Version 2.1.4 (July 9, 2024) ---------------------------- * test: add unit tests for `IsModified()` behaviour * refactor: improve YouTube page feed detection * fix(ui): settings form is not populated correctly after validation errors * fix(ui): playback speed indicator precision * fix(ui): playback speed indicator on shared entries * fix(integration): preserve existing Pinboard bookmarks * fix(googlereader): set `CrawlTimeMsec` to the correct precision * fix(build): failed to solve container image `arm64v8/golang:1.22-bookworm` * fix(build): add `distroless` suffix on `latest` tag in GitHub workflow * fix: use `ETag` as a stronger validator than `Last-Modified` * fix: update `theverge.com` rewrite rule to avoid duplicate image * fix: incorrect Go package comment `reader/readingtime` * fix: error out for improper rewrite regexp when processing feed entries * fix: ensures that session cookies are not expiring before the session is cleaned up from the database as per `CLEANUP_REMOVE_SESSIONS_DAYS` * fix: `` aspect ratio with `height: auto` * feat(ui): add `viewport-fit=cover` * feat(sanitizer): add support for HTML hidden attribute * feat(locale): update French translations * feat(integration): add Raindrop integration * feat(integration): add feed name to Telegram message * feat(integration): add Betula integration * feat: use of insecure TLS ciphers when "Allow self-signed or invalid certificates" is enabled to workaround some broken websites * feat: discover feeds from a Youtube playlist pages * feat: add navigation to last/first page * feat: add global block and keep filters * feat: add description field to feed settings * feat: add `pitchfork.com` scraping rule * feat: add `FETCH_NEBULA_WATCH_TIME` config option * Bump `github.com/PuerkitoBio/goquery` from` 1.9.1` to` 1.9.2` * Bump `github.com/prometheus/client_golang` from `1.19.0` to `1.19.1` * build(deps): bump `library/alpine` in `/packaging/docker/alpine` * build(deps): bump `golangci/golangci-lint-action` from `4` to `6` * build(deps): bump `golang.org/x/term` from `0.19.0` to `0.22.0` * build(deps): bump `golang.org/x/oauth2` from `0.19.0` to `0.21.0` * build(deps): bump `golang.org/x/net` from `0.22.0` to `0.27.0` * build(deps): bump `golang.org/x/crypto` from `0.24.0` to `0.25.0` * build(deps): bump `github.com/yuin/goldmark` from `1.7.1` to `1.7.4` * build(deps): bump `github.com/tdewolff/minify/v2` from `2.20.20` to `2.20.36` * build(deps): bump `github.com/coreos/go-oidc/v3` from `3.10.0` to `3.11.0` * build(deps): bump `docker/build-push-action` from `5` to `6` Version 2.1.3 (April 27, 2024) ------------------------------ * `api`: `rand.Intn(math.MaxInt64)` causes tests to fail on 32-bit architectures (use `rand.Int()` instead) * `ci`: use `docker/metadata-action` instead of deprecated shell-scripts * `database`: remove `entries_feed_url_idx` index because entry URLs can exceeds btree index size limit * `finder`: find feeds from YouTube playlist * `http/response`: add brotli compression support * `integration/matrix`: fix function name in comment * `packaging`: specify container registry explicitly (e.g., Podman does not use `docker.io` by default) * `packaging`: use `make miniflux` instead of duplicating `go build` arguments (this leverages Go's PIE build mode) * `reader/fetcher`: add brotli content encoding support * `reader/processor`: minimize feed entries HTML content * `reader/rewrite`: add a rule for `oglaf.com` * `storage`: change `GetReadTime()` function to use `entries_feed_id_hash_key` index * `ui`: add seek and speed controls to media player * `ui`: add tag entries page * `ui`: fix JavaScript error when clicking on unread counter * `ui`: use `FORCE_REFRESH_INTERVAL` config for category refresh * Bump `github.com/tdewolff/minify/v2` from `2.20.19` to `2.20.20` * Bump `golang.org/x/net` from `0.22.0` to `0.24.0` * Bump `golang.org/x/term` from `0.18.0` to `0.19.0` * Bump `golang.org/x/oauth2` from `0.18.0` to `0.19.0` * Bump `github.com/yuin/goldmark` from `1.7.0` to `1.7.1` Version 2.1.2 (March 30, 2024) ------------------------------ * `api`: rewrite API integration tests without build tags * `ci`: add basic ESLinter checks * `ci`: enable go-critic linter and fix various issues detected * `ci`: fix JavaScript linter path in GitHub Actions * `cli`: avoid misleading error message when creating an admin user automatically * `config`: add `FILTER_ENTRY_MAX_AGE_DAYS` option * `config`: bump the number of simultaneous workers * `config`: rename `PROXY_*` options to `MEDIA_PROXY_*` * `config`: use `crypto.GenerateRandomBytes` instead of doing it by hand * `http/request`: refactor conditions to be more idiomatic * `http/response`: remove legacy `X-XSS-Protection` header * `integration/rssbrige`: fix rssbrige import * `integration/shaarli`: factorize the header+payload concatenation as data * `integration/shaarli`: no need to base64-encode then remove the padding when we can simply encode without padding * `integration/shaarli`: the JWT token was declared as using HS256 as algorithm, but was using HS512 * `integration/webhook`: add category title to request body * `locale`: update Turkish translations * `man page`: sort config options in alphabetical order * `mediaproxy`: reduce the internal indentation of `ProxifiedUrl` by inverting some conditions * `mediaproxy`: simplify and refactor the package * `model`: replace` Optional{Int,Int64,Float64}` with a generic function `OptionalNumber()` * `model`: use struct embedding for `FeedCreationRequestFromSubscriptionDiscovery` to reduce code duplication * `reader/atom`: avoid debug message when the date is empty * `reader/atom`: change `if !a { a = } if !a {a = }` constructs into `if !a { a = ; if !a {a = }}` to reduce the number of comparisons and improve readability * `reader/atom`: Move the population of the feed's entries into a new function, to make BuildFeed easier to understand/separate concerns/implementation details * `reader/atom`: refactor Atom parser to use an adapter * `reader/atom`: use `sort+compact` instead of `compact+sort` to remove duplicates * `reader/atom`: when detecting the format, detect its version as well * `reader/encoding`: inline a one-liner function * `reader/handler`: fix force refresh feature * `reader/json`: refactor JSON Feed parser to use an adapter * `reader/media`: remove a superfluous error-check: `strconv.ParseInt` returns `0` when passed an empty string * `reader/media`: simplify switch-case by moving a common condition above it * `reader/processor`: compile block/keep regex only once per feed * `reader/rdf`: refactor RDF parser to use an adapter * `reader/rewrite`: inline some one-line functions * `reader/rewrite`: simplify `removeClickbait` * `reader/rewrite`: transform a free-standing function into a method * `reader/rewrite`: use a proper constant instead of a magic number in `applyFuncOnTextContent` * `reader/rss`: add support for `` element * `reader/rss`: don't add empty tags to RSS items * `reader/rss`: refactor RSS parser to use a default namespace to avoid some limitations of the Go XML parser * `reader/rss`: refactor RSS Parser to use an adapter * `reader/rss`: remove some duplicated code in RSS parser * `reader`: ensure that enclosure URLs are always absolute * `reader`: move iTunes and GooglePlay XML definitions to their own packages * `reader`: parse podcast categories * `reader`: remove trailing space in `SiteURL` and `FeedURL` * `storage`: do not store empty tags * `storage`: simplify `removeDuplicates()` to use a `sort`+`compact` construct instead of doing it by hand with a hashmap * `storage`: Use plain strings concatenation instead of building an array and then joining it * `timezone`: make sure the tests pass when the timezone database is not installed on the host * `ui/css`: align `min-width` with the other `min-width` values * `ui/css`: fix regression: "Add to Home Screen" button is unreadable * `ui/js`: don't use lambdas to return a function, use directly the function instead * `ui/js`: enable trusted-types * `ui/js`: fix download button loading label * `ui/js`: fix JavaScript error on the login page when the user not authenticated * `ui/js`: inline one-line functions * `ui/js`: inline some `querySelectorAll` calls * `ui/js`: reduce the scope of some variables * `ui/js`: remove a hack for "Chrome 67 and earlier" since it was released in 2018 * `ui/js`: replace `DomHelper.findParent` with `.closest` * `ui/js`: replace `let` with `const` * `ui/js`: simplify `DomHelper.getVisibleElements` by using a `filter` instead of a loop with an index * `ui/js`: use a `Set` instead of an array in a `KeyboardHandler`'s member * `ui/js`: use some ternaries where it makes sense * `ui/static`: make use of `HashFromBytes` everywhere * `ui/static`: set minifier ECMAScript version * `ui`: add keyboard shortcuts for scrolling to top/bottom of the item list * `ui`: add media player control playback speed * `ui`: remove unused variables and improve JSON decoding in `saveEnclosureProgression()` * `validator`: display an error message on edit feed page when the feed URL is not unique * Bump `github.com/coreos/go-oidc/v3` from `3.9.0` to `3.10.0` * Bump `github.com/go-webauthn/webauthn` from `0.10.1` to `0.10.2` * Bump `github.com/tdewolff/minify/v2` from `2.20.18` to `2.20.19` * Bump `google.golang.org/protobuf` from `1.32.0` to `1.33.0` Version 2.1.1 (March 10, 2024) ----------------------------- * Move search form to a dedicated page * Add Readeck integration * Add feed option to disable HTTP/2 to avoid fingerprinting * Add `Enter` key as a hotkey to open selected item * Proxify `video` element `poster` attribute * Add a couple of new possible locations for feeds * Hugo likes to generate `index.xml` * `feed.atom` and `feed.rss` are used by enterprise-scale/old-school gigantic CMS * Fix categories import from Thunderbird's OPML * Fix logo misalignment when using languages that are more verbose than English * Google Reader: Do not return a 500 error when no items is returned * Handle RDF feeds with duplicated `` elements * Sort integrations alphabetically * Add more URL validation in media proxy * Add unit test to ensure each translation has the correct number of plurals * Add missing plurals for some languages * Makefile: quiet `git describe` and `rev-parse` stderr: When building from a tarball instead of a cloned git repo, there would be two `fatal: not a git repository` errors emitted even though the build succeeds. This is because of how `VERSION` and `COMMIT` are set in the Makefile. This PR suppresses the stderr for these variable assignments. * Makefile: do not force `CGO_ENABLED=0` for `miniflux` target * Add GitHub Action pipeline to build packages on-demand * Remove Golint (deprecated), use `staticcheck` and `golangci-lint` instead * Build amd64/arm64 Debian packages with CGO disabled * Update `go.mod` and add `.exe` suffix to Windows binary * Add a couple of fuzzers * Fix CodeQL workflow * Code and performance improvements: * Use an `io.ReadSeeker` instead of an `io.Reader` to parse feeds * Speed up the sanitizer: - Allow Youtube URLs to start with `www` - Use `strings.Builder` instead of a `bytes.Buffer` - Use a `strings.NewReader` instead of a `bytes.NewBufferString` - Sprinkles a couple of `continue` to make the code-flow more obvious - Inline calls to `inList`, and put their parameters in the right order - Simplify `isPixelTracker` - Simplify `isValidIframeSource`, by extracting the hostname and comparing it directly, instead of using the full url and checking if it starts with multiple variations of the same one (`//`, `http:`, `https://` multiplied by `/www.`) - Add a benchmark - Instead of having to allocate a ~100 keys map containing possibly dynamic values (at least to the go compiler), allocate it once in a global variable. This significantly speeds things up, by reducing the garbage - Use constant time access for maps instead of iterating on them - Build a ~large whitelist map inline instead of constructing it item by item (and remove a duplicate key/value pair) - Use `slices` instead of hand-rolled loops collector/allocator involvements. * Reuse a `Reader` instead of copying to a buffer when parsing an Atom feed * Preallocate memory when exporting to OPML: This should marginally increase performance when exporting a large amount of feeds to OPML * Delay call of `view.New` after logging the user in: There is no need to do extra work like creating a session and its associated view until the user has been properly identified and as many possibly-failing sql request have been successfully run * Use constant-time comparison for anti-csrf tokens: This is probably completely overkill, but since anti-csrf tokens are secrets, they should be compared against untrusted inputs in constant time * Simplify and optimize `genericProxyRewriter` - Reduce the amount of nested loops: it's preferable to search the whole page once and filter on it (even with filters that should always be false), than searching it again for every element we're looking for. - Factorize the proxying conditions into a `shouldProxy` function to reduce the copy-pasta. * Speed up `removeUnlikelyCandidates`: `.Not` returns a brand new `Selection`, copied element by element * Improve `EstimateReadingTime`'s speed by a factor 7 - Refactorise the tests and add some - Use 250 signs instead of the whole text - Only check for Korean, Chinese and Japanese script - Add a benchmark - Use a more idiomatic control flow * Don't compute reading-time when unused: If the user doesn't display reading times, there is no need to compute them. This should speed things up a bit, since `whatlanggo.Detect` is abysmally slow. * Simplify `username` generation for the integration tests: No need to generate random numbers 10 times, generate a single big-enough one. A single int64 should be more than enough * Add missing regex anchor detected by CodeQL * Don't mix up slices capacity and length * Use prepared statements for intervals, `ArchiveEntries` and `updateEnclosures` * Use modern for-loops introduced with Go 1.22 * Remove a superfluous condition: No need to check if the length of `line` is positive since we're checking afterwards that it contains the `=` sign * Close resources as soon as possible, instead of using `defer()` in a loop * Remove superfluous escaping in a regex * Use `strings.ReplaceAll` instead of `strings.Replace(…, -1)` * Use `strings.EqualFold` instead of `strings.ToLower(…) ==` * Use `.WriteString(` instead of `.Write([]byte(…` * Use `%q` instead of `"%s"` * Make `internal/worker/worker.go` read-only * Use a switch-case construct in `internal/locale/plural.go` instead of an avalanche of `if` * Template functions: simplify `formatFileSize` and `duration` implementation * Inline some templating functions * Make use of `printer.Print` when possible * Add a `printer.Print` to `internal/locale/printer.go`: No need to use variadic functions with string format interpolation to generate static strings * Minor code simplification in `internal/ui/view/view.go`: No need to create the map item by item when we can create it in one go * Build the map inline in `CountAllFeeds()`: No need to build an empty map to then add more fields in it one by one * Miscellaneous improvements to `internal/reader/subscription/finder.go`: - Surface `localizedError` in `FindSubscriptionsFromWellKnownURLs` via `slog` - Use an inline declaration for new subscriptions, like done elsewhere in the file, if only for consistency's sake - Preallocate the `subscriptions` slice when using an RSS-bridge, * Use an update-where for `MarkCategoryAsRead` instead of a subquery * Simplify `CleanOldUserSessions`' query: No need for a subquery, filtering on `created_at` directly is enough * Simplify `cleanupEntries`' query - `NOT (hash=ANY(%4))` can be expressed as `hash NOT IN $4` - There is no need for a subquery operating on the same table, moving the conditions out is equivalent. * Reformat `ArchiveEntries`'s query for consistency's sake and replace the `=ANY` with an `IN` * Reformat the query in `GetEntryIDs` and `GetReadTime`'s query for consistency's sake * Simplify `WeeklyFeedEntryCount`: No need for a `BETWEEN`: we want to filter on entries published in the last week, no need to express is as "entries published between now and last week", "entries published after last week" is enough * Add some tests for `add_image_title` * Remove `github.com/google/uuid` dependencies: Replace it with a hand-rolled implementation. Heck, an UUID isn't even a requirement according to Omnivore API docs * Simplify `internal/reader/icon/finder.go`: - Use a simple regex to parse data uri instead of a hand-rolled parser, and document what fields are considered mandatory. - Use case-insensitive matching to find (fav)icons, instead of doing the same query twice with different letter cases - Add `apple-touch-icon-precomposed.png` as a fallback `favicon` - Reorder the queries to have `icon` first, since it seems to be the most popular one. It used to be last, meaning that pages had to be parsed completely 4 times, instead of one now. - Minor factorisation in `findIconURLsFromHTMLDocument` * Small refactoring of `internal/reader/date/parser.go`: - Split dates formats into those that require local times and those who don't, so that there is no need to have a switch-case in the for loop with around 250 iterations at most. - Be more strict when it comes to timezones, previously invalid ones like -13 were accepted. Also add a test for this. - Bail out early if the date is an empty string. * Make use of Go ≥ 1.21 slices package instead of hand-rolled loops * Reorder the fields of the `Entry` struct to save some memory * Dependencies update: * Bump `golang.org/x/oauth2` from `0.17.0` to `0.18.0` * Bump `github.com/prometheus/client_golang` from `1.18.0` to `1.19.0` * Bump `github.com/tdewolff/minify/v2` from `2.20.16` to `2.20.18` * Bump `github.com/PuerkitoBio/goquery` from `1.8.1` to `1.9.1` * Bump `golang.org/x/crypto` from `0.19.0` to `0.20.0` * Bump `github.com/go-jose/go-jose/v3` from `3.0.1` to `3.0.3` Version 2.1.0 (February 17, 2024) --------------------------------- * Add Linkwarden integration * Add LinkAce integration * Add `FORCE_REFRESH_INTERVAL` config option * Add `item-meta-info-reading-time` CSS class * Add `add_dynamic_iframe` rewrite function * Add attribute `data-original-mos` to `add_dynamic_image` rewrite candidates * Update entry processor to allow blocking/keeping entries by tags and/or authors * Change default `Accept` header when fetching feeds * Rewrite relative RSS Bridge URL to absolute URL * Use numeric user ID in Alpine and distroless container image (avoid `securityContext` error in Kubernetes) * Always try to use HTTP/2 when fetching feeds if available * Add `type` attribute in OPML export as per OPML 2.0 specs * Fix missing translation argument for the key `error.unable_to_parse_feed` * Fix Debian package builder when using Go 1.22 and `armhf` architecture * Fix typo in log message * Fix incorrect label shown when saving an article * Fix incorrect condition in refresh feeds cli * Fix incorrect label `for` attribute * Add missing label ID for custom CSS field * Accessibility improvements: * Add workaround for macOS VoiceOver that didn't announce `details` and `summary` when expanded * Add `alert` role to alert message element * Add a `h2` heading to the article element so that the screen reader users can navigate the article through the heading level * Add an `aria-label` attribute for the article element for screen readers * Remove the icon image `alt` attribute in feeds list to prevent screen reader to announce it before entry title * Add `sr-only` CSS class for screen reader users (provides more context) * Differentiate between buttons and links * Change links that could perform actions to buttons * Improve translation of hidden Aria elements * Remove the redundant article role * Add a search landmark for the search form so that the screen reader users can navigate to it * Add skip to content link * Add `nav` landmark to page header links * Limit feed/category entry pagination to unread entries when coming from unread entry list * Update German translation * Update GitHub Actions to Go 1.22 * Bump `golang.org/x/term` from `0.16.0` to `0.17.0` * Bump `github.com/google/uuid` from `1.5.0` to `1.6.0` * Bump `github.com/yuin/goldmark` from `1.6.0` to `1.7.0` * Bump `golang.org/x/oauth2` from `0.15.0` to `0.17.0` * Bump `github.com/tdewolff/minify/v2` from `2.20.10` to `2.20.12` * Bump `golang.org/x/term` from `0.15.0` to `0.16.0` * Bump `github.com/prometheus/client_golang` from `1.17.0` to `1.18.0` * Bump `github.com/tdewolff/minify/v2` from `2.20.9` to `2.20.16` * Bump `golang.org/x/crypto` from `0.16.0` to `0.19.0` * Bump `github.com/go-webauthn/webauthn` from `0.9.4` to` 0.10.1` * Bump `golang.org/x/net` from `0.20.0` to `0.21.0` Version 2.0.51 (December 13, 2023) ---------------------------------- * Add Omnivore integration * Fixes for the regressions introduced in version 2.0.50: * Ensure all HTML documents are encoded in UTF-8 * Send default User-Agent and HTTP caching headers when making HTTP requests * Allow Youtube links to be opened outside the `iframe` (avoid `ERR_BLOCKED_BY_RESPONSE` error) * Fix inaccessible metrics endpoint when listening on Unix socket * Allow renaming and moving feed at the same time in the Google Reader API * Log `nb_jobs` only when number of jobs is larger than 0 in background scheduler * Deduplicate feed URLs when parsing HTML document during discovery process * Calculate a virtual weekly count based on the average updating frequency (`POLLING_SCHEDULER=entry_frequency`) * Update GitHub Actions workflow to be able to run the linter and tests on-demand * Add `SCHEDULER_ROUND_ROBIN_MIN_INTERVAL` config option * Add links to GitHub for the commit hash and the version in the about page * Use "starred" rather than "bookmarked" in English translation * Update Chinese (CN & TW) translation * Bump `github.com/google/uuid` from `1.4.0` to `1.5.0` * Bump `github.com/coreos/go-oidc/v3` from `3.7.0` to `3.9.0` * Bump `github.com/tdewolff/minify/v2` from `2.20.6` to `2.20.9` * Bump `github.com/go-webauthn/webauthn` from `0.8.6` to `0.9.4` * Bump `golang.org/x/oauth2` from `0.14.0` to `0.15.0` Version 2.0.50 (November 12, 2023) ---------------------------------- * Add WebAuthn / Passkey integration * Add RSS-Bridge integration * Take RSS TTL field into consideration to schedule next check date * Show number of visible entries instead of number of read entries in feed list * OpenID Connect: Redirect to configured user home page after successful authentication * Google Reader API fixes: * `user/{userID}/state/com.google/read` is missing in categories section for read entries * Take `ExcludeTargets` into consideration in feed stream handler * Allow iframes pointing to Twitch videos * Filter feed entries based on URL or title * Take into consideration `hide_globally` property defined for categories in `/v1/entries` API endpoint * Add category ID to webhooks request body * Update date parser to parse more invalid date formats * Refactor feed discovery handler, and avoid an extra HTTP request if the URL provided is the feed * Refactor HTTP Client and `LocalizedError` packages * Refactor Batch Builder, and prevent accidental and excessive refreshes from the web UI * Refactor icon finder: - Continue the discovery process when the feed icon is invalid - Search all icons from the HTML document and do not stop on the first one * Add support for SVG icons with data URL without encoding * Expose `next_check_at` in the web ui and API * Add database indexes to improve performance * Change log level to warning for failed feeds refresh in cronjob * Do not log website without icon as warning * Add GitHub workflow to build binaries * Add GitHub extensions to devcontainer * Make sure to pull the latest base image when building the Docker image * Strip version prefix when building Debian package * Add `github-cli` and `docker-outside-of-docker` features to devcontainer * Bump `golang.org/x/*` dependencies * Bump `github.com/gorilla/mux` from `1.8.0` to `1.8.1` * Bump `github.com/tdewolff/minify/v2` from `2.19.9` to `2.20.6` * Bump `github.com/yuin/goldmark` from `1.5.6` to `1.6.0` * Bump `github.com/coreos/go-oidc/v3` from `3.6.0` to `3.7.0` Version 2.0.49 (October 15, 2023) --------------------------------- * Implement structured logging using `log/slog` package. New config options available: * `LOG_FORMAT`: `json` or `text` * `LOG_LEVEL`: `debug`, `info`, `warning`, or `error` * `LOG_FILE`: `sdterr`, `stdout`, or a file path * The `DEBUG` option is now deprecated in favor of `LOG_LEVEL` * API Improvements: * Add endpoint `/v1/version` * Add endpoint `PUT /v1/entries` to update entry title and content * Add endpoint `/v1/icons/{iconID}` * Add endpoint `/v1/flush-history` to flush history * Make the category optional when creating feeds for API clients who don't support categories * Add enclosures to `GET /v1/entries` endpoint * Add `published_after`, `published_before`, `changed_after` and `changed_before` options to `/v1/entries` endpoint * Telegram integration improvements: * Replace feed HTML link with a button to avoid page preview issues * Add the possibility to disable buttons * Add Bruno Miniflux API collection in `contrib` folder (Bruno is an open source alternative to Postman/Insomnia) * Add command line argument to export user feeds as OPML * Add new rewrite rules `add_hn_links_using_hack` and `add_hn_links_using_opener` to open HN comments with iOS apps * Fix timestamp format for `Expires` response header * Fix Javascript error when reading time option is disabled * Fix Apprise logic to handle feed service URLs * Fix missing word in force refresh message * Remove deprecated `PreferServerCipherSuites` TLS option * Replace `github.com/rylans/getlang` with `github.com/abadojack/whatlanggo` because `getlang` doesn't seems to be updated anymore * Bump `github.com/mccutchen/go-httpbin/v2` from `2.11.0` to `2.11.1` * Bump `golang.org/x/*` dependencies Version 2.0.48 (September 15, 2023) ----------------------------------- * Add generic webhook integration * Send webhook events when new entries are detected * Send wehbook events when saving an entry * Sign the outgoing requests with HMAC-SHA256 * Improve Telegram integration * Add built-in Telegram client * Remove dependency on `go-telegram-bot-api` library * Add new options: * Optional topic ID * Disable page preview * Disable notifications * Add new button to go to article * Improve Matrix integration * Add built-in Matrix client * Remove dependency on `gomatrix` library * Send HTML formatted messages to Matrix * OpenID Connect authentication improvements: * Add OAuth2 PKCE support * Add `profile` scope to OIDC integration to support accounts without email address * Prevent empty username when using the OIDC integration * Add `factor` for `entry_frequency` scheduler: * Allow the user to increase the frequency of the `entry_frequency` scheduler by a configurable factor in order to shorten the time between updates. * Fix: status bar is unreadable when using PWA in dark mode on Firefox Android * Group form fields into fieldsets to improve page layout * Update Russian translation * Make sure icon URLs are always absolute * Add Apprise service URLs per feed * Trim `username` and `password` form fields * Strip HTML tags from DublinCore Creator tags * Fix scroll up behavior on Firefox Android * Add missing `return` statement in `fetchContent` UI handler * Add `replace_title` rewrite rule to adjust entry titles * Fix Pocket integration redirect URL and Google Reader API HREF * Fix feed `hide_globally` property to use it with third-party clients. Version 2.0.47 (August 20, 2023) -------------------------------- * Update rules for `webtoons.com` * Use HTTP client from the standard library for third-party integrations * Rename internal `url` package to `urllib` to avoid overlap with `net/url` * Add Shaarli integration * Add Shiori integration * Add Apprise integration * Add Readwise Reader integration * Consider base path when generating third-party services API endpoint * Use podcast duration tag as reading time * Move internal packages to an `internal` folder * For reference: <https://go.dev/doc/go1.4#internalpackages> * Rename Miniflux package name to follow Go module naming convention * For reference: <https://go.dev/ref/mod#major-version-suffixes> * Update RockyLinux image from 8 to 9 (used to build RPM package) * Add force refresh in feed edit and feed entries page * Use Odysee video duration as read time * Upgrade to Go 1.21 * Use details disclosure element to show the list of third-party services * Use Web Share API for sharing entry * Add a workaround for parsing some invalid date format * Add Thunder Client API collection into contrib folder * Add new API endpoint: `/entries/{entryID}/save` * Trigger Docker and packages workflows only for semantic tags * Go module versioning expect Git tags to start with the letter v. * The goal is to keep the existing naming convention for generated artifacts and have proper versioning for the Go module. * Bump `golang.org/x/*` dependencies * Bump `github.com/yuin/goldmark` * Bump `github.com/tdewolff/minify/v2` * Bump `github.com/mccutchen/go-httpbin/v2` Version 2.0.46 (July 21, 2023) ------------------------------ * Add scraper and rewrite rules for Webtoons * Fix regression in integration page and simplify SQL query * Wallabag integration: add more information in log messages * Add support for custom Youtube embed URL * Fix accessibility issues in modal component * Fix modal aria role * Trap focusing with tab / shift+tab inside the modal * Restore keyboard focus when closing modal * Automatically move keyboard focus to first focusable element unless specified otherwise * Keyboard shortcut help modal: move keyboard focus to modal title * Keyboard shortcut help modal: change close control from link to button * Add Notion integration * Update `golang.org/x/*` dependencies and `go-oidc` to v3.6.0 * Improve responsive design * Add user setting for marking entry as read on view * Improve Russian translation * Add the possibility to run cleanup tasks from the command line * Add the possibility to run Miniflux as a cronjob * Use `go-httpbin` to run tests locally and avoid remote calls to `httpbin.org` * Display tags when viewing entries * Update categories API endpoint to return `total_unread` and `feed_count` * Improve date parser to handle various broken date formats * Avoid `pq: time zone displacement out of range` errors * Improve entry existance check to make better use of index * Add unique index `enclosures_user_entry_url_idx` * Add mark as unread for Linkding integration * Add sub-folder support for Wallabag integration * Use RockyLinux to build RPM package * Disable CGO when building RPM package * Disable CGO when building Docker images Version 2.0.45 (June 21, 2023) ------------------------------ * Add media player to listen to audio and video podcasts with the possiblity to resume to last playback position * Add default tag names for Linkding integration * Mark only globally visible entries when marking all entries from UI * Use image included in feed as feed icon when available * Order history by `changed_at` and `published_at` * Remove title attribute from entry title links * Fix reading time that is not aligned correctly with the latest version of Safari * Use glyphs of the same size on keyboard shortcuts page * Add maskable versions of the PWA icon * Replace copyright header with SPDX identifier * Remove the "í" letter from the Portuguese "lido" word * Increase golangci-lint timeout value * Bump `github.com/tdewolff/minify/v2`, `github.com/prometheus/client_golang`, `golang.org/x/*` dependencies Version 2.0.44 (May 6, 2023) ---------------------------- * Add link to the URL rewrite rules documentation * Update scraping rules for `ilpost.it` * Update rewrite rules for `theverge.com` * Add a rewrite rule to remove clickbait titles * Make sure `PROXY_IMAGES` option is backward compatible with `PROXY_OPTION` and `PROXY_MEDIA_TYPES` * Add new rule to remove tables * Add support for searching well-known URLs in subdirectory * Add CSS `word-wrap` rule to break very long entry title into multiple lines * Add swipe as option for gesture navigation between entries. There are now 3 possible choices: `none`, `double-tap`, and `swipe`. * Prefer typographic punctuation in English translation * Process older entries first: - Feed entries are usually ordered from most to least recent. - Processing older entries first ensures that their creation timestamp is lower than that of newer entries. - This is useful when we order by creation, because then we get a consistent timeline. * Fix Grafana dashboard * Push Docker images to `Quay.io` (RedHat) * Bump `golang.org/x/*`, `github.com/lib/pq`, `mvdan.cc/xurls/v2` and `github.com/prometheus/client_golang` dependencies Version 2.0.43 (March 16, 2023) ------------------------------- * Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler (CVE-2023-27592) Creating an RSS feed item with the inline description containing an `<img>` tag with a `srcset` attribute pointing to an invalid URL like `http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error condition where the invalid URL is returned unescaped and in full. This results in JavaScript execution on the Miniflux instance as soon as the user is convinced to open the broken image. * Use `r.RemoteAddr` to check `/metrics` endpoint network access (CVE-2023-27591) HTTP headers like `X-Forwarded-For` or `X-Real-Ip` can be easily spoofed. As such, it cannot be used to test if the client IP is allowed. The recommendation is to use HTTP Basic authentication to protect the metrics endpoint, or run Miniflux behind a trusted reverse-proxy. * Add HTTP Basic authentication for `/metrics` endpoint * Add proxy support for several media types * Parse feed categories from RSS, Atom and JSON feeds * Ignore empty link when discovering feeds * Disable CGO explicitly to make sure the binary is statically linked * Add CSS classes to differentiate between category/feed/entry view and icons * Add rewrite and scraper rules for `blog.cloudflare.com` * Add `color-scheme` to themes * Add new keyboard shortcut to toggle open/close entry attachments section * Sanitizer: allow `id` attribute in `<sup>` element * Add Indonesian Language * Update translations * Update Docker Compose examples: - Run the application in one command - Bring back the health check condition to `depends_on` - Remove deprecated `version` element * Update scraping rules for `ilpost.it` * Bump `github.com/PuerkitoBio/goquery` from `1.8.0` to `1.8.1` * Bump `github.com/tdewolff/minify/v2` from `2.12.4` to `2.12.5` * Bump `github.com/yuin/goldmark` from `1.5.3` to `1.5.4` * Bump `golang.org/x/*` dependencies Version 2.0.42 (January 29, 2023) --------------------------------- * Fix header items wrapping * Add option to enable or disable double tap * Improve PWA display mode label in settings page * Bump `golang.org/x/*` dependencies * Update translations * Add scraping rule for `ilpost.it` * Update reading time HTML element after fetching the original web page * Add category feeds refresh feature Version 2.0.41 (December 10, 2022) ---------------------------------- * Reverted PR #1290 (follow the only link) because it leads to several panics/segfaults that prevent feed updates * Disable double-tap mobile gesture if swipe gesture is disabled * Skip integrations if there are no entries to push * Enable TLS-ALPN-01 challenge for ACME - This type of challenge works purely at the TLS layer and is compatible with SNI proxies. The existing HTTP-01 challenge support has been left as-is. * Preconfigure Miniflux for GitHub Codespaces * Updated `golang.org/x/net/*` dependencies Version 2.0.40 (November 13, 2022) ---------------------------------- * Update dependencies * Pin Postgres image version in Docker Compose examples to avoid unexpected upgrades * Make English and Spanish translation more consistent: - Use "Feed" everywhere instead of "Subscription" - Use "Entry" instead of "Article" * Allow Content-Type and Accept headers in CORS policy * Use dirs file for Debian package * Use custom home page in PWA manifest * Fix scraper rule that could be incorrect when there is a redirect * Improve web scraper to fetch the only link present as workaround to some landing pages * Add Matrix bot integration * Proxify images in API responses * Add new options in user preferences to configure sorting of entries in the category page * Remove dependency on `github.com/mitchellh/go-server-timing` * Add support for the `continuation` parameter and result for Google Reader API ID calls * Use automatic variable for build target file names * Add rewrite rule for `recalbox.com` * Improve Dutch translation Version 2.0.39 (October 16, 2022) --------------------------------- * Add support for date filtering in Google Reader API item ID calls * Handle RSS entries with only a GUID permalink * Go API Client: Accept endpoint URLs ending with `/v1/` * CORS API headers: Allow `Basic` authorization header * Log feed URL when submitting a subscription that returns an error * Update `make run` command to execute migrations automatically * Add option to send only the URL to Wallabag * Do not convert anchors to absolute links * Add config option to use a custom image proxy URL * Allow zoom on mobile devices * Add scraping rules for `theverge.com`, `royalroad.com`, `swordscomic.com`, and `smbc-comics.com` * Add Ukrainian translation * Update `golang.org/x/*` dependencies * Bump `github.com/tdewolff/minify/v2` from `2.12.0` to `2.12.4` * Bump `github.com/yuin/goldmark` from `1.4.13` to `1.5.2` * Bump `github.com/lib/pq` from `1.10.6` to `1.10.7` Version 2.0.38 (August 13, 2022) -------------------------------- * Rename default branch from master to main * Update GitHub Actions * Bump `github.com/prometheus/client_golang` from `1.12.2` to `1.13.0` * Fix some linter issues * Handle Atom links with a text/html type defined * Add `parse_markdown` rewrite function * Build RPM and Debian packages automatically using GitHub Actions * Add `explosm.net` scraper rule * Make default home page configurable * Add title attribute to entry links because text could be truncated * Highlight categories with unread entries * Allow option to order by title and author in API entry endpoint * Update Russian translation * Make reading speed user-configurable * Added translation for Hindi language used in India * Add rewrite rules for article URL before fetching content * Bump `github.com/tdewolff/minify/v2` from `2.11.7` to `2.12.0` * Support other repo owners in GitHub Docker Action * Proxify empty URL should not crash * Avoid stretched image if specified width is larger than Miniflux's layout * Add support for OPML files with several nested outlines * sanitizer: handle image URLs in `srcset` attribute with comma * Allow `width` and `height` attributes for `img` tags * Document that `-config-dump` command line argument shows sensitive info * Add System-V init service in contrib folder * Fix syntax error in `RequestBuilder.getCsrfToken()` method Version 2.0.37 (May 27, 2022) ----------------------------- * Add rewrite rule to decode base64 content * Add Linkding integration * Add comment button to Telegram message * Add API endpoint to fetch unread and read counters * Fixes logic bug in Google Reader API sanity check * Reduce number of CORS preflight check to save network brandwidth * Add Espial integration * Allow API search for entries which are not starred * Try to use outermost element text when title is empty * Make swipe gestures feel more natural - Removes opacity transition when swiping an article read/unread - Adds "resistance" to the swiped entry when the 75px threshold is reached - Fixes an issue in which a swiped article couldn't be moved <15px * Add support for feed streams to Google Reader API IDs API * Fix invalid parsing of icon data URL * Add Traditional Chinese translation * Add distroless Docker image variant * Add Go 1.18 to GitHub Action * Bump `github.com/tdewolff/minify/v2` from `2.10.0` to `2.11` * Bump `github.com/prometheus/client_golang` from `1.12.1` to `1.12.2` * Bump `github.com/lib/pq` from `1.10.4` to `1.10.6` Version 2.0.36 (March 8, 2022) ------------------------------ * Gray out pagination buttons when they are not applicable * Use truncated entry description as title if unavailable * Do not fallback to InnerXML if XHTML title is empty * Add `+` keyboard shortcut for new subscription page * Add `(+)` action next to Feeds to quickly add new feeds * Fix unstar not working via Google Reader API * Remove circles in front of page header list items * Fix CSS hover style for links styled as buttons * Avoid showing `undefined` when clicking on read/unread * Add new keyboard shortcut `M` to toggle read/unread, and go to previous item * Add several icons to menus according to their roles * Add missing event argument to `onClick()` function call * Add links to scraper/rewrite/filtering docs when editing feeds * Add a rewrite rule for Castopod episodes * Fix regression: reset touch-item if not in `/unread` page * Add API endpoint to fetch original article * Show the category first in feed settings * Add pagination on top of all entries * Display Go version in "About" page * Bump `mvdan.cc/xurls/v2` from 2.3.0 to 2.4.0 * Bump `github.com/prometheus/client_golang` from 1.11.0 to 1.12.1 * Bump `github.com/tdewolff/minify/v2` from 2.9.28 to 2.10.0 Version 2.0.35 (January 21, 2022) --------------------------------- * Set `read-all` permission to `GITHUB_TOKEN` for GitHub Actions * Pin `jshint` version in linter job * Fix incorrect conversion between integer types * Add new GitHub Actions workflows: CodeQL and Scorecards analysis * Handle Atom feeds with space around CDATA * Bump `github.com/tdewolff/minify/v2` from 2.9.22 to 2.9.28 * Add Documentation directive to Systemd service * Do not reset `touch-item` if successfully swiped * Add support for multiple authors in Atom feeds * Omit `User-Agent` header in image proxy to avoid being blocked * Use custom feed user agent to fetch website icon * Make default Invidious instance configurable * Add new rewrite rule `add_youtube_video_from_id` to add Youtube videos in Quanta articles * Add scrape and rewrite rules for `quantamagazine.org` * Expose entry unshare link in the entry and list views * Add Google Reader API implementation (experimental) * Add `Content-Security-Policy` header to feed icon and image proxy endpoints - SVG images could contain Javascript. This CSP blocks inline script. - Feed icons are served using `<img>` tag and Javascript is not interpreted. * Add Finnish translation * Add scraper rule for `ikiwiki.iki.fi` * Remove `SystemCallFilter` from `miniflux.service` * Fix minor typo in French translation Version 2.0.34 (December 16, 2021) ---------------------------------- * Add rewrite rule for comics website http://monkeyuser.com * Add `<head>` tag to OPML export * Tighten Systemd sandboxing and update comments in `miniflux.service` * Add `RuntimeDirectory` to Systemd service * Order disabled feeds at the end of the list * Add support for theme color based on preferred color scheme of OS * Bump `github.com/lib/pq` from 1.10.3 to 1.10.4 * Bump `github.com/PuerkitoBio/goquery` from 1.7.1 to 1.8.0 * Fix typos in `model/icon.go` * Add `data-srcset` support to `add_dynamic_image rewrite` rewrite rule * Fix Docker Compose example files compatibility to v3 * Added the `role="article"` to `<article>` elements for better accessibility with screen readers * Redact secrets shown on the about page * Handle `srcset` images with no space after comma * Hide the logout link when using auth proxy * Fix wrong CSS variable * Change `-config-dump` command to use `KEY=VALUE` format Version 2.0.33 (September 25, 2021) ----------------------------------- * Build RPM and Debian package with PIE mode enabled * Add CSS rule to hide `<template>` tag in old browsers * Bump `github.com/tdewolff/minify/v2 from 2.9.21 to 2.9.22` * Bump `github.com/lib/pq from 1.10.2 to 1.10.3` * Remove `RequestURI()` hack * Improve `zh_CN` translation * Add ability to change entry sort order in the UI * Add minor improvements in integration package * Add Telegram integration * Add rewrite rule to remove DOM elements * Add proxy argument to `scraper.Fetch()` * Add mime type `application/feed+json` to discover JSON Feed v1.1 * Update scraper rule for `theregister.com` * Add Go 1.17 to GitHub Actions * Display option to hide feed only when category is not already hidden * Add option to hide feeds from the global Unread list Version 2.0.32 (August 14, 2021) -------------------------------- * Bump `github.com/tdewolff/minify/v2` from 2.9.17 to 2.9.21 * Bump `mvdan.cc/xurls/v2` from 2.2.0 to 2.3.0 * Bump `github.com/PuerkitoBio/goquery` from 1.6.1 to 1.7.1 * Bump `github.com/prometheus/client_golang` from 1.10.0 to 1.11.0 * Add `/rss/` to the list of well known URLs during feed discovery * Use `authors` entry for JSON 1.1 feeds * Added Greek translation * Added the ability to mark an entire category as read in the web ui * Added "in" in "logged in" for en_US `tooltip.logged_user` * Added option to hide categories from the global unread list * Show "saving" labels for entry status button * Golang client: Try to parse response body on `InternalServerError` errors * contrib: Add support for a $MINIFLUX_IMAGE env var in docker-compose * contrib: Bump docker-compose version to 3.4 Version 2.0.31 (June 6, 2021) ----------------------------- * Expose comments_url entry field in Golang API client * Use unique file names for cache busting instead of query string * Highlight and sort feeds with unread entries in feeds list * Mark items as read on click/middle click of external links * Fix: Firefox on Windows does not show the active link as bold * Avoid extra HTTP request for fetching custom stylesheet * Remove invalid CSRF HTML meta tag * Add lang attribute to root HTML tag * Use runes instead of bytes to truncate JSON feed titles (avoid breaking Unicode strings) * Expose changed_at time through the API * Add new config option CLEANUP_ARCHIVE_BATCH_SIZE * Add new option DATABASE_CONNECTION_LIFETIME * Add database stats to Prometheus exporter * Add Systemd watchdog * Avoid custom stylesheet to be cached by third-party CDN * Update a shared entry label translation in zh_CN * Bump github.com/tdewolff/minify/v2 from 2.9.16 to 2.9.17 * Bump github.com/lib/pq from 1.10.1 to 1.10.2 Version 2.0.30 (May 7, 2021) ---------------------------- * Security fix: any user can delete any feed (Regression introduced in commit 51fb949) * Fix password reset via CLI * Increase default batch size value * Handle RSS feed title with encoded Unicode entities * Show number of unread per category in category list instead of number of feeds * Bump github.com/lib/pq from 1.10.0 to 1.10.1 * Filtering doesn't work when selecting from multiple found feeds * Bump github.com/tdewolff/minify/v2 from 2.9.15 to 2.9.16 * Use an appropriate color for visited links on dark theme * Fix typo in reader/json/doc.go * Create SECURITY.md * Setup golangci-lint Github Action * Add per feed cookies option * Bump github.com/prometheus/client_golang from 1.9.0 to 1.10.0 * Bump github.com/tdewolff/minify/v2 from 2.9.13 to 2.9.15 Version 2.0.29 (Mar 21, 2021) ----------------------------- * Miniflux requires at least Go 1.16 now * Improved support of Atom text constructs - Improve handling of CDATA in text elements - Omit XHTML root element because it should not be part of the content - Fix incorrect parsing of HTML elements * Handle RDF feed with HTML encoded entry title * Add Turkish language * Improve deletion of feeds with lots of entries * Add support of Systemd readiness notification using the sd_notify protocol * Remove feed_icons service worker cache because it's causing more problems than it solves (and HTTP cache seems faster) * Add basic PWA offline page - Add basic offline mode when using the service worker - Starting in Chrome 93, offline mode is going to be a requirement to install the PWA * Replace icon for "Add to home screen" button * Use SVG icons for "toast" notifications * Use SVG sprite for icons instead of inline elements * Reset scroll position on mark page as read * Add link to mark all feed entries as read * Make web app display mode configurable (The change is visible after reinstalling the web app) * Handle RSS feeds with CDATA in author item element * Add read time on the article page * Avoid showing a broken image when there is no feed icon * Add option to allow self-signed or invalid certificates * Add new config option to scrape YouTube's website to get video duration as read time (disabled by default) * Send full article content to Wallabag * Add more extensive health check support - Improve endpoint to test database connection - Add new cli argument: -healthcheck - Update Docker Compose examples * Update iframe "allow list" to support Bilibili videos * Remove completely generated files and use embed package to bundle JS/CSS/Images/Translations files into the final binary * Remove deprecated io/ioutil package * Show Postgres version in "About" page Version 2.0.28 (Feb 15, 2021) ----------------------------- * Add HTTP header "Referrer-Policy: no-referrer" * Handle entry title with double encoded entities * Add Open Containers annotations to Docker image * Remove iframe inner HTML contents (iframe element never has fallback content) * Update date parser to fix another time zone issue * Update German translation for blocklist and keeplist * Validate Keep list and Block list rules syntax * Add support for IPv6 with zone index * Allow images with data URLs * Limit full-text search indexation to first 500K characters (tsvector has a size limit of 1MB) * Change PWA display mode to standalone * ETag value is not set correctly in HTTP client (regression) * Add database backed Let's Encrypt certificate cache * Add global option POLLING_PARSING_ERROR_LIMIT * Update systemd service file comments to use `systemctl edit` for editing * Update Go version to 1.15 in go.mod * Don't discard the "Fetch via Proxy" option * Update man page to show the default values * Add PostgreSQL indices * Add API endpoints to get feeds and entries of a category * Create feed query builder * Bump github.com/PuerkitoBio/goquery from 1.6.0 to 1.6.1 * Show global options in the about page * Update man page to mention -1 can be used for CLEANUP_ARCHIVE_* options Version 2.0.27 (Jan 9, 2021) ---------------------------- * Add spellcheck="false" to input fields * Refactoring of entry, feed, category, and user validation * Avoid stripping tags for entry title * Add the possibility to subscribe to feeds with the Android Share menu * API improvements: - Change feed creation request to allow setting most fields via API - Allow regular users to change settings via API - Make user fields editable via API - Renaming non-existent category via API should return a 404 * Update Systemd service file: - Add capability CAP_NET_BIND_SERVICE (allow the process to listen on privileged ports) - Enable a private /tmp for $CERT_CACHE (required when using Let's Encrypt) * Update read/star icons to SVGs * Add autocomplete="username" to HTML forms * Improve user mass delete to use fewer Goroutines * Use SQL transaction when creating user sessions and users * Remove extra column (HSTORE field) from users table and migrate key/value pairs to specific columns * Bump github.com/prometheus/client_golang from 1.8.0 to 1.9.0 * Bump github.com/lib/pq from 1.8.0 to 1.9.0 * Add styles for <abbr> HTML tag * Refactor SQL migrations: - Avoid embedding SQL files into binary - Allow more flexible changes by using Go functions * Add Server-Timing header to unread page * Show correct User Agent in input placeholders * Add autocomplete attribute to login form * Add Grafana dashboard in contrib folder Version 2.0.26 (Dec 5, 2020) ---------------------------- * Use created_at instead of published_at for archiving entries * Add created_at field for entries * Handle invalid feeds with relative URLs * Add API routes for "mark all as read" * Add support for setting a global default User-Agent * Add rewrite rule "replace" for custom search and replace * Calculate reading time during feed processing * Handle various invalid dates * systemd: keep /run writeable * debian package: add missing post-install script * Do not follow redirects when trying known feed URLs * Trim spaces around icon URLs * Reinstate EXPOSE instruction in Dockerfile * Update German and Portuguese translations Version 2.0.25 (Nov 3, 2020) ---------------------------- * Rename "original" link to be more explicit * Do not escape HTML for Atom 1.0 text content during parsing (Avoid HTML entities issues) * Do not use charset.NewReader if the body is a valid UTF-8 document * Restore the ability to use a proxy for all HTTP requests (see https://golang.org/pkg/net/http/#ProxyFromEnvironment) * Show Git commit in about page * Publish Docker images to GitHub Container Registry * Added few Docker Compose examples in contrib folder * Added Ansible Role + Playbook for Miniflux in contrib folder * Add rewrite rule to use noscript content for images rendered with Javascript * Bump github.com/prometheus/client_golang from 1.7.1 to 1.8.0 * Update contributor link and Godoc badge for API client * Move Debian package builder to main repository * Move RPM build files to main repository * Add GitHub Action to generate Docker images * Build multi-platform images with Docker Buildx * Add keyboard shortcut to scroll current item to the top * Add feed filters (Keeplist and Blocklist) * Do not proxy image with a data URL * Bump github.com/PuerkitoBio/goquery from 1.5.1 to 1.6.0 * Proxify articles crawled manually * Proxify images defined in srcset attribute * Remove plaintext Fever password from database * Add keyboard shortcut to jump to an item's feed page * Add option for swipe gesture on entries on mobile Version 2.0.24 (Oct 3, 2020) ---------------------------- * Add rewrite rule to fix Medium.com images * Update sanitizer to support responsive images: - Add support for picture HTML tag - Add support for srcset, media, and sizes attributes to img and source tags * Enhance man page formatting * Add Prometheus exporter * Remove dependency on global config options in HTTP client * API: - Avoid database lookup if empty credentials are provided - Add the possibility to filter entries by category ID - Add the possibility to filter entries by a list of statuses * Add Feed ID in worker error logs * Tweak default HTTP client transport timeout values to reduce the number of file descriptors * CSS tweaks and optimizations: - Prevent sub and sup from affecting line-height - Set touch-action on .items to prevent browser navigation - Move font-family specific CSS to the appropriate file - Update primary font-family for UI to be even more compatible with various operating systems - Make .entry-content font-weight variable depending on font-family used * Avoid Javascript minifier to break keyboard shortcuts * Rename service worker script to avoid being blocked by uBlock * Update date parser to handle Pacific Daylight Time in addition to Pacific Standard Time * Create index to speed up bookmark page * Do not try to update a duplicated feed after a refresh * Use a transaction to refresh and create entries * Speed up entries clean up with an index and a goroutine * Avoid the accumulation of enclosures by keeping only what is referenced in the feed * Add workarounds for parsing an invalid date * Archive older entries first * Update API client to support more filters * Avoid duplication between get feed entries and get entries API endpoints * Enable strict slash to avoid a page not found (404) when using a trailing slash in the URLs * Add a submit button to each section of the integration page * Reload page after making page as read when showing unread entries * Add option to archive unread entries * Add option to enable maintenance mode * Add HTTP proxy option for subscriptions * Make add_invidious_video rule applicable for different invidious instances * Fix reading time for jp, ko and zh languages * Update POLLING_SCHEDULER description in man page * Bump gorilla/mux from 1.7.4 to 1.8.0 * Add link to mark a feed as read Version 2.0.23 (Aug 15, 2020) ----------------------------- * Try known URLs when discovering subscriptions * Add workarounds to find YouTube channel feeds (YouTube doesn't expose RSS links anymore for new-style URLs) * Increase HTTP server timeout values * Use stdlib constants for HTTP methods instead of strings * Add support for RTL feed content * Ignore <media:title> to avoid overriding the default title if they are different * Add support for secret keys exposed as a file (useful for containerized environments) * Display recent entries first in search results * Do not archive shared items * Add option to change the number of entries per page * Add Brazilian Portuguese (pt_BR) translation * Add reading time for entries * Redirect to login page if CSRF token is expired * Fever API: - Use getEntryIDs instead of getEntries to reduce memory consumption - Fix max_id argument logic to follow the specs - Improve logging - Do not send articles to external services when unsaving an item - Create index to speed up API calls - Log client IP in middleware * API client: Do not return body for response with no content * REST API: - Delete users asynchronously (Deleting large users might lock the tables) - Add CORS support * Align entry actions to the left - Attempt to avoid awkward alignment on smartphone screens - Keep the read/star actions aligned to the left - Remove CSS flex to allow easier override with custom CSS * Upgrade Postgres client library * Upgrade CI checks to Go 1.15 Version 2.0.22 (Jun 19, 2020) ----------------------------- * Remove child-src CSP policy (deprecated) * Add /version endpoint * Add the ability to use custom css * Handle more invalid dates * Add CSS styles for textarea * Add index to speed up slow query * Speed up feed list page rendering * Add alternative scheduler based on the number of entries * Setup Dependabot on GitHub * Update Docker image to Alpine 3.12 * Add feed option to ignore HTTP cache * Fix some Italian and German translations * Added scraper rule for RayWenderlich.com, TheOatmeal.com, financialsamurai.com, dilbert.com and turnoff.us * Replace link to categories by a link to the list of entries in "Category > Feeds" page * Change feed title to a link to the original website * Add icons to feeds and categories list * Update dependencies and remove vendor folder Version 2.0.21 (Mar 28, 2020) ----------------------------- * Add SVG icons to entry actions * Add support for Invidious - Embed Invidious player for invidio.us feeds - Add new rewrite rule to use Invidious player for Youtube feeds * Check during application startup if the database schema is up to date * Change default theme for public pages to "System Serif" * Add feature to share an article (create a public link of a feed entry) * Fix SQL injection in full-text search rank ordering * Add generic OpenID Connect provider (OAuth2) * Use more secure TLS configuration for autocert server (increase SSL Labs score from B to A+) * Add feature to create per-application API Keys * Add Go 1.14 to GitHub Actions * Add scraper rule for wdwnt.com * Add API client function to refresh all feeds * Add API endpoint to refresh all feeds * Add Auth Proxy authentication * Use rel=prev/next on pagination links Version 2.0.20 (Feb 15, 2020) ----------------------------- * Add Japanese translation * History: show entries in the order in which they were read * Add button to add to Home screen * Ignore enclosures without URL * Correct spelling of "toggle" * List view: align information to the left side, and the actionable buttons to the right * Redirect to /unread when getting a 404 for an unread expired entry * Do not advance to the next item when using the 'v' shortcut on the list of starred items * Wrap around when navigating with keyboard shortcuts on a list view * Remove unused Feed.Entries and Entry.Category from API client * Add comments link keyboard shortcut * Allow application/xhtml+xml links as comments URL in Atom replies * Allow only absolute URLs in comments URL * Use internal XML workarounds to detect feed format * Make menu consistent across feed pages * Make sure external URLs are not encoded incorrectly by Go template engine * Make sure whitelisted URI schemes are handled properly by the sanitizer * Use white background for favicon (Improve legibility when using a dark theme) * Remove dependency on Sed to build Docker images * Normalize URL query string before executing HTTP requests * Improve Dublin Core support for RDF feeds * Improve Podcast support (iTunes and Google Play feeds) * Add support for Atom 0.3 * Add support for Atom "replies" link relation * Return outer HTML when scraping elements * Update scraper rule for "Le Monde" * Filter valid XML characters for UTF-8 XML documents before decoding * Trim spaces for RDF entry links Version 2.0.19 (Dec 1, 2019) ---------------------------- * Add shortcut "V" to open original link in current tab * Add the possibility to add rules during feed creation * Wrap attachments into <details> disclosure element * Show attachment size on entry page * Add support of RSS Media elements (group, description, peer link, and thumbnails) * Add rewrite functions: convert_text_link and nl2br * Add scraper rule for openingsource.org * Add Makefile target to build only amd64 Docker image * Make sure to remove integration settings when removing a user * Add API parameter to filter entries by category * Display list of feeds per category * Show the number of read and unread entries for each feed * Make sure settings menu is consistent * Remove fixed table-layout for entry content * Update autocert lib because ACME v1 is EOL * Do not lighten blockquote font color * Update de_DE translation * Send a response when changing status of removed entries in Fever API * Add meta tag to disable Google Translate * Improve storage module * Improve XML decoder to remove illegal characters * Compare Fever token case-insensitively * Make sure integration tests are marked as failed in Github Actions * Add new formats to date parser * Add notification message when using keyboard shortcuts: f, s, and m. * Avoid keyboard shortcuts to conflict with Firefox’s "Find as you type" feature Version 2.0.18 (Sep 25, 2019) ----------------------------- * Add Docker image variant for arm32v7 * Add theme variants - Use CSS variables instead of inherence - Rename default theme to "Light - Serif" - Rename Black theme to "Dark - Serif" - Rename "Sans-Serif" theme to "Light - Sans Serif" - Add "System" theme that use system preferences: Dark or Light - Add Serif and Sans-Serif variants for each color theme * Avoid constraint error when having duplicate entries during feed creation * Disable strict XML parsing * Ignore invalid content type * Update man page * Replace Travis by GitHub Actions * Rename cleanup config variables and deprecate old ones - CLEANUP_FREQUENCY_HOURS instead of CLEANUP_FREQUENCY - CLEANUP_ARCHIVE_READ_DAYS instead of ARCHIVE_READ_DAYS * Make configurable the number of days to remove old sessions * Add native lazy loading for images and iframes * Do not buffer responses in the image proxy * Update dependencies * Add Go 1.13 to test matrix * Replace link border by outline to avoid slight content shift * New rewrite function: add_mailto_subject * Import OPML from URL * Fix HTML injection in addImageTitle * Accept HTML entities when parsing XML Version 2.0.17 (Aug 3, 2019) ---------------------------- * Update Docker image to Alpine Linux 3.10.1 * Pass auth header to manifest request (crossorigin attribute) * Sort feed categories before serialization * Fix syntax errors in man page * Add .search margin-right * Ask for confirmation before flushing history, marking page as read, and mark all as read * Add option to disable feeds Version 2.0.16 (Jun 8, 2019) ---------------------------- * Add option to toggle date/time in log messages * Add optional config file parser in addition to environment variables * Make HTTP Client timeout and max body size configurable * Refactor config package: - Parse configuration only once during startup time - Store configuration values in a global variable * Flip behavior of j and k keyboard shortcuts * Bump Postgresql client library to v1.1.1 to bring in SCRAM-SHA-256 authentication * Add option to enable/disable keyboard shortcuts * Add missing translation * Improve page reload when showing unread/all entries: - Show only unread entries = refresh current page - Show all entries = go to next page * Always display feed entries even when there is a feed error * Use loading label instead of saving when submitting login form * Add OPML v1 support during importation * Add 'allow-popups' to iframe sandbox permissions Version 2.0.15 (Mar 16, 2019) ----------------------------- * Move Dockerfile to main repo * Change location of the binary from /usr/local/bin to /usr/bin in Docker image * Add double tap detection for next/previous page navigation * Allow users to disable auto-remove * Make parser compatible with Go 1.12 * Add Golang 1.12 to CI * Use feed ID instead of user ID to check entry URLs presence * Fix typo in stylesheet * Sort search results by relevance * Use preferably the published date for Atom feeds * Add Spanish translation * Rename session cookies * Handle the case when application session is expired and not user session Version 2.0.14 (Jan 13, 2019) ----------------------------- * Only attempt to change password if the confirmation field is filled in (Firefox) * Remove URL from client user agent * Make the feed list order case-insensitive * Handle XHTML Summary elements for Atom feeds * Make UTF-8 the default encoding for XML feeds * Add more targets to Makefile * Add -mod=vendor in Makefile * Move health check endpoint from ui package to httpd service * Add workaround for non GMT dates (RFC822, RFC850, and RFC1123) * Make sure `<strong>` elements are bold * Show scrollbars only when necessary for <pre> elements * Add Italian translation * Allow to switch between unread only and all entries on category/feed views * Add function storage.UpdateFeedError() * Add BBC News scraping rule * Ignore JSON feeds from EnsureUnicode() * Preserve category selection when no feed is found * Update XML encoding regex to take single quotes into consideration * Send cli errors to stderr * Update dependencies * Make password prompt compatible with Windows * Make configurable the number of days to archive read items * Change log level to debug when starting workers * Do not show $DATABASE_URL warning when showing application info * Move image proxy filter to template functions * Update scraper rule for lemonde.fr * Refactor manual entry scraper * Apply rewriter rules on manual "Fetch Original Content" * Add Makefile target for current OS and architecture * Improve Makefile Version 2.0.13 (Nov 25, 2018) ----------------------------- * Add man page * Add support for Systemd Socket Activation (experimental) * Add the possibility to listen on Unix sockets * Add config options to disable HTTP and scheduler services * Archive more read entries in cleanup job * Change default database connection string (backward compatible) * Improve logging messages in ui package * Improve overall Simplified Chinese translations * Improve time since post date displays: - "15 days" now is "15 days" rather than "3 weeks" ago - "32 days" is now "1 month" rather than "2 months" ago - "366 days" is now "1 year" rather than "2 years" ago * Allow the scraper to parse XHTML documents * Remove charset=utf-8 from JSON responses * Ignore hotkeys containing Control, Alt or Meta keys * Handle more encoding conversion edge cases * Disable go test caching * Avoid duplication of ldflags in Makefile * Fix wrong translation key for category pages * Code refactoring: - Simplify application HTTP middlewares - Replace daemon and scheduler package with service package - Move UI middlewares and routes to ui package - Move API middleware and routes to api package - Move Fever middleware and routes to fever package Version 2.0.12 (Oct 26, 2018) ----------------------------- * Add OpenBSD build * Improve logging for OAuth2 callback * Make "g f" go to feed, or list of feeds * Add more details in feed storage errors to facilitate debugging * Add entries storage error to feed errors count * Set arbitrary maximum size for tsvector column * Unsubscribe from feed through link or "#" * Simplify feed entries filtering * Simplify feed fetcher * Simplify feed parser and format detection * Improve unit tests in url package * Add short cli flags -i and -v * Convert text links and line feeds to HTML in YouTube channels * Change link state when marking all entries as read * Add missing package descriptions for GoDoc * Fix typo in license header * Refactor HTTP response builder * Improve Fever API performances when marking a feed or group as read * Set focus on article link when pressing prev/next hotkeys * Improve request package and add more unit tests * Add more unit tests for config package * Simplify locale package usage (refactoring) * Translate application in Russian * Use disclosure widget <details> for advanced feed options * Use unique translation IDs instead of English text as key * Add more unit tests for template functions * Fix invalid output when truncating Unicode text in templates * Add the possibility to override default user agent for each feed * Split Makefile linux targets by architecture * Add compiler, Arch, and OS to info command * Avoid line break between emoji and (un)read/(un)star links * Build Docker image for multiple architectures (amd64, arm32v6, arm64v8) Version 2.0.11 (Sep 11, 2018) ----------------------------- * Set cookie flag `SameSite` to Lax mode * Use predefined ciphers when TLS is configured * Avoid displaying an error when shutting down the daemon * Add "Mark this page as read" to the bottom * Store client IP address in request context * Refactor HTTP context handling * Make user creation via environment variables idempotent * Use regular text version of ✔︎ instead of emoji version on iOS * Add toggle status button to entry page * Migrate to Go Modules and Go 1.11 * Show count of feeds with permanent errors in header menu * Display remote client IP in logs when having a login failure (Fail2Ban) * Add remove button in feed edit page * Split integration tests into multiple files * Update scraper rule for heise.de * Expose real error messages for internal server API errors * Move Golang API client in project source tree (the separate project is deprecated) * Use canonical imports * Add Procfile * Create database package (refactoring) * Update user agent with new website URL * Update German translation Version 2.0.10 (July 22, 2018) ------------------------------ * Avoid browser caching issues when assets changes * Add Gzip/Deflate compression for HTML, JSON, CSS and Javascript responses * Improve themes handling * Store user theme in session * Logged out users will keep their theme * Add theme background color to web manifest and meta tag * Update application icon with different sizes * Add support for published tag in Atom feeds * Add tooltip to feed domain in feeds list (title attribute) * Prevent vertical scrolling on swipe * Show feed title instead of domain in items list * Add service worker to cache feed icons * Make image proxy configurable via IMAGE_PROXY environment variable: * none = No proxy * http-only = Proxy only non-HTTPS images (default) * all = Proxy everything * Add alt attribute for feed icons * Update CI jshint check * Add embedly.com to iframe whitelist * Use passive event listeners for touch events * Add `add_dynamic_image` rewriter for JavaScript-loaded images * Change feed password field type to text to avoid auto-completion with Firefox * Using autocomplete="off" or autocomplete="new-password" doesn't change anything * Changing the input ID doesn't change anything * Using a different input name doesn't change anything * Only Chrome supports autocomplete="new-password" * Add base URL validation * Update default stylesheet name in HTML layout * Pre-generate themes stylesheets at build time * Update vendor dependencies * Refactor assets bundler and split Javascript files * Run sanitizer after all processing and entry content rewrite * Remove timestamp from generated files * Add support for protocol relative YouTube URLs * Add Postgres full-text search for entries * Add search form in user interface * Add search parameter to the API * Improve Dutch locales * Sandbox iframes when sanitizing * Keep consistent text size on mobile orientation change * Change permission of /etc/miniflux.conf to 600 instead of 644 in RPM package * Add tzdata package to Docker image * Update Docker image to Alpine Linux 3.8 Version 2.0.9 (July 1, 2018) ---------------------------- * Avoid Chrome to autocomplete no-login password fields * Add cli flag to reset all feed errors * Do not ignore errored feeds when a user refresh feeds manually * Add specific 404 and 401 error messages * Strip binaries to reduce size * Make sure we always get the pagination in unread mode * Fix incorrect data value when toggling bookmark flag on entry page * Set opener to null when opening original URL with JavaScript * Remove unnecessary style * Refactor AddImageTitle rewriter * Only processes images with `src` **and** `title` attributes (others are ignored) * Processes **all** images in the document (not just the first one) * Wraps the image and its title attribute in a `figure` tag with the title attribute's contents in a `figcaption` tag * Improve sanitizer to remove `style`, `noscript` and `script` tag contents * Improve feed and user API updates with optional values * Add new fields for feed username/password * Improve memory usage debug log * Disable keep-alive for HTTP client * Close HTTP response body even for failed requests * Add Sans-Serif theme * Rewrite iframe Youtube URLs to https://www.youtube-nocookie.com * Add more filters for API call `/entries`: * before (unix timestamp) * before_entry_id (int64) * after (unix timestamp) * after_entry_id (int64) * starred (boolean) * Rewrite individual entry pagination SQL queries * Simplify entry query builder * Prevent items from sticking on touchend * Extended horizontal overflow to feed and category views * Translate missing strings * Update German translation Version 2.0.8 (June 4, 2018) ---------------------------- * Add Pocket integration * Rewrite RealIP() to avoid returning an empty string * Convert IP field from text to inet type * Improve error handling in integration clients * Make unread counter clickable * Archive read entries automatically after 60 days * Hide horizontal overflow when swiping articles on touch devices * Add API endpoint to get logged user * Fever API: Return response with an empty list if there is no item * Handle feeds with dates formatted as Unix timestamp Version 2.0.7 (May 7, 2018) --------------------------- * Add API endpoint to import OPML file * Make sure to close request body in HTTP client * Do not show save link if no integration is configured * Make sure integrations are configured before to make any HTTP requests * Avoid people to unlink their OAuth2 account without having a local password * Do not use shared variable to translate templates (avoid concurrency issue) * Use vanilla HTTP handlers (refactoring) * Move HTTP client to its own package (refactoring) * Add middleware to read X-Forwarded-Proto header (refactoring) * Use Gorilla middleware (refactoring) * Scrape parent element for iframe * Add SoundCloud and Bandcamp iframe sources Version 2.0.6 (Apr 20, 2018) ---------------------------- * Improve graceful shutdown * Simplify Heroku deployment * Display memory usage and some metrics in logs * Increase read/write timeout for HTTP server * Add support for Dublin Core date in RDF feeds * Do not return an error if the user session is not found * Handle some non-english date formats * Add missing French translation * Rename RSS parser getters * Get the right comments URL when having multiple namespaces * Ignore caching headers for feeds that send "Expires: 0" * Update translations Version 2.0.5 (Apr 7, 2018) --------------------------- * Avoid unread counter to be off by one when reading an entry * Add Comments URL to entries * Add FreeBSD build target * Handle RSS author elements with inner HTML * Fix typo in translations * Add Dutch translation * Convert enclosure size field to bigint * Switch CI to Go v1.10 * Fix broken OPML import when compiling with Go 1.10 Version 2.0.4 (Mar 5, 2018) --------------------------- * Add Simplified Chinese translation * Add Nunux Keeper integration * Filter the list of timezones * Add timezone to entries dates for REST and Fever API * Show last login and session creation date in current timezone * Fix typo in edit user template * Improve parser error messages * Remove parentheses around feed error messages * Support localized feed errors generated by background workers * Print info message if DATABASE_URL is not set Version 2.0.3 (Feb 19, 2018) ---------------------------- * Add Polish translation * Change color of <q> tags for black theme * Add database indexes (don't forget to run database migrations) * Handle Atom feeds with HTML title * Strip invalid XML characters to avoid parsing errors * Improve error handling for HTTP client Version 2.0.2 (Feb 5, 2018) --------------------------- * Add support for Let's Encrypt http-01 challenge * Move template functions outside engine (refactoring) * Take timezone into consideration when calculating relative time * Add support for HTTP Strict Transport Security header * Add support for base URLs with subfolders * Add missing about menu in settings * Show API URL endpoints in user interface * Do not update entry date while refreshing a feed * Add flag to toggle debug logging * Improve unread counter updates Version 2.0.1 (Jan 22, 2018) ---------------------------- * Change user agent (People are blocking the crawler with mod_security) * Move environment variables to config package (refactoring) * Add build targets for all ARM architectures * Do not crawl existing entry URLs * Show translated login page in user language when logged out * Handle more encoding edge cases: - Feeds with charset specified only in Content-Type header and not in XML document - Feeds with charset specified in both places - Feeds with charset specified only in XML document and not in HTTP header * Add German translation * Add mark as read/unread link on list items * Add API endpoint for OPML export Version 2.0.0 (Jan 11, 2018) ---------------------------- * Initial release of Miniflux 2.