audiobookshelf

Media Servers

Self-hosted audiobook and podcast server

JavaScript Latest v2.35.1 · 6d ago Security brief →

Features

View all 6 releases →

Security behavior changed

v2.35.1 Bug fix 6d

Auth

Server crash fixes

Open

Security behavior changed

v2.35.0 New feature 17d

Auth

Access token refresh grace period

Open

v2.34.0 Maintenance 1mo

Notable features

Japanese language support and Japan podcast search region
Autocomplete attributes on login and setup fields for password manager support
SSRF filtering on podcast downloads and access control enforcement on batch APIs

Full changelog

Japanese language and Japan as podcast search region by @na3shkw in #5211
Autocomplete attributes on login and setup fields for password manager support by @meek2100 in #5089

Recent episodes not updating from cache when media progress changes in #5159
Error logging when a podcast's auto-download schedule has an invalid cron expression

Public media item shares: use start time passed in query parameter for existing sessions by @pjkottke in #5163
Podcast episode downloads use SSRF filtering on the HTTP request (matches other external requests)
Podcast create and update validate the auto-download schedule cron expression and sanitizes the HTML description
Playlists, collections, and library item batch API routes enforce library and per-item access
More strings translated
- Belarusian by @pavel-miniutka
- Hungarian by @ugyes
- Japanese by @na3shkw

@pjkottke made their first contribution in https://github.com/advplyr/audiobookshelf/pull/5163
@meek2100 made their first contribution in https://github.com/advplyr/audiobookshelf/pull/5089
@na3shkw made their first contribution in https://github.com/advplyr/audiobookshelf/pull/5211

Full Changelog: https://github.com/advplyr/audiobookshelf/compare/v2.33.2...v2.34.0

v2.33.2 Breaking risk 1mo

Security fixes

Notable features

Full changelog

Matroska audiobooks (.mka) with the Opus codec failing to play in web client by @rktjmp in #5115
UI/UX: Share player not using libraries cover aspect ratio setting
Backup uploads leaving temporary files behind when the uploaded file failed validation
Path traversal check on the filesystem path-exists endpoint not handling all edge cases

Bulk download endpoint now ensures all requested items belong to the library being requested
Backup load and upload now validate the backup details entry exists and is within a reasonable size limit
Podcast create endpoint validates that the podcast path is inside the selected library folder
Author and library item cover image endpoints now clamp width/height query params to a maximum of 4096
Podcast episode subtitles parsed from RSS feeds are now sanitized for HTML
author_updated/author_added socket events emitted when updating authors in the book details edit modal by @mikiher in #5158
item_removed socket event payload now includes libraryId so clients can ignore events for other libraries by @mikiher in #5160
More strings translated
- Belarusian by @pavel-miniutka
- Bulgarian by @lembata
- German by @JBlond @LaurinSorgend
- Italian by @tizio04
- Russian by @Hopelite @vmakeev
- Spanish by @cyphra