Releases: DockerDiscordControl/DockerDiscordControl-Linux
Release list
v2.3.0 β Live Game-Server Player Counts
Live game-server player counts
Show live player counts for your game servers right in the Discord status overview (e.g. Valheim 3/8).
Highlights
- Live "players online / max" per game server via opengsq β compact behind the server name in the community overview (
Name 3/8) and in the per-container control box (β Players: 3/8). - 4 protocols: Source / A2S (most Steam games β Valheim, Enshrouded, V Rising, Icarus, Rust, CS, Project Zomboid, β¦), Minecraft, Satisfactory (app token) and Palworld (REST admin password).
- Automatic detection across all published ports (transport-aware ordering), auto Source-vs-Minecraft, per-server toggle unlocked only for servers that actually answer, plus a manual "Test now" re-check for slow-booting servers.
- Guided setup: the container name/image suggests the protocol, and token games make the Info button glow until a credential is entered.
- Fully non-blocking & best-effort β a dead or slow game server never affects or delays the Discord status loop.
- Localized in all 40 supported languages.
Hardened across three independent multi-agent code reviews; +102 unit tests; validated live against real game servers.
Full changelog: docs/CHANGELOG.md
v2.2.4 β Alpine 3.24 / Python 3.14 Base Bump
π³ Alpine 3.24 / Python 3.14 base bump
- Base image Alpine 3.23.3 β 3.24, moving the runtime from Python 3.12 β 3.14.
- Fixes SQLite CVE-2026-11822 / CVE-2026-11824 (FTS5 memory corruption) β
sqlite-libs3.51.2-r0 β 3.53.2-r0. gevent25.5.1 β 25.9.1 (25.5.1 has no Python 3.14 wheel; 25.9.1 ships cp314 wheels).- Validated with a full soak test against a live Discord server before release: bot connects, fetches containers, posts overviews, all v2.2.3 fixes work, zero runtime errors on Python 3.14.
Not fixed (no upstream patch exists): Alpine
busyboxCVE-2025-60876 (Medium) remains "possibly vulnerable" in every Alpine branch. The Dockerfile already runsapk upgrade, so a future rebuild pulls the fix automatically once Alpine ships it.
v2.2.3 β Overview Reliability & Dependency Security
π No more duplicate overview messages
- Long-lived overviews (edited in place) older than 30 days were skipped by the age-limited cleanup, so a regeneration could post a fresh overview on top of the stale one β the tracked overview is now deleted by its known message ID first.
- Every delete+post path (inactivity regeneration, event recreate, recovery,
/ss,/control, initial send, channel hot-reload/teardown) is serialized by a per-channel lock with re-validation, so two concurrent paths can never duplicate. - Overview message IDs are persisted and restored on restart (atomic
mech_state.jsonwrites), so a restart deletes the previous overview by ID instead of orphaning it.
β¨ Overview re-posts below the bot's own messages
- The "move overview to the bottom" feature now also triggers when the bot's own notifications (restart/update-watcher triggers) bury the overview β previously only foreign messages counted. The managed overview is never treated as foreign, so in-place editing is untouched. Regeneration is skipped during user interaction.
π Dependencies
cryptography>=48.0.1(GHSA-537c-gmf6-5ccf β vulnerable OpenSSL bundled in cryptography wheels< 48.0.1).
π§ͺ Tests
- +25 tests (overview decision, by-ID delete, per-channel lock serialization, persistence snapshot, atomic save / tmp-cleanup), validated in the Docker runtime with assertions active.
Upgrade note: on the first restart after deploying this version,
mech_state.jsondoes not yet contain the newchannel_overview_message_idskey, so a pre-existing overview older than 30 days may survive that first regeneration once. It is removed automatically on the next cycle (self-healing); thereafter the persisted ID prevents duplicates across restarts.
v2.2.2 - Hardening, Performance & Test-Suite Sanitization
Linux Edition β optimized for servers, VPS, and ARM64 deployments.
Docker Hub: dockerdiscordcontrol/dockerdiscordcontrol-linux:v2.2.2
Hardening, Performance & Test-Suite Sanitization
π Security Hardening
- New
/logoutendpoint clears session and forces Basic-Auth re-prompt - Session idle-timeout (default 30 min, override via
DDC_SESSION_IDLE_TIMEOUT) - SSRF whitelist on Translation API: only DeepL Pro/Free, Google, Microsoft endpoints accepted
- Setup-phase rate-limit (5 req/min) protects the bootstrap window
- 12-char password policy with complexity (only enforced on
/setupβ existing passwords unaffected) SESSION_COOKIE_SAMESITE=Strict(wasLax)- CSRF foundation via Flask-WTF (all blueprints currently exempted; infrastructure ready)
- Alpine base image pinned to multi-arch digest (
@sha256:25109184β¦)
β‘ Performance & RAM
- Locale lazy-loading: ~5 MB β ~120 KB initial RAM (en pre-loaded, others on-demand)
- Animation disk cache LRU eviction at 200 MB (
DDC_ANIM_DISK_LIMIT_MB) - Waitress thread pool now CPU-aware (
DDC_WAITRESS_THREADS, default min(4, cpu_count, 8)) - Request-scoped config caching (eliminates repeated disk reads per page render)
- 8 dataclasses with
slots=Truefor memory efficiency
π§Ή Architecture / Bug Fixes
- gevent monkey-patching is now opt-in (
DDC_ENABLE_GEVENT=1); standard waitress runtime uses plain threading and no longer fights asyncio - Scheduler service: hosted/standalone modes (auto-detected) β eliminates "Cannot start scheduler service in existing event loop" warning
import docker.errorsexplicit (fixes silentAttributeErroron docker daemon errors)pytz.UnknownTimeZoneErrorproperly caught with UTC fallback_debug_mode_lockupgraded toRLock(re-entry safety)DDC_CONFIG_DIR,DDC_PROGRESS_DATA_DIR,DDC_METRICS_DIRenv-var support for custom config layouts
π Logging & Storage
discord.logrotation (10 MB Γ 5 backups),bot_error.log(5 MB Γ 3),user_actions.log(5 MB Γ 3) β bounded growth- Debug-Mode-Toggle UI now shows restart-required hint
- Stripped misleading
[DEBUG INIT]/[SETUP DEBUG]prefixes from INFO logs
β Testing
- 3353 tests pass single-pass in container (was 184 with 48 failing pre-v2.2.2)
- Coverage 86% (was 27% at v2.2.2 release; +59pp from post-release coverage push)
- 5 new test directories added in v2.2.2: security, performance, storage, infrastructure, i18n
- 4 production bugs uncovered + fixed via test sanitization
- Suite pollution fixes:
sys.modulesmutations andimportlib.reloadleaks in fixtures eliminated
- Translation API: self-hosted DeepL/LibreTranslate endpoints are now blocked. Set
deepl_api_urlto one of the four whitelisted hosts. SESSION_COOKIE_SAMESITE=Strict: Web UI embedded in cross-site iframes (e.g. some dashboard tools) may lose session; use same eTLD+1 or open directly.- Idle session timeout 30 min default β override with
DDC_SESSION_IDLE_TIMEOUT=<seconds>if you want longer (or shorter, floor 60s).
π New Environment Variables
| Variable | Default | Purpose |
|---|---|---|
DDC_ENABLE_GEVENT |
unset (off) | Re-enable gevent monkey-patching for legacy gunicorn workers |
DDC_SESSION_IDLE_TIMEOUT |
1800 |
Session idle timeout in seconds (floor 60) |
DDC_WAITRESS_THREADS |
auto | Web UI thread pool size (2..16) |
DDC_ANIM_DISK_LIMIT_MB |
200 |
Animation disk cache cap; 0 disables eviction |
DDC_CONFIG_DIR |
/app/config |
Override config directory (testing/custom layouts) |
DDC_PROGRESS_DATA_DIR |
(auto) | Override mech progress data directory |
DDC_METRICS_DIR |
(auto) | Override performance metrics directory |
Note: this release skips a v2.2.1 tag in this repo (Linux line was at v2.2.0 previously); v2.2.2 brings the Linux build in sync with the upstream main line.
v2.2.1 - Full Internationalization (40 Languages) - Linux
π Full Internationalization (40 Languages)
β¨ New Features
- 40 languages for both Web UI and Discord Bot, independently selectable
- Instant language switch β select a language in the dropdown and the page auto-reloads in the new language (no save needed)
- 25+ languages fully translated (>95%): English, German, French, Spanish, Portuguese (BR/PT), Italian, Dutch, Polish, Czech, Slovak, Romanian, Hungarian, Bulgarian, Croatian, Greek, Turkish, Russian, Ukrainian, Arabic, Hebrew, Persian, Hindi, Thai, Vietnamese, Indonesian, Malay, Japanese, Korean, Chinese (Simplified/Traditional), Swedish, Norwegian, Danish, Finnish, Estonian, Latvian, Lithuanian, Slovenian, Serbian
- RTL support for Arabic, Hebrew, and Persian
- 1457 translation keys per language covering the entire Web UI, JavaScript UI, and Discord Bot
- JSON-based translation system β community contributions welcome via locale JSON files
- TranslationManager rewritten from 2541-line inline Python dict to modular JSON file loader (~110 lines)
- New whale logo with CSS neon glow effect (transparent PNG with dynamic drop-shadow)
π Bug Fixes
- Fixed double save button click causing infinite spinner (duplicate onclick + addEventListener)
- Fixed channel translation losing embed preview images (link previews from Steam, YouTube, etc. now preserved in translated messages)
- Fixed channel translation duplicating text when embed descriptions repeat message content
- "Requires restart" badge now only shows when the value has actually been changed
- Fixed duplicate "Configuration saved" notification appearing on page reload
π Security Fixes
- Fixed 6 Dependabot/CodeQL alerts (XSS, input validation, unsafe redirects)
- Pinned requests>=2.33.0 for CVE-2026-25645
- Refactored config_form_parser_service to reduce complexity (EβB rating)
ποΈ Technical Details
- New files: locales/*.json (40 language files + meta.json), services/web/i18n_service.py, app/web/i18n.py, app/templates/_i18n.html
- New config field: ui_language (independent of language for bot)
- Flask context processor injects _t() into all Jinja2 templates
- t() function available in JavaScript via window.DDC_I18N
- New API endpoint: POST /set_ui_language for instant language switching
π§ Linux Edition β Docker Hub: dockerdiscordcontrol/dockerdiscordcontrol-linux
π€ Generated with Claude Code
v2.2.0 - Channel Translation
β¨ Channel Translation
Automatically translate Discord messages between channels using DeepL, Google Translate, or Microsoft Translator.
New Features
- Multi-provider translation: DeepL, Google Translate, Microsoft Translator with provider abstraction
- Channel pairs: Configure multiple sourceβtarget channel pairs with per-pair settings
- Media forwarding: Videos re-uploaded as real Discord files (proper video player), images embedded
- URL auto-preview: YouTube, Twitter/X, Twitch, Reddit, Vimeo, Streamable links get rich previews
- Encrypted API keys: Stable encryption key independent of password (survives password changes)
- Rate limiting & retry: Per-pair rate limiting, exponential backoff, auto-disable after 5 failures
- Loop prevention: 3-layer protection (bot message check, translated ID tracking, target channel exclusion)
- Web UI configuration: Provider selection, test translation, toggle Original link & provider footer
- Attachment-only forwarding: Messages with only media (no text) are forwarded without translation
Bug Fixes
- Fixed Web UI console errors:
ReferenceError: rawLogsCache(JS variable scoping between DOMContentLoaded and LogAutoRefresh class) - Fixed log auto-refresh using hardcoded URLs instead of Jinja2-templated endpoints
- Fixed
parseLogs()returning objects instead of strings ([object Object]in logs) - Fixed race condition in translation encryption key creation (double-checked locking + atomic write)
Security
- π Bumped
requeststo >=2.33.0 (CVE-2026-25645 - extract_zipped_paths file replacement)
Full Changelog
DockerDiscordControl/DockerDiscordControl@v2.1.9...v2.2.0
π€ Generated with Claude Code
v2.1.9
π Release v2.1.9 - Sync from main repo
Synchronized with DockerDiscordControl v2.1.9.
Docker Hub
docker pull dockerdiscordcontrol/dockerdiscordcontrol-linux:v2.1.9
v2.1.7 - Security Patch
π Security Patch v2.1.7
CVE Fixes
| CVE | Package | Severity | CVSS | Fix |
|---|---|---|---|---|
| CVE-2026-32767 | alpine/expat | Critical | 9.8 | Updated to 2.7.5-r0 |
| CVE-2026-32777 | alpine/expat | Medium | 4.0 | Updated to 2.7.5-r0 |
| CVE-2026-32776 | alpine/expat | Medium | 4.0 | Updated to 2.7.5-r0 |
| CVE-2026-32778 | alpine/expat | Low | 2.9 | Updated to 2.7.5-r0 |
| CVE-2025-60876 | alpine/busybox | Medium | 6.5 | wget removed (mitigated) |
Changes
- Dockerfile: Added
expatexplicitly to runtime dependencies - Updated version to v2.1.7 in Web UI footer and README
Full Changelog: v2.1.6...v2.1.7
v2.1.6
π Release v2.1.6 - Sync from main repo
Synchronized with DockerDiscordControl v2.1.6.
Docker Hub
docker pull dockerdiscordcontrol/dockerdiscordcontrol-linux:v2.1.6
Release v2.1.4
What's Changed
Security
- π Upgrade Werkzeug to >=3.1.5 (fixes Dependabot alerts)
Features
- β¨ Add Mech10 evolution assets
- π Add FEATURE_IDEA_WARNING_SYSTEM.md
UI
- π Update footer version to v2.1.4
Full Changelog: v2.1.3...v2.1.4