ryot

v10.3.13 Security

This release patches 1 CVE for security teams tracking exposure across their dependency inventory.

Published 15d Dashboards & Home Pages

View tool

1 patched CVE

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE CVE-2025-31125 EPSS 83%

1 CVEs patched

Topics

exercise-tracker fitness-tracker integrations media-tracking tracker

Affected surfaces

auth

Summary

AI summary

Broad release touches http://github.com/IgnisDa/ryot/commit/961b40215f7eaf79481b538f391c2dab3ec812c7, http://github.com/IgnisDa/ryot/commit/ae9d02d29c9a26e1a5e7e1bca31fc8d00bd41787, http://github.com/IgnisDa/ryot/commit/86e35975f15e68918d320b95dc71f7c4363eeac6, and http://github.com/IgnisDa/ryot/commit/ef0d999ba30faf9c648fa4555c5aabc8b51f6833.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Fix OIDC authentication with internal CA and improve job storage type clarity Fix OIDC authentication with internal CA and improve job storage type clarity Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Feature
Feature	Medium	Get Jellyfin Sink working with TVDB Get Jellyfin Sink working with TVDB Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	Add dynamic web search hyperlink for media items Add dynamic web search hyperlink for media items Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	Make possible to edit workout template comments Make possible to edit workout template comments Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	replace apalis-sqlite with apalis-file-storage for job storage replace apalis-sqlite with apalis-file-storage for job storage Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	validate workout template existence before updating or creating validate workout template existence before updating or creating Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	enhance workout input mapping by including assets, comment, supersets, and template ID enhance workout input mapping by including assets, comment, supersets, and template ID Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	update user list retrieval to include user ID and adjust admin user handling update user list retrieval to include user ID and adjust admin user handling Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	add user impersonation link generation functionality add user impersonation link generation functionality Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	Decrease side padding and improve card responsiveness Decrease side padding and improve card responsiveness Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Feature	Medium	Glow watched items in calendar with green Glow watched items in calendar with green Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Feature	Medium	Add autofocus attribute to submit button (mark as seen) Add autofocus attribute to submit button (mark as seen) Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Feature	Medium	rename create_or_update_user_workout_template to upsert_workout_template for consistency rename create_or_update_user_workout_template to upsert_workout_template for consistency Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Feature	Medium	specify exact turbo version in Dockerfiles and update build-plugin.sh specify exact turbo version in Dockerfiles and update build-plugin.sh Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Dependency	Medium	remove apalis-codec and apalis-file-storage dependencies from Cargo.toml remove apalis-codec and apalis-file-storage dependencies from Cargo.toml Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Bugfix
Bugfix	Medium	Fix jemalloc support for RPI5 and unsupported system page size Fix jemalloc support for RPI5 and unsupported system page size Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Bugfix	Medium	prevent kodi scrobbling when video duration is zero prevent kodi scrobbling when video duration is zero Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Bugfix	Medium	restore generic JSON workout template round-tripping restore generic JSON workout template round-tripping Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Bugfix	Medium	Sensitive data logging in production Sensitive data logging in production Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Bugfix	Medium	Template and Workout names are too truncated in Desktop and Mobile Views Template and Workout names are too truncated in Desktop and Mobile Views Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Refactor
Refactor	Medium	replace apalis-file-storage with apalis-core for job storage and update dependencies replace apalis-file-storage with apalis-core for job storage and update dependencies Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Refactor	Medium	remove unused RandomId from imports and simplify memory job storage sender initialization remove unused RandomId from imports and simplify memory job storage sender initialization Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Refactor	Medium	remove httpOnly and secure flags from twoFactorSessionStorage cookie remove httpOnly and secure flags from twoFactorSessionStorage cookie Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Refactor	Medium	update providersConsumedOn to filter out falsy values in editSeenItem schema update providersConsumedOn to filter out falsy values in editSeenItem schema Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Refactor	Medium	remove unused Extensions from imports and update make_memory_job_storage to return JobStorage remove unused Extensions from imports and update make_memory_job_storage to return JobStorage Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Refactor	Medium	update make_memory_job_storage to return Arc<Mutex<Option<MemoryStorage<T>>>> update make_memory_job_storage to return Arc<Mutex<Option<MemoryStorage<T>>>> Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Refactor	Medium	remove nanoid dependency from fitness service remove nanoid dependency from fitness service Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Refactor	Low	Refactor API response handling in TvdbService Refactor API response handling in TvdbService Source: granite4.1:30b@2026-05-20-audit Confidence: low	—
Refactor	Low	Simplify workout template ID handling in upsert_workout_template Simplify workout template ID handling in upsert_workout_template Source: granite4.1:30b@2026-05-20-audit Confidence: low	—
Other
Other	Medium	Run CI Run CI Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Other	Medium	Revert "Implement single application job locking and sharding (#1709)" Revert "Implement single application job locking and sharding (#1709)" Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Other	Medium	prune runtime workspace dependencies prune runtime workspace dependencies Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—

Full changelog

What's Changed

961b40215 - refactor: remove httpOnly and secure flags from twoFactorSessionStorage cookie
ae9d02d29 - Get Jellyfin Sink working with TVDB (#1767)
86e35975f - Quality: Sensitive data logging in production (#1765)
ef0d999ba - Allow Jellyfin sink plugin to work with TVDB (#1764)
bfb8c711b - Refactor API response handling in TvdbService (#1761)
2a067a56b - Add dynamic web search hyperlink for media items (#1757)
4468495de - refactor: update providersConsumedOn to filter out falsy values in editSeenItem schema (#1753)
9f31ae41b - Upsert calendar events and propagate database errors in background jobs (#1751)
366f730cc - Fix jemalloc support for RPI5 and unsupported system page size (#1748)
3b01bfd44 - Fix OIDC authentication with internal CA and improve job storage type clarity (#1745)
9594e54f7 - Decrease side padding and improve card responsiveness (#1742)
28fab1bd9 - Make possible to edit workout template comments (#1731)
7934f774c - Template and Workout names are too truncated in Desktop and Mobile Views (#1730)
8a3450e1f - Glow watched items in calendar with green (#1729)
5eb06679d - Add autofocus attribute to submit button (mark as seen) (#1726)
27993dfad - Merge pull request #1722 from IgnisDa:IgnisDa/issue1717
64cb81cc4 - fix: prevent kodi scrobbling when video duration is zero
fdd5d357b - ci: Run CI
c3af712bb - refactor: remove unused Extensions from imports and update make_memory_job_storage to return JobStorage
a8348596c - refactor: update make_memory_job_storage to return Arc<Mutex<Option<MemoryStorage>>>
3a13243fa - ci: Run CI
4c8c0108b - refactor: remove unused RandomId from imports and simplify memory job storage sender initialization
69b482b2d - ci: Run CI
81e62653b - refactor: remove apalis-codec and apalis-file-storage dependencies from Cargo.toml
240b892e2 - refactor: remove nanoid dependency from fitness service
192e217e6 - refactor: replace apalis-file-storage with apalis-core for job storage and update dependencies
4718b7e21 - feat: replace apalis-sqlite with apalis-file-storage for job storage
e3bab4cdd - Revert "Implement single application job locking and sharding (#1709)"
66cefc90d - Merge pull request #1720 from IgnisDa:IgnisDa/issue1719
7c8bc82f2 - refactor: simplify workout template ID handling in upsert_workout_template
75dad280b - refactor: rename create_or_update_user_workout_template to upsert_workout_template for consistency
a31607aa5 - feat: validate workout template existence before updating or creating
7d5a39c3c - feat: enhance workout input mapping by including assets, comment, supersets, and template ID
9b92e8bb1 - fix(import): restore generic JSON workout template round-tripping
aee3eded3 - feat: update user list retrieval to include user ID and adjust admin user handling
2074b8e72 - feat: add user impersonation link generation functionality
ff3343503 - fix(docker): prune runtime workspace dependencies
18531d55c - feat: specify exact turbo version in Dockerfiles and update build-plugin.sh
e289935df - Remove Moon and migrate to Turbo (#1710)
d35ff6244 - feat: update moonrepo CLI version to 1.39.2 in Dockerfiles and workflow
a8e532ab7 - Implement single application job locking and sharding (#1709)
d354d4c0a - feat(integration): add username filtering for Jellyfin sink

Breaking Changes

Removed httpOnly and secure flags from the twoFactorSessionStorage cookie

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ryot

Get notified when new releases ship.

About ryot

Roll your own tracker!

All releases →

Related context

Related tools

Related CVEs

CVE-2025-31125 NVD KEV EPSS