feat(miniflux): update image ghcr.io/miniflux/miniflux 2.2.19 → 2.3.0 (#48270)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [ghcr.io/miniflux/miniflux](https://miniflux.app)
([source](https://redirect.github.com/miniflux/v2)) | minor | `8810dfe`
→ `65266db` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>miniflux/v2 (ghcr.io/miniflux/miniflux)</summary>

###
[`v2.3.0`](https://redirect.github.com/miniflux/v2/releases/tag/2.3.0):
Miniflux 2.3.0

[Compare
Source](https://redirect.github.com/miniflux/v2/compare/2.2.19...v2.3.0)

##### Security

- Only discoverable WebAuthn credentials (resident keys / passkeys) are
supported for login.
- Non-resident credentials can no longer be used for first-factor
authentication to prevent username enumeration before password
verification. They are intended for post-password MFA flows, which
Miniflux does not currently support.
- Persist WebAuthn backup eligibility/state and validated credential
state after login.
- Require `POST` requests for logout, feed refresh, and OAuth2 unlink
actions.
- Apply CSRF protection to all non-safe HTTP methods.
- Add `http.CrossOriginProtection` middleware for the web UI.
- Validate redirect URL schemes in `HTMLRedirect` to prevent unsafe
redirects.
- Restore URL scheme validation in templates for untrusted feed URLs.
- Sanitize filenames in `Content-Disposition` headers to prevent header
injection.
- Reject empty OAuth2 state parameters when no authentication flow is in
progress.
- Allow configured private proxies while still enforcing private-network
restrictions for direct requests and redirects.
- Validate URI schemes case-insensitively according to RFC 3986.
- Pin third-party GitHub Actions to immutable commit SHAs to reduce
supply-chain risks.
- Cap the maximum entry limit to 1000 across the UI, API, and storage
layer.

##### Improvements

- Add support for exporting and importing Miniflux-specific feed
settings in OPML files, allowing full feed configuration backups and
restores.
- Add enclosure links rewrite rule to expose podcast/video enclosure
URLs inside entry content for external RSS clients.
- Add support for the `shortcuts:` iOS URL scheme in sanitized content.
- Add Linux `riscv64` builds.
- Allow disabling local authentication without enabling automatic
OAuth2/auth-proxy user creation.
- Improve Chinese Traditional (`zh-TW`) translations.
- Improve RSS parsing for feeds that reuse the same GUID across multiple
entries.
- Improve UI consistency for authentication settings and external-link
behavior.
- Automatically clean up orphaned feed icons from the database.
- Detect Cloudflare bot challenge pages during feed refresh and return a
dedicated error message.
- Improve error handling and cleanup in WebAuthn login flows.
- Simplify large feed and user deletions using `ON DELETE CASCADE`.

##### Performance

- Improve sanitizer performance significantly and reduce allocations in
multiple hot paths.
- Optimize reading-time calculation to avoid unnecessary allocations.
- Improve feed parsing performance by preallocating slices/maps and
reducing string allocations.
- Optimize ISO8601 duration parsing for YouTube and podcast feeds.
- Reduce database queries for navigation metadata and storage
operations.
- Optimize template rendering for icons and CSP generation.
- Avoid loading entry content from PostgreSQL when not needed.
- Reuse a singleton HTML minifier instance instead of allocating one per
request.
- Optimize string handling in the reader and sanitizer packages.

##### Bug Fixes

- Fix incorrect read/starred toggling in Google Reader API.
- Prevent archived/deleted entries from reappearing as unread by using a
tombstone table and removing the `removed` entry status.
- Fix handling of slow HTTP headers.
- Fix "open in new tab" behavior for redirected external entry links.
- Fix Wallabag integration typo in error messages.

##### Dependency Updates

- Update `github.com/go-webauthn/webauthn` to `v0.17.3`.
- Update various `golang.org/x/*` packages.
- Update `github.com/coreos/go-oidc/v3` to `v3.18.0`.
- Update `github.com/tdewolff/minify/v2` to `v2.24.13`.

***

As always, thank you to all contributors who helped improve Miniflux in
this release.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9taW5pZmx1eCIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=-->
This commit is contained in:
TrueCharts Bot
2026-05-16 06:29:27 +02:00
committed by GitHub
parent b4a3825a6c
commit 8b9a2423f2
2 changed files with 3 additions and 3 deletions
+2 -2
View File
@@ -9,7 +9,7 @@ annotations:
trueforge.org/min_helm_version: "3.14"
trueforge.org/train: stable
apiVersion: v2
appVersion: 2.2.19
appVersion: 2.3.0
dependencies:
- name: common
version: 29.3.4
@@ -37,5 +37,5 @@ sources:
- https://github.com/miniflux/v2
- https://github.com/trueforge-org/truecharts/tree/master/charts/stable/miniflux
type: application
version: 18.3.0
version: 18.4.0
+1 -1
View File
@@ -2,7 +2,7 @@
image:
pullPolicy: IfNotPresent
repository: ghcr.io/miniflux/miniflux
tag: 2.2.19@sha256:8810dfe7f4d9979f9dc1385607695c116f049daa586c635a9a1fb3c58936b074
tag: 2.3.0@sha256:65266db84761d09d999946218adfc91fd7abbd4a1086f74b3ad0e51083e30df2
persistence:
config:
enabled: true