Melodee 2.2.0 Released
release July 11, 2026Melodee 2.2.0 improves DecentDB compatibility and recovery, media-artist data portability, image-processing stability, API-key routing, build quality, and public documentation.
Guided DecentDB migration
Doctor now recognizes DecentDB error 8, Unsupported database format, and opens a migration dialog tailored to the affected MusicBrainz or Artist Search file. It shows:
- the detected and required DecentDB versions;
- the configured source and safe destination paths;
- a copyable
decentdb-migratecommand; - verification and replacement steps;
- links to matching prebuilt DecentDB releases and the official migration guide.
The primary application database remains PostgreSQL. The migration applies only to generated DecentDB search files. See DecentDB Usage & Migration.
Search data and migration reliability
- Artist Search can initialize a missing database through the correct EF Core migration/schema path.
- Artist Search migrations now match the current model and avoid DecentDB’s unsupported UUID column-type alteration.
- A compatibility no-op keeps the migration chain stable for existing files.
- Paged Artist Search reads avoid carrying positional parameters between the page query and result count.
- MusicBrainz and Artist Search startup checks provide clearer recovery guidance.
Media-artist import and export
Administrators can export artist, album, and alias search-engine data as JSON and preview/import it with optional overwrite behavior from the Media Artists administration page.
Runtime and build quality
- DecentDB providers were updated to 2.16.1.
- Managed and Linux-native SkiaSharp packages were aligned at 4.150.0, fixing native 119.0 versus managed 150.0 startup failures.
- Radzen and related dependencies were updated.
- Chart, user, user-group, and podcast routes now bind public GUID API keys consistently.
- Remote
mclicommands no longer duplicate/api/v1in request URLs. - Solution-wide documentation/analyzer builds complete without warnings.
Microsoft.OpenApiis pinned to a patched release.- Password-reset and adjacent SMTP/authentication logs no longer contain user
identifiers, reset configuration, tokens, or raw exception payloads. Both
unattended setup paths create generated deployment secrets atomically with
owner-only
0600permissions on POSIX (or the containing directory’s ACL on Windows). - Startup diagnostics now redact connection strings, passwords, tokens, API keys, credential-bearing URLs, and unknown environment values by default.
- Python maintenance utilities now use bounded Link-header parsing and omit demo credentials, generated key material, and sensitive exception payloads. The GitHub code-scanning exporter also allows requests, pagination, redirects, and downloads only over HTTPS to the exact configured API origin.
- Incoming cleanup now enforces canonical trusted-root containment, symlink and
Zip Slip defenses, and traversal-safe SFV processing before destructive work.
Live mutation uses pinned no-follow descriptors and atomic no-replace moves
on Linux, fails closed when the required primitives are unavailable, and
creates extracted directories and files with private
0700and0600permissions. - The production runtime now uses the official .NET 10 Ubuntu 26.04 base with FFmpeg 8, removes unused vulnerable inherited tools, and runs the application as the unprivileged PID 1 process.
- CodeQL now covers GitHub Actions, C#, JavaScript/TypeScript, and Python through one hardened advanced workflow. Trivy uploads only critical/high SARIF findings while retaining its complete report as a CI artifact.
- All external actions in the six CI workflows are pinned to verified commits; the Gitleaks container is pinned to an immutable digest.
Security verification
The remediation started from 423 open code-scanning alerts: 416 Trivy image findings and seven CodeQL source findings. Source changes fix the six original C# findings; the Python setup finding is handled by a hardened necessary persistence boundary and narrow documented suppression. Fresh local analysis reduced C# from eight additional findings to zero, while GitHub Actions and JavaScript/TypeScript each report zero.
Trivy 0.72.0 reduced the production-image inventory from 416 to 140 findings, removing 276 (66.3%). The remainder represents 41 CVEs: 124 medium and 16 low, with no critical, high, currently fixable, .NET-package, or application-package findings. GitHub receives the intended critical/high SARIF policy, while CI retains the complete all-severity JSON inventory.
The solution builds with zero warnings, 5,885 .NET tests pass with 34 skipped, and NuGet reports no vulnerable dependencies. Jekyll, GitHub Actions, YAML, and shell checks pass. A real PostgreSQL integration reaches healthy status with the application running unprivileged as PID 1 and confirms that configured secret values do not appear in container logs.
Fresh local-threat-model Python analysis reports zero findings and no SARIF warning/error notifications across the workflow-equivalent 45-query default suite. The 52-query security-extended suite also reports zero findings. All 109 Python script tests pass with resource warnings treated as errors, including 57 focused filesystem, ZIP, SFV, shutdown, and race regressions for incoming cleanup.
Documentation and release automation
The public documentation now defaults to the 2.2.0 release. The version-bump script also updates the documentation release menu, search scope, and current release marker for future releases.
The full documentation corpus was reviewed against the 2.2.0 source. Preview boundaries, API routes, CLI commands, container paths, job schedules, settings, and backup/upgrade procedures now distinguish implemented behavior from planned or partially wired features.
Upgrade
Back up PostgreSQL and persistent files, pin the 2.2.0 image, and follow the Upgrade Guide. If Doctor reports DecentDB error 8 after startup, follow its generated dialog before replacing any search database.
Questions or feedback are welcome on GitHub and Discord.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.