paperless-ngx | v2.20.15

paperless-ngx v2.20.15 released on 27-04-2026


paperless-ngx v2.20.15 is out now. It addresses a reported security issue (GHSA-8c6x-pfjq-9gr7) and tightens authentication and mail-account handling to reduce unintended exposure.

Visit the project’s GitHub release page for full notes and upgrade instructions.

What’s in this release

  • Security update addressing GHSA-8c6x-pfjq-9gr7 — recommended for all users.
  • Hardening: the app now uses only the allauth-provided login and logout endpoints, limiting alternate authentication routes.
  • Mail account enumeration scoping fix to prevent broader-than-intended exposure of mail account listings and improve multi-account isolation.
  • API and UI robustness fixes: the API notes endpoint now rejects invalid requests, and CustomFieldQueryAtom no longer emits intermediate change events when an operator changes type.

Upgrade notes

  • Upgrade to v2.20.15 to apply the security fix; see the project’s GitHub release for upgrade steps and CI artifacts.
  • No breaking changes are listed in the release notes; back up your data and follow your normal upgrade procedures before applying the update.

Share comments on your experience with the upgrade.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes