v0.19.0 Breaking risk 24d

⚠ Upgrade required

Migrate configuration of external service URLs from `PUBLIC_*` frontend variables to server‑side variables (`VALHALLA_URL`, `NOMINATIM_URL`, `OVERPASS_API_URL`).
Update bulk upload scripts to provide an API token and place files in a subfolder named after that token.
Adjust any clients accessing PocketBase collections directly to handle the new `iri` field on waypoints and the renamed ActivityPub counters (`follower_count`, `following_count`).

Breaking changes

Bulk uploads no longer use `UPLOAD_USER` / `UPLOAD_PASSWORD`; they now require an API token with files placed in a subfolder named after the token.
External service URLs moved from public frontend variables (`PUBLIC_*`) to server‑side variables (`VALHALLA_URL`, `NOMINATIM_URL`, `OVERPASS_API_URL`); migrate configuration accordingly.
Waypoint data model extended for federation (added `iri` and ActivityPub actor reference).

Security fixes

HTML content in descriptions, comments, summit logs, waypoints, and profile bios is now server‑side sanitized to mitigate XSS risks (CVE not explicitly listed).
Anonymous user API endpoints have been removed, eliminating unauthenticated access paths.
Additional CSRF/SSRF protections and rate limiting implemented for ActivityPub and outbound network calls.

Notable features

Hammerhead integration for tour synchronization and manual trail sending.
Expanded federation with robust remote content sync, local caching of trails/lists, and explicit trail completion marking.
API tokens added to enable external tools and automations to interact with Wanderer securely.

Full changelog

v0.19.0

Breaking Changes

Bulk uploads no longer use UPLOAD_USER / UPLOAD_PASSWORD authentication. Uploads now require an API token; files must be placed in a subfolder of the upload directory named after the respective API token. For more information checkout the documentation (PR #886).
Bulk uploads now run via a file watcher rather than on a cron schedule. Files placed in the upload folder while the container is not running will not be processed automatically. (PR #886)
External service URLs have been moved from public frontend variables to server-side variables: VALHALLA_URL, NOMINATIM_URL, OVERPASS_API_URL. The old PUBLIC_* variables remain as a fallback but should be migrated. (PR #697)
The waypoint data model has been extended for federation: waypoints now have an iri and reference their author via an ActivityPub actor. This only affects clients that access PocketBase collections directly, not the standard UI. (PR #930)
ActivityPub actor counters have been renamed to follower_count and following_count. This only affects clients that access PocketBase collections directly. (PR #930)
OpenAPI documentation is now generated from annotations and served as JSON (the YAML endpoint has been removed). (PR #927)

HTML content in descriptions, comments, summit logs, waypoints, and profile bios is now sanitised on the server to reduce the risk of cross-site scripting (XSS). Some custom HTML may be stripped on save. (PR #930)
Anonymous user API endpoints have been removed. This only affects third-party applications that accessed user data without authentication. Regular users and the standard UI are unaffected. (PR #927)
Additional CSRF/SSRF protections and rate limiting have been implemented for ActivityPub and outbound network calls. (PR #930)

Hammerhead integration added, including synchronisation of planned and completed tours, and manual trail sending. (PR #628)
The federation has been significantly expanded and refactored to provide more robust remote content synchronisation and local caching for remote trails and lists. (PR #930)
Trails can now be explicitly marked as completed. (PR #920)
Geotagged waypoint photos are now automatically merged into existing or nearby waypoints within the configured merge radius of the category. (PR #457)
The trail overview now has narrow and wide view modes, as well as improved multi-select. (PR #666, #921)
Trails can be copied directly and their visibility can be changed more easily. (PR #571)
External geocoding, routing, and Overpass calls now run on the server. (PR #697)
New setting: optionally start drawing a new trail from the current location. (PR #592)
GPX exports now include additional metadata for waypoints. (PR #919)
FIT import now uses a more compatible parser. (PR #884)
Frontpage performance has been improved. (PR #929)
3D terrain rendering has been improved. (PR #881)
Improved saving of public lists. (PR #554)
Multiple trails can now be merged into one trail with multiple summit logs. This feature is also available as an automatic option when importing trails via an integration (PR #627)
API tokens have been added so that external tools and automations can interact with Wanderer. (PR #848)

Fixed broken WebFinger requests. (PR #966)
Theme detection fixed via corrected color-scheme query selector. (PR #957, thanks @mfortini)
Hillshading visibility on the map has been fixed. (PR #942)
Komoot sync now runs to completion. (PR #917, thanks @StefanSchloegl)
Komoot integration now handles invalid photos more robustly. (PR #941)
Mentions now work correctly when username and preferred_username differ. (PR #885)
Fixed avatar updates. (PR #870)
List descriptions in the selection modal are now fixed. (PR #869)
Fixed double GPX upload when creating a trail. (PR #969)
Fixed authentication issues after email change (PR #973)
Fixed help links. (PR #938)
Fixed a MapLibre layer manager issue that could prevent existing map layers from being tracked correctly after data updates. (PR #960, thanks @palhaland)
Fixed search endpoints returning invalid errors in some failure cases. (PR #961, thanks @palhaland)

Meilisearch, PocketBase, Go, web/docs dependencies, CI actions, and Docker build setup updated.

v0.18.5 Security relevant 3mo

Security fixes

Notable features

v0.18.4 Bug fix 4mo

Notable features