v7.3.0

What's Changed

• fix: demote per-request Local Bypass Mode log lines from INFO to DEBUG by @jeblankenship in #67
• fix: demote high-frequency internal log lines from INFO to DEBUG by @jeblankenship in #68
• fix: restore sidebar spacing between logo and Core nav group by @jeblankenship in #69
• fix: add security response headers and .dockerignore by @jeblankenship in #70
• fix: add Dockerfile HEALTHCHECK and suppress urllib3 InsecureRequestWarning by @jeblankenship in #71
• fix: replace console.log/warn/info/debug with silent-by-default logger by @jeblankenship in #72
• chore: release 7.3.0 by @jeblankenship in #73

Full Changelog: v7.2.0...v7.3.0

v7.2.0

What's Changed

• refactor: remove orphaned dead code files by @jeblankenship in #49
• chore: remove FUNDING.yml by @jeblankenship in #50
• docs: add SECURITY.md and document branch/PR workflow by @jeblankenship in #51
• ci: remove continue-on-error from Trivy SARIF upload by @jeblankenship in #52
• refactor: remove remaining dead code (routes.py, config.py cleanup) by @jeblankenship in #53
• fix: replace print() with logger in sonarr and lidarr arr_request by @jeblankenship in #54
• test: add eros API tests (38 tests) by @jeblankenship in #55
• test: add missing.py and upgrade.py tests for all 6 apps (148 tests) by @jeblankenship in #56
• test: add background.py tests (18 tests); add local build tag convention to CLAUDE.md by @jeblankenship in #57
• ci: add pytest-cov coverage reporting by @jeblankenship in #58
• Add ruff linting to CI, replace flake8, fix all violations by @jeblankenship in #59
• docs: note multi-arch Docker image support (amd64 + arm64) by @jeblankenship in #60
• fix: use valid_window=1 for all TOTP verify calls by @jeblankenship in #62
• ci: add GitHub issue templates (bug report + feature request) by @jeblankenship in #61
• remove: drop Windows service module by @jeblankenship in #63
• docs: update CLAUDE.md and CHANGELOG for post-v7.1.0 changes by @jeblankenship in #64
• docs: remove Unraid App Store claim; soften curated-collection warning by @jeblankenship in #65
• chore: release 7.2.0 by @jeblankenship in #66

Full Changelog: v7.1.0...v7.2.0

v7.1.0

What's Changed

• test: add Tier 1 test suite (69 tests) by @jeblankenship in #22
• ci: auto-release on Docker push, fix CVE and security workflow by @jeblankenship in #23
• test: add scheduler engine tests (38 tests) by @jeblankenship in #25
• test: add history manager tests (41 tests) by @jeblankenship in #26
• test: add stateful manager tests (30 tests) by @jeblankenship in #27
• chore(deps): bump pytest from 8.4.2 to 9.0.3 by @dependabot[bot] in #24
• test: add Flask route smoke tests for web_server (25 tests) by @jeblankenship in #28
• test: add hourly cap scheduler tests (18 tests) by @jeblankenship in #29
• test: add scheduler routes tests (21 tests) by @jeblankenship in #30
• test: add stateful and history route tests (30 tests) by @jeblankenship in #31
• test: add config and keys manager tests (27 tests) by @jeblankenship in #32
• test: add sonarr routes tests (18 tests) by @jeblankenship in #33
• test: add swaparr routes tests (17 tests) by @jeblankenship in #34
• test: add extended auth tests — 2FA, change username/password (33 tests) by @jeblankenship in #35
• test: add migrate_settings and history_utils tests (17 tests) by @jeblankenship in #36
• test: add proxy middleware tests (24 tests) by @jeblankenship in #37
• fix: route all API calls through arr_request to enforce SSL verification by @jeblankenship in #38
• refactor: remove dead code — unused files, stub functions, unused imp… by @jeblankenship in #39
• fix(ssl): route readarr/whisparr HTTP calls through arr_request for SSL compliance by @jeblankenship in #40
• refactor: clean up code issues found in full API audit by @jeblankenship in #41
• complete SSL audit — swaparr/whisparr fixes, docs overhaul, Whisparr v2/v3 naming by @jeblankenship in #42
• fix(whisparr): correct arr_request primary URL to /api/ for Whisparr v2 by @jeblankenship in #43
• fix(swaparr): use params dict instead of embedded query strings by @jeblankenship in #44
• refactor(sonarr): extract _fetch_paginated to eliminate retry loop duplication by @jeblankenship in #45
• refactor: consolidate test-connection handlers into shared utility by @jeblankenship in #46
• refactor: remove dead code in readarr/api.py and eros/api.py by @jeblankenship in #47
• docs: 7.1.0 release prep by @jeblankenship in #48

New Contributors

• @dependabot[bot] made their first contribution in #24

Full Changelog: v7.0.0...v7.1.0

v7.0.0 — Seekarr

---

Docker

docker pull ghcr.io/diybits/seekarr:7.0.0

---

What is Seekarr?

Seekarr is a fork of Huntarr v6.6.3 by the PlexGuide team. It continuously searches your *Arr applications (Sonarr, Radarr, Lidarr, Readarr, Whisparr, Eros) for missing media and quality upgrades, with a web UI on port 9705.

---

⚠ Breaking Changes (upgrading from Huntarr)

• Session cookie renamed (huntarr_session → seekarr_session) — all users must log in again after upgrading.
• Docker volume renamed (huntarr-config → seekarr-config) — migrate your data before upgrading:

  docker volume create seekarr-config                                                                                                                        
  docker run --rm -v huntarr-config:/from -v seekarr-config:/to alpine sh -c "cp -av /from/. /to/"                                                           
  docker volume rm huntarr-config                                                                                                                            

• /api/stats/reset_public removed — use the authenticated /api/stats/reset endpoint instead.
• Environment variable renamed (HUNTARR_RUN_MIGRATION → SEEKARR_RUN_MIGRATION).

---

Security Fixes

• [HIGH] Removed hardcoded fallback Flask secret key ('dev_key_for_sessions'). A cryptographically random 64-character key is now auto-generated on first start and stored at /config/secret_key.
• [HIGH] Local Bypass Mode authentication now uses only the OS-level TCP peer address (request.remote_addr). Previously, any client could send X-Forwarded-For: 127.0.0.1 to bypass auth.
• [MEDIUM] Removed unauthenticated /api/stats/reset_public endpoint.
• [MEDIUM] Passwords now hashed with bcrypt instead of SHA-256. Existing accounts are migrated automatically on next login — no action required.

---

What Changed

• Full rebrand from Huntarr → Seekarr across all source files, templates, assets, and documentation.
• 76 broken in-app help icon links replaced with real GitHub Pages docs URLs.
• Reverse proxy support (TRUST_PROXY=1), session persistence across restarts, and secure cookie flag.
• Python updated to 3.11; 6 dependency CVEs resolved.
• GitHub Actions overhauled: new CI pipeline (lint + test), security scanning (pip-audit + Trivy), and this release workflow.
• Full GitHub Pages documentation site with per-app integration guides and a How It Works page.

---