Dispatcharr/apps
2026-05-31 10:03:03 -05:00
..
accounts Enhancement: Initial fmp4 support and major ts_proxy refactor 2026-05-08 17:46:47 -05:00
api initial connect feature 2026-02-08 09:29:22 -05:00
backups security: Fixed path traversal vulnerability in file uploads. The M3U account upload (apps/m3u/api_views.py), logo upload (apps/channels/api_views.py), and backup upload (apps/backups/api_views.py) all used the uploaded filename directly without sanitization. os.path.join() discards all preceding components when it encounters an absolute path segment, and pathlib's / operator behaves identically; a relative ../ sequence also escapes via OS path resolution at open() time. All three upload paths now strip directory components via Path(name).name and validate the resolved path remains within the intended upload directory. Exploiting any of these required admin credentials. 2026-04-09 21:32:36 -05:00
channels feat(epg): add Schedules Direct API integration 2026-05-17 04:52:07 +00:00
connect fix: replace fork()-based subprocess with posix_spawn at all uWSGI spawn sites 2026-05-15 16:45:09 -05:00
dashboard modified database fields for consistency, removed custom_url from streams (no longer needed) 2025-03-16 09:07:10 -04:00
epg fix(epg): update permission handling for sd_lineups actions in EPGSourceViewSet 2026-05-31 10:03:03 -05:00
hdhr feat: Add HDHR output profile support and reorganize settings 2026-05-10 11:14:02 -05:00
m3u fix: enhance regex filtering for auto-sync channels to match frontend patterns 2026-05-16 11:41:15 -05:00
output fix: update xc_stream_live_streams to yield opening bracket at start. 2026-05-16 11:08:41 -05:00
plugins fix: Ensure plugin discovery runs in all non-Celery processes to apply monkey-patches in uWSGI workers 2026-05-13 17:30:09 -05:00
proxy fix: replace fork()-based subprocess with posix_spawn at all uWSGI spawn sites 2026-05-15 16:45:09 -05:00
vod fix: clear previous failure entries after successful logo fetch in LogoViewSet and VODLogoViewSet 2026-04-14 13:34:17 -05:00