Releases: linuxserver/docker-tautulli
Release list
v2.17.2-ls235
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/v2.17.2-ls235/index.html
LinuxServer Changes:
Full Changelog: v2.17.2-ls234...v2.17.2-ls235
Remote Changes:
Changelog
v2.17.2 (2026-06-16)
- Notifications:
- Fix: Line breaks in Gotify notification body text. (#2702)
- Newsletters:
- Fix: XSS in newsletter cron value. (CVE-2026-49995) (Thanks @elvinsuleymanov)
- UI:
- Fix: Reflected XSS in search query string. (CVE-2026-45381) (Thanks @JakePeralta7, @sondt99, @kah-ja)
- Fix: Duplicated activity card progress timers. (#2716) (Thanks @omglazrgunpewpew)
- Other:
- Fix: Fix X-Api-Key header check crashing server. (#2711)
- Fix: Path traversal in uploaded database and config file names. (CVE-2026-52835) (Thanks @tonghuaroot)
- Fix: Empty host fallback in URL when launching browser. (#2722) (Thanks @upmcplanetracker)
- Fix: Open redirect via whitespace bypass in /auth/redirect (CVE-2026-54915) (Thanks @sondt99)
🛡 VirusTotal GitHub Action analysis:
develop-71bba412-ls479
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-71bba412-ls479/index.html
LinuxServer Changes:
No changes
Remote Changes:
Add Dolby Atmos notification parameters
develop-676cf109-ls479
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-676cf109-ls479/index.html
LinuxServer Changes:
No changes
Remote Changes:
Add audio_atmos and stream_audio_atmos to API response
develop-5a39bac6-ls479
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-5a39bac6-ls479/index.html
LinuxServer Changes:
Full Changelog: develop-5a39bac6-ls478...develop-5a39bac6-ls479
Remote Changes:
Add installer arch to artifact name
develop-9cbbef38-ls478
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-9cbbef38-ls478/index.html
LinuxServer Changes:
No changes
Remote Changes:
Downgrade pyopenssl==26.2.0
develop-828e1701-ls478
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-828e1701-ls478/index.html
LinuxServer Changes:
Full Changelog: develop-c7153deb-ls477...develop-828e1701-ls478
Remote Changes:
Bump bleach from 6.3.0 to 6.4.0 (#2721)
- Bump bleach from 6.3.0 to 6.4.0
Bumps bleach from 6.3.0 to 6.4.0.
updated-dependencies:
- dependency-name: bleach
dependency-version: 6.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] support@github.com
- Bump bleach==6.4.0
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: JonnyWong16 9099342+JonnyWong16@users.noreply.github.com
develop-5a39bac6-ls478
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-5a39bac6-ls478/index.html
LinuxServer Changes:
No changes
Remote Changes:
Add installer arch to artifact name
v2.17.2-ls234
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/v2.17.2-ls234/index.html
LinuxServer Changes:
Full Changelog: v2.17.1-ls233...v2.17.2-ls234
Remote Changes:
Changelog
v2.17.2 (2026-06-16)
- Notifications:
- Fix: Line breaks in Gotify notification body text. (#2702)
- Newsletters:
- Fix: XSS in newsletter cron value. (CVE-2026-49995) (Thanks @elvinsuleymanov)
- UI:
- Fix: Reflected XSS in search query string. (CVE-2026-45381) (Thanks @JakePeralta7, @sondt99, @kah-ja)
- Fix: Duplicated activity card progress timers. (#2716) (Thanks @omglazrgunpewpew)
- Other:
- Fix: Fix X-Api-Key header check crashing server. (#2711)
- Fix: Path traversal in uploaded database and config file names. (CVE-2026-52835) (Thanks @tonghuaroot)
- Fix: Empty host fallback in URL when launching browser. (#2722) (Thanks @upmcplanetracker)
- Fix: Open redirect via whitespace bypass in /auth/redirect (CVE-2026-54915) (Thanks @sondt99)
🛡 VirusTotal GitHub Action analysis:
develop-c7153deb-ls477
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-c7153deb-ls477/index.html
LinuxServer Changes:
Full Changelog: develop-c7153deb-ls476...develop-c7153deb-ls477
Remote Changes:
v2.17.2
v2.17.2-ls233
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/v2.17.2-ls233/index.html
LinuxServer Changes:
No changes
Remote Changes:
Changelog
v2.17.2 (2026-06-16)
- Notifications:
- Fix: Line breaks in Gotify notification body text. (#2702)
- Newsletters:
- Fix: XSS in newsletter cron value. (CVE-2026-49995) (Thanks @elvinsuleymanov)
- UI:
- Fix: Reflected XSS in search query string. (CVE-2026-45381) (Thanks @JakePeralta7, @sondt99, @kah-ja)
- Fix: Duplicated activity card progress timers. (#2716) (Thanks @omglazrgunpewpew)
- Other:
- Fix: Fix X-Api-Key header check crashing server. (#2711)
- Fix: Path traversal in uploaded database and config file names. (CVE-2026-52835) (Thanks @tonghuaroot)
- Fix: Empty host fallback in URL when launching browser. (#2722) (Thanks @upmcplanetracker)
- Fix: Open redirect via whitespace bypass in /auth/redirect (CVE-2026-54915) (Thanks @sondt99)
🛡 VirusTotal GitHub Action analysis: