ntfy
Alerting & IncidentsSend push notifications to your phone or desktop via PUT/POST
Features
- Send notifications to phones/desktops via HTTP PUT/POST
- Free public service with no signup required
- Open source and self-hostable
- Native Android and iOS apps
Recent releases
View all 11 releases →
v2.22.0
Security relevant
Security fixes
- SSRF vulnerability in web push endpoint allow-list regex (GHSA-w9hq-5jg7-q4j7)
Notable features
- Access tokens can now be set to never expire in web app
- Fixed web app crash on account page for tokens without last access time
Full changelog
Bug fixes + maintenance:
- Tighten web push endpoint allow-list regex to prevent SSRF via unanchored pattern matching (GHSA-w9hq-5jg7-q4j7, thanks to @MightyNawaf for reporting)
- Fix web app not allowing access tokens to be changed to never expire (#1693/#1694, thanks to @lastsamurai26 for reporting and to @ShipItAndPray for fixing)
- Fix web app crashing on account page for tokens without a last access time (#1651, #1684, thanks to @Pulsar7 and @rzhli for reporting)
v2.20.1
Bug fix
Added disable_http2=true S3 URL option to work around HTTP/2 stream errors with S3-compatible providers.
v2.20.0
New feature
Breaking changes
- Attachment directory behavior changed: files matching message ID format with no database entries will be deleted
Notable features
- S3-compatible object storage for attachments
- OpenRC init service
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
About
Stars
30,554
Forks
1,292
Languages
Go
JavaScript
Makefile
Install & Platforms
Mobile
Android
IOS
Community & Support
Tracked by
1
person tracking
People also track
open-webui
1 tracking
immich
1 tracking
Home Assistant
1 tracking
uptime-kuma
1 tracking
vaultwarden
1 tracking
neovim
1 tracking
