postiz-app

v2.21.8 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 12d Automation & Workflows

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

nextjs open-source-social-media-scheduling-tool redis scheduling-tool social-media-scheduling-tool typescript

ReleasePort's take

Moderate signal

editorial:auto 11d

The release patches security vulnerabilities PSA-2026-2CAQ96 and PSA-2026-WWFR8X; all users must upgrade immediately.

Why it matters: CVEs PSA‑2026‑2CAQ96 and PSA‑2026‑WWFR8X require immediate upgrade to mitigate risk.

Summary

AI summary

Updates feat, fix, and ui across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Addresses security vulnerabilities PSA-2026-2CAQ96 and PSA-2026-WWFR8X; all users should upgrade immediately. Addresses security vulnerabilities PSA-2026-2CAQ96 and PSA-2026-WWFR8X; all users should upgrade immediately. Source: llm_adapter@2026-05-23 Confidence: low	—
Feature
Feature	Medium	Adds contributor form functionality. Adds contributor form functionality. Source: llm_adapter@2026-05-23 Confidence: low	—
Feature	Medium	Makes notification list scrollable and displays creation time. Makes notification list scrollable and displays creation time. Source: llm_adapter@2026-05-23 Confidence: low	—
Feature	Medium	Introduces hasExtension helper for media type detection. Introduces hasExtension helper for media type detection. Source: llm_adapter@2026-05-23 Confidence: low	—
Feature	Medium	Tracks post creation method (WEB/API/MCP/AUTOPOST). Tracks post creation method (WEB/API/MCP/AUTOPOST). Source: llm_adapter@2026-05-23 Confidence: low	—
Feature	Medium	Shows TikTok title/content restriction notice for video posts. Shows TikTok title/content restriction notice for video posts. Source: llm_adapter@2026-05-23 Confidence: low	—
Feature	Medium	Adds state filter (all/scheduled/draft/published) to list view. Adds state filter (all/scheduled/draft/published) to list view. Source: llm_adapter@2026-05-23 Confidence: low	—
Bugfix
Bugfix	Medium	Properly handle error in Discord provider integration. Properly handle error in Discord provider integration. Source: llm_adapter@2026-05-23 Confidence: high	—
Bugfix	Medium	Remove processing GIF via Sharp in LinkedIn integration. Remove processing GIF via Sharp in LinkedIn integration. Source: llm_adapter@2026-05-23 Confidence: high	—
Bugfix	Medium	Lowercases email during local user registration. Lowercases email during local user registration. Source: llm_adapter@2026-05-23 Confidence: high	—
Bugfix	Medium	Clarifies TikTok pending‑share error message to mention the 24‑hour window. Clarifies TikTok pending‑share error message to mention the 24‑hour window. Source: llm_adapter@2026-05-23 Confidence: low	—
Refactor	Medium	Updates modal styling to prevent overflow with long text. Updates modal styling to prevent overflow with long text. Source: llm_adapter@2026-05-23 Confidence: low	—

Full changelog

[!WARNING]
This release addresses the security vulnerability PSA-2026-2CAQ96 and PSA-2026-WWFR8X, all users are recommended to upgrade immediately.

What's Changed

fix: properly handle error in discord provider by @bsantosh909 in https://github.com/gitroomhq/postiz-app/pull/1479
fix: remove processing GIF via sharp in linkedin by @bsantosh909 in https://github.com/gitroomhq/postiz-app/pull/1483
feat: contributor form by @egelhaus in https://github.com/gitroomhq/postiz-app/pull/1482
fix: lowercase email on local registration by @bsantosh909 in https://github.com/gitroomhq/postiz-app/pull/1494
feat: update notification list to be scrollable and added time by @bsantosh909 in https://github.com/gitroomhq/postiz-app/pull/1489
ui: update the modal such that for long text won't cause overflow by @bsantosh909 in https://github.com/gitroomhq/postiz-app/pull/1488
feat: hasExtension helper for media type detection by @bsantosh909 in https://github.com/gitroomhq/postiz-app/pull/1515
feat: track post creation method (WEB/API/MCP/AUTOPOST) by @bsantosh909 in https://github.com/gitroomhq/postiz-app/pull/1514
Clarify TikTok pending-share error mentions the 24-hour window by @bsantosh909 in https://github.com/gitroomhq/postiz-app/pull/1539
Show TikTok title/content restriction notice for video posts by @bsantosh909 in https://github.com/gitroomhq/postiz-app/pull/1537
Add state filter (all/scheduled/draft/published) to list view by @bsantosh909 in https://github.com/gitroomhq/postiz-app/pull/1538

New Contributors

@bsantosh909 made their first contribution in https://github.com/gitroomhq/postiz-app/pull/1479

Full Changelog: https://github.com/gitroomhq/postiz-app/compare/v2.21.7...v2.21.8

Security Fixes

PSA-2026-2CAQ96 — security vulnerability addressed
PSA-2026-WWFR8X — security vulnerability addressed

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track postiz-app

Get notified when new releases ship.

About postiz-app

The ultimate social media scheduling tool, with a bunch of AI

All releases →