AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 3 Releases Activity

Update ghcr.io/miniflux/miniflux Docker tag to v2.2.18 #668

Merged
AverageMarcus merged 1 commits from renovate/ghcr.io-miniflux-miniflux-2.x into master 2026-03-16 08:03:57 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate commented 2026-03-15 03:15:10 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
ghcr.io/miniflux/miniflux (source) patch 2.2.172.2.18

Release Notes

miniflux/v2 (ghcr.io/miniflux/miniflux)

v2.2.18: Miniflux 2.2.18

Compare Source

Security
  • Block outbound requests to private networks made by the fetcher by default.
  • Add SSRF protection for integration HTTP clients by blocking connections to private network addresses at connect time.
  • Fix a possible SSRF TOCTOU / DNS-rebinding issue in the fetcher private network check.
  • Ensure private network protections also apply to redirect targets.
  • Treat RFC 6598 shared address space (100.64.0.0/10) as non-public.
Breaking Changes

To prevent potential SSRF, Miniflux now blocks access to services hosted on private networks by default.

  • FETCHER_ALLOW_PRIVATE_NETWORKS=1 must now be enabled to access feeds hosted on a local network.
  • INTEGRATION_ALLOW_PRIVATE_NETWORKS=1 must now be enabled to access third-party integration services hosted on a local network.
Improvements
  • Apply entry blocking rules both before and after scraping to avoid unnecessary requests and allow matching on fetched content.
  • Add ignore_entry_updates feed option to skip updating existing entries during scheduled polling.
  • Add Arabic (ar_SA) translation.
  • Add Galician (gl_ES) translation.
  • Update Polish translation.
  • Various performance improvements across multiple components (fetcher, parser, sanitizer, readability, URL cleaner, feed discovery, and Google Reader API).
  • Simplify parts of the Google Reader code and reduce allocations in several hot paths.
  • Reduce fetcher request size slightly to improve packet efficiency.
Bug Fixes
  • Fix multiple bugs and inconsistencies across integration sub-packages (error handling, logging, status checks, and naming).
  • Fix potential panic in the Omnivore integration when handling empty error arrays.
  • Correct error prefixes and typos in several integrations.
Dependencies
  • Update golang.org/x/net to 0.52.0.
  • Update golang.org/x/crypto to 0.49.0.
  • Update golang.org/x/image to 0.37.0.
  • Update golang.org/x/oauth2 to 0.36.0.
  • Update github.com/go-webauthn/webauthn to 0.16.1.
  • Update github.com/tdewolff/minify/v2 to 2.24.10.
Other Changes
  • Upgrade to Go 1.26.
  • Add go:fix directive for deprecated client.New() to ease migration to NewClient().
  • Add KOI8-R encoding tests with a sample XML feed.
  • Add additional tests for CharsetReader.
  • Update several GitHub Actions used for CI and container builds.
  • Avoid building Debian packages bi-weekly on forks.

As always, thank you to all contributors who helped improve Miniflux in this release.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/miniflux/miniflux](https://miniflux.app) ([source](https://github.com/miniflux/v2)) | patch | `2.2.17` → `2.2.18` | --- ### Release Notes <details> <summary>miniflux/v2 (ghcr.io/miniflux/miniflux)</summary> ### [`v2.2.18`](https://github.com/miniflux/v2/releases/tag/2.2.18): Miniflux 2.2.18 [Compare Source](https://github.com/miniflux/v2/compare/2.2.17...2.2.18) ##### Security - Block outbound requests to private networks made by the fetcher by default. - Add SSRF protection for integration HTTP clients by blocking connections to private network addresses at connect time. - Fix a possible SSRF TOCTOU / DNS-rebinding issue in the fetcher private network check. - Ensure private network protections also apply to redirect targets. - Treat RFC 6598 shared address space (`100.64.0.0/10`) as non-public. ##### Breaking Changes To prevent potential SSRF, Miniflux now blocks access to services hosted on private networks by default. - `FETCHER_ALLOW_PRIVATE_NETWORKS=1` must now be enabled to access feeds hosted on a local network. - `INTEGRATION_ALLOW_PRIVATE_NETWORKS=1` must now be enabled to access third-party integration services hosted on a local network. ##### Improvements - Apply entry blocking rules both before and after scraping to avoid unnecessary requests and allow matching on fetched content. - Add `ignore_entry_updates` feed option to skip updating existing entries during scheduled polling. - Add Arabic (`ar_SA`) translation. - Add Galician (`gl_ES`) translation. - Update Polish translation. - Various performance improvements across multiple components (fetcher, parser, sanitizer, readability, URL cleaner, feed discovery, and Google Reader API). - Simplify parts of the Google Reader code and reduce allocations in several hot paths. - Reduce fetcher request size slightly to improve packet efficiency. ##### Bug Fixes - Fix multiple bugs and inconsistencies across integration sub-packages (error handling, logging, status checks, and naming). - Fix potential panic in the Omnivore integration when handling empty error arrays. - Correct error prefixes and typos in several integrations. ##### Dependencies - Update `golang.org/x/net` to 0.52.0. - Update `golang.org/x/crypto` to 0.49.0. - Update `golang.org/x/image` to 0.37.0. - Update `golang.org/x/oauth2` to 0.36.0. - Update `github.com/go-webauthn/webauthn` to 0.16.1. - Update `github.com/tdewolff/minify/v2` to 2.24.10. ##### Other Changes - Upgrade to Go 1.26. - Add `go:fix` directive for deprecated `client.New()` to ease migration to `NewClient()`. - Add KOI8-R encoding tests with a sample XML feed. - Add additional tests for `CharsetReader`. - Update several GitHub Actions used for CI and container builds. - Avoid building Debian packages bi-weekly on forks. *** As always, thank you to all contributors who helped improve Miniflux in this release. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My43NS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNzUuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->
renovate added 1 commit 2026-03-15 03:15:11 +00:00
Update ghcr.io/miniflux/miniflux Docker tag to v2.2.18 6cbf99a3dd
AverageMarcus merged commit e0bcb235c2 into master 2026-03-16 08:03:57 +00:00
AverageMarcus deleted branch renovate/ghcr.io-miniflux-miniflux-2.x 2026-03-16 08:03:57 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
renovate AverageMarcus
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: AverageMarcus/cluster.fun#668
Delete Branch "renovate/ghcr.io-miniflux-miniflux-2.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?