This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+5 more
Affected surfaces
ReleasePort's take
Moderate signalThe release patches a Remote Code Execution vulnerability in the Admin/Auth subsystem.
Why it matters: Patches critical RCE (severityβ―95) affecting admin authentication; upgrade immediately.
Summary
AI summaryUpdates πββοΈ Improvements, π New Features, and π Bug Fixes across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Critical |
Patches Remote Code Execution vulnerability from upstream dependency. Patches Remote Code Execution vulnerability from upstream dependency. Source: llm_adapter@2026-05-31 Confidence: high |
β |
| Feature | Low |
Adds EgoSMS SMS provider for Uganda notifications. Adds EgoSMS SMS provider for Uganda notifications. Source: llm_adapter@2026-05-31 Confidence: high |
β |
| Feature | Low |
Adds incidents to RSS feed. Adds incidents to RSS feed. Source: llm_adapter@2026-05-31 Confidence: high |
β |
| Feature | Low |
Adds VKTeams bot notification provider. Adds VKTeams bot notification provider. Source: llm_adapter@2026-05-31 Confidence: high |
β |
| Feature | Low |
Adds optional token field for gamedig monitors. Adds optional token field for gamedig monitors. Source: llm_adapter@2026-05-31 Confidence: high |
β |
| Feature | Low |
Adds bearer token support to WebSocket upgrade monitor. Adds bearer token support to WebSocket upgrade monitor. Source: llm_adapter@2026-05-31 Confidence: high |
β |
| Bugfix | Medium |
Fixes handling of npm version 11.16.0. Fixes handling of npm version 11.16.0. Source: llm_adapter@2026-05-31 Confidence: high |
β |
| Bugfix | Medium |
Fixes NTLM monitor failure over plain HTTP with 400 Bad Request. Fixes NTLM monitor failure over plain HTTP with 400 Bad Request. Source: llm_adapter@2026-05-31 Confidence: high |
β |
| Bugfix | Low |
Updates link to API keys documentation. Updates link to API keys documentation. Source: llm_adapter@2026-05-31 Confidence: high |
β |
| Bugfix | Low |
Normalizes hidden log level lookup. Normalizes hidden log level lookup. Source: llm_adapter@2026-05-31 Confidence: high |
β |
Full changelog
π New Features
- #7434 feat(notification): add EgoSMS SMS provider for Uganda (Thanks @kristianinc @cursoragent)
- #7420 feat: Add incidents to RSS (Thanks @dj-tuxis)
- #7365 feat: Add VKTeams bot notification provider (Thanks @aleshasam)
πββοΈ Improvements
- #7433 feat: add optional token field for gamedig monitors (Thanks @aminoacidity)
- #7415 feat: Adding bearer token (Thanks @aminoacidity @nyeswant)
- #7431 fix: Add bearer token support to WebSocket upgrade monitor (Thanks @aminoacidity @nyeswant)
- #7373 fix: update link to documentation about API keys (Thanks @eleanordoesntcode)
π Bug Fixes
- ~#7453 fix(docker-only): add Let's Encrypt Gen Y root certificates~ (Unfortunately, curl is working, but Node.js is not)
- #7451 fix: handling npm 11.16.0
- #7351 fix: NTLM monitor over plain HTTP fails with 400 Bad Request (Thanks @karzac)
β¬οΈ Security Fixes
- (Admin/Auth only) Remote Code Execution, a vulnerability from an upstream dependency (Reveal later, ping me if I forgot to reveal)
π¦ Translation Contributions
- #7366 #7353 chore: Translations Update from Weblate (Thanks @aindriu80 @Aluisio @andibing @AnnAngela @Arden-Ahmad @bartoostveen @cyril59310 @dodog @Gringit @helakostain @ivanbratovic @Jumala9163 @Kf637 @master3395 @MrEddX @OnyxOracle @PolarniMeda @samsilveira @toniv90 @ttymayor @Virenbar @xuantan97)
Others
- #7432 chore: Implement dev data directory handling for non-master branches
- #7390 fix: normalize hidden log level lookup (Thanks @aqilaziz)
Security Fixes
- Upstream dependency Remote Code Execution vulnerability affecting admin/auth features
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]