Yesterday, the Funkwhale project made history. We released not one, but two versions!
Okay, to be fair, we messed up a little and shipped a broken release. But we fixed it immediately with another release! 1.1.3 is broken, so go straight to 1.1.4 when you upgrade.
As the version number implies, this is a patch release. It includes some important security and quality of life fixes:
- Fix the scrobbler plugin submitting “None” as MusicBrainz ID.
- Add
worker-srcto nginx header to prevent issues. - Only suggest typed tag once if it already exists.
- Add access control to the moderation views.
- Prevent open redirect on login.
Some of these issues are findings of a “Security Quickscan” provided as part of our NLNet funding. We’ll publish the full report soon.
If you’re using our Docker images we have another interesting update. All issues are now tagged with their major and minor versions. This means that 1, 1.1.1, and 1.1.4 refer to the same image, so you can use 1.1 in your compose file to receive all patches automatically.