miniflux_v2/ChangeLog

Version 2.0.43 (March 16, 2023)
-------------------------------

* Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler (CVE-2023-27592)
    
    Creating an RSS feed item with the inline description containing an `<img>` tag
    with a `srcset` attribute pointing to an invalid URL like
    `http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error
    condition where the invalid URL is returned unescaped and in full.
    
    This results in JavaScript execution on the Miniflux instance as soon as the
    user is convinced to open the broken image.

* Use `r.RemoteAddr` to check `/metrics` endpoint network access (CVE-2023-27591)
    
    HTTP headers like `X-Forwarded-For` or `X-Real-Ip` can be easily spoofed. As
    such, it cannot be used to test if the client IP is allowed.
    
    The recommendation is to use HTTP Basic authentication to protect the
    metrics endpoint, or run Miniflux behind a trusted reverse-proxy.

* Add HTTP Basic authentication for `/metrics` endpoint
* Add proxy support for several media types
* Parse feed categories from RSS, Atom and JSON feeds
* Ignore empty link when discovering feeds
* Disable CGO explicitly to make sure the binary is statically linked
* Add CSS classes to differentiate between category/feed/entry view and icons
* Add rewrite and scraper rules for `blog.cloudflare.com`
* Add `color-scheme` to themes
* Add new keyboard shortcut to toggle open/close entry attachments section
* Sanitizer: allow `id` attribute in `<sup>` element
* Add Indonesian Language
* Update translations
* Update Docker Compose examples:
    - Run the application in one command
    - Bring back the health check condition to `depends_on`
    - Remove deprecated `version` element
* Update scraping rules for `ilpost.it`
* Bump `github.com/PuerkitoBio/goquery` from `1.8.0` to `1.8.1`
* Bump `github.com/tdewolff/minify/v2` from `2.12.4` to `2.12.5`
* Bump `github.com/yuin/goldmark` from `1.5.3` to `1.5.4`
* Bump `golang.org/x/*` dependencies

Version 2.0.42 (January 29, 2023)
---------------------------------

* Fix header items wrapping
* Add option to enable or disable double tap
* Improve PWA display mode label in settings page
* Bump `golang.org/x/*` dependencies
* Update translations
* Add scraping rule for `ilpost.it`
* Update reading time HTML element after fetching the original web page
* Add category feeds refresh feature

Version 2.0.41 (December 10, 2022)
----------------------------------

* Reverted PR #1290 (follow the only link) because it leads to several panics/segfaults that prevent feed updates
* Disable double-tap mobile gesture if swipe gesture is disabled
* Skip integrations if there are no entries to push
* Enable TLS-ALPN-01 challenge for ACME
    - This type of challenge works purely at the TLS layer and is compatible
    with SNI proxies. The existing HTTP-01 challenge support has been left
    as-is.
* Preconfigure Miniflux for GitHub Codespaces
* Updated `golang.org/x/net/*` dependencies

Version 2.0.40 (November 13, 2022)
----------------------------------

* Update dependencies
* Pin Postgres image version in Docker Compose examples to avoid unexpected upgrades
* Make English and Spanish translation more consistent:
    - Use "Feed" everywhere instead of "Subscription"
    - Use "Entry" instead of "Article"
* Allow Content-Type and Accept headers in CORS policy
* Use dirs file for Debian package
* Use custom home page in PWA manifest
* Fix scraper rule that could be incorrect when there is a redirect
* Improve web scraper to fetch the only link present as workaround to some landing pages
* Add Matrix bot integration
* Proxify images in API responses
* Add new options in user preferences to configure sorting of entries in the category page
* Remove dependency on `github.com/mitchellh/go-server-timing`
* Add support for the `continuation` parameter and result for Google Reader API ID calls
* Use automatic variable for build target file names
* Add rewrite rule for `recalbox.com`
* Improve Dutch translation

Version 2.0.39 (October 16, 2022)
---------------------------------

* Add support for date filtering in Google Reader API item ID calls
* Handle RSS entries with only a GUID permalink
* Go API Client: Accept endpoint URLs ending with `/v1/`
* CORS API headers: Allow `Basic` authorization header
* Log feed URL when submitting a subscription that returns an error
* Update `make run` command to execute migrations automatically
* Add option to send only the URL to Wallabag
* Do not convert anchors to absolute links
* Add config option to use a custom image proxy URL
* Allow zoom on mobile devices
* Add scraping rules for `theverge.com`, `royalroad.com`, `swordscomic.com`, and `smbc-comics.com`
* Add Ukrainian translation
* Update `golang.org/x/*` dependencies
* Bump `github.com/tdewolff/minify/v2` from `2.12.0` to `2.12.4`
* Bump `github.com/yuin/goldmark` from `1.4.13` to `1.5.2`
* Bump `github.com/lib/pq` from `1.10.6` to `1.10.7`

Version 2.0.38 (August 13, 2022)
--------------------------------

* Rename default branch from master to main
* Update GitHub Actions
* Bump `github.com/prometheus/client_golang` from `1.12.2` to `1.13.0`
* Fix some linter issues
* Handle Atom links with a text/html type defined
* Add `parse_markdown` rewrite function
* Build RPM and Debian packages automatically using GitHub Actions
* Add `explosm.net` scraper rule
* Make default home page configurable
* Add title attribute to entry links because text could be truncated
* Highlight categories with unread entries
* Allow option to order by title and author in API entry endpoint
* Update Russian translation
* Make reading speed user-configurable
* Added translation for Hindi language used in India
* Add rewrite rules for article URL before fetching content
* Bump `github.com/tdewolff/minify/v2` from `2.11.7` to `2.12.0`
* Support other repo owners in GitHub Docker Action
* Proxify empty URL should not crash
* Avoid stretched image if specified width is larger than Miniflux's layout
* Add support for OPML files with several nested outlines
* sanitizer: handle image URLs in `srcset` attribute with comma
* Allow `width` and `height` attributes for `img` tags
* Document that `-config-dump` command line argument shows sensitive info
* Add System-V init service in contrib folder
* Fix syntax error in `RequestBuilder.getCsrfToken()` method

Version 2.0.37 (May 27, 2022)
-----------------------------

* Add rewrite rule to decode base64 content
* Add Linkding integration
* Add comment button to Telegram message
* Add API endpoint to fetch unread and read counters
* Fixes logic bug in Google Reader API sanity check
* Reduce number of CORS preflight check to save network brandwidth
* Add Espial integration
* Allow API search for entries which are not starred
* Try to use outermost element text when title is empty
* Make swipe gestures feel more natural
    - Removes opacity transition when swiping an article read/unread
    - Adds "resistance" to the swiped entry when the 75px threshold is
    reached
    - Fixes an issue in which a swiped article couldn't be moved <15px
* Add support for feed streams to Google Reader API IDs API
* Fix invalid parsing of icon data URL
* Add Traditional Chinese translation
* Add distroless Docker image variant
* Add Go 1.18 to GitHub Action
* Bump `github.com/tdewolff/minify/v2` from `2.10.0` to `2.11`
* Bump `github.com/prometheus/client_golang` from `1.12.1` to `1.12.2`
* Bump `github.com/lib/pq` from `1.10.4` to `1.10.6`

Version 2.0.36 (March 8, 2022)
------------------------------

* Gray out pagination buttons when they are not applicable
* Use truncated entry description as title if unavailable
* Do not fallback to InnerXML if XHTML title is empty
* Add `+` keyboard shortcut for new subscription page
* Add `(+)` action next to Feeds to quickly add new feeds
* Fix unstar not working via Google Reader API
* Remove circles in front of page header list items
* Fix CSS hover style for links styled as buttons
* Avoid showing `undefined` when clicking on read/unread
* Add new keyboard shortcut `M` to toggle read/unread, and go to previous item
* Add several icons to menus according to their roles
* Add missing event argument to `onClick()` function call
* Add links to scraper/rewrite/filtering docs when editing feeds
* Add a rewrite rule for Castopod episodes
* Fix regression: reset touch-item if not in `/unread` page
* Add API endpoint to fetch original article
* Show the category first in feed settings
* Add pagination on top of all entries
* Display Go version in "About" page
* Bump `mvdan.cc/xurls/v2` from 2.3.0 to 2.4.0
* Bump `github.com/prometheus/client_golang` from 1.11.0 to 1.12.1
* Bump `github.com/tdewolff/minify/v2` from 2.9.28 to 2.10.0

Version 2.0.35 (January 21, 2022)
---------------------------------

* Set `read-all` permission to `GITHUB_TOKEN` for GitHub Actions
* Pin `jshint` version in linter job
* Fix incorrect conversion between integer types
* Add new GitHub Actions workflows: CodeQL and Scorecards analysis
* Handle Atom feeds with space around CDATA
* Bump `github.com/tdewolff/minify/v2` from 2.9.22 to 2.9.28
* Add Documentation directive to Systemd service
* Do not reset `touch-item` if successfully swiped
* Add support for multiple authors in Atom feeds
* Omit `User-Agent` header in image proxy to avoid being blocked
* Use custom feed user agent to fetch website icon
* Make default Invidious instance configurable
* Add new rewrite rule `add_youtube_video_from_id` to add Youtube videos in Quanta articles
* Add scrape and rewrite rules for `quantamagazine.org`
* Expose entry unshare link in the entry and list views
* Add Google Reader API implementation (experimental)
* Add `Content-Security-Policy` header to feed icon and image proxy endpoints
    - SVG images could contain Javascript. This CSP blocks inline script.
    - Feed icons are served using `<img>` tag and Javascript is not interpreted.
* Add Finnish translation
* Add scraper rule for `ikiwiki.iki.fi`
* Remove `SystemCallFilter` from `miniflux.service`
* Fix minor typo in French translation

Version 2.0.34 (December 16, 2021)
----------------------------------

* Add rewrite rule for comics website http://monkeyuser.com
* Add `<head>` tag to OPML export
* Tighten Systemd sandboxing and update comments in `miniflux.service`
* Add `RuntimeDirectory` to Systemd service
* Order disabled feeds at the end of the list
* Add support for theme color based on preferred color scheme of OS
* Bump `github.com/lib/pq` from 1.10.3 to 1.10.4
* Bump `github.com/PuerkitoBio/goquery` from 1.7.1 to 1.8.0
* Fix typos in `model/icon.go`
* Add `data-srcset` support to `add_dynamic_image rewrite` rewrite rule
* Fix Docker Compose example files compatibility to v3
* Added the `role="article"` to `<article>` elements for better accessibility with screen readers
* Redact secrets shown on the about page
* Handle `srcset` images with no space after comma
* Hide the logout link when using auth proxy
* Fix wrong CSS variable
* Change `-config-dump` command to use `KEY=VALUE` format

Version 2.0.33 (September 25, 2021)
-----------------------------------

* Build RPM and Debian package with PIE mode enabled
* Add CSS rule to hide `<template>` tag in old browsers
* Bump `github.com/tdewolff/minify/v2 from 2.9.21 to 2.9.22`
* Bump `github.com/lib/pq from 1.10.2 to 1.10.3`
* Remove `RequestURI()` hack
* Improve `zh_CN` translation
* Add ability to change entry sort order in the UI
* Add minor improvements in integration package
* Add Telegram integration
* Add rewrite rule to remove DOM elements
* Add proxy argument to `scraper.Fetch()`
* Add mime type `application/feed+json` to discover JSON Feed v1.1
* Update scraper rule for `theregister.com`
* Add Go 1.17 to GitHub Actions
* Display option to hide feed only when category is not already hidden
* Add option to hide feeds from the global Unread list

Version 2.0.32 (August 14, 2021)
--------------------------------

* Bump `github.com/tdewolff/minify/v2` from 2.9.17 to 2.9.21
* Bump `mvdan.cc/xurls/v2` from 2.2.0 to 2.3.0
* Bump `github.com/PuerkitoBio/goquery` from 1.6.1 to 1.7.1
* Bump `github.com/prometheus/client_golang` from 1.10.0 to 1.11.0
* Add `/rss/` to the list of well known URLs during feed discovery
* Use `authors` entry for JSON 1.1 feeds
* Added Greek translation
* Added the ability to mark an entire category as read in the web ui
* Added "in" in "logged in" for en_US `tooltip.logged_user`
* Added option to hide categories from the global unread list
* Show "saving" labels for entry status button
* Golang client: Try to parse response body on `InternalServerError` errors
* contrib: Add support for a $MINIFLUX_IMAGE env var in docker-compose
* contrib: Bump docker-compose version to 3.4

Version 2.0.31 (June 6, 2021)
-----------------------------

* Expose comments_url entry field in Golang API client
* Use unique file names for cache busting instead of query string
* Highlight and sort feeds with unread entries in feeds list
* Mark items as read on click/middle click of external links
* Fix: Firefox on Windows does not show the active link as bold
* Avoid extra HTTP request for fetching custom stylesheet
* Remove invalid CSRF HTML meta tag
* Add lang attribute to root HTML tag
* Use runes instead of bytes to truncate JSON feed titles (avoid breaking Unicode strings)
* Expose changed_at time through the API
* Add new config option CLEANUP_ARCHIVE_BATCH_SIZE
* Add new option DATABASE_CONNECTION_LIFETIME
* Add database stats to Prometheus exporter
* Add Systemd watchdog
* Avoid custom stylesheet to be cached by third-party CDN
* Update a shared entry label translation in zh_CN
* Bump github.com/tdewolff/minify/v2 from 2.9.16 to 2.9.17
* Bump github.com/lib/pq from 1.10.1 to 1.10.2

Version 2.0.30 (May 7, 2021)
----------------------------

* Security fix: any user can delete any feed (Regression introduced in commit 51fb949)
* Fix password reset via CLI
* Increase default batch size value
* Handle RSS feed title with encoded Unicode entities
* Show number of unread per category in category list instead of number of feeds
* Bump github.com/lib/pq from 1.10.0 to 1.10.1
* Filtering doesn't work when selecting from multiple found feeds
* Bump github.com/tdewolff/minify/v2 from 2.9.15 to 2.9.16
* Use an appropriate color for visited links on dark theme
* Fix typo in reader/json/doc.go
* Create SECURITY.md
* Setup golangci-lint Github Action
* Add per feed cookies option
* Bump github.com/prometheus/client_golang from 1.9.0 to 1.10.0
* Bump github.com/tdewolff/minify/v2 from 2.9.13 to 2.9.15

Version 2.0.29 (Mar 21, 2021)
-----------------------------

* Miniflux requires at least Go 1.16 now
* Improved support of Atom text constructs
    - Improve handling of CDATA in text elements
    - Omit XHTML root element because it should not be part of the content
    - Fix incorrect parsing of HTML elements
* Handle RDF feed with HTML encoded entry title
* Add Turkish language
* Improve deletion of feeds with lots of entries
* Add support of Systemd readiness notification using the sd_notify protocol
* Remove feed_icons service worker cache because it's causing more problems than it solves (and HTTP cache seems faster)
* Add basic PWA offline page
    - Add basic offline mode when using the service worker
    - Starting in Chrome 93, offline mode is going to be a requirement to install the PWA
* Replace icon for "Add to home screen" button
* Use SVG icons for "toast" notifications
* Use SVG sprite for icons instead of inline elements
* Reset scroll position on mark page as read
* Add link to mark all feed entries as read
* Make web app display mode configurable (The change is visible after reinstalling the web app)
* Handle RSS feeds with CDATA in author item element
* Add read time on the article page
* Avoid showing a broken image when there is no feed icon
* Add option to allow self-signed or invalid certificates
* Add new config option to scrape YouTube's website to get video duration as read time (disabled by default)
* Send full article content to Wallabag
* Add more extensive health check support
    - Improve endpoint to test database connection
    - Add new cli argument: -healthcheck
    - Update Docker Compose examples
* Update iframe "allow list" to support Bilibili videos
* Remove completely generated files and use embed package to bundle JS/CSS/Images/Translations files into the final binary
* Remove deprecated io/ioutil package
* Show Postgres version in "About" page

Version 2.0.28 (Feb 15, 2021)
-----------------------------

* Add HTTP header "Referrer-Policy: no-referrer"
* Handle entry title with double encoded entities
* Add Open Containers annotations to Docker image
* Remove iframe inner HTML contents (iframe element never has fallback content)
* Update date parser to fix another time zone issue
* Update German translation for blocklist and keeplist
* Validate Keep list and Block list rules syntax
* Add support for IPv6 with zone index
* Allow images with data URLs
* Limit full-text search indexation to first 500K characters (tsvector has a size limit of 1MB)
* Change PWA display mode to standalone
* ETag value is not set correctly in HTTP client (regression)
* Add database backed Let's Encrypt certificate cache
* Add global option POLLING_PARSING_ERROR_LIMIT
* Update systemd service file comments to use `systemctl edit` for editing
* Update Go version to 1.15 in go.mod
* Don't discard the "Fetch via Proxy" option
* Update man page to show the default values
* Add PostgreSQL indices
* Add API endpoints to get feeds and entries of a category
* Create feed query builder
* Bump github.com/PuerkitoBio/goquery from 1.6.0 to 1.6.1
* Show global options in the about page
* Update man page to mention -1 can be used for CLEANUP_ARCHIVE_* options

Version 2.0.27 (Jan 9, 2021)
----------------------------

* Add spellcheck="false" to input fields
* Refactoring of entry, feed, category, and user validation
* Avoid stripping tags for entry title
* Add the possibility to subscribe to feeds with the Android Share menu
* API improvements:
    - Change feed creation request to allow setting most fields via API
    - Allow regular users to change settings via API
    - Make user fields editable via API
    - Renaming non-existent category via API should return a 404
* Update Systemd service file:
    - Add capability CAP_NET_BIND_SERVICE (allow the process to listen on privileged ports)
    - Enable a private /tmp for $CERT_CACHE (required when using Let's Encrypt)
* Update read/star icons to SVGs
* Add autocomplete="username" to HTML forms
* Improve user mass delete to use fewer Goroutines
* Use SQL transaction when creating user sessions and users
* Remove extra column (HSTORE field) from users table and migrate key/value pairs to specific columns
* Bump github.com/prometheus/client_golang from 1.8.0 to 1.9.0
* Bump github.com/lib/pq from 1.8.0 to 1.9.0
* Add styles for <abbr> HTML tag
* Refactor SQL migrations:
    - Avoid embedding SQL files into binary
    - Allow more flexible changes by using Go functions
* Add Server-Timing header to unread page
* Show correct User Agent in input placeholders
* Add autocomplete attribute to login form
* Add Grafana dashboard in contrib folder

Version 2.0.26 (Dec 5, 2020)
----------------------------

* Use created_at instead of published_at for archiving entries
* Add created_at field for entries
* Handle invalid feeds with relative URLs
* Add API routes for "mark all as read"
* Add support for setting a global default User-Agent
* Add rewrite rule "replace" for custom search and replace
* Calculate reading time during feed processing
* Handle various invalid dates
* systemd: keep /run writeable
* debian package: add missing post-install script
* Do not follow redirects when trying known feed URLs
* Trim spaces around icon URLs
* Reinstate EXPOSE instruction in Dockerfile
* Update German and Portuguese translations

Version 2.0.25 (Nov 3, 2020)
----------------------------

* Rename "original" link to be more explicit
* Do not escape HTML for Atom 1.0 text content during parsing (Avoid HTML entities issues)
* Do not use charset.NewReader if the body is a valid UTF-8 document
* Restore the ability to use a proxy for all HTTP requests (see https://golang.org/pkg/net/http/#ProxyFromEnvironment)
* Show Git commit in about page
* Publish Docker images to GitHub Container Registry
* Added few Docker Compose examples in contrib folder
* Added Ansible Role + Playbook for Miniflux in contrib folder
* Add rewrite rule to use noscript content for images rendered with Javascript
* Bump github.com/prometheus/client_golang from 1.7.1 to 1.8.0
* Update contributor link and Godoc badge for API client
* Move Debian package builder to main repository
* Move RPM build files to main repository
* Add GitHub Action to generate Docker images
* Build multi-platform images with Docker Buildx
* Add keyboard shortcut to scroll current item to the top
* Add feed filters (Keeplist and Blocklist)
* Do not proxy image with a data URL
* Bump github.com/PuerkitoBio/goquery from 1.5.1 to 1.6.0
* Proxify articles crawled manually
* Proxify images defined in srcset attribute
* Remove plaintext Fever password from database
* Add keyboard shortcut to jump to an item's feed page
* Add option for swipe gesture on entries on mobile

Version 2.0.24 (Oct 3, 2020)
----------------------------

* Add rewrite rule to fix Medium.com images
* Update sanitizer to support responsive images:
    - Add support for picture HTML tag
    - Add support for srcset, media, and sizes attributes to img and source tags
* Enhance man page formatting
* Add Prometheus exporter
* Remove dependency on global config options in HTTP client
* API:
    - Avoid database lookup if empty credentials are provided
    - Add the possibility to filter entries by category ID
    - Add the possibility to filter entries by a list of statuses
* Add Feed ID in worker error logs
* Tweak default HTTP client transport timeout values to reduce the number of file descriptors
* CSS tweaks and optimizations:
    - Prevent sub and sup from affecting line-height
    - Set touch-action on .items to prevent browser navigation
    - Move font-family specific CSS to the appropriate file
    - Update primary font-family for UI to be even more compatible with various operating systems
    - Make .entry-content font-weight variable depending on font-family used
* Avoid Javascript minifier to break keyboard shortcuts
* Rename service worker script to avoid being blocked by uBlock
* Update date parser to handle Pacific Daylight Time in addition to Pacific Standard Time
* Create index to speed up bookmark page
* Do not try to update a duplicated feed after a refresh
* Use a transaction to refresh and create entries
* Speed up entries clean up with an index and a goroutine
* Avoid the accumulation of enclosures by keeping only what is referenced in the feed
* Add workarounds for parsing an invalid date
* Archive older entries first
* Update API client to support more filters
* Avoid duplication between get feed entries and get entries API endpoints
* Enable strict slash to avoid a page not found (404) when using a trailing slash in the URLs
* Add a submit button to each section of the integration page
* Reload page after making page as read when showing unread entries
* Add option to archive unread entries
* Add option to enable maintenance mode
* Add HTTP proxy option for subscriptions
* Make add_invidious_video rule applicable for different invidious instances
* Fix reading time for jp, ko and zh languages
* Update POLLING_SCHEDULER description in man page
* Bump gorilla/mux from 1.7.4 to 1.8.0
* Add link to mark a feed as read

Version 2.0.23 (Aug 15, 2020)
-----------------------------

* Try known URLs when discovering subscriptions
* Add workarounds to find YouTube channel feeds (YouTube doesn't expose RSS links anymore for new-style URLs)
* Increase HTTP server timeout values
* Use stdlib constants for HTTP methods instead of strings
* Add support for RTL feed content
* Ignore <media:title> to avoid overriding the default title if they are different
* Add support for secret keys exposed as a file (useful for containerized environments)
* Display recent entries first in search results
* Do not archive shared items
* Add option to change the number of entries per page
* Add Brazilian Portuguese (pt_BR) translation
* Add reading time for entries
* Redirect to login page if CSRF token is expired
* Fever API:
    - Use getEntryIDs instead of getEntries to reduce memory consumption
    - Fix max_id argument logic to follow the specs
    - Improve logging
    - Do not send articles to external services when unsaving an item
    - Create index to speed up API calls
    - Log client IP in middleware
* API client: Do not return body for response with no content
* REST API:
    - Delete users asynchronously (Deleting large users might lock the tables)
    - Add CORS support
* Align entry actions to the left
    - Attempt to avoid awkward alignment on smartphone screens
    - Keep the read/star actions aligned to the left
    - Remove CSS flex to allow easier override with custom CSS
* Upgrade Postgres client library
* Upgrade CI checks to Go 1.15

Version 2.0.22 (Jun 19, 2020)
-----------------------------

* Remove child-src CSP policy (deprecated)
* Add /version endpoint
* Add the ability to use custom css
* Handle more invalid dates
* Add CSS styles for textarea
* Add index to speed up slow query
* Speed up feed list page rendering
* Add alternative scheduler based on the number of entries
* Setup Dependabot on GitHub
* Update Docker image to Alpine 3.12
* Add feed option to ignore HTTP cache
* Fix some Italian and German translations
* Added scraper rule for RayWenderlich.com, TheOatmeal.com, financialsamurai.com, dilbert.com and turnoff.us
* Replace link to categories by a link to the list of entries in "Category > Feeds" page
* Change feed title to a link to the original website
* Add icons to feeds and categories list
* Update dependencies and remove vendor folder

Version 2.0.21 (Mar 28, 2020)
-----------------------------

* Add SVG icons to entry actions
* Add support for Invidious
    - Embed Invidious player for invidio.us feeds
    - Add new rewrite rule to use Invidious player for Youtube feeds
* Check during application startup if the database schema is up to date
* Change default theme for public pages to "System Serif"
* Add feature to share an article (create a public link of a feed entry)
* Fix SQL injection in full-text search rank ordering
* Add generic OpenID Connect provider (OAuth2)
* Use more secure TLS configuration for autocert server (increase SSL Labs score from B to A+)
* Add feature to create per-application API Keys
* Add Go 1.14 to GitHub Actions
* Add scraper rule for wdwnt.com
* Add API client function to refresh all feeds
* Add API endpoint to refresh all feeds
* Add Auth Proxy authentication
* Use rel=prev/next on pagination links

Version 2.0.20 (Feb 15, 2020)
-----------------------------

* Add Japanese translation
* History: show entries in the order in which they were read
* Add button to add to Home screen
* Ignore enclosures without URL
* Correct spelling of "toggle"
* List view: align information to the left side, and the actionable buttons to the right
* Redirect to /unread when getting a 404 for an unread expired entry
* Do not advance to the next item when using the 'v' shortcut on the list of starred items
* Wrap around when navigating with keyboard shortcuts on a list view
* Remove unused Feed.Entries and Entry.Category from API client
* Add comments link keyboard shortcut
* Allow application/xhtml+xml links as comments URL in Atom replies
* Allow only absolute URLs in comments URL
* Use internal XML workarounds to detect feed format
* Make menu consistent across feed pages
* Make sure external URLs are not encoded incorrectly by Go template engine
* Make sure whitelisted URI schemes are handled properly by the sanitizer
* Use white background for favicon (Improve legibility when using a dark theme)
* Remove dependency on Sed to build Docker images
* Normalize URL query string before executing HTTP requests
* Improve Dublin Core support for RDF feeds
* Improve Podcast support (iTunes and Google Play feeds)
* Add support for Atom 0.3
* Add support for Atom "replies" link relation
* Return outer HTML when scraping elements
* Update scraper rule for "Le Monde"
* Filter valid XML characters for UTF-8 XML documents before decoding
* Trim spaces for RDF entry links

Version 2.0.19 (Dec 1, 2019)
----------------------------

* Add shortcut "V" to open original link in current tab
* Add the possibility to add rules during feed creation
* Wrap attachments into <details> disclosure element
* Show attachment size on entry page
* Add support of RSS Media elements (group, description, peer link, and thumbnails)
* Add rewrite functions: convert_text_link and nl2br
* Add scraper rule for openingsource.org
* Add Makefile target to build only amd64 Docker image
* Make sure to remove integration settings when removing a user
* Add API parameter to filter entries by category
* Display list of feeds per category
* Show the number of read and unread entries for each feed
* Make sure settings menu is consistent
* Remove fixed table-layout for entry content
* Update autocert lib because ACME v1 is EOL
* Do not lighten blockquote font color
* Update de_DE translation
* Send a response when changing status of removed entries in Fever API
* Add meta tag to disable Google Translate
* Improve storage module
* Improve XML decoder to remove illegal characters
* Compare Fever token case-insensitively
* Make sure integration tests are marked as failed in Github Actions
* Add new formats to date parser
* Add notification message when using keyboard shortcuts: f, s, and m.
* Avoid keyboard shortcuts to conflict with Firefox’s "Find as you type" feature

Version 2.0.18 (Sep 25, 2019)
-----------------------------

* Add Docker image variant for arm32v7
* Add theme variants
    - Use CSS variables instead of inherence
    - Rename default theme to "Light - Serif"
    - Rename Black theme to "Dark - Serif"
    - Rename "Sans-Serif" theme to "Light - Sans Serif"
    - Add "System" theme that use system preferences: Dark or Light
    - Add Serif and Sans-Serif variants for each color theme
* Avoid constraint error when having duplicate entries during feed creation
* Disable strict XML parsing
* Ignore invalid content type
* Update man page
* Replace Travis by GitHub Actions
* Rename cleanup config variables and deprecate old ones
    - CLEANUP_FREQUENCY_HOURS instead of CLEANUP_FREQUENCY
    - CLEANUP_ARCHIVE_READ_DAYS instead of ARCHIVE_READ_DAYS
* Make configurable the number of days to remove old sessions
* Add native lazy loading for images and iframes
* Do not buffer responses in the image proxy
* Update dependencies
* Add Go 1.13 to test matrix
* Replace link border by outline to avoid slight content shift
* New rewrite function: add_mailto_subject
* Import OPML from URL
* Fix HTML injection in addImageTitle
* Accept HTML entities when parsing XML

Version 2.0.17 (Aug 3, 2019)
----------------------------

* Update Docker image to Alpine Linux 3.10.1
* Pass auth header to manifest request (crossorigin attribute)
* Sort feed categories before serialization
* Fix syntax errors in man page
* Add .search margin-right
* Ask for confirmation before flushing history, marking page as read, and mark all as read
* Add option to disable feeds

Version 2.0.16 (Jun 8, 2019)
----------------------------

* Add option to toggle date/time in log messages
* Add optional config file parser in addition to environment variables
* Make HTTP Client timeout and max body size configurable
* Refactor config package:
    - Parse configuration only once during startup time
    - Store configuration values in a global variable
* Flip behavior of j and k keyboard shortcuts
* Bump Postgresql client library to v1.1.1 to bring in SCRAM-SHA-256 authentication
* Add option to enable/disable keyboard shortcuts
* Add missing translation
* Improve page reload when showing unread/all entries:
    - Show only unread entries = refresh current page
    - Show all entries = go to next page
* Always display feed entries even when there is a feed error
* Use loading label instead of saving when submitting login form
* Add OPML v1 support during importation
* Add 'allow-popups' to iframe sandbox permissions

Version 2.0.15 (Mar 16, 2019)
-----------------------------

* Move Dockerfile to main repo
* Change location of the binary from /usr/local/bin to /usr/bin in Docker image
* Add double tap detection for next/previous page navigation
* Allow users to disable auto-remove
* Make parser compatible with Go 1.12
* Add Golang 1.12 to CI
* Use feed ID instead of user ID to check entry URLs presence
* Fix typo in stylesheet
* Sort search results by relevance
* Use preferably the published date for Atom feeds
* Add Spanish translation
* Rename session cookies
* Handle the case when application session is expired and not user session

Version 2.0.14 (Jan 13, 2019)
-----------------------------

* Only attempt to change password if the confirmation field is filled in (Firefox)
* Remove URL from client user agent
* Make the feed list order case-insensitive
* Handle XHTML Summary elements for Atom feeds
* Make UTF-8 the default encoding for XML feeds
* Add more targets to Makefile
* Add -mod=vendor in Makefile
* Move health check endpoint from ui package to httpd service
* Add workaround for non GMT dates (RFC822, RFC850, and RFC1123)
* Make sure `<strong>` elements are bold
* Show scrollbars only when necessary for <pre> elements
* Add Italian translation
* Allow to switch between unread only and all entries on category/feed views
* Add function storage.UpdateFeedError()
* Add BBC News scraping rule
* Ignore JSON feeds from EnsureUnicode()
* Preserve category selection when no feed is found
* Update XML encoding regex to take single quotes into consideration
* Send cli errors to stderr
* Update dependencies
* Make password prompt compatible with Windows
* Make configurable the number of days to archive read items
* Change log level to debug when starting workers
* Do not show $DATABASE_URL warning when showing application info
* Move image proxy filter to template functions
* Update scraper rule for lemonde.fr
* Refactor manual entry scraper
* Apply rewriter rules on manual "Fetch Original Content"
* Add Makefile target for current OS and architecture
* Improve Makefile

Version 2.0.13 (Nov 25, 2018)
-----------------------------

* Add man page
* Add support for Systemd Socket Activation (experimental)
* Add the possibility to listen on Unix sockets
* Add config options to disable HTTP and scheduler services
* Archive more read entries in cleanup job
* Change default database connection string (backward compatible)
* Improve logging messages in ui package
* Improve overall Simplified Chinese translations
* Improve time since post date displays:
    - "15 days" now is "15 days" rather than "3 weeks" ago
    - "32 days" is now "1 month" rather than "2 months" ago
    - "366 days" is now "1 year" rather than "2 years" ago
* Allow the scraper to parse XHTML documents
* Remove charset=utf-8 from JSON responses
* Ignore hotkeys containing Control, Alt or Meta keys
* Handle more encoding conversion edge cases
* Disable go test caching
* Avoid duplication of ldflags in Makefile
* Fix wrong translation key for category pages
* Code refactoring:
    - Simplify application HTTP middlewares
    - Replace daemon and scheduler package with service package
    - Move UI middlewares and routes to ui package
    - Move API middleware and routes to api package
    - Move Fever middleware and routes to fever package

Version 2.0.12 (Oct 26, 2018)
-----------------------------

* Add OpenBSD build
* Improve logging for OAuth2 callback
* Make "g f" go to feed, or list of feeds
* Add more details in feed storage errors to facilitate debugging
* Add entries storage error to feed errors count
* Set arbitrary maximum size for tsvector column
* Unsubscribe from feed through link or "#"
* Simplify feed entries filtering
* Simplify feed fetcher
* Simplify feed parser and format detection
* Improve unit tests in url package
* Add short cli flags -i and -v
* Convert text links and line feeds to HTML in YouTube channels
* Change link state when marking all entries as read
* Add missing package descriptions for GoDoc
* Fix typo in license header
* Refactor HTTP response builder
* Improve Fever API performances when marking a feed or group as read
* Set focus on article link when pressing prev/next hotkeys
* Improve request package and add more unit tests
* Add more unit tests for config package
* Simplify locale package usage (refactoring)
* Translate application in Russian
* Use disclosure widget <details> for advanced feed options
* Use unique translation IDs instead of English text as key
* Add more unit tests for template functions
* Fix invalid output when truncating Unicode text in templates
* Add the possibility to override default user agent for each feed
* Split Makefile linux targets by architecture
* Add compiler, Arch, and OS to info command
* Avoid line break between emoji and (un)read/(un)star links
* Build Docker image for multiple architectures (amd64, arm32v6, arm64v8)

Version 2.0.11 (Sep 11, 2018)
-----------------------------

* Set cookie flag `SameSite` to Lax mode
* Use predefined ciphers when TLS is configured
* Avoid displaying an error when shutting down the daemon
* Add "Mark this page as read" to the bottom
* Store client IP address in request context
* Refactor HTTP context handling
* Make user creation via environment variables idempotent
* Use regular text version of ✔︎ instead of emoji version on iOS
* Add toggle status button to entry page
* Migrate to Go Modules and Go 1.11
* Show count of feeds with permanent errors in header menu
* Display remote client IP in logs when having a login failure (Fail2Ban)
* Add remove button in feed edit page
* Split integration tests into multiple files
* Update scraper rule for heise.de
* Expose real error messages for internal server API errors
* Move Golang API client in project source tree (the separate project is deprecated)
* Use canonical imports
* Add Procfile
* Create database package (refactoring)
* Update user agent with new website URL
* Update German translation

Version 2.0.10 (July 22, 2018)
------------------------------

* Avoid browser caching issues when assets changes
* Add Gzip/Deflate compression for HTML, JSON, CSS and Javascript responses
* Improve themes handling
    * Store user theme in session
    * Logged out users will keep their theme
    * Add theme background color to web manifest and meta tag
* Update application icon with different sizes
* Add support for published tag in Atom feeds
* Add tooltip to feed domain in feeds list (title attribute)
* Prevent vertical scrolling on swipe
* Show feed title instead of domain in items list
* Add service worker to cache feed icons
* Make image proxy configurable via IMAGE_PROXY environment variable:
    * none = No proxy
    * http-only = Proxy only non-HTTPS images (default)
    * all = Proxy everything
* Add alt attribute for feed icons
* Update CI jshint check
* Add embedly.com to iframe whitelist
* Use passive event listeners for touch events
* Add `add_dynamic_image` rewriter for JavaScript-loaded images
* Change feed password field type to text to avoid auto-completion with Firefox
    * Using autocomplete="off" or autocomplete="new-password" doesn't change anything
    * Changing the input ID doesn't change anything
    * Using a different input name doesn't change anything
    * Only Chrome supports autocomplete="new-password"
* Add base URL validation
* Update default stylesheet name in HTML layout
* Pre-generate themes stylesheets at build time
* Update vendor dependencies
* Refactor assets bundler and split Javascript files
* Run sanitizer after all processing and entry content rewrite
* Remove timestamp from generated files
* Add support for protocol relative YouTube URLs
* Add Postgres full-text search for entries
* Add search form in user interface
* Add search parameter to the API
* Improve Dutch locales
* Sandbox iframes when sanitizing
* Keep consistent text size on mobile orientation change
* Change permission of /etc/miniflux.conf to 600 instead of 644 in RPM package
* Add tzdata package to Docker image
* Update Docker image to Alpine Linux 3.8

Version 2.0.9 (July 1, 2018)
----------------------------

* Avoid Chrome to autocomplete no-login password fields
* Add cli flag to reset all feed errors
* Do not ignore errored feeds when a user refresh feeds manually
* Add specific 404 and 401 error messages
* Strip binaries to reduce size
* Make sure we always get the pagination in unread mode
* Fix incorrect data value when toggling bookmark flag on entry page
* Set opener to null when opening original URL with JavaScript
* Remove unnecessary style
* Refactor AddImageTitle rewriter
    * Only processes images with `src` **and** `title` attributes (others are ignored)
    * Processes **all** images in the document (not just the first one)
    * Wraps the image and its title attribute in a `figure` tag with the title attribute's contents in a `figcaption` tag
* Improve sanitizer to remove `style`, `noscript` and `script` tag contents
* Improve feed and user API updates with optional values
* Add new fields for feed username/password
* Improve memory usage debug log
* Disable keep-alive for HTTP client
* Close HTTP response body even for failed requests
* Add Sans-Serif theme
* Rewrite iframe Youtube URLs to https://www.youtube-nocookie.com
* Add more filters for API call `/entries`:
    * before (unix timestamp)
    * before_entry_id (int64)
    * after (unix timestamp)
    * after_entry_id (int64)
    * starred (boolean)
* Rewrite individual entry pagination SQL queries
* Simplify entry query builder
* Prevent items from sticking on touchend
* Extended horizontal overflow to feed and category views
* Translate missing strings
* Update German translation

Version 2.0.8 (June 4, 2018)
----------------------------

* Add Pocket integration
* Rewrite RealIP() to avoid returning an empty string
* Convert IP field from text to inet type
* Improve error handling in integration clients
* Make unread counter clickable
* Archive read entries automatically after 60 days
* Hide horizontal overflow when swiping articles on touch devices
* Add API endpoint to get logged user
* Fever API: Return response with an empty list if there is no item
* Handle feeds with dates formatted as Unix timestamp

Version 2.0.7 (May 7, 2018)
---------------------------

* Add API endpoint to import OPML file
* Make sure to close request body in HTTP client
* Do not show save link if no integration is configured
* Make sure integrations are configured before to make any HTTP requests
* Avoid people to unlink their OAuth2 account without having a local password
* Do not use shared variable to translate templates (avoid concurrency issue)
* Use vanilla HTTP handlers (refactoring)
* Move HTTP client to its own package (refactoring)
* Add middleware to read X-Forwarded-Proto header (refactoring)
* Use Gorilla middleware (refactoring)
* Scrape parent element for iframe
* Add SoundCloud and Bandcamp iframe sources

Version 2.0.6 (Apr 20, 2018)
----------------------------

* Improve graceful shutdown
* Simplify Heroku deployment
* Display memory usage and some metrics in logs
* Increase read/write timeout for HTTP server
* Add support for Dublin Core date in RDF feeds
* Do not return an error if the user session is not found
* Handle some non-english date formats
* Add missing French translation
* Rename RSS parser getters
* Get the right comments URL when having multiple namespaces
* Ignore caching headers for feeds that send "Expires: 0"
* Update translations

Version 2.0.5 (Apr 7, 2018)
---------------------------

* Avoid unread counter to be off by one when reading an entry
* Add Comments URL to entries
* Add FreeBSD build target
* Handle RSS author elements with inner HTML
* Fix typo in translations
* Add Dutch translation
* Convert enclosure size field to bigint
* Switch CI to Go v1.10
* Fix broken OPML import when compiling with Go 1.10

Version 2.0.4 (Mar 5, 2018)
---------------------------

* Add Simplified Chinese translation
* Add Nunux Keeper integration
* Filter the list of timezones
* Add timezone to entries dates for REST and Fever API
* Show last login and session creation date in current timezone
* Fix typo in edit user template
* Improve parser error messages
* Remove parentheses around feed error messages
* Support localized feed errors generated by background workers
* Print info message if DATABASE_URL is not set

Version 2.0.3 (Feb 19, 2018)
----------------------------

* Add Polish translation
* Change color of <q> tags for black theme
* Add database indexes (don't forget to run database migrations)
* Handle Atom feeds with HTML title
* Strip invalid XML characters to avoid parsing errors
* Improve error handling for HTTP client

Version 2.0.2 (Feb 5, 2018)
---------------------------

* Add support for Let's Encrypt http-01 challenge
* Move template functions outside engine (refactoring)
* Take timezone into consideration when calculating relative time
* Add support for HTTP Strict Transport Security header
* Add support for base URLs with subfolders
* Add missing about menu in settings
* Show API URL endpoints in user interface
* Do not update entry date while refreshing a feed
* Add flag to toggle debug logging
* Improve unread counter updates

Version 2.0.1 (Jan 22, 2018)
----------------------------

* Change user agent (People are blocking the crawler with mod_security)
* Move environment variables to config package (refactoring)
* Add build targets for all ARM architectures
* Do not crawl existing entry URLs
* Show translated login page in user language when logged out
* Handle more encoding edge cases:
    - Feeds with charset specified only in Content-Type header and not in XML document
    - Feeds with charset specified in both places
    - Feeds with charset specified only in XML document and not in HTTP header
* Add German translation
* Add mark as read/unread link on list items
* Add API endpoint for OPML export

Version 2.0.0 (Jan 11, 2018)
----------------------------

* Initial release of Miniflux 2.