Release 2.19 · fossar/selfoss

This version requires PHP ~~5.6~~ 7.2 (see known regressions section) or newer. It is also likely the last version to support PHP 7.

Known regressions

Values in config.ini containing special characters need to be quoted. Will be fixed by ba93393.
Updating sources that already contain items will fail on PHP < 7.2.0. Will be fixed by d6e9bc8.
Updating RSS sources without a valid date fails. Will be fixed by #1385.

New features

Thumbnails can be disabled (#897)
Reddit spout replaced fragile imgur heuristics with previews provided by the JSON API (#1033)
Experimental support for using selfoss offline was added. Note that this is only available in secure contexts, that is, over HTTPS, and can be very buggy. (#1014)
Long articles that do not fit on a single screen will no longer be arranged into columns, allowing for smoother reading experience (#1081)
Diaspora share button was added, you can enable it with d. (#1121)
“Copy to clipboard” share button was added, you can enable it with c. (#1142)
Native sharer is available in secure contexts in browsers that support it. You can enable it by adding a to share key in your config. (#1035)
Data directory can be configured (#1043)
New spout for searching Twitter (e.g. following hashtags) was added. (#1213)
Added option reading_speed_wpm for showing estimated reading time, set it to the number of words you can read in a minute. (#1232)
Added option db_socket for connecting to MySQL database through UNIX domain. (#1284)
Search query is now part of URL. (#1216)
A page that will pre-fill a form for adding a source with URL has been added. You can find it on https://yourselfossurl.com/manage/sources/add?url=some-feed-url. (#1310, #254)
Search will be carried out using regular expressions when the search query is wrapped in forward slashes, e.g. /regex/. The expression syntax is database specific. (#1205)
YouTube spout now supports following playlists. (#1260)
Confirmation is now required when leaving the setting page with unsaved source changes. (#1300)
Add link from settings page to individual sources and vice versa. (#1329, #1340)
Tag colour can be now changed using keyboard. (#1335)
YouTube spout now supports all YouTube URLs that provide feeds. (#1273)
Add open_in_background_tab option to try to make v shortcut open articles in a background tab (does not work in Chromium-based browsers). (#1354)
GitHub sources now include author. (#1367)
Twitter sources now indicate author using the author field rather than including in the title. (#1367)
Translations into several new languages were added:
- English (United Kingdom): en-GB
- French (Canada): fr-CA
- Galician: gl
- Hebrew: he
- Indonesian: id
- Portuguese (European): pt

Bug fixes

Reddit spout allows wider range of URLs, including absolute URLs and searches (#1033)
Improved compatibility with newer versions of PHP (#1049, #1157, #1236, #1294)
logger_level=NONE is now handled correctly (#1077)
URLs containing special characters like commas in query string are now handled correctly (#1082)
Set 60 second timeout to spout HTTP requests to prevent a single feed blocking other updates (#1104)
Significantly improved accessibility (#1133, #1134, #1141 and #1345)
Fixed marking more than 1000 items as read at the same time (#1182)
Fixed loading full text on pages containing ampersands in URLs (#1188)
Fixed missing styling in article contents (#1221)
Golem, Lightreading and Heise spouts now use Graby for extracting article contents instead of our own defunct extraction rules. (#1245)
The tag colour picker now pre-selects the current colour instead of a placeholder colour. (#1269)
OPML import now correctly handles valid files. (#1366)
OPML import will prefer title attribute over text for feed names. (#1366)
OPML import is now able to read files when the browser sends an incorrect MIME type. (#1366)

API changes

tags attribute is now consistently array of strings, numbers are numbers and booleans are booleans. This might break third-party clients that have not updated yet. (#948)
API is now versioned separately from selfoss and follows semantic versioning (#1137)
API 2.21.0: /mark now accepts list of item IDs encoded as JSON. Requests using application/x-www-form-urlencoded are deprecated. (#1182)
Dates returned as part of items now strictly follow ISO8601 format. (#1246)
The following are deprecated and will be removed in next selfoss version:
- Passing credentials in query string, use cookies instead. (#1360)
- GET /login endpoint, use POST /login. (#1360)
- GET /logout was deprecated in favour of newly introduced (API 4.1.0) DELETE /api/session/current. (#1360)
- POST /source/delete/:id in favour of DELETE /source/:id. (#1360)
API 6.0.0: Makes the author field null when an item author is not known (#1367)

Customization changes

selfoss.shares.register was removed. Instead you should set selfoss.customSharers to an object of sharer objects. The action callback is now expected to open a window on its own, instead of returning a URL. A label and a HTML code of an icon (you can use a <img> tag, inline <svg>, emoji, etc.) are now expected.

To demonstrate, if you previously had

selfoss.shares.register('moo', 'm', true, function(url, title) {
    return 'http://moo.foobar/share?u=' + encodeURIComponent(url) + '&t=' + encodeURIComponent(title);
});

in your user.js file, you will need to change it to

selfoss.customSharers = {
    'm': {
        label: 'Share using Moo',
        icon: '🚛',
        action: ({url, title}) => {
            window.open(`http://moo.foobar/share?u=${encodeURIComponent(url)}&t=${encodeURIComponent(title)}`);
        },
    },
};

(#1017, #1035, #1359)

Custom FullTextRss filter were moved to fulltextrss directory in data directory (#1043)
Spouts can now implement getSourceIcon() instead of getIcon() when icon is associated with the feed, not individual icons. (#1190)
Some language files have been renamed to use correct IETF language tag and you might need to change the language key in your config.ini:
- Simplified Chinese zh-CN
- Traditional Chinese zh-TW
- Norwegian Bokmål nb
- Swedish sv
Wallabag sharer now targets Wallabag 2 by default. This is potentially breaking change but hopefully, no one uses Wallabag 1 any more. (#1261)
defaults.ini file is no longer used, it is only provided for convenience under a new name config-example.ini (#1261, #1267)
spout classes no longer need to implement Iterator, instead they should return Iterator of newly introduced Item objects from getItems() method. The types of properties of items have also been revisited. (#1341, #1342)

Other changes

Amine and others have rewritten the Android app from scratch, you will want to install the new one from F-Droid to keep receiving updates.
The front-end has been modernized using React framework, this will greatly simplify future development. (#1216)
The front-end routing no longer relies on hash fragment, resulting in nicer URLs. (#1299)
Prevent sending referrer headers when opening links and sharing for improved privacy. (#1301)
Removed broken instapaper scraping from Reddit spout (#1033)
RSS feed will be fetched more reliably (#1052)
Guzzle is now used for Twitter as well, allowing users to install certificates on outdated hosts easily. (#1102)
More of user interface is now translatable (#1054)
Open Sans font is no longer bundled, resulting in smaller installations. Additionally, use_system_font option was removed. The typeface is still set as the default font family, so if you want to use it, install it to your devices. If you want to use a different typeface, add body { font-family: 'Foo Face'; } to your user.css. (#1072)
The file name of exported sources now includes a timestamp (#1078)
Developers, we no longer use Grunt. Build the package using npm run dist and check the code using npm run check; see the scripts section in top-level package.json. (#1093)
Developers, we are now building the styles and client-side code statically, using Parcel. If you update any such assets, you will need to run npm run build for the changes to be reflected. You can also use npm run dev to watch for asset changes. (#1137)
Developers, CSS files are now checked using stylelint and formatted using Prettier. You can use npm run lint:styles and npm run fix:styles respectively in the assets directory to run those tools. (#1153)
Google+ and del.icio.us share button were removed (#1121)
Windows 8 tiles are no longer supported. (#1137)
Strong password hashes are now supported. (#844, #1137)
RSS spout now prefers the feed logo to website favicon. (#1152)
RSS spout now tries to use favicon from the feed domain when there is no logo or home page favicon. (#1152)
Setting DEBUG to 1 in src/common.php no longer logs HTTP bodies, only headers. Set it to 2 if you need the bodies as well. (#1152)
PHP startup errors are now logged, instead of having F3 crash with Error 500 (#1195)
In order to support offline mode, we moved much of the UI to the browser. (#1150, #1184, #1215, #1216)
We carried out a significant internal refactoring (#1164, #1190)
Removed Instapaper spout since it has been broken since its acquisition. Sources using it were migrated to “RSS Feed (with content extraction)”. (#1245)
Placeholders are now used for images before they are loaded to avoid content jumping around (#1204)
Search button is now always on the screen, avoiding the need to scroll to top to be able to use it. (#1231)
Button for opening articles, tags, sources and filters in the sidebar, as well as the source and tag links in articles are now real links, allowing to open them in a new tab by middle-clicking them. (#1216, #695)
The way config.ini is parsed has changed. If you use any of the following characters ?{}|&~!()^", e.g. for database password, you will need to quote the config value like db_password="life0fD4ng3r!". This is a consequence of replacing F3 framework with PHP’s built-in INI parser. (#1261)
Removed anonymizer configuration option. (#1358)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2.19