• Milestone

This is a release focussing on bug fixing, in particular regressions from the release 1.28.0.

Selected new features ✨:

• New customisable message for closed registrations
• Add username in Apache access logs (also in Docker logs): for GReader API, and for HTTP Basic Auth from reverse proxy

Improved performance 🏎️:

• Disable counting articles in user labels for Ajax requests (unused)

Many bug fixes 🐛

This release has been made by @Alkarex, @Frenzie, @Inverle and newcomers @ciro-mota, @eveiscoull, @hackerman70000, @Hufschmidt, @johan456789, @martgnz, @mmeier86, @netsho, @neuhaus, @RobLoach, @rupakbajgain.

Full changelog:

• Features
  • Handle Web scraping of text/plain as <pre class="text-plain"> #8340
  • New customisable message for closed registrations #8462
• Bug fixing
  • Fix unwanted expansion of user queries (saved searches) applied to filters #8395
  • Fix encoding of filter actions for labels #8368
  • Fix searching of tags #8425
  • Fix refreshing feeds with token while anonymous refresh is disabled #8371
  • Fix RSS and OPML access by token #8434
  • Fix MySQL/MariaDB transliterator_transliterate fallback (when the php-intl extension is unavailable) #8427
  • Fix regression with MySQL/MariaDB index hint #8460
  • Auto-add lastUserModified database column also during mark-as-read action #8346
  • Do not include hidden feeds when counting unread articles in categories #8357
  • Remove wrong PHP deprecation of OPML export action #8399
  • Fix shortcut for next unread article #8466
  • Fix custom session.cookie-lifetime #8446
  • Fix feed validator button when changing the feed URL #8436
• Performance
  • Disable counting articles in user labels for Ajax requests (unused) #8352
• Security
  • Change Content-Disposition: inline to attachment in f.php #8344
  • Hardened user methods exists, mtime, ctime #26c1102
• Deployment
  • Add username in Apache access logs (also in Docker logs): for GReader API, and for HTTP Basic Auth from reverse proxy #8392
• SimplePie
  • Update of CURLOPT_ACCEPT_ENCODING #8376, simplepie#960, simplepie#962
  • Fix don’t preserve children inside disallowed <template> element #8443
  • Fixes before PHPStan 2 #8445, simplepie#957
• Extensions
  • Update .gitignore to ignore installed extensions #8372
• UI
  • Add data-category="3" to ease custom CSS styling of articles #8397
  • Fix space between By: and the author’s name #8422
• I18n
  • Improve Brazilian Portuguese #8411
  • Improve Dutch #8403
  • Improve German #8402
  • Improve Polish #8408
  • Improve Spanish #8464
• Misc.
  • Update dev dependencies #8387, #8388, #8389,
    #8390, #8391, #8393,
    #8453

• Milestone

This is a major release, just in time for the holidays 🎄

Selected new features ✨:

• New sorting and filtering by date of User modified, with corresponding search operator, e.g. userdate:PT1H for the past hour
• New sorting by article length
• New advanced search form
• New overview of dates with most unread articles
• New ability to share feed visibility through API (implemented by e.g. Capy Reader)
  • Bonus: Capy Reader is also the first open source Android app to support user labels
• Better transitions UI between groups of articles
• New links in UI for transitions between groups of articles, and jump to next transition
• Docker default image updated to Debian 13 Trixie with PHP 8.4.11
• And much more…

Improved performance 🏎️:

• Scaling of user statistics in Web UI and CLI, to help instances with 1k+ users
• Improve SQL speed for some critical requests for large databases
• API performance optimisation thanks to streaming of large responses

Selected bug fixes 🐛:

• Fix OpenID Connect with Debian 13
• Fix MySQL / MariaDB bug wrongly sorting new articles
• Fix SQLite bind bug when adding tag

Breaking changes 💥:

• Move unsafe autologin to an extension
• Potential breaking changes for some extensions (which have to rename some old functions)

This release has been made by @Alkarex, @Frenzie, @Inverle, @aledeg, @andris155, @horvi28, @math-GH, @minna-xD and newcomers @Darkentia, @FollowTheWizard, @GreyChame1eon, @McFev, @jocmp, @larsks, @martinhartmann, @matthew-neavling, @pudymody, @raspo, @scharmach, @scollovati, @stag-enterprises, @vandys, @xtmd, @yzx9.

Full changelog:

• Features
  • New sorting and filtering by date of User modified #7886, #8090,
    #8105, #8118, #8130
    • Corresponding search operator, e.g. userdate:PT1H for the past hour #8093
    • Allows finding articles marked by the local user as read/unread or starred/unstarred at specific dates for e.g. undo action.
  • New sorting by article length #8119
  • New advanced search form #8103, #8122, #8226
  • Add compatibility with PCRE word boundary \b and \B for regex search using PostgreSQL #8141
  • More uniform SQL search and PHP search for accents and case-sensitivity (e.g. for automatically marking as read) #8329
  • New overview of dates with most unread articles #8089
  • Allow marking as read articles older than 1 or 7 days also when sorting by publication date #8163
  • New option to show user labels instead of tags in RSS share #8112
  • Add new feed visibility (priority) Show in its feed #7972
  • New ability to share feed visibility through API (implemented by e.g. Capy Reader) #7583, #8158
  • Configurable notification timeout #7942
  • OPML export/import of unicity criteria #8243
  • Ensure stable IDs (categories, feeds, labels) during export/import #7988
  • Add username and timestamp to SQLite export from Web UI #8169
  • Add option to apply filter actions to existing articles #7959, #8259
  • Support CSS selector ~ subsequent-sibling #8154
    • Upstream PR phpgt/CssXPath#231
  • Rework saving of configuration files for more reliability in case of e.g. full disk #8220
  • Web scraping support date format as milliseconds for Unix epoch #8266
  • Allow negative category sort numbers #8330
• Performance
  • Improve SQL speed for updating cached information #6957, #8207,
    #8255, #8254, #8255
  • Fix SQL performance issue with MySQL, using an index hint #8211
  • Scaling of user statistics in Web UI and CLI, to help instances with 1k+ users #8277
  • API streaming of large responses for reducing memory consumption and increasing speed #8041
• Security
  • 💥 Move unsafe autologin to an extension #7958
  • Fix some CSRFs #8035
  • Strengthen some crypto (login, tokens, nonces) #8061, #8320
  • Create separate HTTP Retry-After rules for proxies #8029, #8218
  • Add data: to CSP in subscription controller #8253
  • Improve anonymous authentication logic #8165
  • Enable GitHub release immutability #8205
• Bug fixing
  • Exclude local networks for domain-wide HTTP Retry-After #8195
  • Fix OpenID Connect with Debian 13 #8032
  • Fix MySQL / MariaDB bug wrongly sorting new articles #8223
  • Fix MySQL / MariaDB database size calculation #8282
  • Fix SQLite bind bug when adding tag #8101
  • Fix SQL auto-update of field f.kind to ease migrations from FreshRSS versions older than 1.20.0 #8148
  • Fix search encoding and quoting #8311, #8324, #8338
  • Fix handling of database unexpected null content (during migrations) #8319, #8321
  • Fix drag & drop of user query losing information #8113
  • Fix DOM error while filtering retrieved full content #8132, #8161
  • Fix config.custom.php during install #8033
  • Fix do not mark important feeds as read from category #8067
  • Fix regression of warnings in Web browser console due to lack of window.bcrypt object #8166
  • Fix chart resize regression due to chart.js v4 update #8298
  • Fix CLI user creation warning when language is not given #8283
  • Fix merging of custom HTTP headers #8251
  • Fix bug in the case of duplicated mark-as-read filters #8322
• SimplePie
  • Fix support of HTTP trailer headers #7983, simplepie#943
  • Apply HTTPS policy also on GUIDs and permalinks #8037, simplepie#951
    • Fix WordPress.com HTTP duplicates with WebSub Automattic/pushpress#16
  • Implement HTML whitelist for SimplePie sanitizer #7924, simplepie#947
  • Various upstream contributions simplepie#940, simplepie#944
• Deployment
  • Docker default image updated to Debian 13 Trixie with PHP 8.4.11 and Apache 2.4.65 #8032
  • Docker alternative image updated to Alpine 3.23 with PHP 8.4.15 and Apache 2.4.65 #8285
  • Fix Docker healthcheck cli/health.php compatibility with OpenID Connect [#8040](#8...

• Milestone

This is a security-fix and bug-fix release for FreshRSS 1.27.x.

A few highlights ✨:

• Keep sort and order criteria after marking as read
• Automatic database recovery: skip broken entries during CLI export/import
• Add possibility of Docker healthcheck
• Add security option for CSP frame-ancestors
• Several security fixes
• Several bug fixes
• New translation to Ukrainian
• Improvements of some themes
• And much more…

This release has been made by @Alkarex, @Frenzie, @Inverle, @aledeg, @math-GH and newcomers @beerisgood, @nykula, @horvi28, @nhirokinet, @rnkln, @scmaybee.

Full changelog:

• Features
  • Automatic database recovery: skip broken entries during CLI export/import #7949
  • Add security option for CSP frame-ancestors #7857, #8021
  • Lazy-load <track src> #7997
• Security
  • Regenerate session ID on login #7829
  • Disallow setting non-existent language #7878, #7934
  • Safer calling of install.php #7971
  • Prevent log CR/LF injection #7883
  • Restrict allowed cURL parameters #7979, #8009
  • Fix reauthentication while updating #7989
  • Fix some CSRFs #8000
• Bug fixing
  • Include port number for HTTP Retry-After #7875
  • Fix logic for searching labels #7863
  • Fix cURL response parsing for HTTP redirections #7866
  • Fix fetching OPML URL with special characters #7843
  • Fix validation when creating a new user label #7890
  • Fix bug in user self-deletion #7877
  • Fix displaying of current date in main statistics #7892
  • Fix default values on stat processing #7891
  • Fix UI JavaScript error when navigating to last article with keyboard #7957
  • Fix some links in anonymous mode #8011, #8012
  • Fixes for no-cache.txt #7907
  • Fix Docker Traefik .yml and SERVER_DNS example #7858
• SimplePie
  • Upstream contribution: Normalize encoding uppercase simplepie#936, #7967
  • Sync upstream, including bump to 1.9.0 with better PHP 8.5+ support #7955
• Deployment
  • Docker improve CMD compatibility #7861
  • Add possibility of Docker healthcheck #7945
• UI
  • Keep sort and order after marking as read #7974
  • Improve leave validation #7830
  • Improve Origine theme visibility of toggle buttons #7956
  • Improve Dark pink theme #8020
  • Improve Mapco and Ansum themes: read all button in mobile view #7873
  • Improve Swage theme #7608
  • Use standard CSS overflow-wrap instead of word-wrap #7898
  • Various UI and style improvements: #7868, #7872,
    #7882, #7893, #7904,
    #7952
• I18n
  • Clarify the concepts of visibility hidden vs. archived in feeds settings #7970
  • Translate the API information page #7922
  • Add a default language constant #7933
  • Label config delete label #7871
  • Add Ukrainian #7961
  • Improve Dutch #7940
  • Improve German #7833
  • Improve Hungarian #7986
  • Improve Japanese #7903, #7918
  • Improve Polish #7963
  • Improve Simplified Chinese #7943, #7944
  • Minor improvements #7881
  • Add CLI command to add i18n file #7917
  • Add make target to generate the translation progress #7905
• Extensions
  • Add entry_before_update and entry_before_add hooks for extensions #7977
• Misc.
  • Improve make #7901
  • Improve PHP code #7906, #7916, #7939,
    #7941, #7960, #7991
  • Upgrade to PHP_CodeSniffer 4 #7993
  • Update dev dependencies #7902, #7895, #7896,
    #7899, #7966, #7969

• Milestone

A few highlights ✨:

• Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After
• Add sort by category title, or by feed title
• Add search operator c: for categories like c:23,34 or !c:45,56
• Custom feed favicons
• Several security improvements, such as:
  • Implement reauthentication (sudo mode)
  • Add Content-Security-Policy: frame-ancestors
  • Ensure CSP everywhere
  • Fix access rights when creating a new user
• Several bug fixes, such as:
  • Fix redirections when scraping from HTML
  • Fix feed redirection when coming from WebSub
  • Fix support for XML feeds with HTML entities, or encoded in UTF-16LE
• Docker alternative image updated to Alpine 3.22 with PHP 8.4 (PHP 8.4 for default Debian image coming soon)
• Start supporting PHP 8.5+
• And much more…

This release has been made by @Alkarex, @Inverle, @the7thNightmare and newcomers @Deioces120, @Fraetor, @Tarow, @dotsam, @hilariousperson, @pR0Ps, @triatic, @tryallthethings

Full changelog:

• Features
  • Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After #7760
  • Add sort by category title, or by feed title #7702
  • Add search operator c: for categories like c:23,34 or !c:45,56 #7696
  • Custom feed favicons #7646, #7704, #7717,
    #7792
  • Rework fetch favicons for fewer HTTP requests #7767
  • Add more unicity criteria based on title and/or content #7789
  • Automatically restore user configuration from backup #7682
  • API add support for states in s parameter of streamId #7695
  • Improve sharing via Print #7728
  • Redirect to the login page from bookmarklet instead of 403 #7782
  • Clean local cache more often, when refreshing feeds #7827
• Security
  • Implement reauthentication (sudo mode) #7753
  • Add Content-Security-Policy: frame-ancestors #7677
  • Ensure CSP everywhere #7810
  • Show warning when unsafe CSP policy is in use #7804
  • Fix access rights when creating a new user #7783
  • Improve security of form for user details #7771, #7786
  • Disallow setting non-existent theme #7722
  • Regenerate cookie ID after logging out #7762
  • Require current password when setting new password #7763
  • Add missing access checks for feed-related actions #7768
  • Strip more unsafe attributes such as referrerpolicy, ping #7770
  • Remove unneeded execution permissions #7802
• Bug fixing
  • Fix redirections when scraping from HTML #7654, #7741
  • Fix multiple authentication HTTP headers #7703
  • Fix HTML queries with a single feed #7730
  • WebSub: only perform a redirection when coming from WebSub #7738
  • Include enclosures in entries’ hash #7719
    • Negative side-effect: users of the option to automatically mark updated articles as unread will once have some articles with enclosures re-appear as unread
  • Fix cancellation of slider exit UI #7705
  • Honor disable update on update page #7733
  • Fix no registration limit setting #7751
  • Fix XML encoding of sharing functions #7822
• SimplePie
  • Fix propagation of HTTP error codes #7670
  • Fix support for XML feeds with HTML entities #7689, simplepie#915
  • Fix feeds encoded in UTF-16LE #7691, simplepie#916
  • Various upstream contributions simplepie#917, simplepie#924,
    simplepie#926, simplepie#932, simplepie#933
  • Sync upstream #7706, FreshRSS/simplepie#45, #7775,
    FreshRSS/simplepie#50, #7824, #7825,
  • Fix regex Backtrack limit was exhausted in clean_hash() #7813, FreshRSS/simplepie#48
• Deployment
  • Docker default image (Debian 12 Bookworm) updated to PHP 8.2.29 #7805
  • Docker alternative image updated to Alpine 3.22 with PHP 8.4.11 and Apache 2.4.65 #7740, #7740,
    #7803
  • Start supporting PHP 8.5+ #7787, #7826
    • Docker Alpine dev image :newest updated to PHP 8.5-alpha and Apache 2.4.65 #7773
  • Docker: interpolate FRESHRSS_INSTALL and FRESHRSS_USER variables #7725
  • Docker: Reduce how much data needs to be chown/chmod’ed on container startup #7793
  • Test for database PDO typing support during install (relevant for MySQL / MariaDB with obsolete driver) #7651
• Extensions
  • Add API endpoint for extensions #7576
  • Expose the reading modes for extensions #7668, #7688
  • New extension hook before_login_btn #7761
• UI
  • Improve mark as read request showing popup due to onbeforeunload #7554
  • Fix lazy-loading for <video poster="..."> and <image> #7636
  • Avoid styling <code> inside of <pre> #7797
  • Improve confirmation logic with data-auto-leave-validation #7785
  • Update chart.js to 4.5.0 #7752, #7816
  • Various UI and style improvements: #7616, #7811
• I18n
  • Show translation status in README #7715
  • Improve Indonesian #7654, #7721
  • Improve Persian #7795
• Misc.
  • Improve PHP code #7642, #7665, #7761,
    #7781, #7794
  • Update dev dependencies #7708, #7709, #7710,
    #7711, #7776, #7777

• Milestone

This is a bug-fix release for FreshRSS 1.26.x

A few highlights ✨:

• Keep sort and order criteria during navigation
• Implement loading spinner for marking as favourite/read
• Many bug fixes

This release has been made by @Alkarex, @Inverle and newcomers @CarelessCaution, @the7thNightmare

Full changelog:

• Features
  • Keep sort and order criteria during navigation #7585
  • Add info about PDO::ATTR_CLIENT_VERSION (relevant for MySQL / MariaDB with obsolete driver) #7591
• Bug fixing
  • Fix SQL request for user labels with custom sort (affecting PostgreSQL) #7588
  • Fix regression for favicon in GReader and Fever APIs #7573
  • Fix newest articles (within last second) not shown #7577
  • Fix duplicate HTTP header for POST #7556
  • Fix important articles on reader view #7602
  • Fix remove last share method #7613
  • Fix API handling of default category #7610
  • Fix user self-deletion #7626
  • Move PHP minimum version check #7560
• Security
  • Fix encoding of themes #7565
  • Fix .htaccess.dist for access to /scripts/vendor/ #7598
• SimplePie
  • Strip more HTML deprecated styles attributes: bgcolor, text, background, link, alink, vlink #7606
• UI
  • Implement loading spinner for marking as favourite/read #7564
  • Provide theme class for CSS #7559
• Deployment
  • Use HTTP Cache-Control: immutable for some files #7552
  • Drop Apache 2.2 (only support Apache 2.4+) #7561
• I18n
  • Improve Indonesian #7622
  • Improve Polish #7587
• Misc.
  • Update to PHPMailer 6.10.0 #7542
  • Update dev dependencies #7630, #7631, #7632
    #7633, #7634, #7635

• Milestone

This is a security-focussed release for FreshRSS 1.26.x, addressing several CVEs (thanks @Inverle) 🛡

A few highlights ✨:

• Implement JSON string concatenation with & operator
• Support multiple JSON fragments in HTML+XPath+JSON mode (e.g. JSON-LD)
• Multiple security fixes with CVEs
• Bug fixes

Notes ℹ:

• Favicons will be reconstructed automatically when feeds gets refreshed. After that, you may need to refresh your Web browser as well.

This release has been made by @Alkarex, @Frenzie, @hkcomori, @loviuz, @math-GH
and newcomers @dezponia, @glyn, @Inverle, @Machou, @mikropsoft

Full changelog:

• Features
  • Implement JSON string concatenation with & operator #7414
  • Support multiple JSON fragments in HTML+XPath+JSON mode #7369
• Bug fixing
  • Fix escaping of tag search #7468
  • Fix CLI parsing of Boolean flags #7430
  • Fix API for labels with slash #7437
• SimplePie
  • Fix support for feeds with XML preamble + DTD #7515, simplepie#914
  • Merged upstream #7434
    • Upstream fix simplepie#912
• Security
  • Disallow <iframe srcdoc=""> #7494, CVE-2025-32015
  • Disallow <button formaction=""> #7506
  • Improve favicons hash to avoid favicon pollution #7505, CVE-2025-46339
  • Add Content-Security-Policy HTTP headers to favicons #7471, CVE-2025-31136
  • Web scraping forbid security HTTP headers in cURL #7496, CVE-2025-46341
  • Add some HTTP headers Referrer-Policy: same-origin #6303, #7478
  • Use HTTP POST for logout #7489, CVE-2025-31482
  • Make update URL read-only #7477
  • Fix for extensions: Restrict valid paths in ext.php #7479, CVE-2025-31134
  • Fix for extensions: Secure serving of user files #7495
• Extensions
  • Fix file serving for symlinked extensions #7545
  • Catch extension exceptions in override #7475
  • JavaScript: new event to detect context loaded #7452
• Deployment
  • Apache: add check for mod_filter to ensure that AddOutputFilterByType works #7419
• UI
  • Accessibility: Add :focus style to some dropdown menus #7491
  • New size option for the Mark as read button #7314
  • Update bcrypt.js from 2.4.4 to 3.0.2 #7449
  • Various UI and style improvements: #7168, #7526
• I18n
  • Rework credits #7426
  • Improve French #7432
  • Improve Italian #7540
  • Improve Polish #7508
  • Improve Turkish #7442
• Misc.
  • Improve PHP code #7431, #7488, #7534
  • Update dev dependencies #7480, #7482, #7483,
    #7484, #7485, #7486,
    #7487, #7533, #7535,
    #7536, #7537, #7538

• Milestone

This is a bugfix release for 1.26.0, addressing some regressions 🐛

A few highlights ✨:

• Fix regression with cURL HTTP headers breaking conditional HTTP requests
• Fix regression with saving states of user queries
• Fix regression with dynamic OPML

This release has been made by @Alkarex, @FromTheMoon85, @marienfressinaud, @math-GH
and newcomers @abackstrom, @BryanButlerGit, @culbrethj, @EricDiao, @Karvel, @ViPeR5000

Full changelog:

• Features
  • Add cURL version to page about system information #7409
• Bug fixing
  • Fix regression with cURL HTTP headers breaking conditional HTTP requests #7403, FreshRSS/simplepie#33
  • Fix regression with saving states of user queries #7400
  • Fix regression with dynamic OPML #7394
  • Fix update of the user’s last activity on login action #7406
  • Fix setting category option Maximum number of articles to keep per feed #7416
  • Fix priority field when processing a new feed from an extension #7354
• Deployment
  • Fix regression with 64-bit timestamps on 32-bit platforms #7375
  • Fix back-compatibility with cURL 7.51 (we require cURL 7.52+ for CURLPROXY_HTTPS) #7409
• UI
  • Use case-insensitive sort for categories #7402
  • Improve dark mode of Origine theme #7413
  • Added API password indicator #7340
• I18n
  • Fix (es, fa, sk): do not translate XPath code #7404
  • Fix date bug in Finish #7423
  • Add Portuguese from Portugal #7329
  • Improve Hungarian #7391
• Misc.
  • Improve PHP code #7339
  • Update dev dependencies #7386, #7387, #7388

• Milestone

In this release, we have restarted to focus on features. A long-awaited feature has been added, namely sorting articles by various criteria: received date (existing, default), publication date, title, link, random.

A few highlights ✨:

• Add order-by options to sort articles by received date (existing, default), publication date, title, link, random
• Allow searching in all feeds, also feeds only visible at category level with &get=A, and also those archived with &get=Z
  • UI accessible from user-query view
• New shortcuts for adding user labels to articles
• Several improvements and bug fixes

This release has been made by @Alkarex, @b-reich, @hkcomori, @math-GH, @UserRoot-Luca
and newcomers @a6software, @aftix, @bl00dy1837, @brtmax, @Roan-V, @ShaddyDC, @UncleArya

Full changelog:

• Features
  • Add order-by options to sort articles by received date (existing, default), publication date, title, link, random #7149
  • Allow searching in all feeds, also feeds only visible at category level with &get=A, and also those archived with &get=Z #7144
    • UI accessible from user-query view
  • Add search operator intext: #7228
  • New shortcuts for adding user labels to articles #7274
  • New About page with system information #7161
• Bug fixing
  • Fix regression denying access to app manifest #7158
  • Fix unwanted feed description updates #7269
  • Ensure no PHP buffer for SQLite download (some setups would first put the file in memory) #7230
  • Fix XML encoding regression in HTML+XPath mode #7345
  • Improve cURL proxy options and fix some constants #7231
  • Fix UI of global view unread articles counter #7247
  • Hide base theme in carrousel #7234
• Deployment
  • Reduce superfluous Docker builds #7137
  • Docker default image (Debian 12 Bookworm) updated to PHP 8.2.26 and Apache 2.4.62
  • Docker alternative image (Alpine 3.21) updated to PHP 8.3.16
• UI
  • Add footer icons to reader view #7133
  • Remove local reference to font Open Sans to avoid bugs with some local versions #7215
  • Improve stats page layout #7243
  • Smaller mark as read button in mobile view #5220
  • Add CSS class to various types of notifications to allow custom styling #7287
  • Various UI and style improvements: #7162, #7268
    Security
  • Better authorization label for OIDC in the UI #7264
  • Allow comments in force-https.txt #7259
• I18n:
  • Improve German #7177, #7275, #7278
  • Improve Japanese #7187, #7195, #7332
• Misc.
  • Improve PHP code #7191, #7204
    • Upgrade to PHPStan 2 #7131, #7164, #7224,
      #7270, #7281, #7282
  • Update to CssXPath 1.3.0 (no change) #7211
  • Update dev dependencies #7165, #7166, #7167,
    #7279, #7280, #7283,
    #7284, #7285, #7347
  • Update GitHub Actions to Ubuntu 24.04 #7207

• Milestone

In this release, the coding focus has been on moving to PHP 8.1+ and refactoring the integration of the SimplePie library (which was long due). At the same time, plenty of new features have been added. Enjoy! 🎄

Breaking changes 💥:

• Require PHP 8.1+ (and improved support of PHP 8.4+)
• Require PostgreSQL 10+ or MariaDB 10.0.5+ or MySQL 8+

A few highlights ✨:

• Add support for regex search (regular expressions)
  • ⚠️ Advanced regex syntax for searches depends on the database used (SQLite, PostgreSQL, MariaDB, MySQL),
    but FreshRSS filter actions such as auto-mark-as-read and auto-favourite always use PHP PCRE2 syntax.
• Allow dynamic search operator in user queries, like search:UserQueryA date:P1d
• New feed mode HTML+XPath+JSON dot notation (JSON in HTML)
• Better HTTP compliance with support for HTTP response headers Cache-Control: max-age and Expires
• New unicity policies and heuristic for feeds with bad article IDs (reduce the problem of duplicated articles)
• New option to automatically mark new articles as read if an identical title already exists in the same category
• Add ability to remove content from articles with CSS selectors, also when not using full content
• New condition option to selectively retrieve full content of articles
• New UI feature to download a user’ SQLite database or a database SQLite export (to be produced by CLI)
• Supported by Capy Reader (Android, open source)
• Many bug fixes, UI improvements, and a lot more

This release has been made by @aledeg, @Alkarex, @Art4, @ColonelMoutarde, @Frenzie, @math-GH, @ramazansancar
and newcomers @DevGrohl, @UserRoot-Luca, @aarnej, @andrey-utkin, @bhj, @christophehenry, @davralin, @drego85, @ev-gor, @killerog, @kwarraich, @minna-xD, @mtalexan, @oshaposhnyk, @patHyatt

Full changelog:

• Features
  • Add support for regex search (regular expressions) #6706, #6926
    • ⚠️ Advanced regex syntax for searches depends on the database used (SQLite, PostgreSQL, MariaDB, MySQL),
      but FreshRSS filter actions such as auto-mark-as-read and auto-favourite always use PHP PCRE2 syntax.
  • Allow dynamic search operator in user queries, like search:UserQueryA date:P1d #6851
  • New feed mode HTML+XPath+JSON dot notation (JSON in HTML) #6888
  • Better HTTP compliance with support for HTTP response headers Cache-Control: max-age and Expires #6812, FreshRSS/simplepie#26
  • Support custom HTTP request headers per feed (e.g. for Authorization) #6820
  • New unicity policies and heuristic for feeds with bad article IDs #4487, #6900
  • Fallback to GUID if article link is empty #7051
  • New option to automatically mark new articles as read if an identical title already exists in the same category #6922
  • New reading view option to display unread articles + favourites #7088
    • And corresponding new filter state &state=96 (no UI button yet)
  • Add ability to remove content from articles with CSS selectors, also when not using full content #6786, #6807
  • Update phpgt/cssxpath library with improved CSS selectors #6618
    • Support for :last-child, :first-of-type, :last-of-type, ^=, |=
  • New condition option to selectively retrieve full content of articles
    #33fd07f6f26310d4806077cc87bcdf9b8b940e35, #7082
  • Allow parentheses in quoted search #7055
  • New UI feature to download a user’ SQLite database or a database SQLite export (to be produced by CLI) #6931
  • New button to delete errored feeds from a category #7030
  • Better import of Inoreader user labels #6791
  • Rebuild feed favicon on cache clear #6961
  • New sharing with Bluesky #7116
  • New sharing with Telegram #6838
• Bug fixing
  • Fix searches with a parenthesis before an operator like ("a b") or (!c) #6818
  • Fix auto-read tags #6790
  • Fix CSS selector for removing elements #7037, #7073,
    #7081, #7091, #7083
  • Fix redirection error after creating a new user #6995
  • Fix favicon error in case of wrong URL #6899
  • Use cURL to fetch extensions list (allows e.g. IPv6) #6767
  • Fix XML encoding in cURL options #6821
  • Fix initial UI scroll for some browsers #7059
  • Fix menu for article tags in some cases #6990
  • Fix share menu shortcut #6825
  • Fix HTML regex pattern during install for compatibility with v mode #7009
  • More robust creation of user data folder #7000
• API
  • Fix API for categories and labels containing a + #7033
    • Compatibility with FocusReader
  • Supported by Capy Reader (Android, open source) capyreader#492
  • Improved UI for API #7048
  • Allow adding multiple feeds to a category via API #7017
  • API support edit multiple tags #7060
  • API return all categories also those without any feed #7020
• Compatibility
  • Require PHP 8.1+ (drop PHP 7.4) #6711
  • Improved support of PHP 8.4+ #6618, PhpGt/CssXPath#227,
    #6781, #4374
  • Require PostgreSQL 10+ (drop PostgreSQL 9.5) #6705
  • Require MariaDB 10.0.5+ (drop MariaDB 5.5) #6706
  • Requiring MySQL 8+ (drop MySQL 5.5.3) #6706
• Deployment
  • Docker: dev image freshrss/freshrss:oldest updated to Alpine 3.16 with PHP 8.1.22 and Apache 2.4.59 #6711
  • Docker alternative image updated to Alpine 3.21 with PHP 8.3.14 and Apache 2.4.62 #5383
  • Update Dockerfiles to newer key-value format #6819
  • Docker minor improvement of entrypoint #6827
• SimplePie
  • Refactor our embedding of SimplePie #4374
    • Our fork is maintained in its own repository.
  • Remove HTTP Referer #6822, FreshRSS/simplepie#27
    • If some sites require it, add Referer: https://example.net/ to the custom HTTP headers of the feed #6820
  • Upstream fixes simplepie#878, simplepie#883
  • Sync upstream #6840, #7067
• Security
  • Apache protect more non-public folders and files #6881, #6893, #7008
  • Add privacy settings on extension list retrieval #4603, #7132
  • Fix ...

• Milestone

This is a quality-focussed release for the 1.24.x series meant to provide a good product to people blocked on PHP 7.4, while we will increase the requirements to PHP 8.1+ from the next release.

A few highlights ✨:

• Last version supporting PHP 7.4 before requiring PHP 8.1+
• Last version supporting PostgreSQL 9.5 before requiring PostgreSQL 10+
• Last version supporting MariaDB 5.5 before requiring MariaDB 10.0.5+
• Last version supporting MySQL 5.5.3 before requiring MySQL 8+
• Many bug and regression fixes

This release has been made by @Alkarex, @math-GH and newcomer @pando85

Full changelog:

• Bug fixing
  • Fix mark-as-read from user query #6738
  • Fix regression for shortcut to move between categories #6741
  • Fix feed title option #6771
  • Fix XPath for HTML documents with broken root (used by CSS selectors to fetch full content) #6774
  • Fix UI regression in Mapco/Ansum themes #6740
  • Fix minor style bug with some themes #6746
  • Fix export of OPML information for date format of JSON and HTML+XPath feeds #6779
• Security
  • OpenID Connect better definition of session parameters #6730
• Compatibility
  • Last version supporting PHP 7.4
• Misc.
  • Use charset for JSON requests from the UI #6710
  • Use .html extension for the local cache of full content pages instead of .spc #6724
  • Update dev dependencies #6739, #6758,
    #6759, #6760