Skip to content

v0.16.12

Latest

Choose a tag to compare

@github-actions github-actions released this 06 Jul 12:55

[0.16.12] - 2026-07-06

If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

Changed

Fixed

  • DANE: Treat DNSSEC bogus as a temporary failures to prevent downgrade attacks.
  • OIDC provider:
    • ECDSA private key support for SEC1 format.
    • Allow ports in redirect_uri for loopback addresses.
  • OIDC directory:
    • Removing a user from all groups does not sync the changes correctly.
    • Fetch name and group claims from userinfo endpoint when missing from the JWT token.
  • PostgreSQL: Include error chain in error messages.
  • Prometheus: event counters are exported with incorrect metric names.
  • Registry: Changing the type of an existing account from user to group panics.
  • Masked emails: Return UnknownRecipient only for disabled or expired masked emails.
  • IDN: sanitize_email rejects valid Punycode domains.
  • Auto-ban: IP block expiration ignores per-reason ban durations.
  • Meilisearch: Limit the text search scope using attributesToSearchOn.
  • CalDAV: calendar-query REPORT returns invalid HTTP 404 when no events match the query.
  • Snowflake past id generation fails when the provided duration is longer than 4 years.
  • Calendar scheduling: Wrong RSVP base URL is used.
  • Network listener: Accept loop spins all CPU cores with no back-off when the process hits EMFILE (too many open files).
  • Cluster: Broadcast MTA queue refresh events to all nodes.

Check binary attestation here