Releases: linuxserver/docker-tautulli
Release list
v2.17.2-ls236
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/v2.17.2-ls236/index.html
LinuxServer Changes:
Full Changelog: v2.17.2-ls235...v2.17.2-ls236
Remote Changes:
Changelog
v2.17.2 (2026-06-16)
- Notifications:
- Fix: Line breaks in Gotify notification body text. (#2702)
- Newsletters:
- Fix: XSS in newsletter cron value. (CVE-2026-49995) (Thanks @elvinsuleymanov)
- UI:
- Fix: Reflected XSS in search query string. (CVE-2026-45381) (Thanks @JakePeralta7, @sondt99, @kah-ja)
- Fix: Duplicated activity card progress timers. (#2716) (Thanks @omglazrgunpewpew)
- Other:
- Fix: Fix X-Api-Key header check crashing server. (#2711)
- Fix: Path traversal in uploaded database and config file names. (CVE-2026-52835) (Thanks @tonghuaroot)
- Fix: Empty host fallback in URL when launching browser. (#2722) (Thanks @upmcplanetracker)
- Fix: Open redirect via whitespace bypass in /auth/redirect (CVE-2026-54915) (Thanks @sondt99)
🛡 VirusTotal GitHub Action analysis:
develop-7e1a1527-ls482
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-7e1a1527-ls482/index.html
LinuxServer Changes:
Full Changelog: develop-7e1a1527-ls481...develop-7e1a1527-ls482
Remote Changes:
Update API docs
develop-7e1a1527-ls481
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-7e1a1527-ls481/index.html
LinuxServer Changes:
Full Changelog: develop-b7c64d6c-ls480...develop-7e1a1527-ls481
Remote Changes:
Update API docs
develop-bd282145-ls480
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-bd282145-ls480/index.html
LinuxServer Changes:
No changes
Remote Changes:
Paginate datatables queries in SQL instead of Python (#2728)
Co-authored-by: JonnyWong16 9099342+JonnyWong16@users.noreply.github.com
develop-b7c64d6c-ls480
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-b7c64d6c-ls480/index.html
LinuxServer Changes:
Full Changelog: develop-5a39bac6-ls479...develop-b7c64d6c-ls480
Remote Changes:
Add security headers in cherrypy response headers
v2.17.2-ls235
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/v2.17.2-ls235/index.html
LinuxServer Changes:
Full Changelog: v2.17.2-ls234...v2.17.2-ls235
Remote Changes:
Changelog
v2.17.2 (2026-06-16)
- Notifications:
- Fix: Line breaks in Gotify notification body text. (#2702)
- Newsletters:
- Fix: XSS in newsletter cron value. (CVE-2026-49995) (Thanks @elvinsuleymanov)
- UI:
- Fix: Reflected XSS in search query string. (CVE-2026-45381) (Thanks @JakePeralta7, @sondt99, @kah-ja)
- Fix: Duplicated activity card progress timers. (#2716) (Thanks @omglazrgunpewpew)
- Other:
- Fix: Fix X-Api-Key header check crashing server. (#2711)
- Fix: Path traversal in uploaded database and config file names. (CVE-2026-52835) (Thanks @tonghuaroot)
- Fix: Empty host fallback in URL when launching browser. (#2722) (Thanks @upmcplanetracker)
- Fix: Open redirect via whitespace bypass in /auth/redirect (CVE-2026-54915) (Thanks @sondt99)
🛡 VirusTotal GitHub Action analysis:
develop-71bba412-ls479
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-71bba412-ls479/index.html
LinuxServer Changes:
No changes
Remote Changes:
Add Dolby Atmos notification parameters
develop-676cf109-ls479
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-676cf109-ls479/index.html
LinuxServer Changes:
No changes
Remote Changes:
Add audio_atmos and stream_audio_atmos to API response
develop-5a39bac6-ls479
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-5a39bac6-ls479/index.html
LinuxServer Changes:
Full Changelog: develop-5a39bac6-ls478...develop-5a39bac6-ls479
Remote Changes:
Add installer arch to artifact name
develop-9cbbef38-ls478
CI Report:
https://ci-tests.linuxserver.io/linuxserver/tautulli/develop-9cbbef38-ls478/index.html
LinuxServer Changes:
No changes
Remote Changes:
Downgrade pyopenssl==26.2.0