v2.22.0

Bug fixes + maintenance:

• Tighten web push endpoint allow-list regex to prevent SSRF via unanchored pattern matching (GHSA-w9hq-5jg7-q4j7, thanks to @MightyNawaf for reporting)
• Fix web app not allowing access tokens to be changed to never expire (#1693/#1694, thanks to @lastsamurai26 for reporting and to @ShipItAndPray for fixing)
• Fix web app crashing on account page for tokens without a last access time (#1651, #1684, thanks to @Pulsar7 and @rzhli for reporting)

v2.21.0

This release adds the ability to verify email addresses using the smtp-sender-verify flag. This is a change that is required because ntfy.sh was used to send unsolicited emails and the AWS SES account was suspended. Going forward, ntfy.sh won't be able to send emails unless the email address was verified ahead of time.

Features:

• Add verified email recipients feature with smtp-sender-verify config flag, allowing server admins to require email
  address verification before sending email notifications (#1681)

v2.20.1

This is a small bugfix release that only affects high volume S3 backends that struggle with HTTP/2.

Bug fixes + maintenance:

• Attachments: Add disable_http2=true S3 URL option to work around HTTP/2 stream errors with DigitalOcean Spaces and other S3-compatible providers (#1678/#1679)

v2.20.0

This release is another step towards making it possible to help scale ntfy up and out 🔥! With this release, you can store attachments in an S3-compatible object store as an alterative to the directory. See attachment store for details.

⚠️ Important note: With this release, ntfy will take full control over the attachment directory or S3 bucket. Files/objects in the configured attachment-cache-dir that match the message ID format (12 chars, matching ^[A-Za-z0-9]{12}$), and have no entries in the message database will be deleted. Do not use a directory or S3 bucket as attachment-cache-dir that is also used for something else.

This is a small behavioral change that was necessary because the old logic often left attachments behind and would not clean them up. Unless you have re-used the attachment directory for anything else (which is hopefully never done), this should not affect you at all.

Features:

• Add S3-compatible object storage as an alternative attachment store via attachment-cache-dir config option (#1656/#1672)

Bug fixes + maintenance:

• Reject invalid e-mail addresses (e.g. multiple comma-separated recipients) with HTTP 400
• Add OpenRC init service file (#1650, thanks to @ageru for the contribution)

v2.19.2

This is another small bugfix release for PostgreSQL, avoiding races between primary and read replica, as well as to further reduce primary load.

Bug fixes + maintenance:

• Fix race condition in web push subscription causing FK constraint violation when concurrent requests hit the same endpoint
• Route authorization query to read-only database replica to reduce primary database load

v2.19.1

This is a bugfix release to avoid PostgreSQL insert failures due to invalid UTF-8 messages. It also fixes database-url validation incorrectly rejecting postgresql:// connection strings.

Bug fixes + maintenance:

• Fix invalid UTF-8 in HTTP headers (e.g. Latin-1 encoded text) causing PostgreSQL insert failures and dropping entire message batches
• Fix database-url validation rejecting postgresql:// connection strings (#1657/#1658)

v2.19.0

This is a fast-follow release that enables Postgres read replica support.

To offload read-heavy queries from the primary database, you can optionally configure one or more read replicas using the database-replica-urls option. When configured, non-critical read-only queries (e.g. fetching messages, checking access permissions, etc) are distributed across the replicas using round-robin, while all writes and correctness-critical reads continue to go to the primary. If a replica becomes unhealthy, ntfy automatically falls back to the primary until the replica recovers.

Features:

• Support PostgreSQL read replicas for offloading non-critical read queries via database-replica-urls config option (#1648)
• Add interactive config generator to the documentation to help create server configuration files (#1654)

Bug fixes + maintenance:

• Web: Throttle notification sound in web app to play at most once every 2 seconds (similar to #1550, thanks to @jlaffaye for reporting)
• Web: Add hover tooltips to icon buttons in web app account and preferences pages (#1565, thanks to @jermanuts for reporting)

v2.18.0

This is the biggest release I've ever done on the server. It's 14,997 added lines of code, and 10,202 lines removed, all from one pull request that adds PostgreSQL support.

The code was written by Cursor and Claude, but reviewed and heavily tested over 2-3 weeks by me. I created comparison documents, went through all queries multiple times and reviewed the logic over and over again. I also did load tests and manual regression tests, which took lots of evenings.

ntfy.sh was successfully upgraded to 2.18.0 (though not with Postgres backend yet, as per the rollout plan).

I'm kindly asking the community to test the Postgres support and report back to me if things are working (or not working). There is a one-off migration tool (entirely written by AI) that you can use to migrate.

Features:

• Add experimental PostgreSQL support as an alternative database backend (message cache, user manager, web push subscriptions) via database-url config option (#1114/#1619, thanks to @brettinternet for reporting)

Bug fixes + maintenance:

• Preserve <br> line breaks in HTML-only emails received via SMTP (#690, #1620, thanks to @uzkikh for the fix and to @teastrainer for reporting)

v2.17.0

This release adds support for templating in the priority field, a new "copy" action button to copy values to the clipboard,
a red notification dot on the favicon for unread messages, and an admin-only version endpoint. It also includes several
crash fixes, web app improvements, and documentation updates.

❤️ If you like ntfy, please consider sponsoring me via GitHub Sponsors, Liberapay, Bitcoin (1626wjrw3uWk9adyjCfYwafw4sQWujyjn8),
or by buying a paid plan via the web app. ntfy will always remain open source.

Features:

• Server: Support templating in the priority field (#1426, thanks to @seantomburke for reporting)
• Server: Add admin-only GET /v1/version endpoint returning server version, build commit, and date (#1599, thanks to @crivchri for reporting)
• Server/Web: Support "copy" action button to copy a value to the clipboard (#1364, thanks to @SudoWatson for reporting)
• Web: Show red notification dot on favicon when there are unread messages (#1017, thanks to @ad-si for reporting)

Bug fixes + maintenance:

• Server: Fix crash when commit string is shorter than 7 characters in non-GitHub-Action builds (#1493, thanks to @cyrinux for reporting)
• Server: Fix server crash (nil pointer panic) when subscriber disconnects during publish (#1598)
• Server: Fix log spam from http: response.WriteHeader on hijacked connection for WebSocket errors (#1362, thanks to @bonfiresh for reporting)
• Server: Use slices.Contains from stdlib to simplify code (#1406, thanks to @tanhuaan)
• Web: Fix clear=true on action buttons not clearing the notification (#1029, thanks to @ElFishi for reporting)
• Web: Fix Markdown message line height to match plain text (1.5 instead of 1.2) (#1139, thanks to @etfz for reporting)
• Web: Fix long lines (e.g. JSON) being truncated by adding horizontal scroll (#1363, thanks to @v3DJG6GL for reporting)
• Web: Fix Windows notification icon being cut off (#884, thanks to @ZhangTianrong for reporting)
• Web: Use full URL in curl example on empty topic pages (#1435, #1535, thanks to @elmatadoor for reporting and @jjasghar for the PR)
• Web: Add validation feedback for service URL when adding user (#1566, thanks to @jermanuts)
• Docs: Remove obsolete version field from docker-compose examples (#1333, thanks to @seals187 for reporting and @cyb3rko for fixing)
• Docs: Fix Kustomize config in installation docs (#1367, thanks to @toby-griffiths)
• Docs: Use SVG F-Droid badge and add app store badges to README (#1170, thanks to @PanderMusubi for reporting)

v2.16.0

This release adds support for updating and deleting notifications, heartbeat-style / dead man's switch notifications, custom Twilio call format, and makes ntfy serve work on Windows. It also adds a "New version available" banner to the web app.

This one is very exciting, as it brings a lot of highly requested features to ntfy.

Features:

• Support for updating and deleting notifications (#303, #1536, ntfy-android#151, thanks to @wunter8 for the initial implementation)
• Support for heartbeat-style / dead man's switch notifications aka
  updating and deleting scheduled notifications (#1556, #1142, #954, thanks to @GamerGirlandCo for the initial implementation)
• Configure custom Twilio call format for phone calls (#1289, thanks to @mmichaa for the initial implementation)
• ntfy serve now works on Windows, including support for running it as a Windows service (#1104, #1552, originally #1328, thanks to @wtf911)
• Web app: "New version available" banner (#1554)