From f512664d4e60822b41294a0144ea6d47dcecf3f9 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Fri, 1 Aug 2025 08:36:08 +0200
Subject: [PATCH] Changelog

---
 CHANGELOG.md | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bb442bddc..822183a6d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,14 +5,21 @@ See also [the FreshRSS releases](https://github.com/FreshRSS/FreshRSS/releases).
 ## 2025-0X-XX FreshRSS 1.26.4-dev
 
 * Features
+	* Implement support for HTTP `429 Too Many Requests` and `503 Service Unavailable`, obey `Retry-After` [#7760](https://github.com/FreshRSS/FreshRSS/pull/7760)
 	* Add sort by category title, or by feed title [#7702](https://github.com/FreshRSS/FreshRSS/pull/7702)
 	* Add search operator `c:` for categories like `c:23,34` or `!c:45,56` [#7696](https://github.com/FreshRSS/FreshRSS/pull/7696)
 	* Custom feed favicons [#7646](https://github.com/FreshRSS/FreshRSS/pull/7646), [#7704](https://github.com/FreshRSS/FreshRSS/pull/7704), [#7717](https://github.com/FreshRSS/FreshRSS/pull/7717)
+	* Rework fetch favicons for fewer HTTP requests [#7767](https://github.com/FreshRSS/FreshRSS/pull/7767)
 	* Automatically restore user configuration from backup [#7682](https://github.com/FreshRSS/FreshRSS/pull/7682)
 	* API add support for states in `s` parameter of `streamId` [#7695](https://github.com/FreshRSS/FreshRSS/pull/7695)
-* Extensions
-	* Add API endpoint for extensions [#7576](https://github.com/FreshRSS/FreshRSS/pull/7576)
-	* Expose the reading modes for extensions [#7668](https://github.com/FreshRSS/FreshRSS/pull/7668), [#7688](https://github.com/FreshRSS/FreshRSS/pull/7688)
+* Security
+	* Implement reauthentication (*sudo* mode) [#7753](https://github.com/FreshRSS/FreshRSS/pull/7753)
+	* Add `Content-Security-Policy: frame-ancestors` [#7677](https://github.com/FreshRSS/FreshRSS/pull/7677)
+	* Disallow setting non-existent theme [#7722](https://github.com/FreshRSS/FreshRSS/pull/7722)
+	* Regenerate cookie ID after logging out [#7762](https://github.com/FreshRSS/FreshRSS/pull/7762)
+	* Require current password when setting new password [#7763](https://github.com/FreshRSS/FreshRSS/pull/7763)
+	* Add missing access checks for feed-related actions [#7768](https://github.com/FreshRSS/FreshRSS/pull/7768)
+	* Strip more unsafe attributes such as `referrerpolicy`, `ping` [#7770](https://github.com/FreshRSS/FreshRSS/pull/7770)
 * Bug fixing
 	* Fix redirections when scraping from HTML [#7654](https://github.com/FreshRSS/FreshRSS/pull/7654), [#7741](https://github.com/FreshRSS/FreshRSS/pull/7741)
 	* Fix multiple authentication HTTP headers [#7703](https://github.com/FreshRSS/FreshRSS/pull/7703)
@@ -29,12 +36,15 @@ See also [the FreshRSS releases](https://github.com/FreshRSS/FreshRSS/releases).
 	* Fix feeds encoded in UTF-16LE [#7691](https://github.com/FreshRSS/FreshRSS/pull/7691), [simplepie#916](https://github.com/simplepie/simplepie/pull/916)
 	* Sync upstream [#7706](https://github.com/FreshRSS/FreshRSS/pull/7706)
 * Deployment
+	* Docker default image updated to Debian 13 Trixie with PHP 8.4.10 and Apache 2.4.64 [#7772](https://github.com/FreshRSS/FreshRSS/pull/7772)
 	* Docker alternative image updated to Alpine 3.22 with PHP 8.3.23 and Apache 2.4.64 [#7740](https://github.com/FreshRSS/FreshRSS/pull/7740), [#7740](https://github.com/FreshRSS/FreshRSS/pull/7740)
+	* Docker Alpine dev image `:newest` updated to PHP 8.5-alpha and Apache 2.4.65 [#7773](https://github.com/FreshRSS/FreshRSS/pull/7773)
 	* Docker: interpolate `FRESHRSS_INSTALL` and `FRESHRSS_USER` variables [#7725](https://github.com/FreshRSS/FreshRSS/pull/7725)
 	* Test for database PDO typing support during install (relevant for MySQL / MariaDB with obsolete driver) [#7651](https://github.com/FreshRSS/FreshRSS/pull/7651)
-* Security
-	* Add `Content-Security-Policy: frame-ancestors` [#7677](https://github.com/FreshRSS/FreshRSS/pull/7677)
-	* Disallow setting non-existent theme [#7722](https://github.com/FreshRSS/FreshRSS/pull/7722)
+* Extensions
+	* Add API endpoint for extensions [#7576](https://github.com/FreshRSS/FreshRSS/pull/7576)
+	* Expose the reading modes for extensions [#7668](https://github.com/FreshRSS/FreshRSS/pull/7668), [#7688](https://github.com/FreshRSS/FreshRSS/pull/7688)
+	* New extension hook `before_login_btn` [#7761](https://github.com/FreshRSS/FreshRSS/pull/7761)
 * UI
 	* Improve *mark as read* request showing popup due to `onbeforeunload` [#7554](https://github.com/FreshRSS/FreshRSS/pull/7554)
 	* Fix lazy-loading for `<video poster="...">` and `<image>` [#7636](https://github.com/FreshRSS/FreshRSS/pull/7636)
@@ -44,7 +54,7 @@ See also [the FreshRSS releases](https://github.com/FreshRSS/FreshRSS/releases).
 	* Show translation status in README [#7715](https://github.com/FreshRSS/FreshRSS/pull/7715)
 	* Improve Indonesian [#7654](https://github.com/FreshRSS/FreshRSS/pull/7654), [#7721](https://github.com/FreshRSS/FreshRSS/pull/7721)
 * Misc.
-	* Improve PHP code [#7642](https://github.com/FreshRSS/FreshRSS/pull/7642), [#7665](https://github.com/FreshRSS/FreshRSS/pull/7665)
+	* Improve PHP code [#7642](https://github.com/FreshRSS/FreshRSS/pull/7642), [#7665](https://github.com/FreshRSS/FreshRSS/pull/7665), [#7761](https://github.com/FreshRSS/FreshRSS/pull/7761)
 	* Update dev dependencies [#7708](https://github.com/FreshRSS/FreshRSS/pull/7708), [#7709](https://github.com/FreshRSS/FreshRSS/pull/7709), [#7710](https://github.com/FreshRSS/FreshRSS/pull/7710),
 		[#7711](https://github.com/FreshRSS/FreshRSS/pull/7711)