Skip to content

v1.11.0

Latest

Choose a tag to compare

@iuliandita iuliandita released this 01 Jul 00:43
v1.11.0
1dd1f18

Run digarr with no external database, pull recommendations from a Subsonic server, and migrate your backend in-app -- plus a security hardening pass on account identity.

Added

  • Embedded PGlite database backend. Run digarr with no separate PostgreSQL container (docker run with no DB env, or docker-compose.pglite.yml). PostgreSQL remains the default; existing deployments are unaffected.
  • In-app PGlite <-> PostgreSQL migration (admin-gated). Takes a consistent read-only snapshot, blocks writes during the copy (reads keep serving), restores atomically into the target, and verifies every table by row count and content hash. Source is never modified; the switch is reversible. See Switching the Database Backend.
  • Subsonic source (Navidrome / Airsonic / Gonic / Subsonic), at parity with Plex/Jellyfin/Emby -- seeds discovery from your starred artists and syncs your library for filtering and gap-fill.
  • Self-service account email field (Settings -> Account), stored case-insensitively and unique across users.
  • Last.fm fallback for popular-album approval when Spotify is not connected.

Changed

  • Concurrent scans are queued, not rejected -- a "Run Scan" while another run is active now waits behind it and reports your queue position, instead of being refused.
  • Partial multi-target approvals are surfaced and retryable -- the approve toast reports per-target outcome ("Added to 2 of 3 targets -- failed: ..."), and "Retry failed" re-attempts only the failed targets without regressing the ones that succeeded.
  • Default Docker image is now alpine -- drops from 13 to 2 HIGH/CRITICAL OS-package CVEs. Upgrading in place is transparent; pin the new -debian tags if you need the glibc base.
  • migrate-backend errors unified under application/problem+json (report body on 200 only).
  • Spotify connect form shows the exact Redirect URI to register, with a copy button.

Fixed

  • Album-level approval now actually monitors and downloads the selected albums in Lidarr -- previously they were silently never grabbed because Lidarr populates the album list asynchronously. (#329)
  • Setup wizard now tells you why it failed -- it surfaces the backend's specific error and any missing-fields list instead of a generic "Setup failed" toast. (#330)
  • Lidarr root folder resolved dynamically instead of assuming id 1; setup wizard no longer 400s on blank AI fields; webhook credentials redacted in logs.
  • Keyboard-operable "Approve with monitoring options" dropdown (focus management, arrow nav, Escape, menu/menuitem semantics).
  • Restored stripped diacritics in Spanish, French, Italian, Romanian, Polish, and Brazilian Portuguese; the locale linter now guards against the regression.
  • Hardened external-API edge cases: a non-Subsonic response from a misconfigured Subsonic server surfaces a clear error, and a retrying MusicBrainz request no longer holds the shared rate-limit slot during its backoff.

Security

  • GHSA-w643-583p-vm6m: OIDC/SSO account-takeover fix + email hardening. OIDC identities now link to local accounts by the issuer subject (sub) only -- never by email -- so an attacker who sets an arbitrary unverified email at their IdP can no longer bind to an existing local account. Account emails are normalized + case-insensitively unique, email writes are rate-limited, and the migration connection pool enforces TLS and a statement timeout. Operators running OIDC should upgrade.

Pre-release deep-audit remediation (Phases 0/1/3/4/5: #334 #335 #336 #337 #338) soaked on the :nightly channel before this cut. Phase 6 (#339) is P3 polish, intentionally deferred.

Full per-change detail: CHANGELOG.md. Images: GHCR + Docker Hub (iuliandita/digarr:1.11.0, alpine default; :1.11.0-debian for glibc). Signed (cosign keyless) with SBOM + build-provenance attestations.