Skip to content

chore(deps): update dependency tautulli/tautulli to v2.17.1#63

Merged
eudaldgr merged 1 commit intomainfrom
renovate/tautulli-tautulli-2.x
May 7, 2026
Merged

chore(deps): update dependency tautulli/tautulli to v2.17.1#63
eudaldgr merged 1 commit intomainfrom
renovate/tautulli-tautulli-2.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 6, 2026

This PR contains the following updates:

Package Update Change
Tautulli/Tautulli patch 2.17.02.17.1

Release Notes

Tautulli/Tautulli (Tautulli/Tautulli)

v2.17.1

Compare Source

  • Notifications:
    • Fix: Tautulli Remote App notifications failing to send. (#​2669)
    • New: Added extra type and preroll to notification parameters.
    • New: Added Simkl URL to notification parameters.
  • Newsletters:
    • Fix: Remote code execution via newsletter custom template directory. (CVE-2026-41065) (Thanks @​remindsec)
  • Exporter:
    • Fix: Export failed when logo / square art keys were included. (#​2685)
  • UI:
    • Fix: Error when browsing for folder paths. (#​2673)
    • New: Added AV1 media flag image. (#​2676) (Thanks @​little0831)
    • New: Added opus media flag image.
  • Other:
    • Fix: Clean empty directories after updating using git. (#​2667)
    • Fix: Tautulli failing to reconnect to Plex Media Server until restarted after a connection loss at startup. (#​2640)
    • Fix: Path treversal in cache deletion API. (CVE-2026-40605) (Thanks @​JakePeralta7)
    • Fix: Websocket not exiting and reconnecting cleanly after changing Plex servers.
    • Fix: Sanitize JS log errors to prevent XSS. (CVE-2026-43984) (Thanks @​larlarua)
    • Fix: Do not store image hash for external images. (CVE-2026-43986) (Thanks @​larlarua)
    • New: Update Windows and MacOS packages to Python 3.13.
    • New: Update Snap package to core24.
    • New: Using mounted folders for custom newsletter templates and scripts requires manually enabling allow_mounted_folders = 1 in the config file.
    • New: Added anti-CSRF tokens and enforce POST methods to state change endpoints. (CVE-2026-43985) (Thanks @​larlarua)
    • New: Hash Tautulli cookie name. All existing login sessions will be invalidated after the update.
    • New: Require X-Api-Key header for login through the /auth/signin endpoint.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from eudaldgr May 6, 2026 10:59
@eudaldgr eudaldgr merged commit 8ac49e1 into main May 7, 2026
67 of 94 checks passed
@renovate renovate Bot deleted the renovate/tautulli-tautulli-2.x branch May 7, 2026 21:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eudaldgr eudaldgr eudaldgr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eudaldgr