Skip to content

agregarr

v2.4.2 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 2mo Media Servers
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Summary

AI summary

Added Plex Webhook support for placeholder tracking, fixed critical path traversal vulnerabilities in overlay export and thumbnail routes, improved Letterboxd/IMDb stability with parallel TMDB resolution.

Security Fixes

  • Path traversal in overlay template export
  • Filename validation prevents path traversal in icon and poster routes
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track agregarr

Get notified when new releases ship.

Sign up free

About agregarr

Agregarr is a Plex Collections manager that keeps your Home and Recommended fresh by frequently updating it with collections from various sources

All releases →

Related context

Beta — feedback welcome: [email protected]