Skip to content

1.23.9

Compare
Choose a tag to compare
@louislam louislam released this 10 Dec 13:06
· 953 commits to master since this release

Caution

If you are using a reverse proxy, the security fix may cause connection issue to the WebSocket server. You should add ProxyPreserveHost on in your <VirtualHost> for Apache, and proxy_set_header Host $host; for Nginx. Read more: #4210 (comment)

Warning

If you are using a 3rd-party frontend/tools this may be a breaking change, as the WebSocket Origin has to now match your server hostname.
Set the environment variable UPTIME_KUMA_WS_ORIGIN_CHECK=bypass to skip this check.
See GHSA-mj22-23ff-2hrr for further details.

⬆️ Improvements

🐛 Bug Fixes

  • #4186 Fix: Correct Maintenance Start/End Time Input to Use Explicitly Specified Timezone (Thanks @Ritik0102)
  • #4162 Fixed the buttons of ActionsSelect and ActionsInput having a default type="submit" (Thanks @CommanderStorm)

⬆️ Security Fixes

  • GHSA-88j4-pcx8-q4q3 Fix: Changing Password did not close all logged in socket connections immediately
  • GHSA-mj22-23ff-2hrr WebSocket server can only be connected from the same origin only (Similar to the CORS policy)
  • Added an environment variable UPTIME_KUMA_WS_ORIGIN_CHECK: cors-like (default) and bypass

Others

  • Other small changes, code refactoring and comment/doc updates in this repo:
  • #4158 (Thanks @Saibamen)

Please let me know if your username is missing, if your pull request has been merged in this version, or your commit has been included in one of the pull requests.