Update package version to 1.26.0

| datasource      | package           | from   | to     |
| --------------- | ----------------- | ------ | ------ |
| github-releases | FreshRSS/FreshRSS | 1.26.3 | 1.27.0 |

CHANGELOG.md

@@ -359,3 +359,71 @@
 * I18n
 * Misc.
 
+[1.24.0]
+* Update FreshRSS to 1.26.0
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.26.0)
+* Add order-by options to sort articles by received date (existing, default), publication date, title, link, random
+* Allow searching in all feeds, also feeds only visible at category level with &get=A, and also those archived with &get=Z
+* UI accessible from user-query view
+* New shortcuts for adding user labels to articles
+* Several improvements and bug fixes
+
+[1.24.1]
+* Update FreshRSS to 1.26.1
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.26.1)
+* Fix back-compatibility with cURL 7.51 (we require cURL 7.52+ for `CURLPROXY_HTTPS`)
+* Add cURL version to page about system information
+* Fix regression with cURL HTTP headers breaking conditional HTTP requests
+* Fix regression with saving states of user queries
+* Fix regression with dynamic OPML
+* Fix update of the users last activity on login action
+* Fix setting category option *Maximum number of articles to keep per feed*
+* Fix priority field when processing a new feed from an extension
+* Use case-insensitive sort for categories
+* Improve dark mode of *Origine* theme
+
+[1.25.0]
+* Update base image to 5.0.0
+
+[1.25.1]
+* Update FreshRSS to 1.26.2
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.26.2)
+* Implement JSON string concatenation with & operator [#7414](https://github.com/FreshRSS/FreshRSS/pull/7414)
+* Support multiple JSON fragments in HTML+XPath+JSON mode [#7369](https://github.com/FreshRSS/FreshRSS/pull/7369)
+* Fix escaping of tag search [#7468](https://github.com/FreshRSS/FreshRSS/pull/7468)
+* Fix CLI parsing of Boolean flags [#7430](https://github.com/FreshRSS/FreshRSS/pull/7430)
+* Fix API for labels with slash [#7437](https://github.com/FreshRSS/FreshRSS/pull/7437)
+* Fix support for feeds with XML preamble + DTD [#7515](https://github.com/FreshRSS/FreshRSS/pull/7515), [simplepie#914](https://github.com/simplepie/simplepie/pull/914)
+* Disallow `<iframe srcdoc="">` [#7494](https://github.com/FreshRSS/FreshRSS/pull/7494), [CVE-2025-32015](https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-wgrq-mcwc-8f8v)
+* Disallow `<button formaction="">` [#7506](https://github.com/FreshRSS/FreshRSS/pull/7506)
+* Improve favicons hash to avoid favicon pollution [#7505](https://github.com/FreshRSS/FreshRSS/pull/7505), [CVE-2025-46339](https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-8f79-3q3w-43c4)
+* Add `Content-Security-Policy` HTTP headers to favicons [#7471](https://github.com/FreshRSS/FreshRSS/pull/7471), [CVE-2025-31136](https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-f6r4-jrvc-cfmr)
+
+[1.25.2]
+* Update FreshRSS to 1.26.3
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.26.3)
+* Keep sort and order criteria during navigation [#&#8203;7585](https://github.com/FreshRSS/FreshRSS/pull/7585)
+* Add info about `PDO::ATTR_CLIENT_VERSION` (relevant for MySQL / MariaDB with obsolete driver) [#&#8203;7591](https://github.com/FreshRSS/FreshRSS/pull/7591)
+* Fix SQL request for user labels with custom sort (affecting PostgreSQL) [#&#8203;7588](https://github.com/FreshRSS/FreshRSS/pull/7588)
+* Fix regression for favicon in GReader and Fever APIs [#&#8203;7573](https://github.com/FreshRSS/FreshRSS/pull/7573)
+* Fix newest articles (within last second) not shown [#&#8203;7577](https://github.com/FreshRSS/FreshRSS/pull/7577)
+* Fix duplicate HTTP header for POST [#&#8203;7556](https://github.com/FreshRSS/FreshRSS/pull/7556)
+* Fix important articles on reader view [#&#8203;7602](https://github.com/FreshRSS/FreshRSS/pull/7602)
+* Fix remove last share method [#&#8203;7613](https://github.com/FreshRSS/FreshRSS/pull/7613)
+* Fix API handling of default category [#&#8203;7610](https://github.com/FreshRSS/FreshRSS/pull/7610)
+* Fix user self-deletion [#&#8203;7626](https://github.com/FreshRSS/FreshRSS/pull/7626)
+
+[1.26.0]
+* Update FreshRSS to 1.27.0
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.0)
+* Implement support for HTTP `429 Too Many Requests` and `503 Service Unavailable`, obey `Retry-After` [#&#8203;7760](https://github.com/FreshRSS/FreshRSS/pull/7760)  
+* Add sort by category title, or by feed title [#&#8203;7702](https://github.com/FreshRSS/FreshRSS/pull/7702)  
+* Add search operator `c:` for categories like `c:23,34` or `!c:45,56` [#&#8203;7696](https://github.com/FreshRSS/FreshRSS/pull/7696)  
+* Custom feed favicons [#&#8203;7646](https://github.com/FreshRSS/FreshRSS/pull/7646), [#&#8203;7704](https://github.com/FreshRSS/FreshRSS/pull/7704), [#&#8203;7717](https://github.com/FreshRSS/FreshRSS/pull/7717), [#&#8203;7792](https://github.com/FreshRSS/FreshRSS/pull/7792)  
+* Rework fetch favicons for fewer HTTP requests [#&#8203;7767](https://github.com/FreshRSS/FreshRSS/pull/7767)  
+* Add more unicity criteria based on title and/or content [#&#8203;7789](https://github.com/FreshRSS/FreshRSS/pull/7789)  
+* Automatically restore user configuration from backup [#&#8203;7682](https://github.com/FreshRSS/FreshRSS/pull/7682)  
+* API add support for states in `s` parameter of `streamId` [#&#8203;7695](https://github.com/FreshRSS/FreshRSS/pull/7695)  
+* Improve sharing via Print [#&#8203;7728](https://github.com/FreshRSS/FreshRSS/pull/7728)  
+* Redirect to the login page from bookmarklet instead of 403 [#&#8203;7782](https://github.com/FreshRSS/FreshRSS/pull/7782)
+

CloudronManifest.json

@@ -5,8 +5,8 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "RSS feed reader",
-  "version": "1.23.0",
-  "upstreamVersion": "1.25.0",
+  "version": "1.26.0",
+  "upstreamVersion": "1.27.0",
   "healthCheckPath": "/",
   "httpPort": 8000,
   "addons": {
@@ -51,6 +51,6 @@
   "postInstallMessage": "file://POSTINSTALL.md",
   "minBoxVersion": "8.1.0",
   "forumUrl": "https://forum.cloudron.io/category/27/freshrss",
-  "documentationUrl": "https://cloudron.io/documentation/apps/freshrss/",
+  "documentationUrl": "https://cloudron.io/documentation/packages/freshrss/",
   "optionalSso": true
 }

Dockerfile

@@ -1,4 +1,4 @@
-FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
+FROM cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c
 
 RUN apt-get update && apt-get install --no-install-recommends -y libapache2-mod-auth-openidc && rm -rf /var/cache/apt /var/lib/apt/lists
 
@@ -6,7 +6,7 @@ RUN mkdir -p /app/code
 WORKDIR /app/code
 
 # renovate: datasource=github-releases depName=FreshRSS/FreshRSS versioning=semver
-ARG FRESHRSS_VERSION=1.25.0
+ARG FRESHRSS_VERSION=1.27.0
 
 RUN curl -L https://github.com/FreshRSS/FreshRSS/archive/${FRESHRSS_VERSION}.tar.gz | tar -zxvf - --strip-components=1 && \
     mv data data-orig && ln -s /app/data data
@@ -29,15 +29,15 @@ RUN a2enmod headers expires deflate mime dir rewrite setenvif auth_openidc
 
 RUN rm -rf /var/lib/php && ln -s /run/php /var/lib/php
 
-RUN crudini --set /etc/php/8.1/apache2/php.ini PHP upload_max_filesize 64M && \
-    crudini --set /etc/php/8.1/apache2/php.ini PHP post_max_size 64M && \
-    crudini --set /etc/php/8.1/apache2/php.ini PHP memory_limit 64M && \
-    crudini --set /etc/php/8.1/apache2/php.ini Session session.save_path /run/php/session && \
-    crudini --set /etc/php/8.1/apache2/php.ini Session session.gc_probability 1 && \
-    crudini --set /etc/php/8.1/apache2/php.ini Session session.gc_divisor 100
+RUN crudini --set /etc/php/8.3/apache2/php.ini PHP upload_max_filesize 64M && \
+    crudini --set /etc/php/8.3/apache2/php.ini PHP post_max_size 64M && \
+    crudini --set /etc/php/8.3/apache2/php.ini PHP memory_limit 64M && \
+    crudini --set /etc/php/8.3/apache2/php.ini Session session.save_path /run/php/session && \
+    crudini --set /etc/php/8.3/apache2/php.ini Session session.gc_probability 1 && \
+    crudini --set /etc/php/8.3/apache2/php.ini Session session.gc_divisor 100
 
-RUN ln -s /app/data/php.ini /etc/php/8.1/apache2/conf.d/99-cloudron.ini && \
-    ln -s /app/data/php.ini /etc/php/8.1/cli/conf.d/99-cloudron.ini
+RUN ln -s /app/data/php.ini /etc/php/8.3/apache2/conf.d/99-cloudron.ini && \
+    ln -s /app/data/php.ini /etc/php/8.3/cli/conf.d/99-cloudron.ini
 
 ADD start.sh /app/code/start.sh
 

start.sh

@@ -54,7 +54,7 @@ php cli/reconfigure.php ${extra_args} --base_url "https://${CLOUDRON_APP_DOMAIN}
     --disable_update
 
 echo "==> Setting permissions"
-chown -R www-data.www-data /run/php /app/data /tmp/log_api.txt
+chown -R www-data:www-data /run/php /app/data /tmp/log_api.txt
 
 echo "==> Starting apache"
 APACHE_CONFDIR="" source /etc/apache2/envvars

test/package.json

@@ -9,10 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^131.0.4",
+    "chromedriver": "^139.0.1",
     "expect.js": "^0.3.1",
-    "mocha": "^11.0.1",
-    "selenium-webdriver": "^4.27.0",
-    "superagent": "^10.1.1"
+    "mocha": "^11.7.1",
+    "selenium-webdriver": "^4.35.0",
+    "superagent": "^10.2.3"
   }
 }

test/test.js

@@ -98,7 +98,7 @@ describe('Application life cycle test', function () {
     }
 
     async function logout() {
-        var logout_btn = By.xpath('//li/a[@class="signout"]');
+        var logout_btn = By.xpath('//li/*[contains(@class,"signout")]');
 
         await browser.get('https://' + app.fqdn);
         await waitForElement(By.id('stream'));
@@ -116,16 +116,24 @@ describe('Application life cycle test', function () {
         await waitForElement(By.xpath('//input[@name="url_rss"]'));
         await browser.findElement(By.xpath('//input[@name="url_rss"]')).sendKeys(url);
         await browser.findElement(By.xpath('//form[@id="add_rss"]//button[text()="Add"]')).click();
-        await waitForElement(By.xpath('//div[@id="notification" and @class="notification good"]'));
+        await waitForElement(By.xpath('//div[@id="notification" and contains(@class, "good")]'));
     }
 
-    async function addUser(username, password) {
+    async function addUser(username, password, relogin = true) {
         await browser.get(`${baseUrl()}/i/?c=user&a=manage`);
+
+        if (relogin) {
+            // needs a relogin for admin confirmation
+            await waitForElement(By.id('passwordPlain'));
+            await browser.findElement(By.id('passwordPlain')).sendKeys(admin_password);
+            await browser.findElement(By.id('loginButton')).click();
+        }
+
         await waitForElement(By.id('new_user_name'));
         await browser.findElement(By.id('new_user_name')).sendKeys(username);
         await browser.findElement(By.id('new_user_passwordPlain')).sendKeys(password);
         await browser.findElement(By.xpath('//button[text()="Create"]')).click();
-        await waitForElement(By.xpath('//div[@id="notification" and @class="notification good"]'));
+        await waitForElement(By.xpath('//div[@id="notification" and contains(@class, "good")]'));
     }
 
     async function enableApi() {
@@ -176,8 +184,8 @@ describe('Application life cycle test', function () {
 
     it('can get app information', getAppInfo);
 
-    it('can login OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
     it('can make user Administrator', function () { execSync(`cloudron exec --app ${app.id} -- bash -c "php cli/reconfigure.php --default-user ${USERNAME}"`); });
+    it('can login OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
     it('can subscribe', addSubscription);
     it('can enable API', enableApi);
     it('can check configuration', checkApiConfiguration);
@@ -229,7 +237,7 @@ describe('Application life cycle test', function () {
         expect(app).to.be.an('object');
     });
 
-    it('can add users', addUser.bind(null, 'test', admin_password));
+    it('can add users', addUser.bind(null, 'test', admin_password, false));
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);