Merge branch 'develop' into feature/parental-controls

Author: ProgenyAlpha

.github/workflows/create-tag.yml

@@ -78,7 +78,7 @@ jobs:
       - name: Commit updated files
         run: |
           git add package.json
-          git commit -m 'chore(release): prepare ${TAG_VERSION}'
+          git commit -m "chore(release): prepare ${TAG_VERSION}"
           git push
 
       - name: Create git tag

CONTRIBUTING.md

@@ -75,7 +75,7 @@ Please be respectful to maintainers and disclose AI assistance.
 3. Create a new branch:
 
    ```bash
-   git checkout -b BRANCH_NAME develop
+   git switch -c BRANCH_NAME develop
    ```
 
    - It is recommended to give your branch a meaningful name, relevant to the feature or fix you are working on.
@@ -127,11 +127,10 @@ Steps:
 ### Contributing Code
 
 - If you are taking on an existing bug or feature ticket, please comment on the [issue](/../../issues) to avoid multiple people working on the same thing.
-- All commits **must** follow [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
-  - Pull requests with titles or commits not following this standard will **not** be merged. PR titles are automatically checked for compliance.
+- Pull requests with titles not following [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) will **not** be merged. PR titles are automatically checked for compliance.
 - Please make meaningful commits, or squash them prior to opening a pull request.
   - Do not squash commits once people have begun reviewing your changes.
-- Always rebase your commit to the latest `develop` branch. Do **not** merge `develop` into your branch.
+- Always rebase your branch to the latest `develop` branch.
 - It is your responsibility to keep your branch up-to-date. Your work will **not** be merged unless it is rebased off the latest `develop` branch.
 - You can create a "draft" pull request early to get feedback on your work.
 - Your code **must** be formatted correctly, or the tests will fail.
@@ -180,10 +179,10 @@ PGPASSWORD=postgres sudo docker exec -it postgres-seerr /usr/bin/psql -h 127.0.0
 PGPASSWORD=postgres sudo docker exec -it postgres-seerr /usr/bin/psql -h 127.0.0.1 -U postgres -c "CREATE DATABASE seerr;"
 ```
 
-3. Checkout the `develop` branch and create the original database for SQLite and PostgreSQL so that TypeORM can automatically generate the migrations:
+3. Switch to the `develop` branch and create the original database for SQLite and PostgreSQL so that TypeORM can automatically generate the migrations:
 
 ```bash
-git checkout develop
+git switch develop
 pnpm i
 rm -r .next dist; pnpm build
 pnpm start
@@ -195,7 +194,7 @@ DB_TYPE="postgres" DB_USER=postgres DB_PASS=postgres pnpm start
 4. Let TypeORM generate the migrations:
 
 ```bash
-git checkout -b your-feature-branch
+git switch -c your-feature-branch
 pnpm i
 pnpm migration:generate server/migration/sqlite/YourMigrationName
 DB_TYPE="postgres" DB_USER=postgres DB_PASS=postgres pnpm migration:generate server/migration/postgres/YourMigrationName

SECURITY.md

@@ -8,6 +8,51 @@ To report a security issue, please use the GitHub Security Advisory ["Report a V
 
 **Please do not report security vulnerabilities through public GitHub issues, discussions, or Discord.**
 
+## AI Assistance Notice
+
+> [!IMPORTANT]
+>
+> Automated AI-generated contributions without human review are not allowed and will be rejected.
+> This is an open-source project maintained by volunteers.
+> We do not have the resources to review pull requests that could have been avoided with proper human oversight.
+> While we have no issue with contributors using AI tools as an aid, it is your responsibility as a contributor to ensure that all submissions are carefully reviewed and meet our quality standards.
+> Submissions that appear to be unreviewed AI output will be considered low-effort and may result in a ban.
+>
+> If you are using **any kind of AI assistance** to contribute to Seerr,
+> it must be disclosed in the pull request.
+
+If you are using any kind of AI assistance while contributing to Seerr,
+**this must be disclosed in the pull request**, along with the extent to
+which AI assistance was used (e.g. docs only vs. code generation).
+If security advisory responses are being generated by an AI, disclose that as well.
+As a small exception, trivial tab-completion doesn't need to be disclosed,
+so long as it is limited to single keywords or short phrases.
+
+An example disclosure:
+
+> This security advisory was written primarily by Claude Code.
+
+Or a more detailed disclosure:
+
+> I consulted ChatGPT to understand the codebase but the solution
+> was fully authored manually by myself.
+
+Failure to disclose this is first and foremost rude to the human operators
+on the other end of the pull request, but it also makes it difficult to
+determine how much scrutiny to apply to the contribution.
+
+In a perfect world, AI assistance would produce equal or higher quality
+work than any human. That isn't the world we live in today, and in most cases
+it's generating slop. I say this despite being a fan of and using them
+successfully myself (with heavy supervision)!
+
+When using AI assistance, we expect contributors to understand the code
+that is produced and be able to answer critical questions about it. It
+isn't a maintainers job to review a PR so broken that it requires
+significant rework to be acceptable.
+
+Please be respectful to maintainers and disclose AI assistance.
+
 ## What to Include in Your Report
 
 To help us better understand and resolve the issue, please include as much of the following information as possible:

charts/seerr-chart/Chart.yaml

@@ -3,9 +3,9 @@ kubeVersion: '>=1.23.0-0'
 name: seerr-chart
 description: Seerr helm chart for Kubernetes
 type: application
-version: 3.2.0
+version: 3.3.0
 # renovate: image=ghcr.io/seerr-team/seerr
-appVersion: 'v3.0.1'
+appVersion: 'v3.1.0'
 maintainers:
   - name: Seerr Team
     url: https://github.com/orgs/seerr-team/people

charts/seerr-chart/README.md

@@ -1,6 +1,6 @@
 # seerr-chart
 
-![Version: 3.2.0](https://img.shields.io/badge/Version-3.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.0.1](https://img.shields.io/badge/AppVersion-v3.0.1-informational?style=flat-square)
+![Version: 3.3.0](https://img.shields.io/badge/Version-3.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.1.0](https://img.shields.io/badge/AppVersion-v3.1.0-informational?style=flat-square)
 
 Seerr helm chart for Kubernetes
 

docs/using-seerr/notifications/ntfy.md

@@ -24,6 +24,10 @@ Set this to the username and password for your ntfy.sh server.
 
 Set this to the token for your ntfy.sh server.
 
+### Priority (optional)
+
+Set the priority level for notifications. Options range from Minimum (1) to Urgent (5), with Default (3) being the standard level. Higher priority notifications may bypass Do Not Disturb settings on some devices.
+
 :::info
 Please refer to the [ntfy.sh API documentation](https://docs.ntfy.sh/) for more details on configuring these notifications.
 :::

gen-docs/blog/2026-02-28-seerr-security-fix-release.md

@@ -0,0 +1,72 @@
+---
+title: "Seerr v3.1.0: Critical Security Release"
+description: "Seerr v3.1.0 addresses three CVEs, including a high-priority vulnerability affecting Plex-configured instances. Upgrade immediately."
+slug: seerr-3-1-0-security-release
+authors: [seerr-team]
+image: https://raw.githubusercontent.com/seerr-team/seerr/refs/heads/develop/gen-docs/static/img/logo_full.svg
+hide_table_of_contents: false
+---
+
+We are releasing **Seerr v3.1.0**, a security-focused update that addresses three CVEs, including a high-priority vulnerability affecting instances configured with Plex Media Server. **We strongly recommend upgrading as soon as possible.**
+
+This release also includes a number of bug fixes and marks the end of our post-merger feature freeze. New features will be resuming in future updates.
+
+<!--truncate-->
+
+## Security Vulnerabilities
+
+This release patches three newly identified CVEs. If you are running a Plex-configured instance of Seerr, **one of these vulnerabilities is high priority and poses a significant risk**, please upgrade immediately.
+
+### [CVE-2026-27707](https://github.com/seerr-team/seerr/security/advisories/GHSA-rc4w-7m3r-c2f7) — Unauthenticated Account Registration via Jellyfin Endpoint (High)
+
+On instances configured to use Plex as the media server, an unauthenticated attacker could register an account by abusing the Jellyfin authentication endpoint. This could allow unauthorized users to gain access to your Seerr instance without valid Plex credentials.
+
+### [CVE-2026-27793](https://github.com/seerr-team/seerr/security/advisories/GHSA-f7xw-jcqr-57hp) — Broken Object-Level Authorization in User Profile Endpoint (Medium)
+
+A broken object-level authorization vulnerability in the user profile endpoint could allow an authenticated user to access another user's profile data, including third-party notification credentials such as webhook URLs, Telegram tokens, and similar sensitive configuration.
+
+### [CVE-2026-27792](https://github.com/seerr-team/seerr/security/advisories/GHSA-gx3h-3jg5-q65f) — Missing Authentication on Push Subscription Endpoints (Medium)
+
+The push subscription endpoints lacked proper authentication checks, allowing unauthenticated requests to interact with subscription management functionality.
+
+---
+
+Please review the full security advisories linked above for technical details, impact assessment, and mitigation steps.
+
+## Bug Fixes
+
+Alongside the security patches, this release ships a number of bug fixes:
+
+- ***(helm)*** Add `"v"` as prefix for `appVersion` tag
+- ***(jellyfin-scanner)*** Include unmatched seasons in processable seasons
+- ***(link-account)*** Fix error-message override
+- ***(plex-scanner)*** Add TVDb to TMDB fallback in Plex scanner
+- ***(radarr)*** Trigger search for existing monitored movies without files
+- ***(servarr)*** Increase default API timeout from 5000ms to 10000ms
+- ***(sonarr)*** Use configured metadata provider for season filtering
+- ***(watch-data)*** Use sentinel values to avoid invalid SQL syntax
+- ***(watchlist-sync)*** Correct permission typo for TV auto requests
+- Preserve blocklist on media deletion & optimise watchlist-sync
+
+## New Contributors
+
+Many thanks to those making their first contribution to Seerr in this release:
+
+* [@caillou](https://github.com/caillou)
+* [@Kenshin9977](https://github.com/Kenshin9977)
+* [@MagicLegend](https://github.com/MagicLegend)
+* [@wiiaam](https://github.com/wiiaam)
+* [@mjonkus](https://github.com/mjonkus)
+* [@nova-api](https://github.com/nova-api)
+* [@mreid-tt](https://github.com/mreid-tt)
+* [@DataBitz](https://github.com/DataBitz)
+* [@Hyperion2220](https://github.com/Hyperion2220)
+* [@blassley](https://github.com/blassley)
+* [@JanKleine](https://github.com/JanKleine)
+* [@koiralasandesh](https://github.com/koiralasandesh)
+
+## What's Next
+
+Now that the post-merger feature freeze has ended, the team is resuming active feature development. Stay tuned to our blog for upcoming releases and in-depth looks at what we're building next.
+
+In the meantime, please upgrade to **v3.1.0** right away, especially if you are using a Plex Media Server configuration. See our [migration guide](https://docs.seerr.dev/migration-guide) if you need help upgrading from Overseerr/Jellyseerr.

package.json

@@ -34,6 +34,7 @@
   "license": "MIT",
   "dependencies": {
     "@dr.pogodin/csurf": "^1.16.6",
+    "@fontsource-variable/inter": "^5.2.8",
     "@formatjs/intl-displaynames": "6.8.13",
     "@formatjs/intl-locale": "3.1.1",
     "@formatjs/intl-pluralrules": "5.4.6",

pnpm-lock.yaml

@@ -49,6 +49,7 @@ export interface SonarrSeries {
   languageProfileId: number;
   seasonFolder: boolean;
   monitored: boolean;
+  monitorNewItems: 'all' | 'none';
   useSceneNumbering: boolean;
   runtime: number;
   tvdbId: number;
@@ -98,6 +99,7 @@ export interface AddSeriesOptions {
   tags?: number[];
   seriesType: SonarrSeries['seriesType'];
   monitored?: boolean;
+  monitorNewItems?: SonarrSeries['monitorNewItems'];
   searchNow?: boolean;
 }
 
@@ -269,6 +271,7 @@ class SonarrAPI extends ServarrBase<{
           tags: options.tags,
           seasonFolder: options.seasonFolder,
           monitored: options.monitored,
+          monitorNewItems: options.monitorNewItems,
           rootFolderPath: options.rootFolderPath,
           seriesType: options.seriesType,
           addOptions: {