changelog_override.json 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243
  1. [
  2. {
  3. "action": "add",
  4. "when": "29cb20bd563c02671b31dd840139e93dd37150a1",
  5. "short": "[priority] **A new release type has been added!**\n * [`nightly`](https://github.com/yt-dlp/yt-dlp/releases/tag/nightly) builds will be made after each push, containing the latest fixes (but also possibly bugs).\n * When using `--update`/`-U`, a release binary will only update to its current channel (either `stable` or `nightly`).\n * The `--update-to` option has been added allowing the user more control over program upgrades (or downgrades).\n * `--update-to` can change the release channel (`stable`, `nightly`) and also upgrade or downgrade to specific tags.\n * **Usage**: `--update-to CHANNEL`, `--update-to TAG`, `--update-to CHANNEL@TAG`"
  6. },
  7. {
  8. "action": "add",
  9. "when": "5038f6d713303e0967d002216e7a88652401c22a",
  10. "short": "[priority] **YouTube throttling fixes!**"
  11. },
  12. {
  13. "action": "remove",
  14. "when": "2e023649ea4e11151545a34dc1360c114981a236"
  15. },
  16. {
  17. "action": "add",
  18. "when": "01aba2519a0884ef17d5f85608dbd2a455577147",
  19. "short": "[priority] YouTube: Improved throttling and signature fixes"
  20. },
  21. {
  22. "action": "change",
  23. "when": "c86e433c35fe5da6cb29f3539eef97497f84ed38",
  24. "short": "[extractor/niconico:series] Fix extraction (#6898)",
  25. "authors": ["sqrtNOT"]
  26. },
  27. {
  28. "action": "change",
  29. "when": "69a40e4a7f6caa5662527ebd2f3c4e8aa02857a2",
  30. "short": "[extractor/youtube:music_search_url] Extract title (#7102)",
  31. "authors": ["kangalio"]
  32. },
  33. {
  34. "action": "change",
  35. "when": "8417f26b8a819cd7ffcd4e000ca3e45033e670fb",
  36. "short": "Add option `--color` (#6904)",
  37. "authors": ["Grub4K"]
  38. },
  39. {
  40. "action": "change",
  41. "when": "b4e0d75848e9447cee2cd3646ce54d4744a7ff56",
  42. "short": "Improve `--download-sections`\n - Support negative time-ranges\n - Add `*from-url` to obey time-ranges in URL",
  43. "authors": ["pukkandan"]
  44. },
  45. {
  46. "action": "change",
  47. "when": "1e75d97db21152acc764b30a688e516f04b8a142",
  48. "short": "[extractor/youtube] Add `ios` to default clients used\n - IOS is affected neither by 403 nor by nsig so helps mitigate them preemptively\n - IOS also has higher bit-rate 'premium' formats though they are not labeled as such",
  49. "authors": ["pukkandan"]
  50. },
  51. {
  52. "action": "change",
  53. "when": "f2ff0f6f1914b82d4a51681a72cc0828115dcb4a",
  54. "short": "[extractor/motherless] Add gallery support, fix groups (#7211)",
  55. "authors": ["rexlambert22", "Ti4eeT4e"]
  56. },
  57. {
  58. "action": "change",
  59. "when": "a4486bfc1dc7057efca9dd3fe70d7fa25c56f700",
  60. "short": "[misc] Revert \"Add automatic duplicate issue detection\"",
  61. "authors": ["pukkandan"]
  62. },
  63. {
  64. "action": "add",
  65. "when": "1ceb657bdd254ad961489e5060f2ccc7d556b729",
  66. "short": "[priority] Security: [[CVE-2023-35934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35934)] Fix [Cookie leak](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj)\n - `--add-header Cookie:` is deprecated and auto-scoped to input URL domains\n - Cookies are scoped when passed to external downloaders\n - Add `cookies` field to info.json and deprecate `http_headers.Cookie`"
  67. },
  68. {
  69. "action": "change",
  70. "when": "b03fa7834579a01cc5fba48c0e73488a16683d48",
  71. "short": "[ie/twitter] Revert 92315c03774cfabb3a921884326beb4b981f786b",
  72. "authors": ["pukkandan"]
  73. },
  74. {
  75. "action": "change",
  76. "when": "fcd6a76adc49d5cd8783985c7ce35384b72e545f",
  77. "short": "[test] Add tests for socks proxies (#7908)",
  78. "authors": ["coletdjnz"]
  79. },
  80. {
  81. "action": "change",
  82. "when": "4bf912282a34b58b6b35d8f7e6be535770c89c76",
  83. "short": "[rh:urllib] Remove dot segments during URL normalization (#7662)",
  84. "authors": ["coletdjnz"]
  85. },
  86. {
  87. "action": "change",
  88. "when": "59e92b1f1833440bb2190f847eb735cf0f90bc85",
  89. "short": "[rh:urllib] Simplify gzip decoding (#7611)",
  90. "authors": ["Grub4K"]
  91. },
  92. {
  93. "action": "add",
  94. "when": "c1d71d0d9f41db5e4306c86af232f5f6220a130b",
  95. "short": "[priority] **The minimum *recommended* Python version has been raised to 3.8**\nSince Python 3.7 has reached end-of-life, support for it will be dropped soon. [Read more](https://github.com/yt-dlp/yt-dlp/issues/7803)"
  96. },
  97. {
  98. "action": "add",
  99. "when": "61bdf15fc7400601c3da1aa7a43917310a5bf391",
  100. "short": "[priority] Security: [[CVE-2023-40581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40581)] [Prevent RCE when using `--exec` with `%q` on Windows](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg)\n - The shell escape function is now using `\"\"` instead of `\\\"`.\n - `utils.Popen` has been patched to properly quote commands."
  101. },
  102. {
  103. "action": "change",
  104. "when": "8a8b54523addf46dfd50ef599761a81bc22362e6",
  105. "short": "[rh:requests] Add handler for `requests` HTTP library (#3668)\n\n\tAdds support for HTTPS proxies and persistent connections (keep-alive)",
  106. "authors": ["bashonly", "coletdjnz", "Grub4K"]
  107. },
  108. {
  109. "action": "add",
  110. "when": "1d03633c5a1621b9f3a756f0a4f9dc61fab3aeaa",
  111. "short": "[priority] **The release channels have been adjusted!**\n\t* [`master`](https://github.com/yt-dlp/yt-dlp-master-builds) builds are made after each push, containing the latest fixes (but also possibly bugs). This was previously the `nightly` channel.\n\t* [`nightly`](https://github.com/yt-dlp/yt-dlp-nightly-builds) builds are now made once a day, if there were any changes."
  112. },
  113. {
  114. "action": "add",
  115. "when": "f04b5bedad7b281bee9814686bba1762bae092eb",
  116. "short": "[priority] Security: [[CVE-2023-46121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46121)] Patch [Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x)\n\t- Disallow smuggling of arbitrary `http_headers`; extractors now only use specific headers"
  117. },
  118. {
  119. "action": "change",
  120. "when": "15f22b4880b6b3f71f350c64d70976ae65b9f1ca",
  121. "short": "[webvtt] Allow spaces before newlines for CueBlock (#7681)",
  122. "authors": ["TSRBerry"]
  123. },
  124. {
  125. "action": "change",
  126. "when": "4ce57d3b873c2887814cbec03d029533e82f7db5",
  127. "short": "[ie] Support multi-period MPD streams (#6654)",
  128. "authors": ["alard", "pukkandan"]
  129. },
  130. {
  131. "action": "change",
  132. "when": "aa7e9ae4f48276bd5d0173966c77db9484f65a0a",
  133. "short": "[ie/xvideos] Support new URL format (#9502)",
  134. "authors": ["sta1us"]
  135. },
  136. {
  137. "action": "remove",
  138. "when": "22e4dfacb61f62dfbb3eb41b31c7b69ba1059b80"
  139. },
  140. {
  141. "action": "change",
  142. "when": "e3a3ed8a981d9395c4859b6ef56cd02bc3148db2",
  143. "short": "[cleanup:ie] No `from` stdlib imports in extractors",
  144. "authors": ["pukkandan"]
  145. },
  146. {
  147. "action": "add",
  148. "when": "9590cc6b4768e190183d7d071a6c78170889116a",
  149. "short": "[priority] Security: [[CVE-2024-22423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22423)] [Prevent RCE when using `--exec` with `%q` on Windows](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p)\n - The shell escape function now properly escapes `%`, `\\` and `\\n`.\n - `utils.Popen` has been patched accordingly."
  150. },
  151. {
  152. "action": "change",
  153. "when": "41ba4a808b597a3afed78c89675a30deb6844450",
  154. "short": "[ie/tiktok] Extract via mobile API only if extractor-arg is passed (#9938)",
  155. "authors": ["bashonly"]
  156. },
  157. {
  158. "action": "remove",
  159. "when": "6e36d17f404556f0e3a43f441c477a71a91877d9"
  160. },
  161. {
  162. "action": "change",
  163. "when": "beaf832c7a9d57833f365ce18f6115b88071b296",
  164. "short": "[ie/soundcloud] Add `formats` extractor-arg (#10004)",
  165. "authors": ["bashonly", "Grub4K"]
  166. },
  167. {
  168. "action": "change",
  169. "when": "5c019f6328ad40d66561eac3c4de0b3cd070d0f6",
  170. "short": "[cleanup] Misc (#9765)",
  171. "authors": ["bashonly", "Grub4K", "seproDev"]
  172. },
  173. {
  174. "action": "change",
  175. "when": "e6a22834df1776ec4e486526f6df2bf53cb7e06f",
  176. "short": "[ie/orf:on] Add `prefer_segments_playlist` extractor-arg (#10314)",
  177. "authors": ["seproDev"]
  178. },
  179. {
  180. "action": "add",
  181. "when": "6aaf96a3d6e7d0d426e97e11a2fcf52fda00e733",
  182. "short": "[priority] Security: [[CVE-2024-38519](https://nvd.nist.gov/vuln/detail/CVE-2024-38519)] [Properly sanitize file-extension to prevent file system modification and RCE](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j)\n - Unsafe extensions are now blocked from being downloaded"
  183. },
  184. {
  185. "action": "add",
  186. "when": "6075a029dba70a89675ae1250e7cdfd91f0eba41",
  187. "short": "[priority] Security: [[ie/douyutv] Do not use dangerous javascript source/URL](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3v33-3wmw-3785)\n - A dependency on potentially malicious third-party JavaScript code has been removed from the Douyu extractors"
  188. },
  189. {
  190. "action": "add",
  191. "when": "fb8b7f226d251e521a89b23c415e249e5b788e5c",
  192. "short": "[priority] **The minimum *recommended* Python version has been raised to 3.9**\nSince Python 3.8 will reach end-of-life in October 2024, support for it will be dropped soon. [Read more](https://github.com/yt-dlp/yt-dlp/issues/10086)"
  193. },
  194. {
  195. "action": "change",
  196. "when": "b31b81d85f00601710d4fac590c3e4efb4133283",
  197. "short": "[ci] Rerun failed tests (#11143)",
  198. "authors": ["Grub4K"]
  199. },
  200. {
  201. "action": "add",
  202. "when": "a886cf3e900f4a2ec00af705f883539269545609",
  203. "short": "[priority] **py2exe is no longer supported**\nThis release's `yt-dlp_min.exe` will be the last, and it's actually a PyInstaller-bundled executable so that yt-dlp users updating their py2exe build with `-U` will be automatically migrated. [Read more](https://github.com/yt-dlp/yt-dlp/issues/10087)"
  204. },
  205. {
  206. "action": "add",
  207. "when": "a886cf3e900f4a2ec00af705f883539269545609",
  208. "short": "[priority] **Following this release, yt-dlp's Python dependencies *must* be installed using the `default` group**\nIf you're installing yt-dlp with pip/pipx or requiring yt-dlp in your own Python project, you'll need to specify `yt-dlp[default]` if you want to also install yt-dlp's optional dependencies (which were previously included by default). [Read more](https://github.com/yt-dlp/yt-dlp/pull/11255)"
  209. },
  210. {
  211. "action": "add",
  212. "when": "87884f15580910e4e0fe0e1db73508debc657471",
  213. "short": "[priority] **Beginning with this release, yt-dlp's Python dependencies *must* be installed using the `default` group**\nIf you're installing yt-dlp with pip/pipx or requiring yt-dlp in your own Python project, you'll need to specify `yt-dlp[default]` if you want to also install yt-dlp's optional dependencies (which were previously included by default). [Read more](https://github.com/yt-dlp/yt-dlp/pull/11255)"
  214. },
  215. {
  216. "action": "add",
  217. "when": "d784464399b600ba9516bbcec6286f11d68974dd",
  218. "short": "[priority] **The minimum *required* Python version has been raised to 3.9**\nPython 3.8 reached its end-of-life on 2024.10.07, and yt-dlp has now removed support for it. As an unfortunate side effect, the official `yt-dlp.exe` and `yt-dlp_x86.exe` binaries are no longer supported on Windows 7. [Read more](https://github.com/yt-dlp/yt-dlp/issues/10086)"
  219. },
  220. {
  221. "action": "change",
  222. "when": "914af9a0cf51c9a3f74aa88d952bee8334c67511",
  223. "short": "Expand paths in `--plugin-dirs` (#11334)",
  224. "authors": ["bashonly"]
  225. },
  226. {
  227. "action": "change",
  228. "when": "c29f5a7fae93a08f3cfbb6127b2faa75145b06a0",
  229. "short": "[ie/generic] Do not impersonate by default (#11336)",
  230. "authors": ["bashonly"]
  231. },
  232. {
  233. "action": "change",
  234. "when": "57212a5f97ce367590aaa5c3e9a135eead8f81f7",
  235. "short": "[ie/vimeo] Fix API retries (#11351)",
  236. "authors": ["bashonly"]
  237. },
  238. {
  239. "action": "add",
  240. "when": "52c0ffe40ad6e8404d93296f575007b05b04c686",
  241. "short": "[priority] **Login with OAuth is no longer supported for YouTube**\nDue to a change made by the site, yt-dlp is no longer able to support OAuth login for YouTube. [Read more](https://github.com/yt-dlp/yt-dlp/issues/11462#issuecomment-2471703090)"
  242. }
  243. ]