0.8.7

Features

• Added Sonarr Lowest Custom Format Score and Highest Custom Format Score row fields, sorting, filtering, CSV export, and season-expansion summaries for score-based analysis.

Fixes

• Allowed setup-only same-host HTTP/HTTPS scheme drift during CSRF validation when the setup request carries a valid CSRF token, unblocking bootstrap/save flows behind reverse proxies that terminate HTTPS but forward setup POSTs to Sortarr over plain HTTP without usable forwarded scheme headers.
• Fixed Plex data/index enrichment so existing Plex rows populate stream and metadata fields more reliably instead of dropping details that were already expected to work.

0.8.6

[0.8.6] - 2026-03-18

Fixes

• Added a simple Sonarr-style authentication choice in Setup and config: Basic or External. Direct installs and transparent reverse proxies keep the existing Basic default, while External is now an explicit opt-in for trusted reverse proxies that already handle login.
• Centralized route and /setup auth evaluation so both flows use the same auth boundary, and added local regression coverage for trusted-upstream auth, spoof rejection, and external-mode setup access.
• Added SORTARR_AUTH_METHOD and SORTARR_UPSTREAM_AUTH_HEADER, plus diagnostics/self-check reporting for the active auth source. External mode now requires an explicit SORTARR_WAITRESS_TRUSTED_PROXY and no longer falls back to a browser Basic Auth challenge.
• Fixed setup/session cookie transport policy so plain HTTP setup/save flows no longer force Secure cookies just because proxy mode is configured or still unset during bootstrap. Session and CSRF cookies now follow the effective request scheme by default, with SORTARR_SESSION_COOKIE_SECURE=1|0 still available as an explicit override.
• Fixed proxied HTTPS setup/save CSRF origin mismatches on Waitress by stopping Waitress from stripping trusted X-Forwarded-* headers before Sortarr's own proxy middleware can translate them. Sortarr now preserves the raw proxy peer first, then applies trusted forwarded host/proto/port handling for proxied requests.
• Setup now preserves submitted non-secret values after failed validation or connection testing so operators do not have to re-enter proxy settings, URLs, path maps, and other advanced fields on every failed save attempt.
• Setup, CSRF diagnostics, and the security self-check now warn explicitly when plain HTTP would still receive Secure session/CSRF cookies, including the forced-override case that would cause the next POST to drop those cookies.
• Cookie security now also honors an explicit https://... public URL/origin hint from SORTARR_PUBLIC_HOST / SORTARR_PUBLIC_URL / SORTARR_PUBLIC_ORIGIN, preventing accidental cookie downgrades when an HTTPS deployment still has incomplete proxy trust.
• Upgrade note: if SORTARR_PUBLIC_HOST, SORTARR_PUBLIC_URL, or SORTARR_PUBLIC_ORIGIN is set to https://..., Sortarr now treats that as an HTTPS hint for cookie security. If your actual deployment is still plain HTTP, remove that https://... value or set SORTARR_SESSION_COOKIE_SECURE=0 so browsers will return the setup/session cookies on the next POST.

0.8.5.1

[0.8.5.1] - 2026-03-12

Fixes

• Hotfix for the 0.8.5 container publish failure: removed run_waitress.py from .gitignore and added the shared Waitress entrypoint to the repository so Docker releases can actually copy /app/run_waitress.py during image builds.

0.8.5

[0.8.5] - 2026-03-12

Fixes

• Fixed the Docker release packaging regression introduced in 0.8.4 by restoring run_waitress.py to the Docker build context, so published images can copy the shared Waitress entrypoint and container releases build successfully again.
• Reduced Waitress proxy-trust startup logging to coarse state only (trust_mode, proxy count, header count) instead of logging exact trusted proxy/header values, resolving the latest CodeQL clear-text logging alerts without losing useful diagnostics.

0.8.4

Fixes

• Preserved trusted X-Forwarded-* headers when running behind a proxy on Waitress 3.x by mapping Sortarr proxy mode/hops into Waitress trusted-proxy settings before Flask ProxyFix runs. This fixes proxied setup/save CSRF origin mismatches where upstream headers reached Traefik but were stripped before Sortarr saw them.
• Limited Waitress trust to the forwarded headers Sortarr is configured to trust, so custom proxy modes no longer over-trust X-Forwarded-Host / Proto / Port when only X-Forwarded-For should be honored.
• Routed all Waitress entrypoints through the same startup helper so Docker/alternate Waitress launches no longer bypass the proxy-trust fix.
• Added explicit SORTARR_WAITRESS_TRUSTED_PROXY support so proxied deployments can avoid wildcard * Waitress trust; proxied wildcard fallback now emits a startup warning.
• Narrowed X-Forwarded-Prefix handling so normal single / double presets keep strict proxy-header clearing, while prefix trust is now an explicit custom-mode opt-in (SORTARR_PROXY_HOPS_PREFIX=1) with a startup warning about the reduced Waitress sanitization.
• Added SORTARR_WAITRESS_TRUSTED_PROXY to the Setup UI under Advanced Network & CSRF, so proxied deployments can be fully configured from the app instead of editing env files manually.
• Setup now warns when proxy header trust changes were saved but a restart is still required, and CSRF diagnostics now show live runtime proxy/Waitress settings separately from the saved config.
• CSRF diagnostics and mismatch logging now warn explicitly when X-Forwarded-Proto or X-Forwarded-Port arrive as comma-separated lists, because Waitress 3.x rejects those trusted-header shapes; operators are now told to normalize them at the immediate proxy instead of chasing a generic CSRF failure.

0.8.3.1

[0.8.3.1] - 2026-03-10

Security

• Fixed bootstrap/remediation routing so a partially populated Basic Auth config no longer blocks / with Basic auth misconfigured; bootstrap and setup helper requests now reach Setup instead of failing before the redirect/remediation flow runs.
• Setup connection-test failures now return normalized connection errors instead of helper-specific exception text, and secret-related startup/migration warnings now use count-based summaries instead of enumerating secret-setting identifiers.
• Removed the remaining state-changing item refresh from GET item endpoints; forced playback refresh now uses CSRF-protected POST /api/sonarr/item/playback_refresh and POST /api/radarr/item/playback_refresh before the follow-up item fetch.

0.8.3

[0.8.3] - 2026-03-10

Security

• Added a 0.8.3 security-upgrade flow for configured installs from 0.8.2.1 and earlier: upgrades now lock into a one-time Setup remediation save before normal access resumes.
• Persistent session-secret references are now the enforced steady-state model. First bootstrap may use a temporary ephemeral session secret until the first successful Setup save, but configured startup aborts when a persistent secret cannot be resolved and unsafe recovery is not enabled.
• Session-secret resolution is now secure by default: SORTARR_SECRET_KEY honors *_FILE, *_CRED_TARGET, and wincred: references, plaintext secret values are treated as migration-only input, and startup rewrites legacy plaintext secrets to secret files or Windows Credential Manager refs before Flask resolves the signing key.
• Added bounded unsafe recovery mode via SORTARR_ALLOW_UNSAFE_EPHEMERAL_RECOVERY=1 for lockout repair only; recovery windows now auto-expire and cannot be combined with trusted origins unless explicitly forced.
• Configured installs now remain in setup-required state until both Basic Auth and persistent-secret requirements are satisfied. Partial Basic Auth config routes into Setup remediation instead of returning a hard 503.
• Disabled interactive setup connection testing until Basic Auth is configured and security remediation is complete, removing the remaining pre-auth outbound test path while preserving final save-time validation.
• Setup connection-test failures now return normalized connection errors instead of helper-specific exception text, and secret-related startup/migration warnings now use count-based summaries instead of enumerating secret-setting identifiers.
• Hardened CSRF policy around exact trusted origins: trusted-origin fallback is token-gated, same-host by default, cross-host only with ALLOW_CROSS_HOST_TRUSTED_ORIGINS=1, and setup/startup now reject mismatched trusted-origin/public-host combinations.
• Added proxy/CSRF diagnostics (GET /api/diagnostics/csrf) and security self-check diagnostics (GET /api/diagnostics/security-self-check) so operators can validate proxy forwarding, cookie policy, persistent-secret posture, unsafe recovery state, and trusted-origin policy.
• Tightened the default CSP connect-src policy to same-origin only, and made session/CSRF cookie Secure defaults follow deployment mode: direct HTTP remains usable by default, while proxied modes stay Secure unless explicitly overridden.
• Removed state-changing GET ?refresh=1; refresh actions now use CSRF-protected POST endpoints, including Plex insights refresh and per-item playback refresh flows.

Features

• Sonarr series expansion now includes Season and Episode sort controls (Ascending/Descending) with persisted UI preferences.
• Episode-list sort controls now use the glass custom-select treatment for consistent styling with the rest of the UI.
• Episode-list sort carets now indicate selected sort direction (up for ascending, down for descending), independent of open/closed menu state.

UI/UX

• Upgraded main table column sort indicators from text glyphs to animated caret indicators with direction classes.
• Tuned sort-indicator sizing and active-state contrast for both light and dark themes.
• Updated the Filters show/hide button to use a single animated glyph path with synced aria-label/title state, removing duplicate-icon rendering paths.

Fixes

• Hardened expansion scroll behavior by disabling table scroll-anchor capture/restore while any Sonarr series expansion is active.
• Reduced first-interaction expansion jump risk by preferring live measured expansion heights and using a conservative fallback estimate in virtualized Sonarr expansion calculations.

v0.8.2.1

Fixes

• Preloaded the env file before reverse-proxy ProxyFix initialization so SORTARR_PROXY_HOPS* settings from .env apply at startup.
• Added targeted CSRF mismatch warning logs with sanitized request URL plus Host / Origin / Referer / X-Forwarded-* context for proxy troubleshooting.
• Replaced Windows credential write warning key names with non-sensitive category labels to avoid logging secret-setting identifiers.

0.8.2

[0.8.2] - 2026-03-04

Features

• Added a new Year column in the main table and Columns panel so duplicate titles can be distinguished at a glance. Thanks @dimitricappelle.
• Added duplicate detection across instances (title + year key) with filter support via duplicate:true/false. Thanks @tweety-tv.
• Added quick duplicate chips to Sonarr and Radarr chip groups. Thanks @tweety-tv.
• Enhanced advanced/global filtering so bare tokens (for example aac) search across row text, with explicit alias support via any:value. Thanks @malkinskir.
• Added secret file support for sensitive settings via *_FILE env vars (for example SONARR_API_KEY_FILE, RADARR_API_KEY_FILE, PLEX_TOKEN_FILE), while keeping existing *_KEY/*_TOKEN env vars fully compatible.
• Added optional Windows Credential Manager secret references (wincred:<target>), with EXE-first defaults and plain .env fallback for compatibility.

Fixes

• Updated mixed-resolution filtering to also inspect ResolutionAll when rows are marked mixed (ResolutionMixed), so values like resolution:1080p match mixed rows correctly. Thanks @jt3204 for the PR.
• Adjusted reverse-proxy ProxyFix handling so SORTARR_PROXY_HOPS now applies the full hop count to X-Forwarded-For, while X-Forwarded-Host / Proto / Port / Prefix default to a single trusted forwarded value and can be overridden individually via SORTARR_PROXY_HOPS_*. This fixes CSRF origin mismatches behind mixed proxy chains such as Cloudflare plus Caddy.

0.8.1

[0.8.1] - 2026-02-16

• Added a Mismatch Center drawer to compare provider-by-provider playback match outcomes (Tautulli/Plex/Jellystat when multiple history providers are configured), with filtering/grouping and CSV export backed by GET /api/mismatches.
• Resolved an issue where bitrate estimations were falling back to audio only totals, causing unexpectedly small bitrates estimations for some entries. Thanks, sorthe!
• Added Plex as a read-only playback provider (library scan + history ingestion) with cache-aware matching.
• Setup: Added Plex connection fields, section filters, and history page sizing.
• Added Plex diagnostics endpoint summary (sections, history stats, activities).
• Added provider-agnostic playback diagnostics endpoint (POST /api/diagnostics/playback-match) with shared match/health fields and provider-specific details for Tautulli/Plex.
• Added Plex media-source table fallback: when Sonarr/Radarr are not configured, /api/shows and /api/movies can populate from Plex library rows (with selected playback/history overlay).
• Added Plex Insights drawer (hubs, section filter, match health summary, activities, butler) with optional live updates.
• Fixed playback cache serialization when multiple users are present (user_ids now stored as a list).
• Fallback when Plex rejects the viewedAt history filter (retries without cutoff).
• Fixed Plex/Jellystat cache serialization for title-year index keys.
• Setup now supports multiple history providers at once (Tautulli, Jellystat, Plex) with an explicit preferred history source selector.
• Added preferred media source selector in setup for clearer provider delineation when multiple sources are configured.
• Playback provider selection now honors saved history source preference before falling back to auto-priority.
• Setup validation now supports Plex-only media configurations; Sonarr/Radarr are no longer required when Plex is the selected media source.
• Added backend provider option-set metadata (option_set) to /api/config for deterministic source/capability handling.
• UI tabs now use Shows/Movies labels while preserving Sonarr/Radarr internals.
• Added per-tab Plex library scoping (multi-select) with persisted UI selection.
• Plex library scope is now exposed in status/diagnostics payloads and response headers for clear in-scope visibility.
• Fixed status-row hidden state pointer interception that could block top action buttons.
• Standardized UI wording to Shows/Movies for load and refresh status text.
• Compacted health badges by default and added inline details expansion for long alerts.
• Simplified numeric cell rendering to improve table readability.
• Matching: kept ID-first and title+year-first order, then added guarded plain-title fallback (<=2-year drift when Plex year is known) to reduce Plex/*arr false negatives.
• Performance/UI: enabled Sonarr virtual row rendering for large lists and kept season expansion in-place (no forced full-table handoff) to reduce DOM/a11y snapshot pressure.
• UI: ensured Columns popout layers above status/progress regions (including fullscreen transitions), with stable header/status/chip loading placeholders.
• UI: consolidated Reset UI clearing so startup reset_ui and Reset UI button both clear filters/chips/query/view state consistently.
• Rendering: reduced reflow churn with read/write layout batching, per-render title/path measurement caching, and wrap-height recalculation memoization.
• Startup/perf: deferred non-critical chip/status bindings until first paint settles, lowered initial hydration pressure, coalesced status poll fetches, and added font preload/fallback metric stabilization.