Skip to content

v1.12.1

Latest

Choose a tag to compare

@github-actions github-actions released this 01 Jul 20:50
02c7529

Fixed

  • Copy key button in the API key reveal dialog now writes the plaintext key to the clipboard on HTTP installs; the textarea fallback was silently running over an empty selection while the toast claimed success. (#647)

Security

  • starlette bumped to 1.3.1, clearing the pip-audit and Trivy advisories on its request parsing (CVE-2026-48817, CVE-2026-48818, CVE-2026-54283) that underlies every FastAPI route in Houndarr. (#658)
  • python-multipart bumped to 0.0.32, clearing CVE-2026-53538, CVE-2026-53539, and CVE-2026-53540 in the form and multipart parser behind the login, setup, and instance-settings posts. (#658)
  • cryptography bumped to 49.0.0, clearing GHSA-537c-gmf6-5ccf, a vulnerable OpenSSL build bundled in the wheels; Houndarr links it only through Fernet encryption of stored *arr API keys. (#658)