Skip to content

m3u-editor

v0.10.35 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 1mo Media Servers
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

emby iptv jellyfin m3u-playlist m3u4u m3u8
+7 more
plex schedules schedules-direct threadfin xteve xtream xtream-codes

Summary

AI summary

The update adds automated channel cleaning, OIDC auth, and a new tabbed UI, upgrades core frameworks, and patches critical XSS and CVE issues, improving reliability and admin control.

Security Fixes

  • Patched XSS vulnerability by escaping raw HTML in release log markdown.
  • Added rate limiting to unauthenticated sync endpoints and enforced user ownership in channel ID validation.
  • Updated dependencies to resolve CVE-2026-33347.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track m3u-editor

Get notified when new releases ship.

Sign up free

About m3u-editor

A full-featured IPTV editor, including features similar to xteve or threadfin. With full EPG management, Xtream API output, ability to store and sync .strm files, post processing with ability to call custom scripts, send webhook requests, or send an email, and much more!

All releases →

Related context

Beta — feedback welcome: [email protected]