posterizarr

v2.2.47 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 5d Media Servers

✓ No known CVEs patched

This release patches 1 known CVE

Topics

arr imagemagick posters

Affected surfaces

auth

Summary

AI summary

Updates ✨ Enhancements & Security, 🐛 Bug Fixes, and fix across a mixed release.

Type	Severity	Summary	CVE
Security	High	Implements generic support‑zip sanitization that masks API keys, webhook URLs, auth headers, and local IPs in generated zip files. Implements generic support‑zip sanitization that masks API keys, webhook URLs, auth headers, and local IPs in generated zip files. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Normalizes various TV aliases (tv, tvshows, series, shows) for show poster cards without strict naming. Normalizes various TV aliases (tv, tvshows, series, shows) for show poster cards without strict naming. Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	Corrects season number override failures in Posterizarr.ps1 due to array reference error. Corrects season number override failures in Posterizarr.ps1 due to array reference error. Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	Fixes missing `mediaType` variables in backend asset replacement logic. Fixes missing `mediaType` variables in backend asset replacement logic. Source: llm_adapter@2026-05-30 Confidence: high	—

Full changelog

Season Number Overrides: Corrected an issue in Posterizarr.ps1 where special season text overrides were failing due to incorrect array referencing.
Missing Variables: Fixed an issue with missing mediaType variables in the backend asset replacement logic.

(Note: Includes fixes resolving issue #575)

Library Type Normalization: The web UI backend now natively understands and normalizes various TV aliases (tv, tvshows, series, shows, etc.) to process show poster cards properly without strict naming requirements.
Enhanced Support-Zip Privacy: Implemented a new, generic support-zip sanitization protocol. When generating a support zip, the system now recursively scans all text, log, JSON, and SQLite database files to automatically mask sensitive information, including:
- API keys, tokens, and pins
- Webhook URLs (Discord, Uptime Kuma, Apprise, Slack, Telegram, etc.)
- Authorization and Cookie headers
- Local IP addresses and local .lan/.local domain names.

Sync Main to dev. by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/576
fix: Season number fixes, media type normalization, and generic support zip sanitization by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/577

Full Changelog: https://github.com/fscorrupt/posterizarr/compare/2.2.46...2.2.47

Support‑zip generation now recursively masks sensitive information: API keys, tokens, pins; webhook URLs (Discord, Uptime Kuma, Apprise, Slack, Telegram); Authorization/Cookie headers; local IPs and .lan/.local domains

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track posterizarr

Get notified when new releases ship.

About posterizarr

Automated poster maker for Plex/Jellyfin/Emby.