MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    v2.36.0

    Scheduled Pinned Locked Moved MagicMirror
    1 Posts 1 Posters 29 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • karsten13K Offline
      karsten13
      last edited by

      Release Notes

      Thanks to: @cgillinger, @khassel, @KristjanESPERANTO, @sonnyb9

      ⚠️ This release needs nodejs version >=22.21.1 <23 || >=24 (no change to previous release)

      Compare to previous Release v2.35.0

      This release falls outside the quarterly schedule. We opted for an early release due to:

      • Security fix for the internal cors proxy
      • API change of the weather provider smi
      • Several bug fixes

      Breaking Changes

      The cors proxy is now disabled by default. If required, it must be explicitly enabled in the config.js file. See the documentation.

      ⚠️ Security

      You can find several publicly accessible MagicMirror² instances.

      This should never be done. Doing so makes your entire configuration, including secrets and API keys, publicly visible. Furthermore, it allows attackers to target the host; this is only prevented beginning with this release.

      Public MagicMirror² instances should always run behind a reverse proxy with authentication.

      [core]

      • Prepare Release 2.36.0 (#4126)
      • Allow HTTPFetcher to pass through 304 responses (#4120)
      • fix(http-fetcher): fall back to reloadInterval after retries exhausted (#4113)
      • config endpoint must handle functions in module configs (#4106)
      • fix replaceSecretPlaceholder (#4104)
      • restrict replaceSecretPlaceholder to cors with allowWhitelist (#4102)
      • fix: prevent crash when config is undefined in socket handler (#4096)
      • fix cors function for alpine linux (#4091)
      • fix(cors): prevent SSRF via DNS rebinding (#4090)
      • add option to disable or restrict cors endpoint (#4087)
      • fix: prevent SSRF via /cors endpoint by blocking private/reserved IPs (#4084)
      • chore: add permissions section to enforce pull-request rules workflow (#4079)
      • update version for develop

      [dependencies]

      • update dependencies (#4124)
      • chore: update dependencies (#4088)
      • refactor: enable ESLint rule “no-unused-vars” and handle related issues (#4080)

      [modules/newsfeed]

      • fix(newsfeed): prevent duplicate parse error callback when using pipeline (#4083)

      [modules/updatenotification]

      • fix(updatenotification): harden git command execution + simplify checkUpdates (#4115)
      • fix(tests): correct import path for git_helper module in updatenotification tests (#4078)

      [modules/weather]

      • fix(weather): use nearest openmeteo hourly data (#4123)
      • fix(weather): avoid loading state after reconnect (#4121)
      • weather: fix UV index display and add WeatherFlow precipitation (#4108)
      • fix(weather): restore OpenWeatherMap v2.5 support (#4101)
      • fix(weather): use stable instanceId to prevent duplicate fetchers (#4092)
      • SMHI: migrate to SNOW1gv1 API (replace deprecated PMP3gv2) (#4082)

      [testing]

      • ci(actions): set explicit token permissions (#4114)
      • fix(http_fetcher): use undici.fetch when dispatcher is present (#4097)
      • ci(codeql): also scan develop branch on push and PR (#4086)
      • refactor: replace implicit global config with explicit global.config (#4085)
      1 Reply Last reply Reply Quote 1
      • karsten13K karsten13 locked this topic

      Hello! It looks like you're interested in this conversation, but you don't have an account yet.

      Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

      With your input, this post could be even better 💗

      Register Login
      • 1 / 1
      • First post
        Last post
      Enjoying MagicMirror? Please consider a donation!
      MagicMirror created by Michael Teeuw.
      Forum managed by Sam, technical setup by Karsten.
      This forum is using NodeBB as its core | Contributors
      Contact | Privacy Policy