Dispatcharr/apps
SergeantPanda 69e0cba86e
Some checks are pending
CI Pipeline / prepare (push) Waiting to run
CI Pipeline / docker (amd64, ubuntu-24.04) (push) Blocked by required conditions
CI Pipeline / docker (arm64, ubuntu-24.04-arm) (push) Blocked by required conditions
CI Pipeline / create-manifest (push) Blocked by required conditions
Build and Push Multi-Arch Docker Image / build-and-push (push) Waiting to run
Bug Fix: EPG channel name vlaue too long for type character varying(255) (Fixes #1134)
2026-04-21 09:23:35 -05:00
..
accounts security: Extended rate limiting to the session-auth login alias (POST /api/accounts/auth/login/). It now delegates entirely to TokenObtainPairView, inheriting its throttle, network access check, and audit logging, and returns JWT tokens instead of a session cookie (the session-based response was unusable since SessionAuthentication is not in DEFAULT_AUTHENTICATION_CLASSES). Both endpoints share the same "login" throttle scope, so attempts across either path count against the same per-IP limit. 2026-04-10 19:54:10 -05:00
api initial connect feature 2026-02-08 09:29:22 -05:00
backups security: Fixed path traversal vulnerability in file uploads. The M3U account upload (apps/m3u/api_views.py), logo upload (apps/channels/api_views.py), and backup upload (apps/backups/api_views.py) all used the uploaded filename directly without sanitization. os.path.join() discards all preceding components when it encounters an absolute path segment, and pathlib's / operator behaves identically; a relative ../ sequence also escapes via OS path resolution at open() time. All three upload paths now strip directory components via Path(name).name and validate the resolved path remains within the intended upload directory. Exploiting any of these required admin credentials. 2026-04-09 21:32:36 -05:00
channels Bug Fix: EPG channel name vlaue too long for type character varying(255) (Fixes #1134) 2026-04-21 09:23:35 -05:00
connect Bug Fix: Fixed several incorrect or incomplete OpenAPI (@extend_schema) schemas across the API 2026-04-11 17:02:07 -05:00
dashboard modified database fields for consistency, removed custom_url from streams (no longer needed) 2025-03-16 09:07:10 -04:00
epg Bug Fix: EPG channel name vlaue too long for type character varying(255) (Fixes #1134) 2026-04-21 09:23:35 -05:00
hdhr security: 2026-04-09 21:36:51 -05:00
m3u Bug Fix: EPG channel name vlaue too long for type character varying(255) (Fixes #1134) 2026-04-21 09:23:35 -05:00
output performance: 2026-04-16 13:19:19 -05:00
plugins fix(migration): Fix plugin repo migration that specified AutoField for id instead of BigAutoField. 2026-04-14 16:36:16 -05:00
proxy Enhancement: Cache channel names to reduce repeated DB queries in StreamManager and StreamGenerator. This improves performance by avoiding unnecessary database calls during retries and logging events. (Fixes #1138) 2026-04-17 10:55:41 -05:00
vod fix: clear previous failure entries after successful logo fetch in LogoViewSet and VODLogoViewSet 2026-04-14 13:34:17 -05:00