Uptime Kuma, the self-hosted uptime monitor, has released version 1.23.9, bringing several improvements, bug fixes, and security fixes to the platform.

One important note is that this release may be a breaking change for those using third-party frontends or tools. The WebSocket origin now needs to be the same as your server hostname. However, users can set an environment variable called UPTIME_KUMA_WS_ORIGIN_CHECK to bypass in order to skip this check.

Here are the improvements included in this release:

• Added an aria-label to the monitor search box, improving accessibility.
• Added a helptext for the ntfy’s priority field, providing better guidance to users.

The bug fixes in this release are as follows:

• Corrected the Maintenance Start/End Time Input to Use Explicitly Specified Timezone, ensuring accurate time tracking.
• Fixed the buttons of ActionsSelect and ActionsInput that had a default type="submit", preventing unintended form submission.

In terms of security fixes, the following updates were made:

• Changing the password now closes all logged-in socket connections immediately, preventing unauthorized access.
• The WebSocket server can now only be connected from the same origin, similar to the CORS policy.
• An environment variable called UPTIME_KUMA_WS_ORIGIN_CHECK has been added, with two options: cors-like (default) and bypass.

Additionally, this release includes other small changes, code refactoring, and comment/documentation updates.

Uptime Kuma has recently released version 1.23.7, bringing a range of improvements, bug fixes, and security fixes to the popular server monitoring tool.

In terms of improvements, version 1.23.7 includes the ability to show the original timeout message and adds an additional 10 seconds for the abort signal. This enhancement allows users to better understand and manage timeout issues. Additionally, the error message on abort signal timeout has been improved, thanks to the contribution of @chakflying.

In the bug fixes category, Uptime Kuma has addressed a memory leak issue by ensuring the client postgresql connection is closed after rejection. This fix was made possible by the contribution of @mvaled. Furthermore, the team has decided to revert the “Restart running monitors if no heartbeat” feature, as it was causing issues from version 1.23.4 to 1.23.6.

In terms of security fixes, Uptime Kuma has taken steps to address multiple vulnerabilities. First, an XSS issue in the “Google Analytics ID” text field has been resolved, thanks to the report by @gtg2619. More details about this fix can be found in the advisory GHSA-v4v2-8h88-65qj. Additionally, the Tailscale ping has been rewritten using spawnSync, addressing a security vulnerability reported by @vaadata-pascala. Further information on this issue can be found in the advisory GHSA-hfxh-rjv7-2369. Lastly, Uptime Kuma has made certain functions, such as getGameList and testChrome, only accessible with login, improving overall system security.

Aside from these significant updates, version 1.23.7 also includes various small changes, code refactoring, and comment/documentation updates to enhance the overall user experience.

Uptime Kuma has released version 1.23.3, bringing several bug fixes and security enhancements. This update includes important changes that users need to be aware of.

First and foremost, due to the security fix in this version, all login sessions will be logged out after updating. This is a necessary measure to ensure the security of the system. Users will need to log in again with their credentials to access the platform.

It is worth noting that if you are using any unofficial or third-party tools with Uptime Kuma, there is a possibility of breaking changes with this update. In such cases, it may be necessary to re-generate an authentication token to ensure seamless integration with these tools.

Now let’s take a closer look at the bug fixes included in this release:

• Fixed an issue where notifications were not working if the configuration was too long. This bug has been resolved thanks to the contribution of @FJBlok.
• Enabled the status page certificate expiry badge for all HTTP(s) monitors. This improvement was made possible by the work of @marvinruder.
• Addressed Kafka producer bugs, ensuring smoother operation of this feature. This fix was made possible by the contributions of @mhkarimi1383.
• Fixed an issue with the incorrect usage of x-forwarded-host. This bug has been resolved thanks to the efforts of @xuexb.
• Resolved a race condition issue in the status page editor, ensuring that all data is saved correctly. This fix was made possible by the contribution of @chakflying.

In addition to these bug fixes, version 1.23.3 also includes security enhancements. One of the notable security fixes is the resolution of a persistent session tokens issue. Previously, there was no way to revoke session tokens even if the password was changed. With this update, users can now revoke session tokens by changing their password. For more information on this security fix, you can refer to the advisory GHSA-g9v2-wqcj-j99g.

Uptime Kuma has recently released version 1.23.3, bringing important bug fixes and security updates to its server monitoring software.

One important note for users is that due to a security fix, all login sessions will be logged out after updating to this version. This is a necessary measure to ensure the security of the system.

If you are using any unofficial or third-party tools with Uptime Kuma, it is important to be aware that this update may introduce breaking changes. In such cases, it may be necessary to re-generate an authentication token to ensure compatibility.

The latest release includes several bug fixes that address various issues reported by the user community. These bug fixes include:

• Fixed an issue where notifications were not working if the configuration was too long. This improvement was contributed by @FJBlok.
• Enabled status page certificate expiry badge for all HTTP(s) monitors, thanks to @marvinruder.
• Fixed bugs related to the Kafka producer, with contributions from @mhkarimi1383.
• Addressed an issue where x-forwarded-host was not being utilized correctly. This fix was provided by @xuexb.
• Resolved a race condition issue in the status page editor that prevented some data from being saved when clicked too quickly. This fix was made possible by @chakflying.

In addition to bug fixes, version 1.23.3 also brings important security fixes. One notable fix addresses a persistent session tokens issue. Prior to this update, there was no way to revoke session tokens even if the password was changed. With this update, users can now revoke session tokens by changing their password. More information about this security fix can be found here.

This latest release of Uptime Kuma provides users with important bug fixes and security updates, ensuring a more reliable and secure server monitoring experience.

Uptime Kuma has released version 1.23.2 with several bug fixes. The fixes include:

• Fixed an issue where the Tailscale monitor was not displaying correctly for non-Docker users.
• Fixed an issue where a paused monitor would start again after being edited.
• Fixed an issue where status page items were duplicated when the save button was clicked multiple times.
• Fixed an issue where the Oauth2 authentication method was not working.
• Added back some missing HTTP options into the JSON query monitor.

Source: Uptime Kuma.