tunarr

v1.2.18 Security

This release patches 1 CVE for security teams tracking exposure across their dependency inventory.

Published 22d Media Servers

1 patched CVE

This release patches 1 known CVE CVE-2025-31125 EPSS 83%

1 CVEs patched

Topics

emby ffmpeg iptv jellyfin local-streaming media-streaming

+4 more

plex self-hosted streaming tv

ReleasePort's take

Light signal

editorial:auto 13d

Release v1.2.18 of tunarr fixes artwork URL construction on the channel now playing page.

Why it matters: Patch to v1.2.18 immediately if your deployment serves artwork URLs on the now‑playing view; incorrect URLs can break media playback.

AI summary

Fixed artwork URL construction on the channel now playing page.

Type	Severity	Summary	CVE
Bugfix
Bugfix	Medium	add more checks for podman containers add more checks for podman containers Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	add more detailed debug/error logging to external subtitle downloader add more detailed debug/error logging to external subtitle downloader Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	properly build artwork urls on channel now playing page properly build artwork urls on channel now playing page Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track tunarr

Get notified when new releases ship.

About tunarr

Create a classic TV experience using your own media - IPTV backed by Plex/Jellyfin/Emby/NFO