v1.4.0
版本发布时间: 2024-04-03 17:09:45
mealie-recipes/mealie最新发布版本:v1.6.0(2024-05-07 19:39:27)
Highlights
- Security updates (more on that below)
- OIDC Login Support - https://github.com/mealie-recipes/mealie/pull/2860, https://github.com/mealie-recipes/mealie/pull/3280
- Initial Startup Workflow - https://github.com/mealie-recipes/mealie/pull/3204
Security Updates
The team at Github Security Lab provided us with a disclosure containing some recommendations for enhancing the security of Mealie, which have been implemented as part of this release. The vulnerabilities all required an authenticated user to exploit, so were likely only an issue if you allowed open registration to your system.
The key functional change you'll notice is that it's now not possible to scrape recipes/images from URLs that resolve to internal IP addresses. This is to prevent a user being able to map out the network the Mealie instance is part of.
Note that we now default the ALLOW_SIGNUP environment variable to false, previously it was true.
There is a new security page available in the documentation should you want to read up on some extra security steps you can take for your Mealie instance.
The pull request was https://github.com/mealie-recipes/mealie/pull/3368
What's Changed
- docs(auto): Update image tag, for release v1.3.2 by @github-actions in https://github.com/mealie-recipes/mealie/pull/3279
- feat: Login with OAuth via OpenID Connect (OIDC) by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3280
- fix: Typos in OIDC docs by @boc-the-git in https://github.com/mealie-recipes/mealie/pull/3285
- fix: Allow UserOut to accept list of slugs for recipe favorites by @michael-genson in https://github.com/mealie-recipes/mealie/pull/3283
- feat: First Time Setup Wizard by @michael-genson in https://github.com/mealie-recipes/mealie/pull/3204
- fix(deps): update dependency tzdata to v2024 by @renovate in https://github.com/mealie-recipes/mealie/pull/3281
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3286
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3299
- fix(deps): update dependency pydantic to v2.6.4 by @renovate in https://github.com/mealie-recipes/mealie/pull/3300
- feat: Timeline Filters by @michael-genson in https://github.com/mealie-recipes/mealie/pull/3284
- fix: Only call store APIs once by @michael-genson in https://github.com/mealie-recipes/mealie/pull/3306
- fix: Date pickers not respecting locale or first day of the week by @michael-genson in https://github.com/mealie-recipes/mealie/pull/3303
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3307
- fix: Limit shopping list owners to current group by @michael-genson in https://github.com/mealie-recipes/mealie/pull/3305
- fix: Shopping List Migration Fails With No Users by @michael-genson in https://github.com/mealie-recipes/mealie/pull/3290
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3313
- fix: proxy get_all to page_all by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3312
- fix: Purge Group Exports type mismatch by @michael-genson in https://github.com/mealie-recipes/mealie/pull/3314
- fix: remove deprecated lifecycle and consolidate startup actions by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3311
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3319
- chore(deps): update dependency coverage to v7.4.4 by @renovate in https://github.com/mealie-recipes/mealie/pull/3316
- chore(deps): update dependency ruff to v0.3.3 by @renovate in https://github.com/mealie-recipes/mealie/pull/3261
- chore(deps): update dependency black to v24.3.0 by @renovate in https://github.com/mealie-recipes/mealie/pull/3322
- chore(deps): update dependency mkdocs-material to v9.5.14 by @renovate in https://github.com/mealie-recipes/mealie/pull/3333
- docs: Update maintainers.md by @eltociear in https://github.com/mealie-recipes/mealie/pull/3339
- Dicsussion Template: OAuth example template by @cmintey in https://github.com/mealie-recipes/mealie/pull/3340
- chore(deps): update dependency pytest-asyncio to v0.23.6 by @renovate in https://github.com/mealie-recipes/mealie/pull/3341
- fix(deps): update dependency uvicorn to v0.28.1 by @renovate in https://github.com/mealie-recipes/mealie/pull/3342
- fix: Repeated calls to group self by @michael-genson in https://github.com/mealie-recipes/mealie/pull/3321
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3328
- fix(deps): update dependency uvicorn to ^0.29.0 by @renovate in https://github.com/mealie-recipes/mealie/pull/3346
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3347
- OIDC Docs Updates by @cmintey in https://github.com/mealie-recipes/mealie/pull/3323
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3351
- chore(deps): update dependency ruff to v0.3.4 by @renovate in https://github.com/mealie-recipes/mealie/pull/3353
- Add OIDC environment variable for specififying the signing algorithm by @cmintey in https://github.com/mealie-recipes/mealie/pull/3354
- feat: Migrate from My Recipe Box by @michael-genson in https://github.com/mealie-recipes/mealie/pull/3352
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3355
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3361
- Update dependency mkdocs-material to v9.5.15 by @renovate in https://github.com/mealie-recipes/mealie/pull/3358
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3366
- Update dependency SQLAlchemy to v2.0.29 by @renovate in https://github.com/mealie-recipes/mealie/pull/3362
- Update dependency pre-commit to v3.7.0 by @renovate in https://github.com/mealie-recipes/mealie/pull/3369
- Reset the search input after selection on the RecipeOrganizerSelector by @Kuchenpirat in https://github.com/mealie-recipes/mealie/pull/3373
- Update dependency rapidfuzz to v3.7.0 by @renovate in https://github.com/mealie-recipes/mealie/pull/3370
- fix: Recipe Search URL State by @michael-genson in https://github.com/mealie-recipes/mealie/pull/3332
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3377
- feat: Add auto-select-first attribute to RecipeOrganizerSelector by @Kuchenpirat in https://github.com/mealie-recipes/mealie/pull/3376
- feat: cookbook editor on cookbook page by @Kuchenpirat in https://github.com/mealie-recipes/mealie/pull/3378
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3379
- docs: Tidy up the 'task' template by @boc-the-git in https://github.com/mealie-recipes/mealie/pull/3380
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3381
- fix(deps): update dependency orjson to v3.10.0 by @renovate in https://github.com/mealie-recipes/mealie/pull/3383
- fix(deps): update dependency tzdata to v2024 by @renovate in https://github.com/mealie-recipes/mealie/pull/3386
- fix(deps): update dependency apprise to v1.7.5 by @renovate in https://github.com/mealie-recipes/mealie/pull/3394
- chore(deps): update dependency mkdocs-material to v9.5.16 by @renovate in https://github.com/mealie-recipes/mealie/pull/3397
- New Crowdin updates by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3400
- refactor: Sidebar UI by @Kuchenpirat in https://github.com/mealie-recipes/mealie/pull/3390
- fix(deps): update dependency pillow to v10.3.0 by @renovate in https://github.com/mealie-recipes/mealie/pull/3402
- chore(deps): update dependency ruff to v0.3.5 by @renovate in https://github.com/mealie-recipes/mealie/pull/3405
- chore(deps): update dependency mkdocs-material to v9.5.17 by @renovate in https://github.com/mealie-recipes/mealie/pull/3407
- fix(deps): update dependency fastapi to v0.110.1 by @renovate in https://github.com/mealie-recipes/mealie/pull/3408
- security: gh security recs by @hay-kot in https://github.com/mealie-recipes/mealie/pull/3368
- redirect to direct login on failure by @cmintey in https://github.com/mealie-recipes/mealie/pull/3406
New Contributors
- @eltociear made their first contribution in https://github.com/mealie-recipes/mealie/pull/3339
Full Changelog: https://github.com/mealie-recipes/mealie/compare/v1.3.2...v1.4.0