Weblate developers enter a bar…and raise it significantly!
Welcome to the read about the biggest Weblate release so far. Our team prepared many new features, improved and fixed many parts of the platform; but let's take a look at the most straightforward reasons to update swiftly this time.
There are ten security advisories solved this time. They touch API, file downloads, the JavaScript CDN, backups. You can check their list in the changelog. We identified a few reasons why there are so many discoveries this time. We put more resources into this part of development. Weblate has had a threat model for a long time that has been broadened with this release as well. We have numerous tests and interested security researchers. We do not have a bug bounty program, but our code is popular. What changed? Even more people got thoroughly interested in researching the code and pentesting the deployment. Weblate adoption is growing, and many teams using Weblate have researchers in their midst. Our team started applying for grants. And on top of that, all interested researchers got their AI helpers that are finally getting more reliable and helpful. Of course we receive many false reports (and some clear slop as well). But we are truly happy to co-work with researchers, sharing respect and building valuable relationships. Together, we can simply deliver more, and you are always welcome to join the efforts! By sharing feedback and thoughts or diving into code, docs, or translations.
Before we jump to the sweet new things, please say your thanks and goodbyes to MySQL and MariaDB as Weblate dependencies. While these two databases are pretty decent, they cannot compare to PostgreSQL, at least in some areas like performance. And focusing on one DB lets us benefit from its specific features and also dedicate valuable developer time to more useful parts of our work. There was an open issue for some time, to which we guided many community members. As no one showed up in opposition to this move, this is now finished.
And let's skim through new features now, so we have the good news! Not all additions are mentioned as always, but the massive change log is definitely worth checking this time.
Weblate can now directly update your POT file for several stacks/formats: Django, Meson, Sphinx, and xgettext; you can choose the cadence and no longer worry about this task.
For large teams and new instances, bulk invitations will be handy. Newly introduced is the format check for Objective-C and support for Forgejo notification webhook.
The API got more capable again, being able to handle Announcements, the option to create a new component from an existing one, and support for TM filtering, scoped access, and bulk lookup.
There are some new server configuration options and Docker container variables; some existing ones also got newly exposed to Docker config. And as we got to improvements, those include more reliable and informative backups, reduced loading time when rendering some pages, and many parts of documentation getting clearer thanks to the auto-generated snippets getting improved.
Thanks for reading, do your update, and happy Weblating!
