• Milestone

A few highlights ✨:

• Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After
• Add sort by category title, or by feed title
• Add search operator c: for categories like c:23,34 or !c:45,56
• Custom feed favicons
• Several security improvements, such as:
  • Implement reauthentication (sudo mode)
  • Add Content-Security-Policy: frame-ancestors
  • Ensure CSP everywhere
  • Fix access rights when creating a new user
• Several bug fixes, such as:
  • Fix redirections when scraping from HTML
  • Fix feed redirection when coming from WebSub
  • Fix support for XML feeds with HTML entities, or encoded in UTF-16LE
• Docker alternative image updated to Alpine 3.22 with PHP 8.4 (PHP 8.4 for default Debian image coming soon)
• Start supporting PHP 8.5+
• And much more…

This release has been made by @Alkarex, @Inverle, @the7thNightmare and newcomers @Deioces120, @Fraetor, @Tarow, @dotsam, @hilariousperson, @pR0Ps, @triatic, @tryallthethings

Full changelog:

• Features
  • Implement support for HTTP 429 Too Many Requests and 503 Service Unavailable, obey Retry-After #7760
  • Add sort by category title, or by feed title #7702
  • Add search operator c: for categories like c:23,34 or !c:45,56 #7696
  • Custom feed favicons #7646, #7704, #7717,
    #7792
  • Rework fetch favicons for fewer HTTP requests #7767
  • Add more unicity criteria based on title and/or content #7789
  • Automatically restore user configuration from backup #7682
  • API add support for states in s parameter of streamId #7695
  • Improve sharing via Print #7728
  • Redirect to the login page from bookmarklet instead of 403 #7782
  • Clean local cache more often, when refreshing feeds #7827
• Security
  • Implement reauthentication (sudo mode) #7753
  • Add Content-Security-Policy: frame-ancestors #7677
  • Ensure CSP everywhere #7810
  • Show warning when unsafe CSP policy is in use #7804
  • Fix access rights when creating a new user #7783
  • Improve security of form for user details #7771, #7786
  • Disallow setting non-existent theme #7722
  • Regenerate cookie ID after logging out #7762
  • Require current password when setting new password #7763
  • Add missing access checks for feed-related actions #7768
  • Strip more unsafe attributes such as referrerpolicy, ping #7770
  • Remove unneeded execution permissions #7802
• Bug fixing
  • Fix redirections when scraping from HTML #7654, #7741
  • Fix multiple authentication HTTP headers #7703
  • Fix HTML queries with a single feed #7730
  • WebSub: only perform a redirection when coming from WebSub #7738
  • Include enclosures in entries’ hash #7719
    • Negative side-effect: users of the option to automatically mark updated articles as unread will once have some articles with enclosures re-appear as unread
  • Fix cancellation of slider exit UI #7705
  • Honor disable update on update page #7733
  • Fix no registration limit setting #7751
  • Fix XML encoding of sharing functions #7822
• SimplePie
  • Fix propagation of HTTP error codes #7670
  • Fix support for XML feeds with HTML entities #7689, simplepie#915
  • Fix feeds encoded in UTF-16LE #7691, simplepie#916
  • Various upstream contributions simplepie#917, simplepie#924,
    simplepie#926, simplepie#932, simplepie#933
  • Sync upstream #7706, FreshRSS/simplepie#45, #7775,
    FreshRSS/simplepie#50, #7824, #7825,
  • Fix regex Backtrack limit was exhausted in clean_hash() #7813, FreshRSS/simplepie#48
• Deployment
  • Docker default image (Debian 12 Bookworm) updated to PHP 8.2.29 #7805
  • Docker alternative image updated to Alpine 3.22 with PHP 8.4.11 and Apache 2.4.65 #7740, #7740,
    #7803
  • Start supporting PHP 8.5+ #7787, #7826
    • Docker Alpine dev image :newest updated to PHP 8.5-alpha and Apache 2.4.65 #7773
  • Docker: interpolate FRESHRSS_INSTALL and FRESHRSS_USER variables #7725
  • Docker: Reduce how much data needs to be chown/chmod’ed on container startup #7793
  • Test for database PDO typing support during install (relevant for MySQL / MariaDB with obsolete driver) #7651
• Extensions
  • Add API endpoint for extensions #7576
  • Expose the reading modes for extensions #7668, #7688
  • New extension hook before_login_btn #7761
• UI
  • Improve mark as read request showing popup due to onbeforeunload #7554
  • Fix lazy-loading for <video poster="..."> and <image> #7636
  • Avoid styling <code> inside of <pre> #7797
  • Improve confirmation logic with data-auto-leave-validation #7785
  • Update chart.js to 4.5.0 #7752, #7816
  • Various UI and style improvements: #7616, #7811
• I18n
  • Show translation status in README #7715
  • Improve Indonesian #7654, #7721
  • Improve Persian #7795
• Misc.
  • Improve PHP code #7642, #7665, #7761,
    #7781, #7794
  • Update dev dependencies #7708, #7709, #7710,
    #7711, #7776, #7777

• Milestone

In this release, we have restarted to focus on features. A long-awaited feature has been added, namely sorting articles by various criteria: received date (existing, default), publication date, title, link, random.

A few highlights ✨:

• Add order-by options to sort articles by received date (existing, default), publication date, title, link, random
• Allow searching in all feeds, also feeds only visible at category level with &get=A, and also those archived with &get=Z
  • UI accessible from user-query view
• New shortcuts for adding user labels to articles
• Several improvements and bug fixes

This release has been made by @Alkarex, @b-reich, @hkcomori, @math-GH, @UserRoot-Luca
and newcomers @a6software, @aftix, @bl00dy1837, @brtmax, @Roan-V, @ShaddyDC, @UncleArya

Full changelog:

• Features
  • Add order-by options to sort articles by received date (existing, default), publication date, title, link, random #7149
  • Allow searching in all feeds, also feeds only visible at category level with &get=A, and also those archived with &get=Z #7144
    • UI accessible from user-query view
  • Add search operator intext: #7228
  • New shortcuts for adding user labels to articles #7274
  • New About page with system information #7161
• Bug fixing
  • Fix regression denying access to app manifest #7158
  • Fix unwanted feed description updates #7269
  • Ensure no PHP buffer for SQLite download (some setups would first put the file in memory) #7230
  • Fix XML encoding regression in HTML+XPath mode #7345
  • Improve cURL proxy options and fix some constants #7231
  • Fix UI of global view unread articles counter #7247
  • Hide base theme in carrousel #7234
• Deployment
  • Reduce superfluous Docker builds #7137
  • Docker default image (Debian 12 Bookworm) updated to PHP 8.2.26 and Apache 2.4.62
  • Docker alternative image (Alpine 3.21) updated to PHP 8.3.16
• UI
  • Add footer icons to reader view #7133
  • Remove local reference to font Open Sans to avoid bugs with some local versions #7215
  • Improve stats page layout #7243
  • Smaller mark as read button in mobile view #5220
  • Add CSS class to various types of notifications to allow custom styling #7287
  • Various UI and style improvements: #7162, #7268
    Security
  • Better authorization label for OIDC in the UI #7264
  • Allow comments in force-https.txt #7259
• I18n:
  • Improve German #7177, #7275, #7278
  • Improve Japanese #7187, #7195, #7332
• Misc.
  • Improve PHP code #7191, #7204
    • Upgrade to PHPStan 2 #7131, #7164, #7224,
      #7270, #7281, #7282
  • Update to CssXPath 1.3.0 (no change) #7211
  • Update dev dependencies #7165, #7166, #7167,
    #7279, #7280, #7283,
    #7284, #7285, #7347
  • Update GitHub Actions to Ubuntu 24.04 #7207