Skip to content

Release history

recipes releases

Application for managing recipes, planning meals, building shopping lists and much much more!

Back to tool Latest release

All releases

16 shown

2.6.9 Security
Security fixes
  • Stored XSS in recipe instructions
  • Pillow library security update
View release on GitHub
2.6.7 Security relevant
Security fixes
  • Fixed stored XSS vulnerability in templating engine
View release on GitHub
2.6.5 Security relevant
Security fixes
  • Mitigated DDoS vulnerability by limiting uploaded zip file sizes (GHSA-w8pq-4pwf-r2m8)
View release on GitHub
2.6.4 Breaking risk
Security fixes
  • GHSA-8w8h-3pv2-3554: food shopping validation
  • GHSA-xvmf-cfrq-4j8f: shared user API authorization
  • GHSA-9hhh-g2fc-r8x2: CSS injection in markdown
Notable features
  • Household setup page in welcome stepper
Full changelog
  • added Household setup page and default creation to welcome stepper
  • added django migration records to admin
  • fixed food shopping sub endpoint not validating amount and unit inputs https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-8w8h-3pv2-3554
  • fixed a shared user could make changes to a book trough the API https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-xvmf-cfrq-4j8f
  • fixed style tags allowed in rendered markdown could lead to CSS injection in third party clients that did not properly clean the output on the frontend https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-9hhh-g2fc-r8x2
  • fixed recipe batch update endpoint could be used to update private recipes of other space members if the ID was known https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-v8x3-w674-55p5
  • fixed performance issues on some admin views
  • fixed admins can accidentally lock themselves out of their space
  • fixed category order jumping in shopping list when checking and not having any supermarket selected #4446
  • fixed selecting no supermarket in shopping not working
  • removed shopping list entries and meal plans from previously shopping shared users being shown
  • updated dependencies
View release on GitHub
2.6.1 Security relevant
Breaking changes
  • ALLOWED_HOSTS must be explicitly set or server will no longer work
Security fixes
  • Insecure default ALLOWED_HOSTS setting (GHSA-x636-4jx6-xc4w)
View release on GitHub
2.6.0 New feature
Breaking changes
  • Previously shared items no longer visible - households must be created for sharing
Security fixes
  • Debug parameter restricted to admins (GHSA-f83r-v3h5-pchf)
  • FDC query input validation (GHSA-43p3-wx6h-9g7w)
  • WebP/GIF metadata stripping (GHSA-9g2j-xccg-9mhq)
Notable features
  • Households for shared shopping/planning
  • Pantry with expiry tracking
  • AND/OR search filters
View release on GitHub
2.5.1 Security relevant
Security fixes
  • Admins could include arbitrary local files through local storage provider (GHSA-6485-jr28-52xx)
  • Server side request forgery through redirects/dns rebinding attacks (GHSA-j6xg-85mh-qqf7)
View release on GitHub
2.5.0 New feature
Notable features
  • iCal meal plan subscription
  • Non-root container support
  • Cooklang importer
View release on GitHub
2.4.2 New feature
Notable features
  • Quick search link from start page
  • Diameter-based scaling
View release on GitHub
2.4.1 Bugfix

- **fixed** user space permission to only allow delete not update - **fixed** ingredient parser to also work for non admin users

View release on GitHub
2.4.0 New feature
Notable features
  • Multiple shopping lists with batch editing
  • Massive shopping list performance improvements
  • Recipe editor FAB
View release on GitHub

Beta — feedback welcome: [email protected]