Update all (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	v3 → v6
gotenberg/gotenberg		major	7.8.2 → 8.32.0

---

Release Notes

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

v6.0.0

Compare Source

v6

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

Compare Source

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in #​2226
• Prepare v5.0.0 release by @​salmanmkc in #​2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v5

Compare Source

v4.3.1

Compare Source

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in #​2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in #​1180
• Dependency updates by @​dependabot- #​1777, #​1872

v4.1.7

Compare Source

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in #​1739
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1697
• Check out other refs/* by commit by @​orhantoy in #​1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in #​1776

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in #​1732

v4.1.5

Compare Source

• Update NPM dependencies by @​cory-miller in #​1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in #​1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in #​1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in #​1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in #​1707

v4.1.4

Compare Source

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in #​1692
• Add dependabot config by @​cory-miller in #​1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in #​1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in #​1643

v4.1.3

Compare Source

• Check git version before attempting to disable sparse-checkout by @​jww3 in #​1656
• Add SSH user parameter by @​cory-miller in #​1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in #​1650

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in #​1598

v4.1.1

Compare Source

• Correct link to GitHub Docs by @​peterbe in #​1511
• Link to release page from what's new section by @​cory-miller in #​1514

v4.1.0

Compare Source

• Add support for partial checkout filters

v4.0.0

Compare Source

• Support fetching without the --progress option
• Update to node20

v4

Compare Source

v3.6.0

Compare Source

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

Compare Source

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

Compare Source

• Fix api endpoint for GHES

v3.5.1

Compare Source

• Fix slow checkout on Windows

v3.5.0

Compare Source

• Add new public key for known_hosts

v3.4.0

Compare Source

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

v3.3.0

Compare Source

• Implement branch list using callbacks from exec function
• Add in explicit reference to private checkout options
• Fix comment typos (that got added in #​770)

v3.2.0

Compare Source

• Add GitHub Action to perform release
• Fix status badge
• Replace datadog/squid with ubuntu/squid Docker image
• Wrap pipeline commands for submoduleForeach in quotes
• Update @​actions/io to 1.1.2
• Upgrading version to 3.2.0

v3.1.0

Compare Source

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

Compare Source

• Add input set-safe-directory

v3.0.1

Compare Source

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
• Bumped various npm package versions

gotenberg/gotenberg (gotenberg/gotenberg)

v8.32.0: 8.32.0

Compare Source

Security Fixes ⚠️

• Reverted SSRF defaults (breaking vs 8.31.0). 8.31.0 blocked private-IP destinations by default, which broke deployments running Gotenberg inside a private network. 8.32.0 restores the 8.30.x permissive defaults. Operators with internet-facing APIs opt into the strict posture via the new flags below.

• Rejected file:// at /forms/chromium/convert/url. Submitting url=file:///tmp/... used to let an unauthenticated caller enumerate the request working directory and read other in-flight uploads as rendered PDFs. The route now returns HTTP 400 for any file:// URL.

• Required uploaded file for image / pdf stamp and watermark sources. Twelve callsites accepted stampSource=pdf or watermarkSource=pdf with an expression pointing at any path the Gotenberg process could open, even when no file was uploaded. Handlers now return HTTP 400 unless the caller uploaded a matching file.

• Scoped file:// sub-resources to the request working directory. Crafted HTML could reference another request's file:///tmp/<reqdir>/.... The CDP request handler now restricts file:// sub-resources to the current request's directory. /convert/url and /screenshot/url reject every file:// sub-resource outright.

• Hardened Chromium against DNS rebinding. A short-TTL DNS authority could return a public IP at validation and a private IP at connect. A loopback HTTP / CONNECT proxy now sits between Chromium and the network, resolves DNS once, and pins the dial to the resolved IP. Skipped when --chromium-proxy-server or --chromium-host-resolver-rules is set.

• Filtered LibreOffice outbound fetches through a proxy. Uploaded OOXML, RTF, and ODF files can embed external URLs that LibreOffice's libcurl resolves below every Go-side SSRF filter. LibreOffice now routes every outbound fetch through an in-process forward proxy on the same gotenberg.DecideOutbound path Chromium and webhook delivery use. See the four new flags below.

• Recovered webhook async panics. High-concurrency webhooks could panic the async goroutine and crash the whole process. The goroutine now snapshots the request context and recovers any future panic through the existing error path.

New Features

• LibreOffice outbound URL filtering. Four flags mirror the Chromium and webhook layout: --libreoffice-allow-list, --libreoffice-deny-list, --libreoffice-deny-private-ips, --libreoffice-deny-public-ips. All default permissive.

• IP-class filtering on four modules. chromium, webhook, api-download-from, and libreoffice each accept matching deny-private-ips and deny-public-ips flags. All default to false.

Flag	What it does
--chromium-deny-private-ips	Reject Chromium navigations and sub-resources resolving to a non-public IP.
--chromium-deny-public-ips	Reject Chromium navigations and sub-resources resolving to a public IP.
--webhook-deny-private-ips	Reject webhook URLs (success, error, events) resolving to a non-public IP.
--webhook-deny-public-ips	Reject webhook URLs resolving to a public IP.
--api-download-from-deny-private-ips	Reject downloadFrom URLs resolving to a non-public IP.
--api-download-from-deny-public-ips	Reject downloadFrom URLs resolving to a public IP.
--libreoffice-deny-private-ips	Reject LibreOffice outbound fetches resolving to a non-public IP.
--libreoffice-deny-public-ips	Reject LibreOffice outbound fetches resolving to a public IP.

A URL matching --*-allow-list skips the IP-class check. A URL matching --*-deny-list is always rejected. Setting both deny-private-ips=true and deny-public-ips=true rejects every URL unless the allow-list matches.

Bug Fixes

• Charts print as blank rectangles (#​1531, #​1532, #​1534, #​1535): chromedp v0.15.0 suspended the BeginFrame-driven callback dispatch loop under emulatedMediaType=print. requestAnimationFrame, ResizeObserver, IntersectionObserver, CSS transitionend, and CSS animationend all stopped firing. Pinning chromedp back to v0.14.2 restores native dispatch.

• LibreOffice cached an unrecoverable first-start error (#​1538): A short --libreoffice-start-timeout timed out the first request, then every subsequent request returned the same cached error until the container restarted. The lazy-start path now retries on failure.

Chore

• Updated pdfcpu to v0.12.0.
• Switched metadata read/write to direct exiftool invocation. Removes the GPL-3.0 go-exiftool dependency.
• Bumped Go to 1.26.2.
• Updated Go dependencies.

Thanks

Thanks to @​Jalliuz (#​1527) for reporting the 8.31.0 sub-resource regression. @​notscottsmith (#​1531), @​spoltix (#​1532), @​rdelott-work (#​1534), and @​sillyas2010 (#​1535) narrowed down the chromedp print-mode regression. @​sillyas2010 also published the reproducer that pinned the bisect. @​JeremyReist2 (#​1536) flagged the go-exiftool GPL-3.0 license. @​doronbehar (#​1537) requested the pdfcpu upgrade. @​mlafon (#​1538) reported the LibreOffice supervisor cached-error bug.

v8.31.0: 8.31.0

Compare Source

Breaking Changes & Security Fixes ⚠️

• Stopped publishing thecodingmachine/gotenberg images. Pull from gotenberg/gotenberg instead.
• SSRF hardening (breaking). Resolves outbound URLs (Chromium asset fetches, webhook delivery, download-from) and rejects non-public addresses: loopback, RFC1918, link-local, unspecified, multicast, IPv6 unique-local, IPv4-mapped IPv6. Pins the dial to the validated IP to prevent DNS rebinding.
• Defaulted webhook deny list (breaking). --webhook-deny-list now defaults to a regex blocking loopback, RFC1918, link-local, and IPv6 unique-local ranges. Override the flag to call internal hosts.
• Sanitized ExifTool metadata (breaking for System: tags). Strips control characters and line breaks from /forms/pdfengines/metadata/write payloads. Drops System:-prefixed tags. Blocks argument smuggling and filesystem pseudo-tag abuse.

New Features

• Embed files metadata. Adds embedsMetadata to every route accepting embeds (Chromium HTML/URL/Markdown, LibreOffice convert, PDF Engines merge/split/embed). Pass a JSON object keyed by filename with per-file fields (mimeType, relationship, etc.) - thanks @​Jean-Beru!

Bug Fixes

• Pinned Chromium to v146 on ppc64le to work around an upstream regression.

Deprecated Flags

Old	New
--webhook-error-allow-list	--webhook-allow-list
--webhook-error-deny-list	--webhook-deny-list

Old flags still work.

Chore

• Updated Go dependencies.

v8.30.1: 8.30.1

Compare Source

Another release, another bug fixes 🫥

Bug Fixes

• chromium only variants now start correctly - thanks @​agross!
• Re-added cURL for orchestrators health check - thanks @​budivoogt, @​gertjanstulp and @​jfisbein!

v8.30.0: 8.30.0

Compare Source

New Features

Docker Image Variants

• Chromium-Only Image (gotenberg/gotenberg:8.30.0-chromium): Drops LibreOffice, python3, and hyphenation packages. ~30% smaller than the full image.
• LibreOffice-Only Image (gotenberg/gotenberg:8.30.0-libreoffice): Drops Chromium and its dependencies. ~38% smaller than the full image.

Pick the variant that matches your workload. The full image (gotenberg/gotenberg:8.30.0) still ships everything.

Leaner Docker Image

The full image is ~13% smaller than 8.29.0. The font stack was simplified from 30+ packages down to 8, covering Latin, Greek, Cyrillic, CJK, and most world scripts through Noto, plus color emoji.

Package	Coverage
fonts-noto-core	Arabic, Bengali, Devanagari, Ethiopic, Georgian, Gujarati, Gurmukhi, Hebrew, Kannada, Khmer, Lao, Malayalam, Myanmar, Sinhala, Tamil, Telugu, Thai, and more
fonts-noto-cjk	Chinese, Japanese, Korean
fonts-noto-color-emoji	Color emoji
fonts-dejavu	Latin, Greek, Cyrillic
fonts-crosextra-carlito	Metric-compatible with Calibri
fonts-crosextra-caladea	Metric-compatible with Cambria
fonts-liberation	Metric-compatible with Arial, Times New Roman, Courier New
fonts-liberation2	Updated Liberation metrics

Microsoft Core Fonts (ttf-mscorefonts-installer) are not shipped due to licensing constraints. The image includes metric-compatible replacements instead: Carlito for Calibri, Caladea for Cambria, and Liberation for Arial, Times New Roman, and Courier New. These preserve document layout in most cases.

Installing Additional Fonts

Build a custom Dockerfile to add fonts. Common scenarios:

Microsoft Core Fonts (you accept the Microsoft EULA):

FROM gotenberg/gotenberg:8

USER root

RUN echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | debconf-set-selections \
    && apt-get update -qq \
    && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends ttf-mscorefonts-installer \
    && rm -rf /var/lib/apt/lists/*

USER gotenberg

Specialized script fonts for richer glyph sets, better hinting, or traditional typefaces beyond the basic Noto coverage:

Script	Package
Arabic (Naskh)	fonts-hosny-amiri
Bengali	fonts-beng
Devanagari (Hindi)	fonts-sarai
Ethiopic	fonts-sil-abyssinica
Gujarati	fonts-samyak-gujr
Gurmukhi (Punjabi)	fonts-lohit-guru
Hebrew	culmus
Kannada	fonts-lohit-knda
Malayalam	fonts-samyak-mlym
Myanmar	fonts-sil-padauk
Sinhala	fonts-lklug-sinhala
Tamil	fonts-samyak-taml
Telugu	fonts-telu
Thai	fonts-thai-tlwg

FROM gotenberg/gotenberg:8

USER root

RUN apt-get update -qq \
    && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends \
        fonts-hosny-amiri \
        fonts-thai-tlwg \
    && rm -rf /var/lib/apt/lists/*

USER gotenberg

Webhook

• Gotenberg-Webhook-Error-Url Now Optional: When Gotenberg-Webhook-Events-Url is set, Gotenberg-Webhook-Error-Url is no longer required. Error handling flows through the events URL instead. Gotenberg-Webhook-Error-Url is deprecated but continues to work.

Bug Fixes

• ExifTool Tag Filtering: Case-insensitive comparison and expanded blocklist for ExifTool metadata filtering. Excludes additional system tags while preserving safe derived tags.
• Regex Timeout: Added timeout to regex evaluation to prevent ReDoS on malformed patterns.

Chore

• Updated Go dependencies.

v8.29.1: 8.29.1

Compare Source

Bug Fix (Chromium)

Assets were no longer being correctly loaded in HTML files. This is now fixed. Thanks @​ARawles-GFSC for the heads up!

v8.29.0: 8.29.0

Compare Source

Security Fixes ⚠️

• ExifTool Arbitrary File Write: The /forms/pdfengines/metadata/write endpoint allowed users to pass FileName and Directory pseudo-tags in the metadata JSON, enabling file rename/move to arbitrary paths. User-supplied metadata is now filtered through a blocklist before being passed to ExifTool.
• Chromium file:// Sub-Resource Restriction: When converting HTML/Markdown via file://, sub-resources are now restricted to the request's working directory, preventing cross-request file access in /tmp.

New Features

OpenTelemetry

• Full OpenTelemetry Support: Distributed tracing, metrics export, and structured logging: all configurable via standard OTEL environment variables (OTEL_TRACES_EXPORTER, OTEL_METRICS_EXPORTER, OTEL_LOGS_EXPORTER, OTEL_EXPORTER_OTLP_ENDPOINT, etc.). Every HTTP request gets a span. External tool calls (Chromium, LibreOffice, QPDF, pdfcpu, pdftk, ExifTool, webhook delivery, download-from) create child spans. Trace context is propagated to outbound HTTP calls via W3C headers.
• Structured Logging Migration: Migrated from custom logging module to slog-based structured logging with OTEL log bridge. Supports auto/JSON/text formats with optional GCP-compatible field names.
• Binary Path as Peer Service: server.address span attribute uses the actual binary path (e.g., /usr/bin/qpdf) instead of the software name.
• Telemetry Control for System Routes: New flags to disable telemetry for noisy system routes, all defaulting to disabled: --api-disable-root-route-telemetry, --api-disable-debug-route-telemetry, --api-disable-version-route-telemetry, --prometheus-disable-route-telemetry. The existing --api-disable-health-check-route-telemetry default changed from false to true.

Chromium

• Idle Shutdown: New --chromium-idle-shutdown-timeout flag (default: 0s, disabled) to automatically stop Chromium after a configurable idle period, reclaiming memory on low-traffic servers. The process re-launches lazily on the next request.
• Network Almost Idle Event: New skipNetworkAlmostIdleEvent form field (default: true). When set to false, Gotenberg waits for a "network almost idle" event (at most 2 open connections for 500ms) before conversion. This provides a middle ground between the existing skipNetworkIdleEvent (strict, 0 connections) and no wait at all — useful for pages with long-polling or analytics connections that never fully close.

LibreOffice

• PDF Viewer Preferences (#​1316): 15 new form fields for controlling PDF viewer behavior: initialView, initialPage, magnification, zoom, pageLayout, firstPageOnLeft, resizeWindowToInitialPage, centerWindow, openInFullScreenMode, displayPDFDocumentTitle, hideViewerMenubar, hideViewerToolbar, hideViewerWindowControls, useTransitionEffects, openBookmarkLevels.
• Idle Shutdown: New --libreoffice-idle-shutdown-timeout flag (default: 0s, disabled), same behavior as Chromium.

Webhook

• Event Callbacks (#​1473): New optional Gotenberg-Webhook-Events-Url header. When set, structured JSON events (webhook.success, webhook.error) are POSTed after each webhook operation, with correlationId and timestamp. Additive: existing Gotenberg-Webhook-Url and Gotenberg-Webhook-Error-Url continue to work unchanged.

Security & Networking

• Multiple URL Patterns: All allow/deny list flags (--chromium-allow-list, --chromium-deny-list, --webhook-allow-list, --webhook-deny-list, --webhook-error-allow-list, --webhook-error-deny-list, --api-download-from-allow-list, --api-download-from-deny-list) now accept multiple regex patterns via string slices. Existing single-value configurations continue to work.

Bug Fixes

• Chromium singlePage Margin Accounting (#​1046): The singlePage option now correctly accounts for top/bottom margins when calculating page height, fixing content overflow on tall pages.
• Long Filename Support (#​1500): Files with long names (166+ chars, especially with multi-byte UTF-8) no longer cause "File name too long" errors. Files are now stored on disk with UUID-based names while preserving original filenames for HTTP responses, archive entries, and JSON keys.

Deprecated Flags

Old	New
--log-format	--log-std-format
--log-enable-gcp-fields	--log-std-enable-gcp-fields
--api-trace-header	--api-correlation-id-header
--api-disable-health-check-logging	--api-disable-health-check-route-telemetry
--prometheus-disable-route-logging	--prometheus-disable-route-telemetry

All deprecated flags continue to work.

Chore

• Replaced go.uber.org/multierr with stdlib errors.Join.
• Added integration tests for Chromium screenshot routes (HTML, URL, Markdown).
• Added long filename integration tests across all PDF engine and conversion routes.
• Integration test retry mechanism: failed scenarios are automatically retried up to 3 times.
• Bumped actions/checkout to v6 in all GitHub Actions.

Thanks

Thanks to @​dkrizic (#​814) and @​jbdelhommeau (#​1489) for requesting OpenTelemetry/tracing support, @​eht16 (#​1316), @​nh2 (#​1023), @​Frozen666 (#​1046), @​vofflan (#​1500), @​danxmoran (#​1394), and @​janaka (#​1473) for their issue reports and feature requests!

---

This release represents a significant amount of work: OpenTelemetry integration, security fixes, new features, and hundreds of integration tests. If Gotenberg is useful to you or your team, please consider sponsoring the project. Your support helps keep development going.

v8.28.0: 8.28.0

Compare Source

New Features

PDF Engines

• Watermark: Added POST /forms/pdfengines/watermark route. Applies a watermark (behind page content) to one or more PDF files. Supports text, image, or pdf sources. Also available as optional form fields on Chromium, LibreOffice, merge, and split routes. Configurable via --pdfengines-watermark-engines (default: pdfcpu,pdftk).
• Stamp: Added POST /forms/pdfengines/stamp route. Applies a stamp (on top of page content) to one or more PDF files. Same source types and integration points as watermark. Configurable via --pdfengines-stamp-engines (default: pdfcpu,pdftk).
• Rotate: Added POST /forms/pdfengines/rotate route. Rotates pages by 90°, 180°, or 270° with optional page selection. Also available as optional form fields (rotateAngle, rotatePages) on all composite routes. Configurable via --pdfengines-rotate-engines (default: pdfcpu, pdftk).
• Bookmarks (Read): Added POST /forms/pdfengines/bookmarks/read route. Returns the hierarchical bookmark outline from one or more PDF files as JSON. Configurable via --pdfengines-read-bookmarks-engines (default: pdfcpu).
• Bookmarks (Write): Added POST /forms/pdfengines/bookmarks/write route. Accepts either a flat list (applied to all files) or a filename-keyed map. Configurable via --pdfengines-write-bookmarks-engines (default: pdfcpu, pdftk).
• Merge Bookmark Management: The merge route now supports a bookmarks form field for custom bookmarks with automatic page-offset shifting, and an autoIndexBookmarks option to extract and reindex existing bookmarks from input files.
• PDF/A & PDF/UA Compliance: Reordered the processing pipeline so that PDF/A and PDF/UA conversion runs after watermark, stamp, and flatten operations. Also reject incompatible combinations (e.g., PDF/A + encryption, PDF/A-1/2 + embeds) with a 400 Bad Request.

LibreOffice

• Native Watermarks: Added support for LibreOffice's built-in watermark rendering during PDF export via new form fields: nativeWatermarkText, nativeWatermarkColor, nativeWatermarkFontHeight, nativeWatermarkRotateAngle, nativeWatermarkFontName, and nativeTiledWatermarkText.

API

• Download From: Extended the downloadFrom JSON schema with a field property ("watermark", "stamp", "embedded", or "") to route downloaded files to the appropriate form field bucket. The existing embedded boolean is preserved for backward compatibility.

Chore

• Updated Chromium to 146.0.7680.153-1.
• Updated Go dependencies.

v8.27.0: 8.27.0

Compare Source

New Features

Chromium

• Concurrency Support: Re-introduced support for simultaneous conversions (up to 6 by default). Configurable via CHROMIUM_MAX_CONCURRENCY. Thanks @​TomBrouws!
• Restart Threshold: Updated the default value for CHROMIUM_RESTART_AFTER to 100.
• Emulated Media Features: Added the emulatedMediaFeatures form field. This allows users to pass a JSON array to simulate specific CSS media features, such as prefers-color-scheme: dark or prefers-reduced-motion. Thanks @​danxmoran!

Misc

• Timezone: The default timezone is now explicitly UTC and is visible in the debug route. This remains overridable via the TZ environment variable. Thanks @​davpsh!

Bug Fixes

• PDF Engines: Resolved an issue where unnecessary derived tags were added when writing metadata. Thanks @​znemoe!

Chore

• Updated Chromium to 145.0.7632.109.
• Updated LibreOffice to 26.2.0.
• Updated Go dependencies.
• Bumped Go version to 1.26.0.

v8.26.0: 8.26.0

Compare Source

New Features

Chromium

• New form field waitForSelector: as an alternative to waiting on an expression, this allows users to wait for a specific node matching a selector to become visible in the HTML / at the remote URL before converting to PDF - thanks @​danxmoran!
• New form field ignoreResourceHttpStatusDomains: exclude resources from failOnResourceHttpStatusCodes checks based on their hostname - thanks @​frostmark!

Prometheus

• New flag --prometheus-metrics-path to customize the metrics route path - thanks @​davpsh!

Bug Fix

• Gotenberg does not ignore anymore client disconnections, closing resources early - thanks @​romanek-adam-b2c2!

Chore

• Updated Chromium to version 144.0.7559.96.
• Updated Go dependencies.
• Bumped Go to version 1.25.5 (thanks @​jmendes-alto).

v8.25.1: 8.25.1

Compare Source

Bug Fixes

Chromium

• The Chromium module health check was consuming an inappropriate amount of resources. This fix reduces CPU wasted cycles by 98% and ensures memory usage remains somewhat flat over time. Thanks to @​ldy985 for the investigation, solution, and testing. More details are available here.
• Added net::ERR_HTTP2_PROTOCOL_ERROR to the list of events for the failOnResourceLoadingFailed feature. Thanks to @​aW3st for the fix!

Chore

Updated Go dependencies.

v8.25.0: 8.25.0

Compare Source

New Features

Encrypt

This release adds the password protection feature to Chromium, LibreOffice, and PDF Engines modules.

Thanks @​thoven87 for the work!

Embed Files

This feature enables the creation of PDFs compatible with standards like ZUGFeRD / Factur-X, which require embedding XML invoices and other files within the PDF.

Available on the Chromium, LibreOffice, and PDF Engines modules.

Thanks a lot @​Jean-Beru for this feature!

Bug Fixes

• Chromium: Gotenberg now correctly accepts case-insensitive values for the cookies' sameSite attribute.
• Chromium: the flag --chromium-incognito is now deprecated and we ignore its value.

Chore

• Updated Chromium to version 142.0.7444.162.
• Updated pdfcpu to version 0.11.1.
• Updated Go dependencies.
• Bumped Go to version 1.25.4.

v8.24.0: 8.24.0

Compare Source

New Features

New Architecture - ppc64le

We now support the linux/ppc64le architecture. Thanks @​roy20021 for the help!

LibreOffice Hyphenation Support

Hyphenation is now supported in LibreOffice, improving text formatting and readability. Thanks @​omni-htg for the work!

Chore

• Updated Chromium to version 141.0.7390.
• Updated Go dependencies.
• Updated Noto Color Emoji font to v2.051.

v8.23.2: 8.23.2

Compare Source

Bug Fix

Build

This release removes the UPX compression stage, which was intended to reduce binary size but is causing startup panics in some environments - thanks @​lobeck for the heads up! See #​1333 for more details.

Chore

Updated Go dependencies.

v8.23.1: 8.23.1

Compare Source

Bug Fix

Chromium

The new version of Chromium fixes #​1239 - better compression for images, resulting in smaller PDF.

Thanks @​VeiaG, @​CmCarti, and @​zocario for the help!

Chore

• Updated Chromium to version 140.0.7339.127-1.
• Updated LibreOffice to version 25.8.1-1.
• Updated Go dependencies.

v8.23.0: 8.23.0

Compare Source

New Feature

MathJaX Support

This release adds MatchJaX support for markdown conversion with the Chromium module. Thanks @​zekizz for the heads up!

Bug Fixes

AWS Lambda (Beta)

A few changes based on feedback from @​brettjenkins:

• AWS_LWA_INVOKE_MODE uses now the buffered value.
• No more auto start from Chromium and LibreOffice.

[!NOTE]
There is an ongoing discussion about improving this variant.
If you have feedback, please feel free to share it in the thread!

Chromium

Hypen data are now located in /opt/gotenberg. Thanks @​PureKrome, @​raraworks, and @​SanderBlom!

Chore

Updated Go dependencies.

v8.22.0: 8.22.0

Compare Source

New Features

Webhook Sync Mode

New flag --webhook-enable-sync-mode (or environment variable WEBHOOK_ENABLE_SYNC_MODE) to enable synchronous mode for webhooks.

This is especially useful in serverless environments. Thanks @​ynarwal!

Cloud Run

This image is now preconfigured for Cloud Run with the following:

• Uses the PORT environment variable provided by Cloud Run.
• Logs in a format compatible with Cloud Run.
• Auto-starts Chromium and LibreOffice for faster readiness.
• Uses synchronous webhook mode, since Cloud Run may stop the container if there’s no HTTP activity.

AWS Lambda

We now provide a dedicated Docker image tag, available on both linux/amd64 and linux/arm64 architectures:

gotenberg/gotenberg:8-aws-lambda

This image is preconfigured for AWS Lambda:

• Uses the AWS_LWA_PORT environment variable provided by AWS Lambda.
• Auto-starts Chromium and LibreOffice for faster readiness.
• Uses synchronous webhook mode, since AWS Lambda may stop the container if there’s no HTTP activity.

Thanks @​ynarwal and @​sefij!

Bug Fix

Chromium

• Hyphens are now working all the time. Thanks @​BernhardBaumrock for the sponsorship!

Chore

• Updated base image to Debian 13 (trixie).
• Updated Chromium to version 139.0.7258.127-1 (all platforms). Note: the linux/amd64 variant now also uses Chromium instead of Google Chrome stable.
• Updated pdfcpu to version 0.11.0.
• Updated noto-color-emoji to version 2.048.
• Updated Go to version 1.25.
• Updated Go dependencies.

v8.21.1: 8.21.1

Compare Source

This release fixes fonts issues.

See #​1218 and #​1230 for more details - thanks @​DoPri and @​scott-the-programmer for the help!

Chore

• Updated Chromium to version 137.0.7151.103/68 (all platforms).
• Updated Go dependencies.

v8.21.0: 8.21.0

Compare Source

👶 Newborn at home, but weirdly found some time for a new release!

New Features

Docker

• Supports arbitrary user IDs (OpenShift) – thanks @​leonidas-o for the help!
• Docker image size reduced by 5–8%, depending on the architecture.
• Most Debian dependencies now include version pins, making it easier to track updates – thanks @​ChocoChipset!

Chromium

• When splitting a PDF, you can now define filenames for the parts using the GOTENBERG_OUTPUT_FILENAME header – thanks @​zach-goldberg for the idea!
• New form field generateTaggedPdf, which may yield better results if you prioritize accessibility over strict (and sometimes hacky) PDF/UA compliance.

Bug Fixes

Chromium

• Added --no-zygote and --disable-dev-shm-usage flags – see issue #​1177.
• Fixed missing page cleanup after conversions – thanks @​RandalTeng!

Webhook

• Improved error message when using the /forms/pdfengines/metadata/read route.

Chore

• Updated Chromium to version 136.0.7103.113 (all platforms).
• Updated Go dependencies.

v8.20.1: 8.20.1

Compare Source

Bug Fix

The previous release revealed a bug that could randomly result in 500 Internal Server Error responses when using the split feature. This has now been fixed.

v8.20.0: 8.20.0

Compare Source

New Features

• You can now disable the building of debug data using the new --gotenberg-build-debug-data flag (default: true)
  or the GOTENBERG_BUILD_DEBUG_DATA environment variable. This can significantly improve startup time in environments like Google Cloud Run.
  Thanks @​ChocoChipset for the contribution!

• You can now override the Content-Disposition header when using the webhook feature.
  Thanks @​stephentgrammer!

Bug Fix

• Fixed an issue where the merge order was sometimes incorrect.
  Thanks @​JhnBer!

Chore

• Updated Chromium to version 135.0.7049.84 (all platforms).
• Updated Go dependencies.

v8.19.1: 8.19.1

Compare Source

Bug Fixes

This release includes two bug fixes for the Chromium module:

1. A minor issue in a dependency was causing generated PDFs to be tagged by default. That’s no longer the case.
   Thanks to @​dani for the heads-up and @​kenshaw for the resolution!

2. The printBackground form field now works as expected.
   Thanks @​Welteam for reporting the issue!

Chore

• Updates Chromium to version 135.0.7049.52 (amd64 only).
• Updates Go dependencies.

v8.19.0: 8

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.