Update package version to 1.27.1

| datasource      | package           | from   | to     |
| --------------- | ----------------- | ------ | ------ |
| github-releases | FreshRSS/FreshRSS | 1.28.0 | 1.28.1 |

CHANGELOG.md

@@ -413,3 +413,59 @@
 * Fix API handling of default category [#​7610](https://github.com/FreshRSS/FreshRSS/pull/7610)
 * Fix user self-deletion [#​7626](https://github.com/FreshRSS/FreshRSS/pull/7626)
 
+[1.26.0]
+* Update FreshRSS to 1.27.0
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.0)
+* Implement support for HTTP `429 Too Many Requests` and `503 Service Unavailable`, obey `Retry-After` [#​7760](https://github.com/FreshRSS/FreshRSS/pull/7760)  
+* Add sort by category title, or by feed title [#​7702](https://github.com/FreshRSS/FreshRSS/pull/7702)  
+* Add search operator `c:` for categories like `c:23,34` or `!c:45,56` [#​7696](https://github.com/FreshRSS/FreshRSS/pull/7696)  
+* Custom feed favicons [#​7646](https://github.com/FreshRSS/FreshRSS/pull/7646), [#​7704](https://github.com/FreshRSS/FreshRSS/pull/7704), [#​7717](https://github.com/FreshRSS/FreshRSS/pull/7717), [#​7792](https://github.com/FreshRSS/FreshRSS/pull/7792)  
+* Rework fetch favicons for fewer HTTP requests [#​7767](https://github.com/FreshRSS/FreshRSS/pull/7767)  
+* Add more unicity criteria based on title and/or content [#​7789](https://github.com/FreshRSS/FreshRSS/pull/7789)  
+* Automatically restore user configuration from backup [#​7682](https://github.com/FreshRSS/FreshRSS/pull/7682)  
+* API add support for states in `s` parameter of `streamId` [#​7695](https://github.com/FreshRSS/FreshRSS/pull/7695)  
+* Improve sharing via Print [#​7728](https://github.com/FreshRSS/FreshRSS/pull/7728)  
+* Redirect to the login page from bookmarklet instead of 403 [#​7782](https://github.com/FreshRSS/FreshRSS/pull/7782)
+
+[1.26.1]
+* Update FreshRSS to 1.27.1
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.1)
+* Automatic database recovery: skip broken entries during CLI export/import [#​7949](https://github.com/FreshRSS/FreshRSS/pull/7949)  
+* Add security option for CSP `frame-ancestors` [#​7857](https://github.com/FreshRSS/FreshRSS/pull/7857), [#​8021](https://github.com/FreshRSS/FreshRSS/pull/8021)  
+* Lazy-load `<track src>` [#&#8203;7997](https://github.com/FreshRSS/FreshRSS/pull/7997)  
+* Regenerate session ID on login [#&#8203;7829](https://github.com/FreshRSS/FreshRSS/pull/7829)  
+* Disallow setting non-existent language [#&#8203;7878](https://github.com/FreshRSS/FreshRSS/pull/7878), [#&#8203;7934](https://github.com/FreshRSS/FreshRSS/pull/7934)  
+* Safer calling of `install.php` [#&#8203;7971](https://github.com/FreshRSS/FreshRSS/pull/7971)  
+* Prevent log CR/LF injection [#&#8203;7883](https://github.com/FreshRSS/FreshRSS/pull/7883)  
+* Restrict allowed cURL parameters [#&#8203;7979](https://github.com/FreshRSS/FreshRSS/pull/7979), [#&#8203;8009](https://github.com/FreshRSS/FreshRSS/pull/8009)  
+* Fix reauthentication while updating [#&#8203;7989](https://github.com/FreshRSS/FreshRSS/pull/7989)  
+* Fix some CSRFs [#&#8203;8000](https://github.com/FreshRSS/FreshRSS/pull/8000)
+
+[1.27.0]
+* Update FreshRSS to 1.28.0
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.28.0)
+* Move unsafe autologin to an extension [#7958](https://github.com/FreshRSS/FreshRSS/pull/7958)
+* Housekeeping of `lib_rss.php` with potential breaking changes for some extensions [#8193](https://github.com/FreshRSS/FreshRSS/pull/8193)
+* New sorting and filtering by date of *User modified* [#7886](https://github.com/FreshRSS/FreshRSS/pull/7886), [#8090](https://github.com/FreshRSS/FreshRSS/pull/8090), [#8105](https://github.com/FreshRSS/FreshRSS/pull/8105), [#8118](https://github.com/FreshRSS/FreshRSS/pull/8118), [#8130](https://github.com/FreshRSS/FreshRSS/pull/8130)
+* New sorting by article length [#8119](https://github.com/FreshRSS/FreshRSS/pull/8119)
+* New advanced search form [#8103](https://github.com/FreshRSS/FreshRSS/pull/8103), [#8122](https://github.com/FreshRSS/FreshRSS/pull/8122), [#8226](https://github.com/FreshRSS/FreshRSS/pull/8226)
+* Add compatibility with PCRE word boundary `\b` and `\B` for regex search using PostgreSQL [#8141](https://github.com/FreshRSS/FreshRSS/pull/8141)
+* More uniform SQL search and PHP search for accents and case-sensitivity (e.g. for automatically marking as read) [#8329](https://github.com/FreshRSS/FreshRSS/pull/8329)
+* New overview of dates with most unread articles [#8089](https://github.com/FreshRSS/FreshRSS/pull/8089)
+* Exclude local networks for domain-wide HTTP `Retry-After` [#8195](https://github.com/FreshRSS/FreshRSS/pull/8195)
+* Fix OpenID Connect with Debian 13 [#8032](https://github.com/FreshRSS/FreshRSS/pull/8032)
+
+[1.27.1]
+* Update FreshRSS to 1.28.1
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.28.1)
+* Handle Web scraping of `text/plain` as `<pre class="text-plain">` [#&#8203;8340](https://github.com/FreshRSS/FreshRSS/pull/8340)
+* New customisable message for closed registrations [#&#8203;8462](https://github.com/FreshRSS/FreshRSS/pull/8462)
+* Fix unwanted expansion of user queries (saved searches) applied to filters [#&#8203;8395](https://github.com/FreshRSS/FreshRSS/pull/8395)
+* Fix encoding of filter actions for labels [#&#8203;8368](https://github.com/FreshRSS/FreshRSS/pull/8368)
+* Fix searching of tags [#&#8203;8425](https://github.com/FreshRSS/FreshRSS/pull/8425)
+* Fix refreshing feeds with token while anonymous refresh is disabled [#&#8203;8371](https://github.com/FreshRSS/FreshRSS/pull/8371)
+* Fix RSS and OPML access by token [#&#8203;8434](https://github.com/FreshRSS/FreshRSS/pull/8434)
+* Fix MySQL/MariaDB `transliterator_transliterate` fallback (when the `php-intl` extension is unavailable) [#&#8203;8427](https://github.com/FreshRSS/FreshRSS/pull/8427)
+* Fix regression with MySQL/MariaDB index hint [#&#8203;8460](https://github.com/FreshRSS/FreshRSS/pull/8460)
+* Auto-add `lastUserModified` database column also during mark-as-read action [#&#8203;8346](https://github.com/FreshRSS/FreshRSS/pull/8346)
+

CloudronManifest.json

@@ -5,8 +5,8 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "RSS feed reader",
-  "version": "1.25.2",
+  "version": "1.27.1",
-  "upstreamVersion": "1.26.3",
+  "upstreamVersion": "1.28.1",
   "healthCheckPath": "/",
   "httpPort": 8000,
   "addons": {
@@ -51,6 +51,6 @@
   "postInstallMessage": "file://POSTINSTALL.md",
   "minBoxVersion": "8.1.0",
   "forumUrl": "https://forum.cloudron.io/category/27/freshrss",
-  "documentationUrl": "https://cloudron.io/documentation/apps/freshrss/",
+  "documentationUrl": "https://cloudron.io/documentation/packages/freshrss/",
   "optionalSso": true
 }

Dockerfile

@@ -6,7 +6,7 @@ RUN mkdir -p /app/code
 WORKDIR /app/code
 
 # renovate: datasource=github-releases depName=FreshRSS/FreshRSS versioning=semver
-ARG FRESHRSS_VERSION=1.26.3
+ARG FRESHRSS_VERSION=1.28.1
 
 RUN curl -L https://github.com/FreshRSS/FreshRSS/archive/${FRESHRSS_VERSION}.tar.gz | tar -zxvf - --strip-components=1 && \
     mv data data-orig && ln -s /app/data data

apache/freshrss.conf

@@ -1,8 +1,10 @@
 # https://github.com/FreshRSS/FreshRSS/blob/edge/Docker/FreshRSS.Apache.conf
 
-ServerName %{HTTP_HOST}
+ServerName localhost
 
 <VirtualHost *:8000>
+    ServerName localhost
+    UseCanonicalName Off
     DocumentRoot /app/code/p
     AllowEncodedSlashes On
 

test/package.json

@@ -9,10 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^137.0.1",
+    "chromedriver": "^144.0.0",
     "expect.js": "^0.3.1",
-    "mocha": "^11.5.0",
+    "mocha": "^11.7.5",
-    "selenium-webdriver": "^4.33.0",
+    "selenium-webdriver": "^4.40.0",
-    "superagent": "^10.2.1"
+    "superagent": "^10.3.0"
   }
 }

test/test.js

@@ -119,17 +119,18 @@ describe('Application life cycle test', function () {
         await waitForElement(By.xpath('//div[@id="notification" and contains(@class, "good")]'));
     }
 
-    async function addUser(username, password) {
+    async function enableApi(relogin = true) {
-        await browser.get(`${baseUrl()}/i/?c=user&a=manage`);
+        await browser.get(`${baseUrl()}/i/?c=auth`);
-        await waitForElement(By.id('new_user_name'));
+
-        await browser.findElement(By.id('new_user_name')).sendKeys(username);
+        if (relogin) {
-        await browser.findElement(By.id('new_user_passwordPlain')).sendKeys(password);
+            // needs a relogin for admin confirmation
-        await browser.findElement(By.xpath('//button[text()="Create"]')).click();
+            await waitForElement(By.id('passwordPlain'));
-        await waitForElement(By.xpath('//div[@id="notification" and contains(@class, "good")]'));
+            await browser.findElement(By.id('passwordPlain')).sendKeys(admin_password);
+            await browser.sleep(3000);
+            console.log('Clicking the login button');
+            await browser.findElement(By.xpath('//button[contains(.,"Login")]')).click();
         }
 
-    async function enableApi() {
-        await browser.get(`${baseUrl()}/i/?c=auth`);
         await waitForElement(By.id('api_enabled'));
         await browser.findElement(By.id('api_enabled')).click();
         await browser.findElement(By.xpath('//button[text()="Submit"]')).click();
@@ -163,8 +164,7 @@ describe('Application life cycle test', function () {
 
     it('can login', login.bind(null, admin_username, admin_password));
     it('can subscribe', addSubscription);
-    it('can add users', addUser.bind(null, 'test', admin_password));
+    it('can enable API', enableApi.bind(null, true /* relogin */));
-    it('can enable API', enableApi);
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
@@ -179,7 +179,7 @@ describe('Application life cycle test', function () {
     it('can make user Administrator', function () { execSync(`cloudron exec --app ${app.id} -- bash -c "php cli/reconfigure.php --default-user ${USERNAME}"`); });
     it('can login OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
     it('can subscribe', addSubscription);
-    it('can enable API', enableApi);
+    it('can enable API', enableApi.bind(null, false /* relogin */));
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
@@ -229,7 +229,6 @@ describe('Application life cycle test', function () {
         expect(app).to.be.an('object');
     });
 
-    it('can add users', addUser.bind(null, 'test', admin_password));
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);