What's Changed

• Add torrent fix for untrusted URL by @calibrain in #1071
• Fix IRC caching by @calibrain in #1072

Full Changelog: v1.3.1...v1.3.2

Contributors

• @calibrain

What's Changed

• Update readme by @alexhb1 in #1000
• Bump gunicorn from 25.3.0 to 26.0.0 by @dependabot[bot] in #990
• Bump the gh-actions group across 1 directory with 6 updates by @dependabot[bot] in #1044
• Bump the docker-base-image-digests group across 1 directory with 2 updates by @dependabot[bot] in #1015
• Bump qbittorrent-api from 2025年11月1日 to 2026年5月1日 by @dependabot[bot] in #991
• Bump the npm-deps group across 1 directory with 14 updates by @dependabot[bot] in #1043
• Bump the python-deps group across 1 directory with 8 updates by @dependabot[bot] in #1049
• fix(transmission): handle completion when seed ratio is 0 by @cfoucher in #1023
• Fix CI/CD issues by @calibrain in #1052
• Bump the python-deps group with 2 updates by @dependabot[bot] in #1051
• Bump the python-deps group across 1 directory with 2 updates by @dependabot[bot] in #1054
• Add content_type=combined URL parameter and FORCE_COMBINED_SEARCH user setting by @spin-drift in #1058
• Bump the gh-actions group with 2 updates by @dependabot[bot] in #1057
• Bump the npm-deps group in /src/frontend with 6 updates by @dependabot[bot] in #1056
• Update dependabot.yml by @calibrain in #1060
• Make IRC less spammy and require a bot name for search by @calibrain in #1065
• Bump @types/node from 25.9.2 to 25.9.3 in /src/frontend in the npm-deps group by @dependabot[bot] in #1063
• Bump the python-deps group with 2 updates by @dependabot[bot] in #1064
• Bump node from 2bdb65e to fb71d01 in the docker-base-image-digests group by @dependabot[bot] in #1061
• fix: "No files found." check produces false positives when AA returns results alongside that string by @bullitt186 in #1067
• Backport bug fixes from NemesisHubris/litfinder (addresses #999, #956, #1010, #1021, #1025, #1040) by @spin-drift in #1066
• Bump the python-deps group with 2 updates by @dependabot[bot] in #1068

New Contributors

• @cfoucher made their first contribution in #1023
• @spin-drift made their first contribution in #1058
• @bullitt186 made their first contribution in #1067

Full Changelog: v1.3.0...v1.3.1

Contributors

• @cfoucher
• @bullitt186
• @alexhb1
• @dependabot
• @calibrain
• @spin-drift

This release adds a new security option, fixes Prowlarr seedtime preferences, and implements several fixes and security hardening changes.

New:

• Added DISABLE_LOCAL_AUTH environment variable for OIDC-only configs
• Changed Prowlarr seedtime preference to opt-in (Enable in Settings > Prowlarr). Fixed an issue with user-specified seed time configs not pulling into shelfmark correctly.

Fixes

• Fixed Google Books error responses being cached as search results. (#958)
• Fixed language filter matching by normalising language strings more consistently. (#960)
• Improved download copy/hardlink handling on FUSE & NFS. (#957, #961)
• Streamed archive extraction instead of loading archive contents into memory. (#965)
• Fixed Tor routing and healthchecks so Tor can bootstrap correctly, private networks can bypass Tor, and healthchecks no longer require a clear-net probe. (#944, #966)

Security

• Updated frontend, Python, and CodeQL dependencies, including fixing an 11th May urllib3 CVE (#952, #953, #954)
• Hardened cover-image fetching and download prefetch flows against unsafe remote URLs, redirects, and untrusted origins. (#943, #967, #976)
• Tightened download and queue authorization, including queue ownership checks, release-source availability checks, and request policy source validation. (#970, #971, #975)
• Contained remote path mappings and qBittorrent fallback path handling to prevent unsafe path resolution. (#973, #974)
• Validated IRC DCC offers and AudiobookBay detail URLs before using them. (#964, #972)
• Redacted release URLs more safely in Newznab/Prowlarr download flows. (#968)
• Required verified OIDC email claims before linking external identities to existing accounts. (#963)
• Made container startup fail closed when the config directory remains unwritable instead of falling back to root. (#985)
• Pinned Docker base image digests and removed installer tooling from runtime images. (#969, #978)

This release fixes an issue for Unraid installs receiving wrong permissions and shutting down on the first start after updating to 1.2.2.

New

• Newznab - New release source: Configure a newznab indexer directly (#867 by @blades)
• PrimaryTitle field + path template improvements — new field for renaming templates, plus live preview and custom field picker in the template editor (#908)
• Non-root support - Installs with user: "1000:1000" will now run as non-root. Note: This does not impact those with just PUID/PGID as 1000:1000, the docker user must be explicitly set too. (#871)
• Kubernetes users can use runAsNonRoot and runAsUser/Group at 1000:1000 to run as non-root. (#871)
• User folder permission checks / corrections removed and replaced by "test destination" button in settings. Users are responsible for ensuring output folders have correct permissions. (#871)
• Combined search improvements - Now continue a combined search when one option is unfulfilled, and deselect previously chosen releases.
• Direct source refactoring - Decoupled the direct source from the core of the app. It can now be disabled, and users must supply working mirror URLs to use going forward. Existing users updating will keep their existing mirror configs.

Fixes

• Moved Shelfmark runtime from /app to /home. Fixes internal bypasser issues with newer Chromium release. (#919)
• Temp filename length capped to avoid OS limits (#912)
• OIDC discovery URL no longer has trailing slash stripped (#887)
• Fixed JSON script blocking behavior (#862)
• Fixed orchestrator timeout and exception handling (#832)
• Fixed env variable config lookup in various places (#817)
• Retry states now persist across restarts (#817)
• Prowlarr downloads now offer retries (#817)
• Fixed seedtime parsing for prowlarr release source (#805)

Misc / Tooling

• Large tooling update
  • Backend: Added uv, ruff, basedpyright, vulture, pytest-xdist, prek, pytest-cov.
  • Frontend: Added oxlint, oxfmt, vitest, knip
• Major lint / typecheck / formatting rewrites to improve code quality

Contributors

• @blades

New Features

Combined Book + Audiobook Downloads (#773, #777)

• Added a combined search mode for book + audiobook results
• Select both formats in the release modal and download or request them together
• Supports mixed policies per content type

Additional Features (#741, #745)

• Split default release source selection by content type
• Split browser download by content type, with per-user override support
• Added a torrent removal option
• Added a "Hide links" option
• Added full Hardcover reading status support and separated reading statuses from dedicated lists
• Added an option to disable automatic Hardcover list removal on download

Improvements

• Improved whitelisted indexer searches by using title + author queries (#774)
• Search queries now persist after auth redirect (#735)
• IRC can now be used for audiobook searches (#735)
• Renamed BookLore output mode to Grimmory (#791)
• Moved SeleniumBase scratch paths to /tmp for better compatibility on some systems (#735)
• Updated the frontend to React 19 and rolled up dependency updates (#765, #766)

Fixes

• Fixed stale activity dismiss handling (#768)
• Fixed browser downloads not firing in some completed-state cases (#745)
• Fixed Anna's Archive "All Languages" query generation and added a no-language fallback (#735)
• Fixed NFS transfer callback handling (#741)
• Improved qBittorrent completion handling for additional client setups (#741)
• Fixed a TypeScript build error (#770)
• Fixed entrypoint gosu write testing (#772)
• Blocked SSRF in the image cover proxy and sanitized settings tab names to prevent path traversal (#763)

New Features

Redesigned Search Tools (#712)

• Search fields restructured into a unified left-hand selector with dynamic options that adapt to each metadata provider
• Includes Author, Title, ISBN, Hardcover Lists, Hardcover Series, and Manual source query.
• Search mode and metadata provider are now selectable directly from the advanced search view
• Series search - search by series via Hardcover with live suggestions as you type

Hardcover List Integration (#694, #710, #719)

• Browse and search public Hardcover lists, or your own private lists, including "Want to Read"
• Either pick a list from your collection via the search selector dropdown, or paste a list URL into the search box to view its contents directly
• Add and remove books from lists and set "Want to Read" status - accessible from search results, the details modal, and the release modal
• Books are automatically removed from a list when you download them from that list's page

Manual Search (#687)

• New option to search release sources directly, bypassing metadata providers
• Respects user policies - hidden when the user's default policy is "Request Book" or "Blocked"
• Caution: Limited metadata means manual downloads may not play well with path/renaming templates

Download Retries (#679)

• Retry failed downloads manually from the activity sidebar
• Re-run failed post-processing without re-downloading the file

Admin Download on Behalf of Users (#679)

• New "Download as" selector lets admins download on behalf of any user, inheriting that user's output preferences (destination, email, BookLore library, etc.)

Per-User Search Defaults (#679)

• Users can now set their preferred search mode, metadata provider, and release source in User Preferences / My Account

Additional Features

• Sort releases by format - new sort option in the release modal (#679)
• {OriginalName} renaming variable - keep the exact downloaded filename when using custom rename patterns (#679)
• Manual request approval - admins can manually approve book/audiobook requests without requiring a download (#660)

Improvements

Download History & Activity Overhaul (#700, #703, #706)

• Completely rebuilt download tracking - downloads are now recorded in the database when queued, not just when they complete
• Each user gets their own independent activity and history view; admins continue to see everything
• Downloads, requests, and history now fully persist across container updates and restarts
• History entries can still serve downloaded files after tasks leave the active queue

Login Session Persistence (#686)

• Login sessions now persist across container updates and restarts via a stored secret key

Other Improvements

• File transfers now fall back to copy-then-delete when hardlink/move fails, improving reliability across filesystems (#660, #718)
• Content type dropdown is hidden when a content type is blocked for the current user (#705)
• Release scoring refactored for improved accuracy in the release modal (#665)

Fixes

• Apprise validation did not catch configuration errors early enough (#667, #668, #671)
• Apprise output was not visible in Shelfmark's logs (#667, #668, #671)
• Default language setting was not applied to search queries (#704)
• CWA ingest folder not detected when file movement fell back to copy (#691)
• Mirror list not refreshing correctly (#695)
• Default sort preference not applied consistently; series ordering broken (#715)
• Duplicate scoring keys in the release modal caused incorrect release ordering (#660)
• Search state went stale after completing a download (#660)
• Releases with multiple formats were incorrectly excluded by the format filter (#660)
• Clicking "Test connection" in settings reset unsaved changes on the page (#660)
• rTorrent download path not discovered correctly (#660)
• /login endpoint health check returned incorrect status (#660)
• Hardcover author names with initials were not parsed correctly (#705)
• Custom scripts could block the main thread (#686)
• Mirror configuration wouldn't be overridden on app updates (#718)
• User and request database concurrency conflicts (#686, #668, #718)
• Users created via reverse proxy auth were not provisioned correctly (#665)
• Auth migration issue for users who ran dev builds during multi-user development (#665)
• Activity dismissals not working correctly in no-auth mode (#667)

Note: The last couple of updates rounded out Shelfmark's core feature set. Going forward, the focus shifts to stability, bug fixes and QOL improvements rather than new major features. See the README for details about feature scope and contributions. Thanks.

Improvements

• SSL certificate validation setting - new toggle to disable SSL certificate verification for network requests, applied across all download clients, metadata providers, and bypass services. Toggle between enabled, disabled locally, and disabled overall. (#642)
• OIDC UX polish (#636):
  • HIDE_LOCAL_AUTH env var - hides the password login option when OIDC is enabled
  • OIDC_AUTO_REDIRECT env var - automatically redirects to the OIDC provider on the login page
  • Improved first-time OIDC setup flow, including local admin user creation
  • Callback URL label displayed on OIDC settings page
  • Added OIDC env var configuration info in settings
• Added OIDC documentation (docs/oidc.md) and Users & Requests documentation (docs/users-and-requests.md)

Fixes

• Fixed direct search mode request flow not completing correctly (#644)
• Fixed certain OIDC providers not linking emails to existing local user accounts (#642)
• Fixed OIDC name fallback when provider returns limited user info (#632)
• Fixed "All Languages" search filter reverting to the default language (#642)
• Fixed download/request dismissal not working correctly with multiple admin users (#642)
• Fixed request state handling on the details modal (#642)
• Fixed Prowlarr sort-by-peers option not appearing (#642)
• Fixed qBittorrent save path bug (#636)
• Unpinned flask dependency

New Features

Multi-User Request System (#615, #617, #620)

• Book request workflow -users can request books with notes; admins review, approve, and fulfil requests
• Policy-based configuration -set download/request/block policies per content type or per source (e.g. allow direct downloads, set Prowlarr to request-only)
• Per-user policy overrides for tailored access control
• New Activity Sidebar -replaces downloads sidebar, combining active downloads with requests; sidebar can now be pinned
• Request retry support and admin-level request management

OIDC Authentication (#606, #612)

• OIDC login with auto-discovery and group-based admin mapping. Works with all OIDC providers.
• Auto-provisioning of OIDC users (configurable) and email-based account linking
• Password fallback when OIDC is enabled to prevent admin lockout

Multi-User Support (#606, #612, #613)

• User management -create, edit, and delete users with admin/user roles
• Per-user settings -custom download destinations, BookLore library/path, email recipients, and {User} template variable
• Per-user download visibility -non-admins only see their own downloads
• Works with users from all sources (Local, OIDC, reverse proxy, Calibre-web)

Notification Support (#618)

• Apprise-based notifications for request events and download completions
• Supports sending notifications to virtually any service
• Configurable globally or per user, with full customization of events and notification services

AudiobookBay Release Source (#619, #621, #623)

• New release source - search ABB directly from the UI
• Results include title, language, format, bitrate and size
• Downloads via configured torrent client
• Configurable hostname, max search pages, and rate limit delay

Email Output Mode (#603, #604)

• Email delivery as an alternative output mode for downloaded books
• Send books as file attachments using configured SMTP email
• Email recipient can be configured per-user

Improvements

• Booklore Bookdrop API destination support as an alternative to specific library selection (#625)
• Download path options for all torrent clients (#625)
• Add tag support to qBittorrent downloads (#610)
• Add threading to file system operations for improved performance (#602)
• Enhanced custom scripting -JSON download info, more consistent activation, decoupled from staging (#591)
• Hardlink-before-move optimization for file transfers (#591)
• New BookLore API file formats (#591)
• Improved login cookie naming for reverse proxy compatibility (#591)
• Fix Transmission URL parsing (#591)
• Fix healthcheck starvation during large file processing (#591)

v1.1.1 hotfix

• Pin Flask dependency until session bug introduced in 3.1.3 is fixed

Improvements:

• Updated AA mirror list with latest available URLs
• Added customizable mirror list for AA URLs in the settings UI
• Added rich search and results formatting for whitelisted indexers, including format, language and author (Currently: MAM is whitelisted)
• Added "days" age for usenet/torrent releases
• Reworked internal bypasser to use pure CDP functions. Removed Chrome Webdriver dependencies and complexity.
• For external downloads, added locating and retry mechanism for discovering files instead of immediately failing
• Added client side storage of Book/Audiobook search preference
• Added M4A supported audiobook option
• Added flags column for freeleech, VIP etc, for all Prowlarr results. (#539 by @dawescc)
• Enhanced naming template features with arbitrary prefix/suffix support (#560 by @seekermarcel)

Fixes:

• Fixed reverse proxy base URL in edge cases
• Improved file transfer counting and logging with hardlink fallback warnings
• Fixed proxy auth header for REMOTE_USER scenario
• Fixed base path resolution timing issue for subpath deployments (#572 by @andykelk)
• Improved entrypoint chown efficiency
• Added ONBOARDING env variable, default true

Contributors

• @andykelk
• @seekermarcel
• @dawescc