PHP 8.2.29
• Docker alternative image updated to Alpine 3.22 with PHP 8.4.11 and Apache 2.4.65
• Start supporting PHP 8.5+
• Docker Alpine dev image: newset updated to PHP 8.5-alpha and Apache 2.4.65
• Docker: interpolate FRESHRSS_INSTALL and FRESHRSS_USER variables
• Docker: Reduce how much data needs to be chown/chmod’ed on container startup
• Test for database PDO typing support during install (relevant for MySQL / MariaDB with obsolete driver)

UI

• Keep sort and order after marking as read
• Improve leave validation
• Improve Origine theme visibility of toggle buttons
• Improve Dark pink theme
• Improve Mapco and Ansum themes: read all button in mobile view
• Improve Swage theme
• Use standard CSS overflow-wrap instead of word-wrap
• Various UI and style improvements
• Accessibility: Add :focus style to some dropdown menus
• New size option for the Mark as read button
• Update bcrypt.js from 2.4.4 to 3.0.2
• Various UI and style improvements

Original source Report a problem

Milestone

A few highlights ✨:

• Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After
• Add sort by category title, or by feed title
• Add search operator c: for categories like c:23,34 or !c:45,56
• Custom feed favicons
• Several security improvements, such as:
  • Implement reauthentication (sudo mode)
  • Add Content-Security-Policy: frame-ancestors
  • Ensure CSP everywhere
  • Fix access rights when creating a new user
• Several bug fixes, such as:
  • Fix redirections when scraping from HTML
  • Fix feed redirection when coming from WebSub
  • Fix support for XML feeds with HTML entities, or encoded in UTF-16LE
• Docker alternative image updated to Alpine 3.22 with PHP 8.4 (PHP 8.4 for default Debian image coming soon)
• Start supporting PHP 8.5+
• And much more…
  This release has been made by @Alkarex, @Inverle, @the7thNightmare and newcomers @Deioces120, @Fraetor, @Tarow, @dotsam, @hilariousperson, @pR0Ps, @triatic, @tryallthethings

Full changelog:

Features

• Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After #7760
• Add sort by category title, or by feed title #7702
• Add search operator c: for categories like c:23,34 or !c:45,56 #7696
• Custom feed favicons #7646, #7704, #7717,

#7792

• Rework fetch favicons for fewer HTTP requests #7767
• Add more unicity criteria based on title and/or content #7789
• Automatically restore user configuration from backup #7682
• API add support for states in s parameter of streamId #7695
• Improve sharing via Print #7728
• Redirect to the login page from bookmarklet instead of 403 #7782
• Clean local cache more often, when refreshing feeds #7827

Security

• Implement reauthentication (sudo mode) #7753
• Add Content-Security-Policy: frame-ancestors #7677
• Ensure CSP everywhere #7810
• Show warning when unsafe CSP policy is in use #7804
• Fix access rights when creating a new user #7783
• Improve security of form for user details #7771, #7786
• Disallow setting non-existent theme #7722
• Regenerate cookie ID after logging out #7762
• Require current password when setting new password #7763
• Add missing access checks for feed-related actions #7768
• Strip more unsafe attributes such as referrerpolicy, ping #7770
• Remove unneeded execution permissions #7802

Bug fixing

• Fix redirections when scraping from HTML #7654, #7741
• Fix multiple authentication HTTP headers #7703
• Fix HTML queries with a single feed #7730
• WebSub: only perform a redirection when coming from WebSub #7738
• Include enclosures in entries’ hash #7719
• Negative side-effect: users of the option to automatically mark updated articles as unread will once have some articles with enclosures re-appear as unread
• Fix cancellation of slider exit UI #7705
• Honor disable update on update page #7733
• Fix no registration limit setting #7751
• Fix XML encoding of sharing functions #7822

SimplePie

• Fix propagation of HTTP error codes #7670
• Fix support for XML feeds with HTML entities #7689, simplepie#915
• Fix feeds encoded in UTF-16LE #7691, simplepie#916
• Various upstream contributions simplepie#917, simplepie#924,
  simplepie#926, simplepie#932, simplepie#933
• Sync upstream #7706, FreshRSS/simplepie#45, #7775,
  FreshRSS/simplepie#50, #7824, #7825,
• Fix regex Backtrack limit was exhausted in clean_hash() #7813, FreshRSS/simplepie#48

Deployment

• Docker default image (Debian 12 Bookworm) updated to PHP 8.2.29 #7805
• Docker alternative image updated to Alpine 3.22 with PHP 8.4.11 and Apache 2.4.65 #7740, #7740,

#7803

• Start supporting PHP 8.5+ #7787, #7826
• Docker Alpine dev image :newest updated to PHP 8.5-alpha and Apache 2.4.65 #7773
• Docker: interpolate FRESHRSS_INSTALL and FRESHRSS_USER variables #7725
• Docker: Reduce how much data needs to be chown/chmod’ed on container startup #7793
• Test for database PDO typing support during install (relevant for MySQL / MariaDB with obsolete driver) #7651

Extensions

• Add API endpoint for extensions #7576
• Expose the reading modes for extensions #7668, #7688
• New extension hook before_login_btn #7761

UI

• Improve mark as read request showing popup due to onbeforeunload #7554
• Fix lazy-loading for and #7636
• Avoid styling inside of

   #7797

• Improve confirmation logic with data-auto-leave-validation #7785
• Update chart.js to 4.5.0 #7752, #7816
• Various UI and style improvements: #7616, #7811

I18n

• Show translation status in README #7715
• Improve Indonesian #7654, #7721
• Improve Persian #7795

Misc.

• Improve PHP code #7642, #7665, #7761,

#7781, #7794

• Update dev dependencies #7708, #7709, #7710,

#7711, #7776, #7777

Original source Report a problem

Features

• Keep sort and order criteria during navigation
• Add info about PDO::ATTR_CLIENT_VERSION (relevant for MySQL / MariaDB with obsolete driver)

Bug fixing

• Fix SQL request for user labels with custom sort (affecting PostgreSQL)
• Fix regression for favicon in GReader and Fever APIs
• Fix newest articles (within last second) not shown
• Fix duplicate HTTP header for POST
• Fix important articles on reader view
• Fix remove last share method
• Fix API handling of default category
• Fix user self-deletion
• Move PHP minimum version check

Security

• Fix encoding of themes
• Fix .htaccess.dist for access to /scripts/vendor/

SimplePie

• Strip more HTML deprecated styles attributes: bgcolor, text, background, link, alink, vlink

UI

• Implement loading spinner for marking as favourite/read
• Provide theme class for CSS

Deployment

• Use HTTP Cache-Control: immutable for some files
• Drop Apache 2.2 (only support Apache 2.4+)

I18n

• Improve Indonesian
• Improve Polish

Misc.

• Update to PHPMailer 6.10.0
• Update dev dependencies

Original source Report a problem