This release adds 2 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
ReleasePort's take
Light signalThe canonical API now supports issue actions and comment creation, and accepts friendly IDs.
Why it matters: Developers can perform more operations via the canonical API, streamlining workflow integration.
Summary
AI summaryUpdates API, Smaller fixes, and 2.2.1 across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Validate CREATE_SUPERUSER email addresses and use the email as username in Docker server-start setup, see #394. Validate CREATE_SUPERUSER email addresses and use the email as username in Docker server-start setup, see #394. Source: llm_adapter@2026-05-22 Confidence: high |
— |
| Feature | Medium |
Add issue actions to the canonical API, see #214 and #401. Add issue actions to the canonical API, see #214 and #401. Source: llm_adapter@2026-05-22 Confidence: high |
— |
| Feature | Medium |
Add canonical API issue comment creation, see #352 and #401. Add canonical API issue comment creation, see #352 and #401. Source: llm_adapter@2026-05-22 Confidence: high |
— |
| Feature | Medium |
Accept issue friendly IDs in the canonical API, see #389 and #401. Accept issue friendly IDs in the canonical API, see #389 and #401. Source: llm_adapter@2026-05-22 Confidence: high |
— |
| Performance | Medium |
Docker: disable Gunicorn's unused control socket, see #405. Docker: disable Gunicorn's unused control socket, see #405. Source: llm_adapter@2026-05-22 Confidence: low |
— |
| Bugfix | Medium |
Fix long module names overlapping version values on event detail pages, see #377 and #382. Fix long module names overlapping version values on event detail pages, see #377 and #382. Source: llm_adapter@2026-05-22 Confidence: low |
— |
| Bugfix | Medium |
Sourcemap uploads without a project slug now log server-side context before returning 400, see #404 and #408. Sourcemap uploads without a project slug now log server-side context before returning 400, see #404 and #408. Source: llm_adapter@2026-05-22 Confidence: low |
— |
| Refactor | Medium |
Development server: do not send email by default, see d6d5190441b3. Development server: do not send email by default, see d6d5190441b3. Source: llm_adapter@2026-05-22 Confidence: low |
— |
| Refactor | Medium |
Improve OpenAPI endpoint docs, see #390 and #401. Improve OpenAPI endpoint docs, see #390 and #401. Source: llm_adapter@2026-05-22 Confidence: low |
— |
| Refactor | Medium |
Use Bugsink's version as the OpenAPI spec version, see #307. Use Bugsink's version as the OpenAPI spec version, see #307. Source: llm_adapter@2026-05-22 Confidence: low |
— |
| Refactor | Low |
Development server no longer sends email by default. Development server no longer sends email by default. Source: granite4.1:30b@2026-05-22-audit Confidence: low |
— |
Full changelog
2.2.1 (22 May 2026)
API
- Add issue actions to the canonical API, see #214 and #401.
- Add canonical API issue comment creation, see #352 and #401.
- Accept issue friendly IDs in the canonical API, see #389 and #401.
- Improve OpenAPI endpoint docs, see #390 and #401.
- Use Bugsink's version as the OpenAPI spec version, see #307.
Smaller fixes
- Fix long module names overlapping version values on event detail pages, see #377 and #382.
- Validate
CREATE_SUPERUSERemail addresses and use the email as username in Docker server-start setup, see #394. - Development server: do not send email by default, see d6d5190441b3.
- Docker: disable Gunicorn's unused control socket, see #405.
- Sourcemap uploads without a project slug now log server-side context before returning
400, see #404 and #408.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]