feat(container): update image docker.io/gotenberg/gotenberg (8.32.0 ➔ 8.33.0)

dusk-bot commented

2026-06-02 07:03:56 +00:00

Collaborator

This PR contains the following updates:

Package	Update	Change
docker.io/gotenberg/gotenberg	minor	`8.32.0` → `8.33.0`

Release Notes

gotenberg/gotenberg (docker.io/gotenberg/gotenberg)

`v8.33.0`: 8.33.0

Compare Source

Security Fixes ⚠️

Block IPv6 prefixes that tunnel to internal IPv4 in IsPublicIP. ::ffff:10.0.0.1, 2002:c0a8:: (6to4), and 2001::/32 (Teredo) embed an internal IPv4 destination inside an IPv6 address. IsPublicIP evaluated only the outer IPv6 form, so --*-deny-private-ips filters let the embedded private IPv4 reach the dialer. The check now unwraps IPv4-mapped, IPv4-translated, 6to4, and Teredo addresses, and rejects them when the embedded IPv4 is non-public.
Strip backslash separators from supplied filenames. Linux treated a caller-supplied Gotenberg-Output-Filename header or filename form field containing ..\ or foo\bar as a single segment. The handler now strips both forward-slash and backslash path separators before composing the output path.

New Features

Device scale ratio for screenshots (#1543). A new deviceScaleFactor form field on /forms/chromium/screenshot/{html,url,markdown} controls the screenshot pixel density. Defaults to 1. Thanks @hovcharenko.

Bug Fixes

Pinning proxy outlived a failed Chromium start. When chromedp failed to start (port conflict, container OOM, sandbox denial), the loopback HTTP/CONNECT pinning proxy added in 8.32.0 stayed bound to its port and leaked across restart attempts. The browser now stops the pinning proxy on every start failure.
Lifecycle listener race on Navigate. chromedp.Navigate could fire Page.lifecycleEvent before Gotenberg's listener subscribed, so the converter occasionally waited the full network-idle timeout on otherwise fast pages. Listeners now register before navigation.
Supervisor flapped on transient CDP latency. A single slow CDP health probe marked the supervised process unhealthy and triggered a restart, even when the next probe succeeded. Probes now require N consecutive failures before reporting unhealthy.
downloadFrom concurrent map writes. Parallel downloadFrom entries merged results into a shared map without a lock. Under enough concurrency this raced and panicked the request goroutine. Result merging is now serialized.
Pinning-proxy noise on client cancellations. context canceled and connection reset by peer from the client side of the pinning proxy logged at error level, flooding logs whenever a caller aborted mid-render. Client-cancelled dial errors now log at debug.

Chore

Updated Chromium to version 148.0.7778.178-1.
Updated Go dependencies.

Configuration

📅 Schedule: (in timezone America/Toronto)

Branch creation
- "every weekday"
Automerge
- "every weekday"

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/gotenberg/gotenberg](https://github.com/gotenberg/gotenberg) | minor | `8.32.0` → `8.33.0` | --- ### Release Notes <details> <summary>gotenberg/gotenberg (docker.io/gotenberg/gotenberg)</summary> ### [`v8.33.0`](https://github.com/gotenberg/gotenberg/releases/tag/v8.33.0): 8.33.0 [Compare Source](https://github.com/gotenberg/gotenberg/compare/v8.32.0...v8.33.0) ##### Security Fixes ⚠️ - **Block IPv6 prefixes that tunnel to internal IPv4 in `IsPublicIP`.** `::ffff:10.0.0.1`, `2002:c0a8::` (6to4), and `2001::/32` (Teredo) embed an internal IPv4 destination inside an IPv6 address. `IsPublicIP` evaluated only the outer IPv6 form, so `--*-deny-private-ips` filters let the embedded private IPv4 reach the dialer. The check now unwraps IPv4-mapped, IPv4-translated, 6to4, and Teredo addresses, and rejects them when the embedded IPv4 is non-public. - **Strip backslash separators from supplied filenames.** Linux treated a caller-supplied `Gotenberg-Output-Filename` header or `filename` form field containing `..\` or `foo\bar` as a single segment. The handler now strips both forward-slash and backslash path separators before composing the output path. ##### New Features - **Device scale ratio for screenshots** ([#1543](https://github.com/gotenberg/gotenberg/pull/1543)). A new `deviceScaleFactor` form field on `/forms/chromium/screenshot/{html,url,markdown}` controls the screenshot pixel density. Defaults to `1`. Thanks [@hovcharenko](https://github.com/hovcharenko). ##### Bug Fixes - **Pinning proxy outlived a failed Chromium start.** When `chromedp` failed to start (port conflict, container OOM, sandbox denial), the loopback HTTP/CONNECT pinning proxy added in 8.32.0 stayed bound to its port and leaked across restart attempts. The browser now stops the pinning proxy on every start failure. - **Lifecycle listener race on `Navigate`.** `chromedp.Navigate` could fire `Page.lifecycleEvent` before Gotenberg's listener subscribed, so the converter occasionally waited the full network-idle timeout on otherwise fast pages. Listeners now register before navigation. - **Supervisor flapped on transient CDP latency.** A single slow CDP health probe marked the supervised process unhealthy and triggered a restart, even when the next probe succeeded. Probes now require N consecutive failures before reporting unhealthy. - **`downloadFrom` concurrent map writes.** Parallel `downloadFrom` entries merged results into a shared map without a lock. Under enough concurrency this raced and panicked the request goroutine. Result merging is now serialized. - **Pinning-proxy noise on client cancellations.** `context canceled` and `connection reset by peer` from the client side of the pinning proxy logged at error level, flooding logs whenever a caller aborted mid-render. Client-cancelled dial errors now log at debug. ##### Chore - Updated Chromium to version `148.0.7778.178-1`. - Updated Go dependencies. </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Toronto) - Branch creation - "every weekday" - Automerge - "every weekday" 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

dusk-bot added the

renovate/container

type/minor

priority/medium

labels

2026-06-02 07:03:56 +00:00

dusk-bot added 1 commit

2026-06-02 07:03:56 +00:00

feat(container): update image docker.io/gotenberg/gotenberg (8.32.0 ➔ 8.33.0)

Flate / Flate - Filter (pull_request) Successful in 13s

Details

Labeler / Labeler (pull_request_target) Successful in 40s

Details

Flate / Flate (kustomization) (pull_request) Successful in 2m31s

Details

Flate / Flate (helmrelease) (pull_request) Successful in 2m51s

Details

Flate - Success Flate checks success

Flate / Flate - Success (pull_request) Successful in 20s

Details

fc146e5de1

dusk-bot requested review from Exikle

2026-06-02 07:03:56 +00:00

dusk-bot scheduled this pull request to auto merge when all checks succeed

2026-06-02 07:03:58 +00:00

Exikle added the

area/kubernetes

area/media

labels

2026-06-02 07:04:30 +00:00

dusk-bot commented

2026-06-02 07:06:35 +00:00

Author

Collaborator

Kustomization diff

# Kustomization: media/paperless-gotenberg HelmRelease: media/paperless-gotenberg

@@ spec.values.controllers.gotenberg.containers.app.image.tag @@
! ± value change
- 8.32.0@sha256:a40c5a46b79d812ce2f5e139278163142a054050bfd1e5f162da36d3d11c7138
+ 8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8

_{Diff created by flate — Workflow run}

<details open><summary>Kustomization diff</summary> ```diff # Kustomization: media/paperless-gotenberg HelmRelease: media/paperless-gotenberg @@ spec.values.controllers.gotenberg.containers.app.image.tag @@ ! ± value change - 8.32.0@sha256:a40c5a46b79d812ce2f5e139278163142a054050bfd1e5f162da36d3d11c7138 + 8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 ``` </details> <sub>Diff created by [flate](https://github.com/home-operations/flate) — [Workflow run](https://git.dcunha.io/Exikle/Artemis-Cluster/actions/runs/684)</sub>

dusk-bot commented

2026-06-02 07:06:49 +00:00

Author

Collaborator

HelmRelease diff

# HelmRelease: media/paperless-gotenberg Deployment: media/paperless-gotenberg

@@ spec.template.spec.containers.app.image @@
! ± value change
- docker.io/gotenberg/gotenberg:8.32.0@sha256:a40c5a46b79d812ce2f5e139278163142a054050bfd1e5f162da36d3d11c7138
+ docker.io/gotenberg/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8

_{Diff created by flate — Workflow run}

<details open><summary>HelmRelease diff</summary> ```diff # HelmRelease: media/paperless-gotenberg Deployment: media/paperless-gotenberg @@ spec.template.spec.containers.app.image @@ ! ± value change - docker.io/gotenberg/gotenberg:8.32.0@sha256:a40c5a46b79d812ce2f5e139278163142a054050bfd1e5f162da36d3d11c7138 + docker.io/gotenberg/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 ``` </details> <sub>Diff created by [flate](https://github.com/home-operations/flate) — [Workflow run](https://git.dcunha.io/Exikle/Artemis-Cluster/actions/runs/684)</sub>

dusk-bot merged commit 28a08694b8 into main

2026-06-02 07:07:28 +00:00

dusk-bot deleted branch renovate/docker.io-gotenberg-gotenberg-8.x

2026-06-02 07:07:28 +00:00

dusk-bot referenced this pull request from a commit

2026-06-02 07:07:29 +00:00

feat(container): update image docker.io/gotenberg/gotenberg (8.32.0 ➔ 8.33.0) (#178)