✨ New Features

• Go Client: Allow passing a custom http.Client and add context support to API methods.
• UI: Redirect users back to the original page after logging in.
• Template: Improved Content Security Policy: extracted CSP generation into a function, added systematic nonces, and changed default-src to 'none' for stronger security.
• Integrations:
  • Added tags option for the Karakeep integration.
  • Added new Archive.org integration.
• Rewrite Rules:
  • Added remove_img_blur_params rule.
  • Added add_image_title rule for explainxkcd.com.

🧰 Improvements & Refactoring

• Replaced custom modal with native <dialog> element for simpler, more accessible UI.
• Simplified date parsing in the reader and XML encoding logic.
• Optimized sanitizer functions (hasRequiredAttributes, hasValidURIScheme, isBlockedResource).
• Replaced fmt.Errorf with errors.New where applicable.
• Removed dependency on hstore in the database layer and relaxed implicit NOT NULL for serial types.
• Simplified Fever API slice sizing and various internal cleanups.
• Preallocated slices and optimized string/number conversions for better performance.

🧪 Tests

• Added test cases for XML encoding behavior.

🐛 Bug Fixes

• Fixed CSS layout overflow when external links are too long.
• Fixed JSON Feed parser to fallback to external_url when url is missing.
• Updated scraper rule for Dark Reading.

📚 Documentation

• Clarified the POLLING_FREQUENCY environment variable in the documentation.

🏗️ Build & CI

• Updated dependencies:

  • github.com/tdewolff/minify/v2 → 2.24.4
  • golang.org/x/net → 0.46.0
  • golang.org/x/image → 0.32.0
  • golang.org/x/oauth2 → 0.32.0
  • github.com/coreos/go-oidc/v3 → 3.16.0
  • github/codeql-action → 4

• Updated make lint and enabled additional Go linters (perfsprint, goheader).

📝 Additional Notes

If you are seeing this Postgres error: Error: pq: must be owner of extension hstore, you can fix it by running the following SQL command as a superuser for the Miniflux database:

DROP EXTENSION hstore;

This error means you initially created the hstore extension as a different database user than the one you are currently using for Miniflux.

For more details, look at the Git commit history.

✨ New Features

• UI: Added a "Back to top" link for easier navigation.
• Integrations:
  • Added support for Wallabag tags.
  • Added support for LinkTaco service to save articles.

🐛 Bug Fixes

• API: Fixed issue where removed entries could still be returned. It was generating an error when fetching entries.
• Icons: Improved handling of relative icon URLs within subfolders.
• Timezone: Ensured only current IANA time zones are used. This avoids issues with Debian Trixie where deprecated time zones have been removed.

🛠 Refactoring & Improvements

• Complete rewrite of the config parser with validation and consistency improvements.
• Combined YouTube subscription parsing functions into a single function.
• Simplified and optimized JavaScript files (modal_handler.js, removed isTouchSupported()).
• Refactored internal code to consistently use time.Duration for time values across CLI, server, fetcher, metrics, and HTTP components.
• Replaced "Bookmarks" with "Starred" across UI and codebase for consistency.
• Template and UI cleanups: explicit template dependencies, moved inline SVGs to sprite.svg, improved layout.html consistency.
• Strengthened the JavaScript Trusted Types policy to enhance security.
• Updated translations for German, Polish, and French.

⚡ Performance

• XML Parsing: Optimized filterValidXMLChars (~4% faster).
• Sanitizer: Improved sanitization performance by ~10% using slices.Contains.
• Converted slices to arrays in some internal structures for efficiency.

📦 Dependency Updates

• go-webauthn/webauthn: 0.13.4 → 0.14.0
• golang.org/x/net: 0.43.0 → 0.44.0
• golang.org/x/image: 0.30.0 → 0.31.0
• golang.org/x/crypto: 0.41.0 → 0.42.0
• golang.org/x/term: 0.34.0 → 0.35.0
• golang.org/x/oauth2: 0.30.0 → 0.31.0
• tdewolff/minify/v2: 2.23.11 → 2.24.3
• prometheus/client_golang: 1.23.0 → 1.23.2
• GitHub Actions: setup-go and setup-python bumped from v5 → v6

✨ New Features

• Keep only metadata of removed entries to reduce database size.
• Removed entry status is now immutable and cannot be changed back to unread or read status.
• SVG favicons are now minified before storing them in the database.
• Added support for resizing WebP images.
• Main menu now includes icons.
• Added Progressive Web App (PWA) shortcuts for quick access to common actions.
• Added direct link to the Apache 2.0 license on the About page.
• Feed-level webhook URLs now take priority when saving entries.
• New option: POLLING_LIMIT_PER_HOST to limit concurrent requests per host.
  Limits the number of concurrent requests to the same hostname when polling feeds.
  This helps prevent overwhelming a single server during batch processing by the worker pool.
• Added a rewrite rule to remove useless heading images on Phoronix articles.
• Use Golang's built-in VCS feature to get commit and build date when not specified by LDFLAGS.
• Disable OAuth2 and WebAuthn routes when the feature is not enabled.
• Added request URI logging in authentication handlers.

🛠 Fixes

• Limited tsvector indexing to the first 500K characters to avoid PostgreSQL limits.
• Use rel=apple-touch-icon instead of rel=apple-touch-icon-precomposed.png.
• Fixed broken WebAuthn error alert message on the settings page.
• Reverted SameSiteStrict cookie mode because it forces people to authenticate each time when using the PWA on Android.
• Prevent stale data by forcing reload when navigating back from articles (fix for Chrome's bfcache).
• Fixed URL detection capturing newlines in media descriptions.

⚡ Performance Improvements

• Optimized SQL queries (FetchJobs, markFeedAsRead) by removing unnecessary joins and heavy-weight operations.
• Improved memory usage by minimizing SVGs, static images, and templates.
• WebAuthn script (webauthn.js) is no longer loaded when the feature is disabled.
• Replaced regex-based YouTube and Invidious video ID extraction with URL parsing.
• Introspect the translation files at load time.
• Parse and merge filters only once per refresh.

🔧 Refactoring & Internal Changes

• Extensive refactoring across UI, templates, storage, and fetcher to simplify code and reduce memory allocations.
• Replaced interface{} with any (Go 1.18+ idiomatic usage).
• Reorganized JavaScript code: simplified functions, reduced duplication, and modernized handlers.
• app.js bundle and service worker files are now loaded as a JavaScript module.
• Use request builder in media proxy handler.

📚 Documentation

• Fixed typos and updated default values in the man page.
• Removed ChangeLog file (release notes are visible on GitHub and the official website - use the commit history for more details).

🛠 Dependencies

• Updated GitHub Actions workflows to use Go version 1.25.

• Updated dependencies:

  • golang.org/x/net → 0.43.0
  • golang.org/x/image → 0.30.0
  • golang.org/x/term → 0.34.0
  • github.com/tdewolff/minify/v2 → 2.23.11
  • github.com/coreos/go-oidc/v3 → 3.15.0
  • github.com/prometheus/client_golang → 1.23.0
  • GitHub Actions: actions/checkout bumped to v5

✅ Tests

• Added API integration tests for fetching categories with counters.
• Added tests for icon URL discovery, SVG minification error handling, and version format enforcement.
• Added unit tests for RequestBuilder.
• Avoided building a temporary binary for integration tests.

For more details, look at the commit history.

✨ New Features

• TLS support for Unix sockets: Miniflux can now serve TLS over Unix domain sockets using CERT_FILE and KEY_FILE (#fcf86e3).
• RSS fallback: If a feed entry has no URL, Miniflux now uses the enclosure URL as a fallback (#d9de9d1).
• Bearer token for Linkwarden: The Linkwarden integration now uses Bearer token authorization instead of cookies (#1d11623).
• Cookie policy improvement: SameSiteStrictMode is enforced for cookies when OAuth2/OIDC is not used (#135ce1d).
• Readability engine: Avoid removing elements with the content class during readability parsing (#66b269e).

🛠️ Improvements

• Massive readability engine refactoring and performance optimizations:

  • Improved performance of getClassWeight, getLinkDensity, and transformMisusedDivsIntoParagraphs.
  • Simplified and optimized internal logic of removeUnlikelyCandidates, getSelectionLength, and getArticle.
  • Reduced memory allocation in sanitizer and readability components.

• Storage optimization: Strings are now truncated on the Go side to respect tsvector limits, reducing DB load and ensuring valid UTF-8 (#703f113).

• Simplified and clarified internal code structure:

  • Major cleanup and size optimization of internal structs (Feed, FeedCreationRequest, etc.).
  • Reduced memory use and improved CPU cache locality.
  • Numerous refactors across config, template, locale, subscription, and fetcher modules.

🐛 Bug Fixes

• Fixed an issue with feeds having excessive leading whitespace causing parser buffer issues (#54abd0a).
• Properly preserve UTF-8 when truncating strings for full-text search (#703f113).
• Fixed logic error in enclosure type detection (#50d5cb9).
• Fixed incorrect filter rule parsing of Windows-style newlines (#dc81725).
• Fixed a panic in startAutoCertTLSServer function when using Let's Encrypt automatic certificates (#f7a6b02)
• Improved UI spacing consistency around header/footer (#32fbb4e).

⚠️ Breaking Changes

• Windows binary no longer distributed: Windows is no longer a supported platform for binary distribution. Users must build from source if needed (#b470b18).

🧪 Tests & CI

• Test coverage significantly increased for modules like readability, sanitizer, processor, locale, and storage.
• Commit linter updated to support new Git revert message format.

🐘 Docker & Environment

• Base Docker image updated to Alpine 3.22.
• PostgreSQL Docker example updated to use the latest version.

🌐 Localization

• Updated Chinese and German translations.

🔒 Dependency Updates

• Bumped github.com/go-webauthn/webauthn to 0.13.4
• Bumped github.com/tdewolff/minify/v2 to 2.23.10
• Bumped golang.org/x/* modules: image, net, term, crypto
• Bumped github.com/andybalholm/brotli to 1.2.0

• test(sanitizer): add unit test for 0x0 pixel tracker
• test(sanitizer): add test case to cover Vimeo iframe rewrite without query string
• refactor(youtube): Remove a regex and make use of fetchWatchTime
• refactor(youtube): initialize two maps to the proper length
• refactor(tests): use b.Loop() instead of for range b.N
• refactor(server): avoid double call to Sprintf
• refactor(sanitizer): use global variables to avoid recreating slices on every call
• refactor(sanitizer): use a map for iframe allow-list
• refactor(sanitizer): remove two useless www. prefixes
• refactor(sanitizer): make isValidAttribute() check O(1)
• refactor(rewrite): rename Rewriter function to ApplyContentRewriteRules
• refactor(processor): simplify Bilibili processing
• refactor(processor): remove a useless type declaration
• refactor(processor): remove a duplicated function call
• refactor(processor): refactor common code into a fetchWatchTime function
• refactor(processor): move filters to a filter package
• refactor(processor): move FilterEntryMaxAgeDays filter to filter package
• refactor(processor): move RewriteEntryURL function to rewrite package
• refactor(processor): minor simplification of a loop
• refactor(internal): add an urllib.DomainWithoutWWW function
• refactor(http): rename package from httpd to server for consistency
• refactor(http): don't hardcode TLS configuration
• refactor(filter): avoid code duplication between IsBlockedEntry and IsAllowedEntry functions
• refactor(database): drop 3 columns in a single transaction
• refactor(crypto): use rand.Text() instead of a custom implementation
• refactor(config): remove deprecated config options
• refactor(js): no need to check if always present elements are always present
• perf(xml): optimized NewXMLDecoder
• perf(xml): optimize XML filtering
• perf(validator): slightly optimize a regex
• perf(timezone): cache getLocation's results
• perf(storage): pre-allocate a slice in RefreshFeedEntries
• perf(storage): optimize away two Sprintf calls
• perf(sanitizer): use a switch-case instead of a map
• perf(sanitizer): minor simplifications of the sanitizer
• perf(sanitizer): extract a call to url.Parse and make intensive use of it
• perf(rss): optimize a bit BuildFeed
• perf(rss): early return when looking for an item's author
• perf(rewrite): make getPredefinedRewriteRules O(1)
• perf(reader): use a non-cryptographic hash when possible
• perf(reader): optimize RemoveTrackingParameters
• perf(readability): minor regex improvement
• perf(media): minor regex simplification
• perf(fetcher): pre-allocate the cipherSuites
• perf(database): use TRUNCATE instead of DELETE FROM in migrations
• perf(database): marginally speeds migrations up
• perf(api): use math/rand/v2 instead of math/rand for better performance
• fix(readability): do not remove elements within code blocks
• fix(karakeep): correct method name and improve error handling in SaveURL
• fix(filter): skip invalid rules instead of exiting the loop
• feat(ui): display external link in single entry view because the URL was not visible on mobile (no mouse over)
• feat(ui): avoid showing an excessive number of tags
• feat(ui): add user setting to control target="_blank" on links
• feat(sanitizer): validate MathML XML namespace
• feat(sanitizer): consider images of size 0x0 as pixel trackers
• feat(sanitizer): add validation for empty width and height attributes in img tags
• feat(sanitizer): add support for fetchpriority and decoding attributes in img tags
• feat(rewrite): add support for YouTube Shorts video URL pattern
• feat(rewrite): add parkablogs.com to the referer override list
• feat(oidc): use preferred_username first instead of email claim
• feat(locale): update Polish translations
• feat(locale): update locales using machine translation
• feat(locale): update Indonesian translations
• feat(locale): update German translations
• feat(locale): update Chinese translations
• feat(integration)!: remove Pocket integration (Pocket will no longer be available after July 8, 2025)
• feat(filter): add EntryDate=max-age:duration filter
• feat(css): add margin-bottom to input for consistent spacing
• feat(config)!: remove SERVER_TIMING_HEADER config option
• feat: allow multiple listen addresses
• feat: adding support for saving entries to Karakeep
• feat: add entry filters at the feed level
• docs(readme): document a couple of nifty features
• docs: add CONTRIBUTING.md file
• chore(template): remove X-UA-Compatible meta tag specific to Internet Explorer
• build(go): bump to go 1.24
• build(deps): bump library/alpine in /packaging/docker/alpine
• build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0
• build(deps): bump golang.org/x/image from 0.27.0 to 0.28.0
• build(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0

• refactor(googlereader): remove redundant log message
• refactor(googlereader): move constants to separate files
• fix(webauthn): correct argument in debug log
• fix(sanitizer): MathML tags are not fully supported by golang.org/x/net/html
• fix(migrations): prevent failure at version 45 with long entry URLs
• fix(locale): localize Git commit label in about page
• fix(googlereader): return a 400 instead of 500 for invalid edit requests
• fix(googlereader): handle various item ID formats
• fix(googlereader): avoid panic for inexisting feed or category
• fix(googlereader): /items/contents should accept short form item IDs
• feat(webauthn): prefer creation of a client-side discoverable credential
• feat(urlcleaner): remove the ref parameter from url
• feat(settings): replace div.panel with paragraph tags for OAuth2 links
• feat(settings): add validation for entry order and categories sorting order
• feat(settings): add option to always open articles externally
• feat(server): add liveness and readiness probes
• feat(sanitizer): add MathML tags to the sanitizer
• feat(sanitized): allow Spotify iframes
• feat(rssbridge): support authentication token for RSS-Bridge
• feat(response): change error response content type to plain text and escape HTML
• feat(reader): populate feed description automatically
• feat(locale): update Russian translation
• feat(locale): update Polish translation
• feat(locale): update French translation
• feat(googlereader): avoid SQL query to fetch username in streamItemContentsHandler
• feat(googlereader): add mark-all-as-read endpoint
• feat(api): add new endpoints to manage API keys
• ci: remove deprecated reviewers field from dependantbot.yml
• chore(gitignore): ignore miniflux binary in root directory
• build(deps): bump golangci/golangci-lint-action from 7 to 8
• build(deps): bump golang.org/x/oauth2 from 0.29.0 to 0.30.0
• build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0
• build(deps): bump golang.org/x/image from 0.26.0 to 0.27.0
• build(deps): bump golang.org/x/crypto from 0.37.0 to 0.38.0
• build(deps): bump github.com/tdewolff/minify/v2 from 2.23.3 to 2.23.8
• build(deps): bump github.com/tdewolff/minify/v2 from 2.23.1 to 2.23.3
• build(deps): bump github.com/go-webauthn/webauthn from 0.12.3 to 0.13.0

• refactor(js): replace DomHelper methods with standalone functions
• refactor: avoid logging twice the feed errors in the background worker
• fix(api): hide_globally categories field should be a boolean
• fix(ui): add missing await when calling navigator.share() method
• fix(ui): replace share link with a form button for better accessibility
• feat(telegrambot): replace "Go to website" button with "Go to Miniflux"
• feat(locale): update Polish translation
• feat(locale): update German translation
• feat(locale): update Chinese translation
• feat(config): add SCHEDULER_ROUND_ROBIN_MAX_INTERVAL option
• feat(cli): add -reset-feed-next-check-at argument
• feat(api): add update_content query parameter to /entries/{entryID}/fetch-content endpoint
• feat: use Cache-Control max-age and Expires headers to calculate next check
• feat: implement proxy URL per feed
• feat: add proxy rotation functionality
• ci(linter): replace commitlint with a Python script
• ci: add documentation issue template
• build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0
• build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0
• build(deps): bump golang.org/x/image from 0.25.0 to 0.26.0
• build(deps): bump github.com/tdewolff/minify/v2 from 2.22.4 to 2.23.1
• build(deps): bump github.com/PuerkitoBio/goquery from 1.10.2 to 1.10.3
• build(deps): bump github.com/prometheus/client_golang
• build(deps): bump github.com/mattn/go-sqlite3 from 1.14.24 to 1.14.28
• build(deps): bump github.com/go-webauthn/webauthn from 0.12.2 to 0.12.3
• build(deps): bump github.com/coreos/go-oidc/v3 from 3.13.0 to 3.14.1

• test(api): update base URL after upgrading Hugo
• refactor(rewrite): reorganize referer rules and remove obsolete mappings
• refactor: combine feed icon handlers to use only externalIconID
• fix(ui): update share feature to correctly select the title element and handle empty titles
• fix(ui): update entry tags display logic to show links based on user authentication
• fix(ui): remove touch-action style to prevent horizontal scrolling issues
• fix(ui): log a warning for an empty client secret
• fix(ui): change labels from "Read / Unread" to "Mark as Read"
• fix(ui): avoid 500 errors and NaN when marking a deleted entry as read
• fix(subscription): add /rss/feed.xml to the list of known feed URLs
• fix(security): use a more restrictive CSP for untrusted content
• fix(rewrite): remove obsolete rule for webtoons.com
• fix(processor): add missing quotation marks to import comments
• fix(googlereader): return enclosures in the streamItemContentsHandler response
• fix: address minor issues detected by Go linters
• feat(urlcleaner): add more Google Analytics parameters
• feat(storage): reduce the number of SQL queries when fetching entry enclosures
• feat(sanitizer): allow the <u> tag in feeds
• feat(sanitizer): allow the <b> tag
• feat(locale): update Polish translation
• feat(locale): add Romanian translation
• feat(integrations/ntfy): make ntfy topics configurable per feed
• feat(googlereader): add a feed icon endpoint
• feat: show database size on the about page
• feat: add a make add string command to add new localized strings
• docs: update README
• docs: update client README to remove references to deprecated functions
• ci: replace GitHub Issue Markdown templates with YAML forms
• build(deps): bump golangci/golangci-lint-action from 6 to 7
• build(deps): bump golang.org/x/term from 0.29.0 to 0.30.0
• build(deps): bump golang.org/x/oauth2 from 0.26.0 to 0.28.0
• build(deps): bump golang.org/x/net from 0.35.0 to 0.38.0
• build(deps): bump golang.org/x/image from 0.24.0 to 0.25.0
• build(deps): bump golang.org/x/crypto from 0.33.0 to 0.36.0
• build(deps): bump github.com/tdewolff/minify/v2 from 2.21.3 to 2.22.4
• build(deps): bump github.com/prometheus/client_golang
• build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2
• build(deps): bump github.com/go-webauthn/webauthn from 0.11.2 to 0.12.2
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5
• build(deps): bump github.com/coreos/go-oidc/v3 from 3.12.0 to 3.13.0

• test(encoding): add unit tests for CharsetReader function
• refactor(xml): improve the performances of NewXMLDecoder
• refactor(ui): remove superfluous cast
• refactor(request): broaden an error condition when parsing cookies
• refactor(processor): remove superfluous parenthesis
• refactor(opml): don't define receivers on both values and pointer
• refactor(model): simplify a condition
• refactor(model): don't define methods both on instance and pointer
• refactor(locale): sort JSON documents alphabetically by keys
• refactor(locale): remove superfluous parenthesis
• refactor(js): use proper types in app.js
• refactor(js): replace the deprecated window.pageYOffset with window.scollY
• refactor(js): remove a useless return
• refactor(js): anchor = removal in webauthn_handler.js regex
• refactor(js): add default value for parameter fallbackSelf in goToPage function
• refactor(integration): don't use defer in a loop
• refactor(icon): guard against a potential null dereference
• refactor(date): use an else-if instead of two if statements
• refactor(css): use shortcuts to declare padding
• refactor(client): remove a useless cast
• perf(sanitizer): remove two useless calls to strings.ReplaceAll
• fix(ui): Redirect correctly post feed removal from category feeds list
• fix(scraper): update TechCrunch scraper rule
• fix(scraper): avoid encoding issue if charset meta tag is after 1024 bytes
• fix(sanitizer): non-allowed attributes are not properly stripped
• fix(sanitizer): correct HTML tag name from tfooter to tfoot
• fix(rss): handle item title with CDATA content correctly
• fix(locale): missing hyphen in de_DE.json
• fix(css): avoid aside overflow on the pagination menu
• fix(css): --entry-content-aside-border-color is missing from system.css
• fix(api): return 500 response when JSON serialization fails
• fix(api): JSON encoding is failing with dates at OAD and negative timezone offset
• feat(urlcleaner): add trackers to the blocklist
• feat(ui): open the <details> tag in edit feed page when the feature is enabled
• feat(sanitizer): improve text truncation with better space handling
• feat(sanitizer): allow img tags with only a srcset and no src attribute
• feat(rss): add workaround for RSS item title with HTML content
• feat(pushover): add integration with pushover.net
• feat(processor): fetch YouTube watch time in bulk using the API
• feat(locale): update Traditional Chinese translation
• feat(locale): update Polish translation
• feat(locale): update French translation
• feat(locale): add Taiwanese POJ (nan-Latn-pehoeji)
• feat(integration): update Linkace integration to support API v2
• feat(integration): add webhook URL per feed
• feat(integration): add Slack integration
• feat(css): improve aside element position on smartphone
• ci: update GitHub Actions workflows to use Go 1.24
• ci: trigger packaging tests on pull requests
• ci: add commitlint to validate PR commit messages
• build(deps): bump golang in /packaging/debian
• build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0
• build(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0
• build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0
• build(deps): bump golang.org/x/image from 0.23.0 to 0.24.0
• build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0
• build(deps): bump github.com/PuerkitoBio/goquery from 1.10.1 to 1.10.2

• test(js): improve .jshintrc (strict comparison, etc...)
• test(sanitizer): add a fuzzer
• refactor(rewriter): use custom title case converter implementation instead of golang.org/x/text/cases.Title()
• refactor(readingtime): replace whatlanggo package with an ad-hoc implementation
• refactor(oauth2): no need to use io.WriteString when sha256 provides a way to obtain a sum in a single call
• refactor(js): simplify a bit keyboard_handler.js
• refactor(js): remove an outdated check for {passive: true}
• refactor(js): minor refactoring of touch_handler.js
• refactor(js): minor improvements in app.js
• refactor(database): add special handling for PostgreSQL-specific migrations
• fix(ui): reading preferences are reset if the form values are incorrect
• fix(sanitizer): allow <hr> tags
• fix(finder): do not add redirections to the list of subscriptions to avoid confusion
• fix: update Wallabag URL label to avoid confusion
• fix: improve pagination when having identical publication date
• fix: do not strip tags in Atom entry title
• feat(ntfy): Add option to use internal links
• feat(locale): update Polish translation
• feat(locale): update German translation
• feat(integration): add Discord integration
• feat(database): add optional build support for SQLite
• feat: validate usernames upon creation
• feat: replace %{?systemd_requires} with %{?systemd_ordering}
• feat: bump linter and minifier from ECMAScript 2017 to 2020 (ES11)
• feat: add fix_ghost_cards rewrite rule
• ci: tighten the CodeQL rules
• ci: run Docker tests only when the Dockerfiles are modified
• ci: run -race -cover only on Ubuntu jobs
• ci: don't specify languages for CodeQL
• ci: don't run go vet ./... as it's run as part of golangci-lint
• ci: checkout before installing Go to improve cache efficiency
• ci: avoid building Linux packages for each pull-request
• build(deps): bump golang.org/x/oauth2 from 0.24.0 to 0.25.0
• build(deps): bump golang.org/x/net from 0.33.0 to 0.34.0
• build(deps): bump golang.org/x/crypto from 0.31.0 to 0.32.0
• build(deps): bump github.com/tdewolff/minify/v2 from 2.21.2 to 2.21.3
• build(deps): bump github.com/PuerkitoBio/goquery from 1.10.0 to 1.10.1
• build(deps): bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0