Skip to content

mealie

v3.17.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 28d Productivity & Wikis
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

meal-plans recipe-manager self-hosted

Summary

AI summary

Shopping list UI improvements on mobile include a new create menu and swipe‑to‑check controls.

Full changelog

🍴🍴🍴🍴🍴🍴

🎉 Highlights

The shopping list experience has been improved, especially for mobile users, including:

  • a new create menu for new items
  • swipe controls to check off an item (for mobile users)

✨ New features

  • feat: Improve add shopping list item form @miah120 (#7091)
  • feat: Shopping list / Swipe to check off @miah120 (#7118)

🐛 Bug fixes

  • fix: prevent delete-image dialog from reopening in a loop inside v-menu @zdenek-stursa (#7469)
  • fix: use correct title and icon on Recipe Actions data page @zdenek-stursa (#7498)
  • fix: Allow user-configurable OIDC timeout @t0xicCode (#7496)
  • fix: pressing Enter in dialogs now confirms instead of silently closing @zdenek-stursa (#7503)
  • fix: add missing search bar to Recipe Data management page @zdenek-stursa (#7504)
  • fix: Don't hit authenticated endpoints when logged out @garlic-hub (#7563)
  • fix: restore create-item button in recipe dropdowns (categories, tags, tools) @zdenek-stursa (#7564)
  • fix: Adjust ingredient section spacing @michael-genson (#7580)

🧰 Maintenance

13 changes
  • chore(l10n): Crowdin locale sync @mealie-actions[bot] (#7497)
  • chore(l10n): New Crowdin updates @hay-kot (#7500)
  • chore(l10n): New Crowdin updates @hay-kot (#7502)
  • chore(l10n): New Crowdin updates @hay-kot (#7506)
  • chore(l10n): New Crowdin updates @hay-kot (#7509)
  • chore(l10n): New Crowdin updates @hay-kot (#7515)
  • chore(l10n): New Crowdin updates @hay-kot (#7523)
  • chore(l10n): New Crowdin updates @hay-kot (#7526)
  • chore(l10n): New Crowdin updates @hay-kot (#7536)
  • chore(l10n): Crowdin locale sync @mealie-actions[bot] (#7541)
  • chore(l10n): New Crowdin updates @hay-kot (#7546)
  • chore(l10n): Crowdin locale sync @mealie-actions[bot] (#7569)
  • chore(l10n): New Crowdin updates @hay-kot (#7558)

📚 Documentation

  • docs: Update recipe creation docs @michael-genson (#7494)
  • docs: Enhance BASE_URL description in backend config @BadCo-NZ (#7449)
  • docs: document necessity of forwarded-allow-ips with OIDC behind reverse-proxy https in oidc-v2.md @aristaeus (#7424)

⬆️ Dependency updates

26 changes
  • chore(deps): update dependency mypy to v1.20.1 @renovate[bot] (#7490)
  • fix(deps): update dependency pydantic to v2.13.0 @renovate[bot] (#7492)
  • fix(deps): update dependency pydantic to v2.13.1 @renovate[bot] (#7505)
  • fix(deps): update dependency openai to v2.32.0 @renovate[bot] (#7507)
  • fix(deps): update dependency fastapi to v0.136.0 @renovate[bot] (#7511)
  • chore(deps): update dependency ruff to v0.15.11 @renovate[bot] (#7514)
  • fix(deps): update dependency lxml to v6.1.0 [security] @renovate[bot] (#7513)
  • chore(deps): update node.js to 807109d @renovate[bot] (#7516)
  • fix(deps): update dependency pydantic to v2.13.2 @renovate[bot] (#7517)
  • chore(deps): update node.js to 91447bc @renovate[bot] (#7519)
  • chore(deps): update node.js to e989123 @renovate[bot] (#7520)
  • fix(deps): update dependency authlib to v1.7.0 @renovate[bot] (#7525)
  • fix(deps): update dependency pydantic to v2.13.3 @renovate[bot] (#7533)
  • fix(deps): update dependency psycopg2-binary to v2.9.12 @renovate[bot] (#7539)
  • fix(deps): update dependency uvicorn to v0.45.0 @renovate[bot] (#7543)
  • chore(deps): update dependency mypy to v1.20.2 @renovate[bot] (#7544)
  • chore(deps): update dependency pre-commit to v4.6.0 @renovate[bot] (#7547)
  • fix(deps): update dependency uvicorn to v0.46.0 @renovate[bot] (#7553)
  • fix(deps): update dependency fastapi to v0.136.1 @renovate[bot] (#7556)
  • chore(deps): update dependency ruff to v0.15.12 @renovate[bot] (#7559)
  • fix(deps): update dependency tzdata to v2026.2 @renovate[bot] (#7560)
  • fix(deps): update dependency apprise to v1.10.0 @renovate[bot] (#7566)
  • fix(deps): update dependency python-multipart to v0.0.27 @renovate[bot] (#7567)
  • fix(deps): update dependency openai to v2.33.0 @renovate[bot] (#7570)
  • fix(deps): update dependency pydantic-settings to v2.14.0 @renovate[bot] (#7534)
  • chore(deps): update dependency axios to v1.15.2 [security] @renovate[bot] (#7579)

🙏 New Contributors

  • @BadCo-NZ made their first contribution in https://github.com/mealie-recipes/mealie/pull/7449
  • @aristaeus made their first contribution in https://github.com/mealie-recipes/mealie/pull/7424
  • @garlic-hub made their first contribution in https://github.com/mealie-recipes/mealie/pull/7563

🍴🍴🍴🍴🍴🍴

Security Fixes

  • dep: lxml upgraded from <6.1.0 to v6.1.0 – security fix
  • dep: axios upgraded to v1.15.2 – security fix
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track mealie

Get notified when new releases ship.

Sign up free

About mealie

Mealie is a self hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in Vue for a pleasant user experience for the whole family. Easily add recipes into your database by providing the url and mealie will automatically import the relevant data or add a family recipe with the UI editor

All releases →

Related context

Related tools

Beta — feedback welcome: [email protected]