TREK

v3.0.19 Feature

This release adds 1 notable feature for engineering teams evaluating rollout.

Published 21d Productivity & Wikis

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

budget-tracker collaborative opensource packing-list poi real-time

+11 more

routes self-hosted travel travel-app travel-planner traveling trip trip-planner wanderlog wanderlust webapplication

Affected surfaces

auth

ReleasePort's take

Light signal

editorial:auto 13d

v3.0.19 fixes double-escaped HTML in password reset emails and adds automatic HEIC/HEIF-to-JPEG conversion for broader image compatibility.

Why it matters: Password reset emails now render without escaped HTML. HEIC image uploads convert to JPEG for full platform support. Test in dev; candidate for next deployment cycle.

Summary

AI summary

Fixed double‑escaping of HTML in password reset emails.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	Journey converts HEIC/HEIF uploads to JPEG for cross-platform compatibility Journey converts HEIC/HEIF uploads to JPEG for cross-platform compatibility Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix
Bugfix	Medium	MCP OAuth consent redirect uses absolute URL from APP_URL MCP OAuth consent redirect uses absolute URL from APP_URL Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Notifications prevent double-escaping HTML in password reset emails Notifications prevent double-escaping HTML in password reset emails Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Journey skips HEIC import for non-HEIC files preventing test failures Journey skips HEIC import for non-HEIC files preventing test failures Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

How to update: https://github.com/mauriceboe/TREK/wiki/Updating

What's Changed

v3.0.19 Bug Fixes by @jubnl in https://github.com/mauriceboe/TREK/pull/992

Detail

fix(mcp): replace relative oauth constent redirect by absolute redirect derived from APP_URL
feat(journey): convert HEIC/HEIF uploads to JPEG for cross-platform compatibility
fix(journey): skip heic-to import for non-HEIC files to avoid test env failures
fix(notifications): prevent double-escaping HTML in password reset emails

Full Changelog: https://github.com/mauriceboe/TREK/compare/v3.0.18...v3.0.19

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track TREK

Get notified when new releases ship.

About TREK

Real-time collaborative travel planner

All releases →