stump

v0.1.4 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 5d Media Servers

✓ No known CVEs patched

This release patches 1 known CVE

Topics

books comics media-server opds react rust

+2 more

self-hosted tauri

Affected surfaces

deps

ReleasePort's take

Moderate signal

editorial:auto 5d

ReleasePort v0.1.4 patches security vulnerabilities in ws, qs, uuid, and js-cookie dependencies and resolves an AccessAPIKeys permission mismatch.

Why it matters: Addresses high‑severity (90) dependency vulnerabilities; fixes a critical permission check bug that could expose API keys.

AI summary

Fixes Android themed icon, permission mismatch, and updates vulnerable dependencies.

Type	Severity	Summary	CVE
Security	Critical	Fixes vulnerabilities in ws, qs, uuid, js-cookie dependencies Fixes vulnerabilities in ws, qs, uuid, js-cookie dependencies Source: llm_adapter@2026-05-30 Confidence: high	—
Feature
Feature	Low	Adds tag-based filtering support on backend Adds tag-based filtering support on backend Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Adds volume-based reader navigation for expo builds Adds volume-based reader navigation for expo builds Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Adds infinite scrolling for files in UploadModal to improve UX with large uploads Adds infinite scrolling for files in UploadModal to improve UX with large uploads Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	Fixes AccessAPIKeys permission mismatch issue Fixes AccessAPIKeys permission mismatch issue Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Low	Fixes Android themed icon issue in expo builds Fixes Android themed icon issue in expo builds Source: llm_adapter@2026-05-30 Confidence: high	—

Full changelog

🐛 (expo): Fix Android themed icon by @Kernald in https://github.com/stumpapp/stump/pull/1162
:sparkles: Support tag-based filtering on backend by @aaronleopold in https://github.com/stumpapp/stump/pull/1160
:sparkles: (expo): Support volume-based reader navigation by @aaronleopold in https://github.com/stumpapp/stump/pull/1161
:globe_with_meridians: Update translations by @aaronleopold in https://github.com/stumpapp/stump/pull/1148
♻️ Add infinite scrolling for files in UploadModal to improve UX when uploading large amount of files by @balazs-szucs in https://github.com/stumpapp/stump/pull/1172
:bug: Fix AccessAPIKeys permission mismatch by @aaronleopold in https://github.com/stumpapp/stump/pull/1171
:globe_with_meridians: Update translations by @aaronleopold in https://github.com/stumpapp/stump/pull/1164
⬆️ Fix vulnerabilities (ws, qs, uuid, js-cookie) by @aaronleopold in https://github.com/stumpapp/stump/pull/1179
🔖 Release v0.1.4 by @aaronleopold in https://github.com/stumpapp/stump/pull/1181

Full Changelog: https://github.com/stumpapp/stump/compare/v0.1.3...v0.1.4

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track stump

Get notified when new releases ship.

About stump

A free and open source comics, manga and digital book server with OPDS support (WIP)

v0.1.3 Default user permissions changed, requiring adjustments for managed accounts.