1.23.9
Caution
If you are using a reverse proxy, the security fix may cause connection issue to the WebSocket server. You should add ProxyPreserveHost on
in your <VirtualHost>
for Apache, and proxy_set_header Host $host;
for Nginx. Read more: #4210 (comment)
Warning
If you are using a 3rd-party frontend/tools this may be a breaking change, as the WebSocket Origin has to now match your server hostname.
Set the environment variable UPTIME_KUMA_WS_ORIGIN_CHECK=bypass
to skip this check.
See GHSA-mj22-23ff-2hrr for further details.
⬆️ Improvements
- #4163 Add an
aria-label
to the monitor search box (Thanks @CommanderStorm) - #4175 chore: added a helptext for
ntfy
'spriority
field (Thanks @CommanderStorm)
🐛 Bug Fixes
- #4186 Fix: Correct Maintenance Start/End Time Input to Use Explicitly Specified Timezone (Thanks @Ritik0102)
- #4162 Fixed the buttons of
ActionsSelect
andActionsInput
having a defaulttype="submit"
(Thanks @CommanderStorm)
⬆️ Security Fixes
- GHSA-88j4-pcx8-q4q3 Fix: Changing Password did not close all logged in socket connections immediately
- GHSA-mj22-23ff-2hrr WebSocket server can only be connected from the same origin only (Similar to the CORS policy)
- Added an environment variable
UPTIME_KUMA_WS_ORIGIN_CHECK
:cors-like
(default) andbypass
Others
- Other small changes, code refactoring and comment/doc updates in this repo:
- #4158 (Thanks @Saibamen)
Please let me know if your username is missing, if your pull request has been merged in this version, or your commit has been included in one of the pull requests.