Update Paperless-ngx #326

Open

renovate-bot wants to merge 1 commit from renovate/paperless-ngx into master

pull from: renovate/paperless-ngx

merge into: peter:master

peter:master

peter:renovate/vaultwarden-server-1.x

peter:renovate/gitea-act_runner-0.x

peter:renovate/matrix

peter:renovate/prom-prometheus-3.x

peter:renovate/ghcr.io-advplyr-audiobookshelf-2.x

peter:renovate/postgres-18.x

peter:renovate/grafana-grafana-13.x

peter:renovate/ghcr.io-neptunehub-audiomuse-ai-1.x

peter:renovate/ghcr.io-immich-app-postgres-16.x

peter:renovate/docker.io-library-redis-8.x

peter:renovate/docker.io-library-postgres-18.x

peter:renovate/prom-node-exporter-1.x

peter:renovate/grafana-alloy-1.x

peter:renovate/gitea-gitea-1.x

peter:renovate/ghcr.io-pocket-id-pocket-id-2.x

peter:renovate/pihole-pihole-2026.x

peter:renovate/grafana-grafana-12.x

peter:renovate/ghcr.io-neptunehub-audiomuse-ai-0.x

Conversation 0 Commits 1 Files changed 1 +2 -2

renovate-bot commented 2026-04-27 09:51:32 +00:00

Collaborator

Copy link

This PR contains the following updates:

Package	Update	Change
docker.io/gotenberg/gotenberg	minor	8.29.1 → 8.32.0
ghcr.io/paperless-ngx/paperless-ngx	patch	2.20.13 → 2.20.15

---

Release Notes

gotenberg/gotenberg (docker.io/gotenberg/gotenberg)

v8.32.0: 8.32.0

Compare Source

Breaking Changes & Security Fixes ⚠️

• Reverted SSRF defaults (breaking vs 8.31.0). 8.31.0 blocked private-IP destinations by default, which broke deployments running Gotenberg inside a private network. 8.32.0 restores the 8.30.x permissive defaults. Operators with internet-facing APIs opt into the strict posture via the new flags below.

• Rejected file:// at /forms/chromium/convert/url. Submitting url=file:///tmp/... used to let an unauthenticated caller enumerate the request working directory and read other in-flight uploads as rendered PDFs. The route now returns HTTP 400 for any file:// URL.

• Required uploaded file for image / pdf stamp and watermark sources. Twelve callsites accepted stampSource=pdf or watermarkSource=pdf with an expression pointing at any path the Gotenberg process could open, even when no file was uploaded. Handlers now return HTTP 400 unless the caller uploaded a matching file.

• Scoped file:// sub-resources to the request working directory. Crafted HTML could reference another request's file:///tmp/<reqdir>/.... The CDP request handler now restricts file:// sub-resources to the current request's directory. /convert/url and /screenshot/url reject every file:// sub-resource outright.

• Hardened Chromium against DNS rebinding. A short-TTL DNS authority could return a public IP at validation and a private IP at connect. A loopback HTTP / CONNECT proxy now sits between Chromium and the network, resolves DNS once, and pins the dial to the resolved IP. Skipped when --chromium-proxy-server or --chromium-host-resolver-rules is set.

• Filtered LibreOffice outbound fetches through a proxy. Uploaded OOXML, RTF, and ODF files can embed external URLs that LibreOffice's libcurl resolves below every Go-side SSRF filter. LibreOffice now routes every outbound fetch through an in-process forward proxy on the same gotenberg.DecideOutbound path Chromium and webhook delivery use. See the four new flags below.

• Recovered webhook async panics. High-concurrency webhooks could panic the async goroutine and crash the whole process. The goroutine now snapshots the request context and recovers any future panic through the existing error path.

New Features

• LibreOffice outbound URL filtering. Four flags mirror the Chromium and webhook layout: --libreoffice-allow-list, --libreoffice-deny-list, --libreoffice-deny-private-ips, --libreoffice-deny-public-ips. All default permissive.

• IP-class filtering on four modules. chromium, webhook, api-download-from, and libreoffice each accept matching deny-private-ips and deny-public-ips flags. All default to false.

Flag	What it does
--chromium-deny-private-ips	Reject Chromium navigations and sub-resources resolving to a non-public IP.
--chromium-deny-public-ips	Reject Chromium navigations and sub-resources resolving to a public IP.
--webhook-deny-private-ips	Reject webhook URLs (success, error, events) resolving to a non-public IP.
--webhook-deny-public-ips	Reject webhook URLs resolving to a public IP.
--api-download-from-deny-private-ips	Reject downloadFrom URLs resolving to a non-public IP.
--api-download-from-deny-public-ips	Reject downloadFrom URLs resolving to a public IP.
--libreoffice-deny-private-ips	Reject LibreOffice outbound fetches resolving to a non-public IP.
--libreoffice-deny-public-ips	Reject LibreOffice outbound fetches resolving to a public IP.

A URL matching --*-allow-list skips the IP-class check. A URL matching --*-deny-list is always rejected. Setting both deny-private-ips=true and deny-public-ips=true rejects every URL unless the allow-list matches.

Bug Fixes

• Charts print as blank rectangles (#​1531, #​1532, #​1534, #​1535): chromedp v0.15.0 suspended the BeginFrame-driven callback dispatch loop under emulatedMediaType=print. requestAnimationFrame, ResizeObserver, IntersectionObserver, CSS transitionend, and CSS animationend all stopped firing. Pinning chromedp back to v0.14.2 restores native dispatch.

• LibreOffice cached an unrecoverable first-start error (#​1538): A short --libreoffice-start-timeout timed out the first request, then every subsequent request returned the same cached error until the container restarted. The lazy-start path now retries on failure.

Chore

• Updated pdfcpu to v0.12.0.
• Switched metadata read/write to direct exiftool invocation. Removes the GPL-3.0 go-exiftool dependency.
• Bumped Go to 1.26.2.
• Updated Go dependencies.

Thanks

Thanks to @​Jalliuz (#​1527) for reporting the 8.31.0 sub-resource regression. @​notscottsmith (#​1531), @​spoltix (#​1532), @​rdelott-work (#​1534), and @​sillyas2010 (#​1535) narrowed down the chromedp print-mode regression. @​sillyas2010 also published the reproducer that pinned the bisect. @​JeremyReist2 (#​1536) flagged the go-exiftool GPL-3.0 license. @​doronbehar (#​1537) requested the pdfcpu upgrade. @​mlafon (#​1538) reported the LibreOffice supervisor cached-error bug.

v8.31.0: 8.31.0

Compare Source

Breaking Changes & Security Fixes ⚠️

• Stopped publishing thecodingmachine/gotenberg images. Pull from gotenberg/gotenberg instead.
• SSRF hardening (breaking). Resolves outbound URLs (Chromium asset fetches, webhook delivery, download-from) and rejects non-public addresses: loopback, RFC1918, link-local, unspecified, multicast, IPv6 unique-local, IPv4-mapped IPv6. Pins the dial to the validated IP to prevent DNS rebinding.
• Defaulted webhook deny list (breaking). --webhook-deny-list now defaults to a regex blocking loopback, RFC1918, link-local, and IPv6 unique-local ranges. Override the flag to call internal hosts.
• Sanitized ExifTool metadata (breaking for System: tags). Strips control characters and line breaks from /forms/pdfengines/metadata/write payloads. Drops System:-prefixed tags. Blocks argument smuggling and filesystem pseudo-tag abuse.

New Features

• Embed files metadata. Adds embedsMetadata to every route accepting embeds (Chromium HTML/URL/Markdown, LibreOffice convert, PDF Engines merge/split/embed). Pass a JSON object keyed by filename with per-file fields (mimeType, relationship, etc.) - thanks @​Jean-Beru!

Bug Fixes

• Pinned Chromium to v146 on ppc64le to work around an upstream regression.

Deprecated Flags

Old	New
--webhook-error-allow-list	--webhook-allow-list
--webhook-error-deny-list	--webhook-deny-list

Old flags still work.

Chore

• Updated Go dependencies.

v8.30.1: 8.30.1

Compare Source

Another release, another bug fixes 🫥

Bug Fixes

• chromium only variants now start correctly - thanks @​agross!
• Re-added cURL for orchestrators health check - thanks @​budivoogt, @​gertjanstulp and @​jfisbein!

v8.30.0: 8.30.0

Compare Source

New Features

Docker Image Variants

• Chromium-Only Image (gotenberg/gotenberg:8.30.0-chromium): Drops LibreOffice, python3, and hyphenation packages. ~30% smaller than the full image.
• LibreOffice-Only Image (gotenberg/gotenberg:8.30.0-libreoffice): Drops Chromium and its dependencies. ~38% smaller than the full image.

Pick the variant that matches your workload. The full image (gotenberg/gotenberg:8.30.0) still ships everything.

Leaner Docker Image

The full image is ~13% smaller than 8.29.0. The font stack was simplified from 30+ packages down to 8, covering Latin, Greek, Cyrillic, CJK, and most world scripts through Noto, plus color emoji.

Package	Coverage
fonts-noto-core	Arabic, Bengali, Devanagari, Ethiopic, Georgian, Gujarati, Gurmukhi, Hebrew, Kannada, Khmer, Lao, Malayalam, Myanmar, Sinhala, Tamil, Telugu, Thai, and more
fonts-noto-cjk	Chinese, Japanese, Korean
fonts-noto-color-emoji	Color emoji
fonts-dejavu	Latin, Greek, Cyrillic
fonts-crosextra-carlito	Metric-compatible with Calibri
fonts-crosextra-caladea	Metric-compatible with Cambria
fonts-liberation	Metric-compatible with Arial, Times New Roman, Courier New
fonts-liberation2	Updated Liberation metrics

Microsoft Core Fonts (ttf-mscorefonts-installer) are not shipped due to licensing constraints. The image includes metric-compatible replacements instead: Carlito for Calibri, Caladea for Cambria, and Liberation for Arial, Times New Roman, and Courier New. These preserve document layout in most cases.

Installing Additional Fonts

Build a custom Dockerfile to add fonts. Common scenarios:

Microsoft Core Fonts (you accept the Microsoft EULA):

FROM gotenberg/gotenberg:8

USER root

RUN echo "deb http://deb.debian.org/debian trixie contrib non-free" \
      > /etc/apt/sources.list.d/contrib.list \
    && echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" \
      | debconf-set-selections \
    && apt-get update -qq \
    && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends \
         ca-certificates \
         wget \
         ttf-mscorefonts-installer \
    && rm -rf /var/lib/apt/lists/*

USER gotenberg

Specialized script fonts for richer glyph sets, better hinting, or traditional typefaces beyond the basic Noto coverage:

Script	Package
Arabic (Naskh)	fonts-hosny-amiri
Bengali	fonts-beng
Devanagari (Hindi)	fonts-sarai
Ethiopic	fonts-sil-abyssinica
Gujarati	fonts-samyak-gujr
Gurmukhi (Punjabi)	fonts-lohit-guru
Hebrew	culmus
Kannada	fonts-lohit-knda
Malayalam	fonts-samyak-mlym
Myanmar	fonts-sil-padauk
Sinhala	fonts-lklug-sinhala
Tamil	fonts-samyak-taml
Telugu	fonts-telu
Thai	fonts-thai-tlwg

FROM gotenberg/gotenberg:8

USER root

RUN apt-get update -qq \
    && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends \
        fonts-hosny-amiri \
        fonts-thai-tlwg \
    && rm -rf /var/lib/apt/lists/*

USER gotenberg

Webhook

• Gotenberg-Webhook-Error-Url Now Optional: When Gotenberg-Webhook-Events-Url is set, Gotenberg-Webhook-Error-Url is no longer required. Error handling flows through the events URL instead. Gotenberg-Webhook-Error-Url is deprecated but continues to work.

Bug Fixes

• ExifTool Tag Filtering: Case-insensitive comparison and expanded blocklist for ExifTool metadata filtering. Excludes additional system tags while preserving safe derived tags.
• Regex Timeout: Added timeout to regex evaluation to prevent ReDoS on malformed patterns.

Chore

• Updated Go dependencies.

paperless-ngx/paperless-ngx (ghcr.io/paperless-ngx/paperless-ngx)

v2.20.15: Paperless-ngx v2.20.15

Compare Source

paperless-ngx 2.20.15

[!NOTE]
This release addresses a security issue (GHSA-8c6x-pfjq-9gr7) and is recommended for all users. Our sincere thank you to the community members who reported this.

Bug Fixes

• Fix: use only allauth login/logout endpoints @​shamoon (#​12639)
• Fix: correctly scope mail account enumeration @​shamoon (#​12636)
• Fix: prevent intermediate change event when CustomFieldQueryAtom operator changes type @​ggouzi (#​12597)
• Fix: reject invalid requests to API notes endpoint @​ggouzi (#​12582)

All App Changes

4 changes

• Fix: use only allauth login/logout endpoints @​shamoon (#​12639)
• Fix: correctly scope mail account enumeration @​shamoon (#​12636)
• Fix: prevent intermediate change event when CustomFieldQueryAtom operator changes type (#​12597)
• Fix: reject invalid requests to API notes endpoint (#​12582)

v2.20.14: Paperless-ngx v2.20.14

Compare Source

paperless-ngx 2.20.14

Bug Fixes

• Fix: do not submit permissions for non-owners @​shamoon (#​12571)
• Fix: prevent duplicate parent tag IDs @​shamoon (#​12522)
• Fix: dont defer tag change application in workflows @​shamoon (#​12478)
• Fix: limit share link viewset actions @​shamoon (#​12461)
• Fix: add fallback ordering for documents by id after created @​shamoon (#​12440)
• Fixhancement: default mail-created correspondent matching to exact @​shamoon (#​12414)
• Fix: validate date CF value in serializer @​shamoon (#​12410)

All App Changes

7 changes

• Fix: do not submit permissions for non-owners @​shamoon (#​12571)
• Fix: prevent duplicate parent tag IDs @​shamoon (#​12522)
• Fix: dont defer tag change application in workflows @​shamoon (#​12478)
• Fix: limit share link viewset actions @​shamoon (#​12461)
• Fix: add fallback ordering for documents by id after created @​shamoon (#​12440)
• Fixhancement: default mail-created correspondent matching to exact @​shamoon (#​12414)
• Fix: validate date CF value in serializer @​shamoon (#​12410)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/gotenberg/gotenberg](https://github.com/gotenberg/gotenberg) | minor | `8.29.1` → `8.32.0` | | [ghcr.io/paperless-ngx/paperless-ngx](https://github.com/paperless-ngx/paperless-ngx) | patch | `2.20.13` → `2.20.15` | --- ### Release Notes <details> <summary>gotenberg/gotenberg (docker.io/gotenberg/gotenberg)</summary> ### [`v8.32.0`](https://github.com/gotenberg/gotenberg/releases/tag/v8.32.0): 8.32.0 [Compare Source](https://github.com/gotenberg/gotenberg/compare/v8.31.0...v8.32.0) #### Breaking Changes & Security Fixes ⚠️ - **Reverted SSRF defaults (breaking vs 8.31.0).** 8.31.0 blocked private-IP destinations by default, which broke deployments running Gotenberg inside a private network. 8.32.0 restores the 8.30.x permissive defaults. Operators with internet-facing APIs opt into the strict posture via the new flags below. - **Rejected `file://` at `/forms/chromium/convert/url`.** Submitting `url=file:///tmp/...` used to let an unauthenticated caller enumerate the request working directory and read other in-flight uploads as rendered PDFs. The route now returns HTTP 400 for any `file://` URL. - **Required uploaded file for `image` / `pdf` stamp and watermark sources.** Twelve callsites accepted `stampSource=pdf` or `watermarkSource=pdf` with an expression pointing at any path the Gotenberg process could open, even when no file was uploaded. Handlers now return HTTP 400 unless the caller uploaded a matching file. - **Scoped `file://` sub-resources to the request working directory.** Crafted HTML could reference another request's `file:///tmp/<reqdir>/...`. The CDP request handler now restricts `file://` sub-resources to the current request's directory. `/convert/url` and `/screenshot/url` reject every `file://` sub-resource outright. - **Hardened Chromium against DNS rebinding.** A short-TTL DNS authority could return a public IP at validation and a private IP at connect. A loopback HTTP / CONNECT proxy now sits between Chromium and the network, resolves DNS once, and pins the dial to the resolved IP. Skipped when `--chromium-proxy-server` or `--chromium-host-resolver-rules` is set. - **Filtered LibreOffice outbound fetches through a proxy.** Uploaded OOXML, RTF, and ODF files can embed external URLs that LibreOffice's libcurl resolves below every Go-side SSRF filter. LibreOffice now routes every outbound fetch through an in-process forward proxy on the same `gotenberg.DecideOutbound` path Chromium and webhook delivery use. See the four new flags below. - **Recovered webhook async panics.** High-concurrency webhooks could panic the async goroutine and crash the whole process. The goroutine now snapshots the request context and recovers any future panic through the existing error path. #### New Features - **LibreOffice outbound URL filtering.** Four flags mirror the Chromium and webhook layout: `--libreoffice-allow-list`, `--libreoffice-deny-list`, `--libreoffice-deny-private-ips`, `--libreoffice-deny-public-ips`. All default permissive. - **IP-class filtering on four modules.** `chromium`, `webhook`, `api-download-from`, and `libreoffice` each accept matching `deny-private-ips` and `deny-public-ips` flags. All default to `false`. | Flag | What it does | | -------------------------------------- | --------------------------------------------------------------------------- | | `--chromium-deny-private-ips` | Reject Chromium navigations and sub-resources resolving to a non-public IP. | | `--chromium-deny-public-ips` | Reject Chromium navigations and sub-resources resolving to a public IP. | | `--webhook-deny-private-ips` | Reject webhook URLs (success, error, events) resolving to a non-public IP. | | `--webhook-deny-public-ips` | Reject webhook URLs resolving to a public IP. | | `--api-download-from-deny-private-ips` | Reject `downloadFrom` URLs resolving to a non-public IP. | | `--api-download-from-deny-public-ips` | Reject `downloadFrom` URLs resolving to a public IP. | | `--libreoffice-deny-private-ips` | Reject LibreOffice outbound fetches resolving to a non-public IP. | | `--libreoffice-deny-public-ips` | Reject LibreOffice outbound fetches resolving to a public IP. | A URL matching `--*-allow-list` skips the IP-class check. A URL matching `--*-deny-list` is always rejected. Setting both `deny-private-ips=true` and `deny-public-ips=true` rejects every URL unless the allow-list matches. #### Bug Fixes - **Charts print as blank rectangles** ([#&#8203;1531](https://github.com/gotenberg/gotenberg/issues/1531), [#&#8203;1532](https://github.com/gotenberg/gotenberg/issues/1532), [#&#8203;1534](https://github.com/gotenberg/gotenberg/issues/1534), [#&#8203;1535](https://github.com/gotenberg/gotenberg/issues/1535)): `chromedp v0.15.0` suspended the BeginFrame-driven callback dispatch loop under `emulatedMediaType=print`. `requestAnimationFrame`, `ResizeObserver`, `IntersectionObserver`, CSS `transitionend`, and CSS `animationend` all stopped firing. Pinning `chromedp` back to `v0.14.2` restores native dispatch. - **LibreOffice cached an unrecoverable first-start error** ([#&#8203;1538](https://github.com/gotenberg/gotenberg/issues/1538)): A short `--libreoffice-start-timeout` timed out the first request, then every subsequent request returned the same cached error until the container restarted. The lazy-start path now retries on failure. #### Chore - Updated `pdfcpu` to `v0.12.0`. - Switched metadata read/write to direct `exiftool` invocation. Removes the GPL-3.0 `go-exiftool` dependency. - Bumped Go to `1.26.2`. - Updated Go dependencies. #### Thanks Thanks to [@&#8203;Jalliuz](https://github.com/Jalliuz) ([#&#8203;1527](https://github.com/gotenberg/gotenberg/issues/1527)) for reporting the 8.31.0 sub-resource regression. [@&#8203;notscottsmith](https://github.com/notscottsmith) ([#&#8203;1531](https://github.com/gotenberg/gotenberg/issues/1531)), [@&#8203;spoltix](https://github.com/spoltix) ([#&#8203;1532](https://github.com/gotenberg/gotenberg/issues/1532)), [@&#8203;rdelott-work](https://github.com/rdelott-work) ([#&#8203;1534](https://github.com/gotenberg/gotenberg/issues/1534)), and [@&#8203;sillyas2010](https://github.com/sillyas2010) ([#&#8203;1535](https://github.com/gotenberg/gotenberg/issues/1535)) narrowed down the chromedp print-mode regression. [@&#8203;sillyas2010](https://github.com/sillyas2010) also published [the reproducer](https://github.com/sillyas2010/gotenberg-8.29-test-example) that pinned the bisect. [@&#8203;JeremyReist2](https://github.com/JeremyReist2) ([#&#8203;1536](https://github.com/gotenberg/gotenberg/issues/1536)) flagged the `go-exiftool` GPL-3.0 license. [@&#8203;doronbehar](https://github.com/doronbehar) ([#&#8203;1537](https://github.com/gotenberg/gotenberg/issues/1537)) requested the pdfcpu upgrade. [@&#8203;mlafon](https://github.com/mlafon) ([#&#8203;1538](https://github.com/gotenberg/gotenberg/issues/1538)) reported the LibreOffice supervisor cached-error bug. ### [`v8.31.0`](https://github.com/gotenberg/gotenberg/releases/tag/v8.31.0): 8.31.0 [Compare Source](https://github.com/gotenberg/gotenberg/compare/v8.30.1...v8.31.0) #### Breaking Changes & Security Fixes ⚠️ - **Stopped publishing `thecodingmachine/gotenberg` images.** Pull from `gotenberg/gotenberg` instead. - **SSRF hardening (breaking).** Resolves outbound URLs (Chromium asset fetches, webhook delivery, download-from) and rejects non-public addresses: loopback, RFC1918, link-local, unspecified, multicast, IPv6 unique-local, IPv4-mapped IPv6. Pins the dial to the validated IP to prevent DNS rebinding. - **Defaulted webhook deny list (breaking).** `--webhook-deny-list` now defaults to a regex blocking loopback, RFC1918, link-local, and IPv6 unique-local ranges. Override the flag to call internal hosts. - **Sanitized ExifTool metadata (breaking for `System:` tags).** Strips control characters and line breaks from `/forms/pdfengines/metadata/write` payloads. Drops `System:`-prefixed tags. Blocks argument smuggling and filesystem pseudo-tag abuse. #### New Features - **Embed files metadata.** Adds `embedsMetadata` to every route accepting `embeds` (Chromium HTML/URL/Markdown, LibreOffice convert, PDF Engines merge/split/embed). Pass a JSON object keyed by filename with per-file fields (`mimeType`, `relationship`, etc.) - thanks [@&#8203;Jean-Beru](https://github.com/Jean-Beru)! #### Bug Fixes - **Pinned Chromium to v146 on ppc64le** to work around an upstream regression. #### Deprecated Flags | Old | New | | ---------------------------- | ---------------------- | | `--webhook-error-allow-list` | `--webhook-allow-list` | | `--webhook-error-deny-list` | `--webhook-deny-list` | Old flags still work. #### Chore - Updated Go dependencies. ### [`v8.30.1`](https://github.com/gotenberg/gotenberg/releases/tag/v8.30.1): 8.30.1 [Compare Source](https://github.com/gotenberg/gotenberg/compare/v8.30.0...v8.30.1) Another release, another bug fixes 🫥 #### Bug Fixes - `chromium` only variants now start correctly - thanks [@&#8203;agross](https://github.com/agross)! - Re-added cURL for orchestrators health check - thanks [@&#8203;budivoogt](https://github.com/budivoogt), [@&#8203;gertjanstulp](https://github.com/gertjanstulp) and [@&#8203;jfisbein](https://github.com/jfisbein)! ### [`v8.30.0`](https://github.com/gotenberg/gotenberg/releases/tag/v8.30.0): 8.30.0 [Compare Source](https://github.com/gotenberg/gotenberg/compare/v8.29.1...v8.30.0) #### New Features ##### Docker Image Variants - **Chromium-Only Image** (`gotenberg/gotenberg:8.30.0-chromium`): Drops LibreOffice, python3, and hyphenation packages. \~30% smaller than the full image. - **LibreOffice-Only Image** (`gotenberg/gotenberg:8.30.0-libreoffice`): Drops Chromium and its dependencies. \~38% smaller than the full image. Pick the variant that matches your workload. The full image (`gotenberg/gotenberg:8.30.0`) still ships everything. ##### Leaner Docker Image The full image is \~13% smaller than 8.29.0. The font stack was simplified from 30+ packages down to 8, covering Latin, Greek, Cyrillic, CJK, and most world scripts through Noto, plus color emoji. | Package | Coverage | | :------------------------ | :----------------------------------------------------------------------------------------------------------------------------------------------------------- | | `fonts-noto-core` | Arabic, Bengali, Devanagari, Ethiopic, Georgian, Gujarati, Gurmukhi, Hebrew, Kannada, Khmer, Lao, Malayalam, Myanmar, Sinhala, Tamil, Telugu, Thai, and more | | `fonts-noto-cjk` | Chinese, Japanese, Korean | | `fonts-noto-color-emoji` | Color emoji | | `fonts-dejavu` | Latin, Greek, Cyrillic | | `fonts-crosextra-carlito` | Metric-compatible with Calibri | | `fonts-crosextra-caladea` | Metric-compatible with Cambria | | `fonts-liberation` | Metric-compatible with Arial, Times New Roman, Courier New | | `fonts-liberation2` | Updated Liberation metrics | Microsoft Core Fonts (`ttf-mscorefonts-installer`) are not shipped due to licensing constraints. The image includes metric-compatible replacements instead: Carlito for Calibri, Caladea for Cambria, and Liberation for Arial, Times New Roman, and Courier New. These preserve document layout in most cases. ##### Installing Additional Fonts Build a custom Dockerfile to add fonts. Common scenarios: **Microsoft Core Fonts** (you accept the [Microsoft EULA](https://corefonts.sourceforge.net/eula.htm)): ```docker FROM gotenberg/gotenberg:8 USER root RUN echo "deb http://deb.debian.org/debian trixie contrib non-free" \ > /etc/apt/sources.list.d/contrib.list \ && echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" \ | debconf-set-selections \ && apt-get update -qq \ && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends \ ca-certificates \ wget \ ttf-mscorefonts-installer \ && rm -rf /var/lib/apt/lists/* USER gotenberg ``` **Specialized script fonts** for richer glyph sets, better hinting, or traditional typefaces beyond the basic Noto coverage: | Script | Package | | :----------------- | :--------------------- | | Arabic (Naskh) | `fonts-hosny-amiri` | | Bengali | `fonts-beng` | | Devanagari (Hindi) | `fonts-sarai` | | Ethiopic | `fonts-sil-abyssinica` | | Gujarati | `fonts-samyak-gujr` | | Gurmukhi (Punjabi) | `fonts-lohit-guru` | | Hebrew | `culmus` | | Kannada | `fonts-lohit-knda` | | Malayalam | `fonts-samyak-mlym` | | Myanmar | `fonts-sil-padauk` | | Sinhala | `fonts-lklug-sinhala` | | Tamil | `fonts-samyak-taml` | | Telugu | `fonts-telu` | | Thai | `fonts-thai-tlwg` | ```docker FROM gotenberg/gotenberg:8 USER root RUN apt-get update -qq \ && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends \ fonts-hosny-amiri \ fonts-thai-tlwg \ && rm -rf /var/lib/apt/lists/* USER gotenberg ``` ##### Webhook - **`Gotenberg-Webhook-Error-Url` Now Optional**: When `Gotenberg-Webhook-Events-Url` is set, `Gotenberg-Webhook-Error-Url` is no longer required. Error handling flows through the events URL instead. `Gotenberg-Webhook-Error-Url` is deprecated but continues to work. #### Bug Fixes - **ExifTool Tag Filtering**: Case-insensitive comparison and expanded blocklist for ExifTool metadata filtering. Excludes additional system tags while preserving safe derived tags. - **Regex Timeout**: Added timeout to regex evaluation to prevent ReDoS on malformed patterns. #### Chore - Updated Go dependencies. </details> <details> <summary>paperless-ngx/paperless-ngx (ghcr.io/paperless-ngx/paperless-ngx)</summary> ### [`v2.20.15`](https://github.com/paperless-ngx/paperless-ngx/releases/tag/v2.20.15): Paperless-ngx v2.20.15 [Compare Source](https://github.com/paperless-ngx/paperless-ngx/compare/v2.20.14...v2.20.15) #### paperless-ngx 2.20.15 > \[!NOTE] > This release addresses a security issue (GHSA-8c6x-pfjq-9gr7) and is recommended for all users. Our sincere thank you to the community members who reported this. ##### Bug Fixes - Fix: use only allauth login/logout endpoints [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12639](https://github.com/paperless-ngx/paperless-ngx/pull/12639)) - Fix: correctly scope mail account enumeration [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12636](https://github.com/paperless-ngx/paperless-ngx/pull/12636)) - Fix: prevent intermediate change event when CustomFieldQueryAtom operator changes type [@&#8203;ggouzi](https://github.com/ggouzi) ([#&#8203;12597](https://github.com/paperless-ngx/paperless-ngx/issues/12597)) - Fix: reject invalid requests to API notes endpoint [@&#8203;ggouzi](https://github.com/ggouzi) ([#&#8203;12582](https://github.com/paperless-ngx/paperless-ngx/issues/12582)) ##### All App Changes <details> <summary>4 changes</summary> - Fix: use only allauth login/logout endpoints [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12639](https://github.com/paperless-ngx/paperless-ngx/pull/12639)) - Fix: correctly scope mail account enumeration [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12636](https://github.com/paperless-ngx/paperless-ngx/pull/12636)) - Fix: prevent intermediate change event when CustomFieldQueryAtom operator changes type ([#&#8203;12597](https://github.com/paperless-ngx/paperless-ngx/issues/12597)) - Fix: reject invalid requests to API notes endpoint ([#&#8203;12582](https://github.com/paperless-ngx/paperless-ngx/issues/12582)) </details> ### [`v2.20.14`](https://github.com/paperless-ngx/paperless-ngx/releases/tag/v2.20.14): Paperless-ngx v2.20.14 [Compare Source](https://github.com/paperless-ngx/paperless-ngx/compare/v2.20.13...v2.20.14) #### paperless-ngx 2.20.14 ##### Bug Fixes - Fix: do not submit permissions for non-owners [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12571](https://github.com/paperless-ngx/paperless-ngx/pull/12571)) - Fix: prevent duplicate parent tag IDs [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12522](https://github.com/paperless-ngx/paperless-ngx/pull/12522)) - Fix: dont defer tag change application in workflows [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12478](https://github.com/paperless-ngx/paperless-ngx/pull/12478)) - Fix: limit share link viewset actions [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12461](https://github.com/paperless-ngx/paperless-ngx/pull/12461)) - Fix: add fallback ordering for documents by id after created [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12440](https://github.com/paperless-ngx/paperless-ngx/pull/12440)) - Fixhancement: default mail-created correspondent matching to exact [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12414](https://github.com/paperless-ngx/paperless-ngx/pull/12414)) - Fix: validate date CF value in serializer [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12410](https://github.com/paperless-ngx/paperless-ngx/pull/12410)) ##### All App Changes <details> <summary>7 changes</summary> - Fix: do not submit permissions for non-owners [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12571](https://github.com/paperless-ngx/paperless-ngx/pull/12571)) - Fix: prevent duplicate parent tag IDs [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12522](https://github.com/paperless-ngx/paperless-ngx/pull/12522)) - Fix: dont defer tag change application in workflows [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12478](https://github.com/paperless-ngx/paperless-ngx/pull/12478)) - Fix: limit share link viewset actions [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12461](https://github.com/paperless-ngx/paperless-ngx/pull/12461)) - Fix: add fallback ordering for documents by id after created [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12440](https://github.com/paperless-ngx/paperless-ngx/pull/12440)) - Fixhancement: default mail-created correspondent matching to exact [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12414](https://github.com/paperless-ngx/paperless-ngx/pull/12414)) - Fix: validate date CF value in serializer [@&#8203;shamoon](https://github.com/shamoon) ([#&#8203;12410](https://github.com/paperless-ngx/paperless-ngx/pull/12410)) </details> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDQuMiIsInVwZGF0ZWRJblZlciI6IjQzLjEwNC4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

renovate-bot added 1 commit 2026-04-27 09:51:32 +00:00

Update Paperless-ngx cddd4687cb

renovate-bot force-pushed renovate/paperless-ngx from cddd4687cb to 2e213d076e 2026-05-01 00:04:04 +00:00 Compare

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/paperless-ngx:renovate/paperless-ngx

git switch renovate/paperless-ngx

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch master

git merge --no-ff renovate/paperless-ngx

git switch renovate/paperless-ngx

git rebase master

git switch master

git merge --ff-only renovate/paperless-ngx

git switch renovate/paperless-ngx

git rebase master

git switch master

git merge --no-ff renovate/paperless-ngx

git switch master

git merge --squash renovate/paperless-ngx

git switch master

git merge --ff-only renovate/paperless-ngx

git switch master

git merge renovate/paperless-ngx

git push origin master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

peter/homelab-docker-config!326

No description provided.