Skip to content

Algernon

v1.17.7 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 22d Dashboards & Home Pages
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

algernon build-less cross-platform fasthttp go http3
+14 more
live-reload local-llm lua mysql npm-less ollama pongo2 postgresql quic react19 redis server-sent-events sqlite tls13

Affected surfaces

auth rbac

ReleasePort's take

Light signal
editorial:auto 13d

Release v1.17.7 of Algernon fixes a Bolt database retrieval bug that previously returned an empty list when fewer than N items exist.

Why it matters: Patch to v1.17.7 immediately if your deployment uses the Bolt database and experiences missing results for queries requesting the last N items.

Summary

AI summary

Fixes a Bolt database retrieval bug returning an empty list when fewer than N items exist.

Changes in this release

Security Medium

Clamp handler.lua parent walk to server root.

Clamp handler.lua parent walk to server root.

Source: llm_adapter@2026-05-21

Confidence: high
Security Medium

Use main mux for SSE auto-refresh feature.

Use main mux for SSE auto-refresh feature.

Source: llm_adapter@2026-05-21

Confidence: high
Security Medium

Add --hide-dotfiles option to hide hidden files.

Add --hide-dotfiles option to hide hidden files.

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Embed React 19 and support index.jsx files.

Embed React 19 and support index.jsx files.

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Add formjson Lua function to return posted form as JSON.

Add formjson Lua function to return posted form as JSON.

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Add WebAuthn support with 4 new Lua functions.

Add WebAuthn support with 4 new Lua functions.

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Add maxlen, methodPOST, list:jsonlast, and jsonembed Lua functions.

Add maxlen, methodPOST, list:jsonlast, and jsonembed Lua functions.

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

Use sqlite package without CGO requirement.

Use sqlite package without CGO requirement.

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

Update all database-related dependencies.

Update all database-related dependencies.

Source: llm_adapter@2026-05-21

Confidence: low
Performance Medium

Cache per-directory .algernon configuration.

Cache per-directory .algernon configuration.

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Fix Bolt database issue retrieving last N items.

Fix Bolt database issue retrieving last N items.

Source: llm_adapter@2026-05-21

Confidence: high
Other Medium

Update documentation.

Update documentation.

Source: llm_adapter@2026-05-21

Confidence: low
Full changelog

Security related

  • Clamp handler.lua parent walk to server root, thanks @Dredsen.
  • Use the main mux when serving SSE for the auto-refresh feature, thanks @Dredsen.
  • Add a --hide-dotfiles for not serving hidden files, thanks @Dredsen.
  • Don't enable debug mode automatically when single-file mode is used, thanks @Dredsen.

New features

  • Embed React 19 and support index.jsx files, for npm-less use of React.

Examples

  • Update the HyperApp example so that it does not use a token for downloading images.
  • Add an example project named Catbook here: https://github.com/xyproto/catbook

Database related

  • Update all database-related dependencies.
  • Fix an issue in the built-in Bolt database support, where retrieving the last N items from a list with less than N items could return an empty list.
  • Use an sqlite package that does not require CGO.

Performance

  • Cache the per-directory .algernon configuration.

New Lua functions

  • Add a formjson Lua function for returning the posted form as JSON.
  • Add support for WebAuthn by adding 4 new Lua functions.
  • Add the maxlen, methodPOST and list:jsonlast and jsonembed functions.

General

  • Update dependencies.
  • Update documentation.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Algernon

Get notified when new releases ship.

Sign up free

About Algernon

Small self-contained pure-Go web server with Lua, Markdown, HTTP/2, QUIC, Redis and PostgreSQL support.

All releases →

Related context

Beta — feedback welcome: [email protected]