Calibre 7.16.0

calibre

Calibre is an open source e-book library management application that enables you to manage your e-book collection, convert e-books between different formats, synchronize with popular e-book reader devices, and read your e-books with the included viewer.

It acts as an e-library and also allows for format conversion, news feeds to e-book conversion, as well as e-book reader sync features and an integrated e-book viewer.

Calibre's features include: library management; format conversion (all major ebook formats); syncing to e-book reader devices; fetching news from the Web and converting it into ebook form; viewing many different e-book formats, giving you access to your book collection over the internet using just a browser.

Calibre 7.16.0 changelog:

New features

Add a driver for the new 2024 Tolino devices. They use a modified version of the Kobo firmware, so they are detected as Kobo devices.
Various news recipes now have the ability to download past issues, accessible via the Advanced tab in the Schedule news dialog

Bug fixes

ONLY if you use the calibre Content server, you should update calibre as soon as possible
If you do not know what the Content server is, you do not use it, and these do not apply to you. If you have set a password to access the Content server that you have not shared with anyone, these do not affect you. A remote code execution bug in the Content server introduced in calibre version 6.9.0 (released on 2022-11-25) means that anyone with access to the server also has access to the rest of the computer the server is running on. If you are using a password to protect access to the server only people that know the password can gain access via the bug. Thanks to STAR Labs (https://starlabs.sg) for finding these vulnerabilities.
Content server: Fix path traversal vulnerability
A bug in a feature introduced in calibre version 6.16.0 (released 2023-04-20) means anyone with access to the server can also read non calibre related files on the computer running the server.
Content server: Fix SQL injection vulnerability
A bug in a feature introduced in calibre version 6.10.0 (released 2022-12-16) means anyone with access to the server can also read non-calibre SQLITE database files on the computer running the server.
Content server: Fix an XSS vulnerability in one endpoint
Only relevant if you embed the calibre server within a larger server, it means attackers who can convince users to click on a specially crafted link, can run JavaScript code with the same origin as the larger server calibre is embedded in.
Content server: Fix an error when opening the downloaded books page directly via a link and using a custom book list template
macOS: Fix opening multiple books from Finder with the editor only opening one of the books
Fix the legacy LRF format viewer not starting
Fix mouse wheel not transitioning from undefined date to current date in date entry controls