your_spotify

v1.20.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 10d Media Servers

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

web react self-hosted spotify statistics

Affected surfaces

deps auth

ReleasePort's take

Light signal

editorial:auto 10d

The release removes the public upload endpoint and updates dependencies for security.

Why it matters: Removal of the public upload endpoint eliminates a potential attack surface; update all related dependencies immediately.

Summary

AI summary

Security fixes and MongoDB compatibility up to version 8.3.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Removes public upload endpoint and updates dependencies for security. Removes public upload endpoint and updates dependencies for security. Source: llm_adapter@2026-05-24 Confidence: low	—
Dependency	Medium	Supports MongoDB versions up to 8.3 with progressive migration guidance. Supports MongoDB versions up to 8.3 with progressive migration guidance. Source: llm_adapter@2026-05-24 Confidence: high	—
Bugfix	Medium	Fixes getAlbumsWithoutArtist() returning no results by improving database sanitization. Fixes getAlbumsWithoutArtist() returning no results by improving database sanitization. Source: llm_adapter@2026-05-24 Confidence: high	—
Bugfix	Medium	Handles Spotify API 429 rate limit responses. Handles Spotify API 429 rate limit responses. Source: llm_adapter@2026-05-24 Confidence: high	—

Full changelog

What's Changed

Fix : getAlbumsWithoutArtist() returning no results by @TriGolf in https://github.com/Yooooomi/your_spotify/pull/606, database should sanitize more properly now
Update full privacy data export filenames by @connorjburton in https://github.com/Yooooomi/your_spotify/pull/593
Fixing Spotify API 429's
Security fixes (no public upload endpoint, updated dependencies)
Should now work with mongo version up to 8.3, if you update your mongo instance, make sure you do it progressively (e.g: going from mongo 6 to 8.3 is done by booting the app using mongo 7, 8.0 then 8.3)

New Contributors

@TriGolf made their first contribution in https://github.com/Yooooomi/your_spotify/pull/606
@connorjburton made their first contribution in https://github.com/Yooooomi/your_spotify/pull/593

Full Changelog: https://github.com/Yooooomi/your_spotify/compare/1.19.0...1.20.0

Security Fixes

Removed public upload endpoint, updated dependencies

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track your_spotify

Get notified when new releases ship.

About your_spotify

Self hosted Spotify tracking dashboard

All releases →