Release history
posterizarr releases
Automated poster maker for Plex/Jellyfin/Emby.
All releases
33 shown
2.2.44
Maintenance
Minor fixes and improvements.
Full changelog
What's Changed
- Sync Main to Dev by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/564
- Normalize paths & refine search by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/565
Full Changelog: https://github.com/fscorrupt/posterizarr/compare/2.2.43...2.2.44
2.2.43
Bug fix
Fixed testing mode ImageMagick errors.
Full changelog
What's Changed
- fix: testing mode imagemagick errors by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/562
Full Changelog: https://github.com/fscorrupt/posterizarr/compare/2.2.42...2.2.43
2.2.42
Breaking risk
Security fixes
- dep: postcss v8.5.10 — fixes XSS vulnerability caused by improper escaping of ` sequences (Dependabot #561)
Notable features
- SSRF protection for all connected services (Plex, Jellyfin, Emby, TMDB, TVDB, Webhooks)
- Directory traversal prevention in asset upload/delete/browsing
- Command sanitization for CLI arguments of background tasks
Full changelog
This release brings substantial under-the-hood security improvements to both the backend API and the frontend UI, along with safer logging practices.
🛡️ Security Enhancements
- Frontend XSS Patch (Dependabot #561): Updated
postcsstov8.5.10to resolve a vulnerability where</style>sequences were improperly escaped, preventing potential Cross-Site Scripting (XSS) attacks. - SSRF Protection: Strengthened internal and external API request handling to block Server-Side Request Forgery attempts across all connected services (Plex, Jellyfin, Emby, TMDB, TVDB, Webhooks).
- Directory Traversal Prevention: Hardened asset uploading, deletion, and folder browsing to strictly restrict access to designated asset directories.
- Command Sanitization: Improved validation of CLI arguments for background tasks (like ImageMagick processing) to prevent argument injection.
- Log Redaction: Sensitive information such as API Keys, tokens, and PINs are now strictly masked in application logs and the downloadable support ZIP (Only Debug log was affected).
- Safe Error Responses: Genericized HTTP server error responses to prevent internal path and stack trace leaks.
🐛 Bug Fixes & Chores
- Fixed and tightened regex rules used for parsing media titles and masking URLs.
- Improved emoji-stripping rules for filename sanitation.
- Removed deprecated internal routing logic and optimized module imports.
What's Changed
- Sync Main to dev by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/559
- chore(security): comprehensive security hardening and logging improvements. by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/560
- fix: update postcss to resolve XSS vulnerability by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/561
Full Changelog: https://github.com/fscorrupt/posterizarr/compare/2.2.41...2.2.42
2.2.41
New feature
Notable features
- Added compact info box to AutoTriggers header for better guidance
- Allowed empty Title Text field in Asset Replacer for streamlined manual edits
- Updated translations for English, German, French, Italian, and Portuguese
Full changelog
🚀 UI Improvements
- AutoTriggers Header Upgrade: Added a new compact info box to the AutoTriggers header to provide better guidance on how automatic processing works.
- Asset Replacer Flexibility: You can now leave the Title Text field empty for the asset replacer, allowing for more streamlined manual edits.
- Enhanced Layouts: Fixed flexbox layout issues in the UI and added
min-w-0to prevent layout breaking on long content strings. - Multilingual Support: Updated translations for English, German, French, Italian, and Portuguese, including new instructional bullets for the AutoTriggers section.
🛠️ Technical Fixes
- Frontend Logic: Updated
AssetReplacer.jsxto use nullish coalescing (??) and explicitnull/undefinedchecks fortitleTextto improve reliability. - Backend Logic: Refined
main.pyto handle optionaltitle_textparameters more gracefully during overlay processing.
What's Changed
- Add Action Center guide and FAQ by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/556
- Sync Main to Dev by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/557
- Enhance AutoTriggers UI by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/558
Full Changelog: https://github.com/fscorrupt/posterizarr/compare/2.2.40...2.2.41
2.2.40
New feature
Security fixes
- Implemented SSRF and Path Traversal protections in external URL fetching and file path handling
- Sanitized API error responses to harden the web interface security posture
Notable features
- LogoUpdater automatically fetches high‑quality logos from TMDB, TVDB, and Fanart for Plex libraries
- LogoRevert restores original Plex default logos that were previously uploaded by Posterizarr
- Multi‑Library Support enables batch updates or reverts across all configured libraries
Full changelog
What's New?
🖼️ Automated Logo Management
I’ve added a massive new feature set for managing your Plex ClearLogos:
- LogoUpdater: Automatically scan your libraries and fetch high-quality logos from TMDB, TVDB, and Fanart.
- LogoRevert: Changed your mind? Revert mode identifies logos uploaded by Posterizarr and restores the original Plex defaults.
- Multi-Library Support: Run updates or reverts across a single library or your entire collection at once.
🔒 Security Improvements
- Implemented SSRF and Path Traversal protections to ensure external URL fetching and file paths remain secure.
- Sanitized API error responses to improve the security posture of the web interface.
🛠️ Improvements & Fixes
- UI Refactor: Smoother, faster modals for Run Modes and Library browsing.
- Bug Fixes: Resolved issues with duplicate action buttons and improved handling of assets with special characters.
What's Changed
- Sync Main to dev by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/554
- feat: introduce LogoUpdater, LogoRevert, and Security Hardening by @fscorrupt in https://github.com/fscorrupt/posterizarr/pull/555
Full Changelog: https://github.com/fscorrupt/posterizarr/compare/2.2.39...2.2.40
2.2.39
Mixed
Notable features
- Jellyfin/Emby API search enhanced with expanded query fields and intelligent fallback to movie-type search
- Smart Season Titling in Manual Mode auto-sets title to 'Season X' for improved workflow
- Precise mediaType routing ensures correct Poster/Card flags during upload
Full changelog
🚀 Features & Improvements
- Enhanced Jellyfin/Emby Search: Expanded the API query fields (
Tags,Width,Height,Path,ProviderIds, etc.) and improved search robustness. If a strict series path match fails, the system will now intelligently fallback to search as a movie type to recover the match. - Smart Season Titling: In Manual Mode, selecting a folder will now auto-set the title to "Season X" (if in season mode) rather than strictly grabbing the base folder name, improving the overlay generation workflow.
- Precise
mediaTypeRouting: ThemediaType(movie vs. show) is now explicitly passed through the asset replacement flow from the frontend to the backend, ensuring the correct Poster/Card flags (-MoviePosterCardor-ShowPosterCard) are triggered during upload. - Expanded Debug Logging: Added more descriptive logging for Jellyfin/Emby search URIs and item resolutions to make troubleshooting easier.
🐛 Bug Fixes
- TMDB Logo Language Check: Fixed a bug where the
$langcheck would always evaluate to true due to an incorrect-oroperator. It now correctly uses-andto filter outnullandxxlanguages. by @kevbentz in https://github.com/fscorrupt/posterizarr/pull/552 - Season Overlay Application: Fixed an issue in the image composition command where the standard
$Posteroverlaywas being applied to season posters instead of the intended$Seasonoverlay.
⚙️ Maintenance & Under the Hood
- Updated GitHub action runner parameters to force Node 24 (
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24). - Bumped
softprops/action-gh-releasetov3.
Full Changelog: https://github.com/fscorrupt/posterizarr/compare/2.2.38...2.2.39
2.2.36
Security relevant
Security fixes
- Vite Dev Server vulnerabilities (CVE-2026-39363) allowing unauthorized file access
Notable features
- Show-specific overlays with configurable showoverlayfile and showbackgroundoverlayfile
- Manual mode auto-sync uploads processed assets to Plex, Jellyfin, or Emby
- Multi-instance Tautulli support with new -p flag for flexible arguments
2.2.34
Bug fix
## What's Changed * Bug: Fix media server query on jelly arr trigger.
2.2.33
Security relevant
Breaking changes
- Server default binding changed to localhost for security; adjust configuration if broader network access needed
Security fixes
- Picomatch method injection vulnerability related to POSIX character classes
Notable features
- Lightning-fast Plex EXIF scanning using 64KB fast-scan instead of full downloads
- Smart logo conversion detecting color dominance before white overlay
- HDR and Dolby Vision support with deep MediaStreams parsing
2.2.32
Bug fix
Updated GitHub Actions and fixed season text display in Manual Mode.
2.2.31
New feature
Notable features
- Homepage Dashboard integration
- Smart asset cleanup detection
- Improved log handling
2.2.30
Bug fix
Fixed SkipWords mapping configuration and updated workflow versions.
2.2.28
New feature
Notable features
- SkipWords option with UI
- Dev build detection
- Enhanced collection asset handling
2.2.27
Bug fix
Fixed asset replacement logic to improve poster and collection handling.
2.2.25
Bug fix
Fixed missing translations and refactored sidebar footer for improved UI.
2.2.24
Bug fix
Fixed Jellyfin version compatibility requirements to ensure proper integration.
2.2.23
New feature
Notable features
- Asset queue and batch processing
- Real-time status tracking
- Queue management interface
2.2.22
Bug fix
Improved stability with sync enhancements, plugin improvements, and various bug fixes.
2.2.20
Maintenance
Updated plugins, UI components, configuration, and webhook handling.
2.2.19
Bug fix
Fixed content query variable handling to resolve empty episode list issues.
2.2.15
New feature
Notable features
- Jellyfin plugin integration
- Scheduler overhaul
- Increased poster sliders