Skip to main content

Uptime Kuma Releases Version 1.23.9 of Self-Hosted Uptime Monitor

Uptime Kuma, the self-hosted uptime monitor, has released version 1.23.9, bringing several improvements, bug fixes, and security fixes to the platform.

One important note is that this release may be a breaking change for those using third-party frontends or tools. The WebSocket origin now needs to be the same as your server hostname. However, users can set an environment variable called UPTIME_KUMA_WS_ORIGIN_CHECK to bypass in order to skip this check.

Here are the improvements included in this release:

  • Added an aria-label to the monitor search box, improving accessibility.
  • Added a helptext for the ntfy’s priority field, providing better guidance to users.

The bug fixes in this release are as follows:

  • Corrected the Maintenance Start/End Time Input to Use Explicitly Specified Timezone, ensuring accurate time tracking.
  • Fixed the buttons of ActionsSelect and ActionsInput that had a default type="submit", preventing unintended form submission.

In terms of security fixes, the following updates were made:

  • Changing the password now closes all logged-in socket connections immediately, preventing unauthorized access.
  • The WebSocket server can now only be connected from the same origin, similar to the CORS policy.
  • An environment variable called UPTIME_KUMA_WS_ORIGIN_CHECK has been added, with two options: cors-like (default) and bypass.

Additionally, this release includes other small changes, code refactoring, and comment/documentation updates.