HomeAssistant Core 2026 3 2: targeted bug fixes, dependency upgrades, OAuth resilience and frontend UX tweaks for stability and better integrations
Encryption without object lock is a half-measure. A misconfigured script or compromised service account can still wipe everything, which is why S3-compatible storage on a homelab needs layered defence: encryption at rest, API-enforced write and delete rules, and backups that survive the worst realistic failure.
Discover the Ring Outdoor Camera Battery and two more Amazon tech deals this week.
I've built backup jobs that looked fine right up until the restore failed. The gap between what you think is covered and what actually is covered lives in the space where documentation should be; write down what is excluded, not just what you protect, and you stop arguing about it later.
Vendor lock-in creeps in quietly: a pinned cloud dashboard, a backup tool in a proprietary format, a reverse proxy config hardcoded to an IP nobody wrote down. By the time you need to migrate, the compose file is the only thing you trust, and even that can lie to you.
Use this blueprint to harden Windows Terminal and PowerShell, reduce exposure and detect post-compromise behaviour. You get clear settings, AppLocker and WDAC guidance, logging checks and audits you can run to implement Win+X paste attack hardening now.
Authelia v4:39:16: fixes for authentication and LDAP, middleware and OIDC polish, config and dev tooling improvements, Docker images available
Authelia v4 39 16: patch fixes auth, middleware, OIDC, UI and dev build, resolves 2FA hang, discovery, LDAP filters, dev tooling tweaks
Gitea v1:25:5: security fixes, OAuth and permission fixes, git LFS mirroring and storage fixes, UI and editor improvements, dependency and packaging updates
Gitea v1 25 5: security and toolchain updates, OAuth and authz fixes, repo mirroring and LFS reliability, UI and CI bugfixes, Gitea Cloud auto upgrades
n8n 2 11 4: fixes task runner hang, adds option to skip disabling foreign keys during import, safe backported update for 2 11 x, test imports and task runners
Flux v2 8 2: rebuilt with Go 1 26 1 to mitigate TLS DoS CVE 2026 27138, helm templating and retry fixes, ACR auth and image controller updates
Tempo v2 10 2: consistent exemplar handling and safety caps, frontend MaxExemplars as single source, TraceQL engine cap, default search max result limit 262144
Flux v2 8 2: patch with security fix CVE 2026 27138, fixes for helm, kustomize, source, image controllers, improves reliability, upgrade from v2 6
Tempo v2 10 2: fixes exemplar hint end to end and safety cap bypass, centralizes MaxExemplars and adds TraceQL cap, raises search max result limit to 262144
n8n 2 11 3: fixes Kubernetes ZIP import failures, reduces editor add button sizes, resolves arm64 segfault, upgrade recommended, no data migrations
Uptime Kuma v221: Adds Fluxer, sets process title to uptime kuma, restores Prometheus metrics, fixes bugs, security fix, translation and dependency updates
Talos Linux v1 12 5: core bumps Linux 6 18 15, Kubernetes 1 35 2, etcd 3 6 8, Go 1 25 8, fixes, updated images, please test and report issues
Argo CD v3 3 3: quick non HA and HA installs via kubectl, cosign signed images and SLSA provenance, key bug fixes and upgrade guidance
Vector v0 54 0: improved top UI and keybindings, datadog logs now defaults to zstd breaking change, new component latency metrics, azure logs ingestion added
Telegraf v1 38 0: strict env handling default, new plugins inputs sip and outputs influxdb v3, core and plugin enhancements, bug fixes and deps
AdGuard Home v0 107 73: critical auth bypass hotfix, fixes H2C upgrade bypass, update immediately and check logs for suspicious activity
Uptime Kuma v221: Fluxer notifier, process title set to uptime kuma, bug fixes and Prometheus metric restore, security fix, translations, dependency updates
AdGuard Home v0 107 73 urgent hotfix: critical auth bypass via H2C upgrade, update now, verify admin access, review logs, rotate creds if compromise suspected
n8n 2 11 2 update: fixes WFB UUID migration, tightens form CSS sanitization, enables proxy log streaming, hides credential overwrite, adds quick confirm
