Skip to content

fix(container): update image ghcr.io/tautulli/tautulli ( v2.17.0 ➔ v2.17.1 )#4603

Merged
binaryn3xus merged 1 commit into
mainfrom
renovate/ghcr.io-tautulli-tautulli-2.x
May 5, 2026
Merged

fix(container): update image ghcr.io/tautulli/tautulli ( v2.17.0 ➔ v2.17.1 )#4603
binaryn3xus merged 1 commit into
mainfrom
renovate/ghcr.io-tautulli-tautulli-2.x

Conversation

@unsc-oni-ancilla

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
ghcr.io/tautulli/tautulli patch v2.17.0v2.17.1

Release Notes

Tautulli/Tautulli (ghcr.io/tautulli/tautulli)

v2.17.1

Compare Source

  • Notifications:
    • Fix: Tautulli Remote App notifications failing to send. (#​2669)
    • New: Added extra type and preroll to notification parameters.
    • New: Added Simkl URL to notification parameters.
  • Newsletters:
    • Fix: Remote code execution via newsletter custom template directory. (CVE-2026-41065) (Thanks @​remindsec)
  • Exporter:
    • Fix: Export failed when logo / square art keys were included. (#​2685)
  • UI:
    • Fix: Error when browsing for folder paths. (#​2673)
    • New: Added AV1 media flag image. (#​2676) (Thanks @​little0831)
    • New: Added opus media flag image.
  • Other:
    • Fix: Clean empty directories after updating using git. (#​2667)
    • Fix: Tautulli failing to reconnect to Plex Media Server until restarted after a connection loss at startup. (#​2640)
    • Fix: Path treversal in cache deletion API. (CVE-2026-40605) (Thanks @​JakePeralta7)
    • Fix: Websocket not exiting and reconnecting cleanly after changing Plex servers.
    • Fix: Sanitize JS log errors to prevent XSS. (CVE-2026-43984) (Thanks @​larlarua)
    • Fix: Do not store image hash for external images. (CVE-2026-43986) (Thanks @​larlarua)
    • New: Update Windows and MacOS packages to Python 3.13.
    • New: Update Snap package to core24.
    • New: Using mounted folders for custom newsletter templates and scripts requires manually enabling allow_mounted_folders = 1 in the config file.
    • New: Added anti-CSRF tokens and enforce POST methods to state change endpoints. (CVE-2026-43985) (Thanks @​larlarua)
    • New: Hash Tautulli cookie name. All existing login sessions will be invalidated after the update.
    • New: Require X-Api-Key header for login through the /auth/signin endpoint.

Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@unsc-oni-ancilla

Copy link
Copy Markdown
Contributor Author
--- kubernetes/apps/media/tautulli/app Kustomization: media/tautulli Deployment: media/tautulli

+++ kubernetes/apps/media/tautulli/app Kustomization: media/tautulli Deployment: media/tautulli

@@ -29,13 +29,13 @@

         app.kubernetes.io/name: tautulli
     spec:
       containers:
       - env:
         - name: TZ
           value: America/New_York
-        image: ghcr.io/tautulli/tautulli:v2.17.0@sha256:9c73937390116e6875970f4c816ddfa9d905cc88f76f2ddbf4eaca2ea2715006
+        image: ghcr.io/tautulli/tautulli:v2.17.1@sha256:112abf6fa1ce352acb7fd96f14eaef3d5d8cda2906e59448bf8fb13b74ad10c1
         name: app
         ports:
         - containerPort: 8181
           name: http
         resources:
           limits:

@binaryn3xus binaryn3xus merged commit 56e8bdd into main May 5, 2026
12 checks passed
@binaryn3xus binaryn3xus deleted the renovate/ghcr.io-tautulli-tautulli-2.x branch May 5, 2026 02:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant