Skip to content

bugsink

Error & Performance Tracking

Self-hosted Error Tracking

Track releases GitHub Website
Python Latest 2.2.1 · 12d ago Security brief →

Features

  • Self‑hosted error tracking platform
  • Compatible with Sentry SDKs
  • Scalable and reliable deployment

Recent releases

View all 13 releases →
No immediate action
2.2.1 Mixed

API enhancements + smaller fixes

Open
Security behavior changed
2.2.0 Security relevant
Auth RBAC

Project scoping security fixes

Open
2.1.3 Security relevant
Security fixes
  • GHSA-fp53-qcf8-2xx2 — hardened webhook URL validation parsing rejects non-RFC characters to prevent mismatched host targeting.
Full changelog

2.1.3 (2 May 2026)

Security

Fix: harden webhook URL validation parsing and reject non-RFC characters.

In some malformed URLs, Python’s standard URL parser (urllib) and the HTTP
client stack (requests / urllib3) do not agree on which host is actually being
targeted. That could allow a webhook URL to pass Bugsink’s outbound-host checks
while the actual HTTP request is sent somewhere else. See:

https://github.com/bugsink/bugsink/security/advisories/GHSA-fp53-qcf8-2xx2

Smaller fixes

  • Add issue-level markdown, see #334.
  • Fix installation quota counting across projects, see #359.
  • When vacuuming files, don't load them in memory, and allow long-running totals queries, see #363, #373 and #372.
  • Refuse to send email as [email protected] for self-hosters, see 3ff3a6fbeb6d.
  • Fix MultipleObjectsReturned when user has unaccepted project memberships, see 653be6968f6e.
  • Cleanup lingering files for MAX_EVENT_SIZE overshoots, see #370.
  • Fix some .get(context, {}) usages and an exception-path double-exception, see #369.
  • Upgrade gunicorn requirement from ==25.1.* to ==25.3.*, see 2d5e0071cf66.
  • Upgrade monofy, see #367.
View release on GitHub
2.1.2 Mixed
Notable features
  • Stored file count and byte caps for tracking and limiting usage
  • Error message readability improvements in dark mode
Full changelog

2.1.2 (11 April 2026)

  • Add stored file count and byte caps, see #355
  • Error message readability in dark mode, see #362
View release on GitHub
2.1.1 Security relevant patches GHSA-8hw4-fhww-273g
⚠ Upgrade required
  • No migration steps required, but prompt upgrade is recommended due to the security fix.
Security fixes
  • Unvalidated upload checksums were used in temporary filename path construction before validation, allowing an authenticated caller to trigger a write-before-checksum-mismatch during file assembly.
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
1,842
Forks
105
Languages
Python HTML CSS
View on GitHub Homepage Documentation

Install & Platforms

Install via
docker

Similar tools

sentry
MantisBT
Request Tracker
shadowbipnode/sysai-assistant
gatus

Alternative to

Sentry

Beta — feedback welcome: [email protected]