fix(availability-sync): refine 4k media availability checks for both movies and TV shows

Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me>

.github/ISSUE_TEMPLATE/bug.yml

@@ -91,11 +91,19 @@ body:
     attributes:
       label: Additional Context
       description: Please provide any additional information that may be relevant or helpful.
+  - type: checkboxes
+    id: search-existing
+    attributes:
+      label: Search Existing Issues
+      description: Have you searched existing issues to see if this bug has already been reported?
+      options:
+        - label: Yes, I have searched existing issues.
+          required: true
   - type: checkboxes
     id: terms
     attributes:
       label: Code of Conduct
-      description: By submitting this issue, you agree to follow our [Code of Conduct](/../../CODE_OF_CONDUCT.md)
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/seerr-team/seerr/blob/develop/CODE_OF_CONDUCT.md)
       options:
         - label: I agree to follow Seerr's Code of Conduct
           required: true

.github/ISSUE_TEMPLATE/enhancement.yml

@@ -27,6 +27,14 @@ body:
     attributes:
       label: Additional Context
       description: Provide any additional information or screenshots that may be relevant or helpful.
+  - type: checkboxes
+    id: search-existing
+    attributes:
+      label: Search Existing Issues
+      description: Have you searched existing issues to see if this feature has already been requested?
+      options:
+        - label: Yes, I have searched existing issues.
+          required: true
   - type: checkboxes
     id: terms
     attributes:

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,14 +1,33 @@
-#### Description
+<!--
+    Please read contributing guide before submitting
+    your pull request. Please fill in each section below to help us better prioritize your pull request. Thanks!
+-->
 
-#### Screenshot (if UI-related)
+## Description
 
-#### To-Dos
+<!--- Describe your changes in detail -->
+<!--- Why is this change required? What problem does it solve? -->
+<!--- If it fixes an open issue, please link to the issue here. -->
 
-- [ ] Disclosed any use of AI (see our [policy](../CONTRIBUTING.md#ai-assistance-notice))
+- Fixes #XXXX
+
+## How Has This Been Tested?
+
+<!--- Please describe in detail how you tested your changes. -->
+<!--- Include details of your testing environment, and the tests you ran to -->
+<!--- see how your change affects other areas of the code, etc. -->
+
+## Screenshots / Logs (if applicable)
+
+## Checklist:
+
+<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
+<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
+
+- [ ] I have read and followed the contribution [guidelines](https://github.com/seerr-team/seerr/blob/develop/CONTRIBUTING.md).
+- [ ] Disclosed any use of AI (see our [policy](https://github.com/seerr-team/seerr/blob/develop/CONTRIBUTING.md#ai-assistance-notice))
+- [ ] I have updated the documentation accordingly.
+- [ ] All new and existing tests passed.
 - [ ] Successful build `pnpm build`
 - [ ] Translation keys `pnpm i18n:extract`
 - [ ] Database migration (if required)
-
-#### Issues Fixed or Closed
-
-- Fixes #XXXX

.github/cliff.toml

@@ -0,0 +1,94 @@
+# git-cliff ~ configuration
+# https://git-cliff.org/docs/configuration
+
+[changelog]
+header = ""
+body = """
+{%- macro remote_url() -%}
+  https://github.com/{{ remote.github.owner }}/{{ remote.github.repo }}
+{%- endmacro -%}
+
+{%- set excluded_users = ["github-actions[bot]", "dependabot[bot]", "renovate[bot]"] -%}
+
+{% macro print_commit(commit) -%}
+    - {% if commit.scope %}*({{ commit.scope }})* {% endif %}\
+        {% if commit.breaking %}[**breaking**] {% endif %}\
+        {{ commit.message | upper_first }} - \
+        ([{{ commit.id | truncate(length=7, end="") }}]({{ self::remote_url() }}/commit/{{ commit.id }}))\
+{% endmacro -%}
+
+{% if version %}\
+    {% if previous.version %}\
+        ## [{{ version | trim_start_matches(pat="v") }}]({{ self::remote_url() }}/compare/{{ previous.version }}..{{ version }}) - {{ timestamp | date(format="%Y-%m-%d") }}
+    {% else %}\
+        ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
+    {% endif %}\
+{% else %}\
+    ## [unreleased]
+{% endif %}\
+
+{%- for group, commits in commits | group_by(attribute="group") %}
+    ### {{ group | striptags | trim | upper_first }}
+    {%- for commit in commits | filter(attribute="scope") | sort(attribute="scope") %}
+        {{ self::print_commit(commit=commit) }}
+    {%- endfor %}
+    {%- for commit in commits %}
+        {%- if not commit.scope -%}
+            {{ self::print_commit(commit=commit) }}
+        {%- endif -%}
+    {%- endfor -%}
+{%- endfor -%}
+
+{%- set valid_contributors = [] -%}
+{%- for c in github.contributors | filter(attribute="is_first_time", value=true) %}
+  {%- if c.username and c.username not in excluded_users and c.username not in valid_contributors %}
+    {%- set_global valid_contributors = valid_contributors | concat(with=c.username) %}
+  {%- endif %}
+{%- endfor %}
+
+{%- if valid_contributors | length > 0 %}
+## New Contributors ❤️
+  {%- for username in valid_contributors %}
+* @{{ username }} made their first contribution
+  {%- endfor %}
+{%- endif %}
+"""
+footer = """
+<!-- generated by git-cliff -->
+"""
+trim = true
+postprocessors = []
+
+[git]
+conventional_commits = true
+filter_unconventional = true
+split_commits = false
+filter_commits = true
+commit_preprocessors = [
+  { pattern = '.*\[skip ci\].*', replace = "" },
+  { pattern = '.*\[ci skip\].*', replace = "" },
+]
+commit_parsers = [
+  { message = "^feat", group = "<!-- 0 -->🚀 Features" },
+  { message = "^fix", group = "<!-- 1 -->🐛 Bug Fixes" },
+  { message = "^doc", group = "<!-- 3 -->📖 Documentation" },
+  { message = "^perf", group = "<!-- 4 -->⚡ Performance" },
+  { message = "^refactor", group = "<!-- 2 -->🚜 Refactor" },
+  { message = "^style", group = "<!-- 5 -->🎨 Styling" },
+  { message = "^test", group = "<!-- 6 -->🧪 Testing" },
+  { message = "^chore\\(release\\): prepare for", skip = true },
+  { message = "^chore\\(deps.*\\)", skip = true },
+  { message = "^chore\\(pr\\)", skip = true },
+  { message = "^chore\\(pull\\)", skip = true },
+  { message = "^chore\\(git-sync\\)", skip = true },
+  { message = "^chore|^ci", group = "<!-- 7 -->⚙️ Miscellaneous Tasks" },
+  { body = ".*security", group = "<!-- 8 -->🛡️ Security" },
+  { message = "^revert", group = "<!-- 9 -->◀️ Revert" },
+  { message = '.*\[skip ci\].*', skip = true },
+  { message = '.*\[ci skip\].*', skip = true },
+]
+protect_breaking_commits = false
+tag_pattern = "v?[0-9]+\\.[0-9]+\\.[0-9]+.*"
+skip_tags = "beta|alpha|rc"
+topo_order = false
+sort_commits = "newest"

.github/workflows/ci.yml

@@ -14,6 +14,9 @@ on:
 permissions:
   contents: read
 
+env:
+  DOCKER_HUB: seerr/seerr
+
 concurrency:
   group: ci-${{ github.ref }}
   cancel-in-progress: true
@@ -23,7 +26,7 @@ jobs:
     name: Lint & Test Build
     if: github.event_name == 'pull_request'
     runs-on: ubuntu-24.04
-    container: node:22.20.0-alpine3.22@sha256:cb3143549582cc5f74f26f0992cdef4a422b22128cb517f94173a5f910fa4ee7
+    container: node:22.20.0-alpine3.22@sha256:dbcedd8aeab47fbc0f4dd4bffa55b7c3c729a707875968d467aaaea42d6225af
     steps:
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -31,7 +34,7 @@ jobs:
           persist-credentials: false
 
       - name: Pnpm Setup
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Get pnpm store directory
         shell: sh
@@ -140,7 +143,7 @@ jobs:
         uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
         with:
           images: |
-            ${{ github.repository }}
+            ${{ env.DOCKER_HUB }}
             ghcr.io/${{ github.repository }}
           tags: |
             type=raw,value=develop

.github/workflows/codeql.yml

@@ -42,15 +42,15 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
+        uses: github/codeql-action/init@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
+        uses: github/codeql-action/autobuild@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
+        uses: github/codeql-action/analyze@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
         with:
           category: '/language:${{ matrix.language }}'

.github/workflows/cypress.yml

@@ -48,7 +48,7 @@ jobs:
           package-manager-cache: false
 
       - name: Pnpm Setup
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile

.github/workflows/docs-deploy.yml

@@ -3,9 +3,10 @@
 name: Deploy to GitHub Pages
 
 on:
+  workflow_dispatch:
   push:
     branches:
-      - develop
+      - legacy-jellyseerr
     paths:
       - 'docs/**'
       - 'gen-docs/**'
@@ -34,7 +35,7 @@ jobs:
           package-manager-cache: false
 
       - name: Pnpm Setup
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Get pnpm store directory
         shell: sh

.github/workflows/helm.yml

@@ -55,7 +55,7 @@ jobs:
               # get current version
               current_version=$(grep '^version:' "$chart_path/Chart.yaml" | awk '{print $2}')
               # try to get current release version
-              if oras manifest fetch "ghcr.io/${GITHUB_REPOSITORY@L}/${chart_name}:${current_version}" >/dev/null 2>&1; then
+              if oras manifest fetch "ghcr.io/${{ github.repository }}/${chart_name}:${current_version}" >/dev/null 2>&1; then
                 echo "No version change for $chart_name. Skipping."
               else
                 helm dependency build "$chart_path"
@@ -87,8 +87,8 @@ jobs:
     name: Publish to ghcr.io
     runs-on: ubuntu-24.04
     permissions:
-      packages: write # needed for pushing to github registry
-      id-token: write # needed for signing the images with GitHub OIDC Token
+      packages: write
+      id-token: write
     needs: [package-helm-chart]
     if: needs.package-helm-chart.outputs.has_artifacts == 'true'
     steps:
@@ -105,7 +105,7 @@ jobs:
         uses: oras-project/setup-oras@22ce207df3b08e061f537244349aac6ae1d214f6 # v1.2.4
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
 
       - name: Downloads artifacts
         uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
@@ -128,17 +128,59 @@ jobs:
             # push chart to OCI
             chart_release_file=$(basename "$chart_path")
             chart_name=${chart_release_file%-*}
-            helm push ${chart_path} oci://ghcr.io/${GITHUB_REPOSITORY@L} |& tee helm-push-output.log
+            helm push ${chart_path} oci://ghcr.io/${{ github.repository }} |& tee helm-push-output.log
             chart_digest=$(awk -F "[, ]+" '/Digest/{print $NF}' < helm-push-output.log)
             # sign chart
-            cosign sign "ghcr.io/${GITHUB_REPOSITORY@L}/${chart_name}@${chart_digest}"
+            cosign sign "ghcr.io/${{ github.repository }}/${chart_name}@${chart_digest}"
             # push artifacthub-repo.yml to OCI
             oras push \
-              ghcr.io/${GITHUB_REPOSITORY@L}/${chart_name}:artifacthub.io \
+              ghcr.io/${{ github.repository }}/${chart_name}:artifacthub.io \
               --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \
               charts/$chart_name/artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml \
               |& tee oras-push-output.log
             artifacthub_digest=$(grep "Digest:" oras-push-output.log | awk '{print $2}')
             # sign artifacthub-repo.yml
-            cosign sign "ghcr.io/${GITHUB_REPOSITORY@L}/${chart_name}:artifacthub.io@${artifacthub_digest}"
+            cosign sign "ghcr.io/${{ github.repository }}/${chart_name}:artifacthub.io@${artifacthub_digest}"
+          done
+
+  verify:
+    name: Verify signatures for each chart tag
+    needs: [publish]
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+
+      - name: Downloads artifacts
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        with:
+          name: artifacts
+          path: .cr-release-packages/
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Verify signatures for each chart tag
+        run: |
+          for chart_path in $(find .cr-release-packages -name '*.tgz' -print); do
+            chart_release_file=$(basename "$chart_path")
+            chart_name=${chart_release_file%-*}
+            version=${chart_release_file#$chart_name-}
+            version=${version%.tgz}
+
+            cosign verify "ghcr.io/${{ github.repository }}/${chart_name}:${version}" \
+              --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
+              --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
           done

.github/workflows/preview.yml

@@ -11,6 +11,9 @@ on:
 permissions:
   contents: read
 
+env:
+  DOCKER_HUB: seerr/seerr
+
 concurrency:
   group: preview-${{ github.ref }}
   cancel-in-progress: true
@@ -115,7 +118,7 @@ jobs:
         uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
         with:
           images: |
-            ${{ github.repository }}
+            ${{ env.DOCKER_HUB }}
             ghcr.io/${{ github.repository }}
           tags: |
             type=raw,value=preview-${{ steps.ver.outputs.version }}

.github/workflows/release.yml

@@ -3,7 +3,9 @@
 name: Seerr Release
 
 on:
-  workflow_dispatch:
+  push:
+    tags:
+      - 'v*'
 
 permissions:
   contents: read
@@ -12,15 +14,17 @@ concurrency:
   group: release-${{ github.ref }}
   cancel-in-progress: true
 
+env:
+  DOCKER_HUB: seerr/seerr
+
 jobs:
-  semantic-release:
-    name: Tag and release latest version
-    runs-on: ubuntu-22.04
-    env:
-      HUSKY: 0
+  changelog:
+    name: Generate changelog
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     outputs:
-      new_release_published: ${{ steps.release.outputs.new_release_published }}
-      new_release_version: ${{ steps.release.outputs.new_release_version }}
+      release_body: ${{ steps.git-cliff.outputs.content }}
     steps:
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -28,46 +32,36 @@ jobs:
           fetch-depth: 0
           persist-credentials: false
 
-      - name: Set up Node.js
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+      - name: Generate changelog
+        id: git-cliff
+        uses: orhun/git-cliff-action@d77b37db2e3f7398432d34b72a12aa3e2ba87e51 # v4.6.0
         with:
-          node-version-file: package.json
-          package-manager-cache: false
-
-      - name: Pnpm Setup
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-
-      - name: Get pnpm store directory
-        shell: sh
-        run: |
-          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
-
-      - name: Setup pnpm cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-        with:
-          path: ${{ env.STORE_PATH }}
-          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-store-
-
-      - name: Install dependencies
-        run: pnpm install
-
-      - name: Release
-        id: release
-        uses: cycjimmy/semantic-release-action@9cc899c47e6841430bbaedb43de1560a568dfd16 # v5.0.0
-        with:
-          extra_plugins: |
-            @semantic-release/git@10
-            @semantic-release/changelog@6
-            @codedependant/semantic-release-docker@5
+          config: .github/cliff.toml
+          args: -vv --current
         env:
-          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+          OUTPUT: CHANGELOG.md
+          GITHUB_REPO: ${{ github.repository }}
+
+  create-draft-release:
+    name: Create draft release
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+    needs: changelog
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+
+      - name: Draft Release
+        run: gh release create ${GITHUB_REF_NAME} -t "Release ${GITHUB_REF_NAME}" -n "${RELEASE_BODY}" --draft
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RELEASE_BODY: ${{ needs.changelog.outputs.release_body }}
 
   build:
-    name: Build (per-arch, native runners)
-    needs: semantic-release
-    if: needs.semantic-release.outputs.new_release_published == 'true'
+    name: Build (${{ matrix.arch }})
     strategy:
       matrix:
         include:
@@ -78,6 +72,8 @@ jobs:
             platform: linux/arm64
             arch: arm64
     runs-on: ${{ matrix.runner }}
+    env:
+      VERSION: ${{ github.ref_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -91,7 +87,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
-      - name: Warm cache (no push) — ${{ matrix.platform }}
+      - name: Warm cache [${{ matrix.platform }}]
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: .
@@ -100,21 +96,23 @@ jobs:
           push: false
           build-args: |
             COMMIT_TAG=${{ github.sha }}
-            BUILD_VERSION=${{ needs.semantic-release.outputs.new_release_version }}
+            BUILD_VERSION=${{ env.VERSION }}
             SOURCE_DATE_EPOCH=${{ steps.ts.outputs.TIMESTAMP }}
           cache-from: type=gha,scope=${{ matrix.platform }}
           cache-to: type=gha,mode=max,scope=${{ matrix.platform }}
           provenance: false
 
   publish:
-    name: Publish multi-arch image
-    needs: [semantic-release, build]
-    if: needs.semantic-release.outputs.new_release_published == 'true'
+    name: Publish multi-arch manifests
+    needs: build
     runs-on: ubuntu-24.04
     permissions:
       contents: read
-      id-token: write
       packages: write
+    outputs:
+      image_digest: ${{ steps.digests.outputs.IMAGE_DIGEST }}
+    env:
+      VERSION: ${{ github.ref_name }}
     steps:
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -146,14 +144,14 @@ jobs:
         uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
         with:
           images: |
-            ${{ github.repository }}
+            ${{ env.DOCKER_HUB }}
             ghcr.io/${{ github.repository }}
           tags: |
-            type=raw,value=${{ needs.semantic-release.outputs.new_release_version }}
+            type=raw,value=${{ env.VERSION }}
           labels: |
             org.opencontainers.image.created=${{ steps.ts.outputs.TIMESTAMP }}
 
-      - name: Build & Push (multi-arch, single tag)
+      - name: Build & Push (multi-arch)
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: .
@@ -162,7 +160,7 @@ jobs:
           push: true
           build-args: |
             COMMIT_TAG=${{ github.sha }}
-            BUILD_VERSION=${{ needs.semantic-release.outputs.new_release_version }}
+            BUILD_VERSION=${{ env.VERSION }}
             SOURCE_DATE_EPOCH=${{ steps.ts.outputs.TIMESTAMP }}
           labels: ${{ steps.meta.outputs.labels }}
           tags: ${{ steps.meta.outputs.tags }}
@@ -172,37 +170,158 @@ jobs:
           cache-to: type=gha,mode=max
           provenance: false
 
+      - name: Resolve manifest digest
+        id: digests
+        run: |
+          DIGEST=$(docker buildx imagetools inspect "${{ env.DOCKER_HUB }}:${{ env.VERSION }}" --format '{{json .Manifest.Digest}}' | tr -d '"')
+          echo "IMAGE_DIGEST=$DIGEST" >> $GITHUB_OUTPUT
+
       - name: Also tag :latest (non-pre-release only)
         shell: bash
+        if: ${{ !contains(env.VERSION, '-') }}
         run: |
-          VER="${{ needs.semantic-release.outputs.new_release_version }}"
-          if [[ "$VER" != *"-"* ]]; then
-            docker buildx imagetools create \
-              -t ${{ github.repository }}:latest \
-              ${{ github.repository }}:${VER}
-            docker buildx imagetools create \
-              -t ghcr.io/${{ github.repository }}:latest \
-              ghcr.io/${{ github.repository }}:${VER}
-          fi
+          docker buildx imagetools create \
+            -t ${{ env.DOCKER_HUB }}:latest \
+            ${{ env.DOCKER_HUB }}:${{ env.VERSION }}
+
+          docker buildx imagetools create \
+            -t ghcr.io/${{ github.repository }}:latest \
+            ghcr.io/${{ github.repository }}:${{ env.VERSION }}
+
+  sign:
+    name: Sign images and create SBOM attestations
+    needs: publish
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    env:
+      VERSION: ${{ github.ref_name }}
+      COSIGN_YES: 'true'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+
+      - name: Install Trivy
+        uses: aquasecurity/setup-trivy@e6c2c5e321ed9123bda567646e2f96565e34abe1 # v0.2.4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Sign images
+        run: |
+          cosign sign --recursive "ghcr.io/${{ github.repository }}@${{ needs.publish.outputs.image_digest }}"
+          cosign sign --recursive "${{ env.DOCKER_HUB }}@${{ needs.publish.outputs.image_digest }}"
+
+      - name: Generate SBOMs
+        run: |
+          trivy image --format cyclonedx --output seerr-ghcr-image-${{ env.VERSION }}.sbom \
+            "ghcr.io/${{ github.repository }}@${{ needs.publish.outputs.image_digest }}"
+
+          trivy image --format cyclonedx --output seerr-dockerhub-image-${{ env.VERSION }}.sbom \
+            "${{ env.DOCKER_HUB }}@${{ needs.publish.outputs.image_digest }}"
+
+      - name: Attest SBOMs
+        run: |
+          cosign attest \
+            --type cyclonedx \
+            --predicate seerr-ghcr-image-${{ env.VERSION }}.sbom \
+            "ghcr.io/${{ github.repository }}@${{ needs.publish.outputs.image_digest }}"
+
+          cosign attest \
+            --type cyclonedx \
+            --predicate seerr-dockerhub-image-${{ env.VERSION }}.sbom \
+            "${{ env.DOCKER_HUB }}@${{ needs.publish.outputs.image_digest }}"
+
+      - name: Upload SBOMs
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: sboms-${{ env.VERSION }}
+          path: '*.sbom'
+          if-no-files-found: error
+          retention-days: 1
+
+  verify:
+    name: Verify signatures and attestations
+    needs: [publish, sign]
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    env:
+      VERSION: ${{ github.ref_name }}
+    steps:
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+
+      - name: Verify signatures
+        run: |
+          cosign verify "ghcr.io/${{ github.repository }}@${{ needs.publish.outputs.image_digest }}" \
+            --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
+            --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+
+          cosign verify "${{ env.DOCKER_HUB }}@${{ needs.publish.outputs.image_digest }}" \
+            --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
+            --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+
+      - name: Verify attestations
+        run: |
+          cosign verify-attestation "ghcr.io/${{ github.repository }}@${{ needs.publish.outputs.image_digest }}" \
+            --type cyclonedx \
+            --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
+            --certificate-oidc-issuer "https://token.actions.githubusercontent.com" > /dev/null
+
+          cosign verify-attestation "${{ env.DOCKER_HUB }}@${{ needs.publish.outputs.image_digest }}" \
+            --type cyclonedx \
+            --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
+            --certificate-oidc-issuer "https://token.actions.githubusercontent.com" > /dev/null
+
+  publish-release:
+    name: Publish release
+    needs: [create-draft-release, verify]
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+    env:
+      VERSION: ${{ github.ref_name }}
+    steps:
+      - name: Publish release
+        run: gh release edit "${{ env.VERSION }}" --draft=false --repo "${{ github.repository }}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   discord:
     name: Send Discord Notification
-    needs: publish
+    needs: publish-release
     if: always()
     runs-on: ubuntu-24.04
     steps:
-      - name: Determine Workflow Status
+      - name: Determine status
         id: status
         run: |
-          case "${{ needs.publish.result }}" in
+          case "${{ needs.publish-release.result }}" in
             success)   echo "status=Success"   >> $GITHUB_OUTPUT; echo "colour=3066993"  >> $GITHUB_OUTPUT ;;
             failure)   echo "status=Failure"   >> $GITHUB_OUTPUT; echo "colour=15158332" >> $GITHUB_OUTPUT ;;
             cancelled) echo "status=Cancelled" >> $GITHUB_OUTPUT; echo "colour=10181046" >> $GITHUB_OUTPUT ;;
             *)         echo "status=Skipped"   >> $GITHUB_OUTPUT; echo "colour=9807270"  >> $GITHUB_OUTPUT ;;
           esac
 
-      - name: Send Discord notification
-        shell: bash
+      - name: Send notification
         run: |
           WEBHOOK="${{ secrets.DISCORD_WEBHOOK }}"
 
@@ -217,7 +336,7 @@ jobs:
                 { "name": "Event",        "value": "${{ github.event_name }}", "inline": true },
                 { "name": "Triggered by", "value": "${{ github.actor }}", "inline": true },
                 { "name": "Workflow",     "value": "[${{ github.workflow }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})", "inline": true }
-              ],
+              ]
             }]
           }
           EOF

.github/workflows/renovate-helm-custom-hooks.yml

@@ -0,0 +1,181 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Renovate Helm Hooks
+
+on:
+  pull_request:
+    branches:
+      - develop
+    paths:
+      - 'charts/**'
+
+permissions: {}
+
+concurrency:
+  group: renovate-helm-hooks-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  renovate-post-run:
+    name: Renovate Bump Chart Version
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    if: github.actor == 'renovate[bot]'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        id: app-token
+        with:
+          app-id: 2138788
+          private-key: ${{ secrets.APP_SEERR_HELM_PRIVATE_KEY }}
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed="$(ct list-changed --target-branch ${TARGET_BRANCH})"
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+            echo "changed_list=${changed//$'\n'/ }" >> "$GITHUB_OUTPUT"
+          fi
+        env:
+          TARGET_BRANCH: ${{ github.event.repository.default_branch }}
+
+      - name: Bump chart version
+        if: steps.list-changed.outputs.changed == 'true'
+        env:
+          CHART: ${{ steps.list-changed.outputs.changed_list }}
+        run: |
+          if [[ ! -d "${CHART}" ]]; then
+            echo "${CHART} directory not found"
+            exit 0
+          fi
+
+          # Extract current appVersion and chart version from Chart.yaml
+          APP_VERSION=$(grep -e "^appVersion:" "$CHART/Chart.yaml" | cut -d ":" -f 2 | tr -d '[:space:]' | tr -d '"')
+          CHART_VERSION=$(grep -e "^version:" "$CHART/Chart.yaml" | cut -d ":" -f 2 | tr -d '[:space:]' | tr -d '"')
+
+          # Extract major, minor and patch versions of appVersion
+          APP_MAJOR_VERSION=$(printf '%s' "$APP_VERSION" | cut -d "." -f 1)
+          APP_MINOR_VERSION=$(printf '%s' "$APP_VERSION" | cut -d "." -f 2)
+          APP_PATCH_VERSION=$(printf '%s' "$APP_VERSION" | cut -d "." -f 3)
+
+          # Extract major, minor and patch versions of chart version
+          CHART_MAJOR_VERSION=$(printf '%s' "$CHART_VERSION" | cut -d "." -f 1)
+          CHART_MINOR_VERSION=$(printf '%s' "$CHART_VERSION" | cut -d "." -f 2)
+          CHART_PATCH_VERSION=$(printf '%s' "$CHART_VERSION" | cut -d "." -f 3)
+
+          # Get previous appVersion from the base commit of the pull request
+          BASE_COMMIT=$(git merge-base origin/main HEAD)
+          PREV_APP_VERSION=$(git show "$BASE_COMMIT":"$CHART/Chart.yaml" | grep -e "^appVersion:" | cut -d ":" -f 2 | tr -d '[:space:]' | tr -d '"')
+
+          # Extract major, minor and patch versions of previous appVersion
+          PREV_APP_MAJOR_VERSION=$(printf '%s' "$PREV_APP_VERSION" | cut -d "." -f 1)
+          PREV_APP_MINOR_VERSION=$(printf '%s' "$PREV_APP_VERSION" | cut -d "." -f 2)
+          PREV_APP_PATCH_VERSION=$(printf '%s' "$PREV_APP_VERSION" | cut -d "." -f 3)
+
+          # Check if the major, minor, or patch version of appVersion has changed
+          if [[ "$APP_MAJOR_VERSION" != "$PREV_APP_MAJOR_VERSION" ]]; then
+            # Bump major version of the chart and reset minor and patch versions to 0
+            CHART_MAJOR_VERSION=$((CHART_MAJOR_VERSION+1))
+            CHART_MINOR_VERSION=0
+            CHART_PATCH_VERSION=0
+          elif [[ "$APP_MINOR_VERSION" != "$PREV_APP_MINOR_VERSION" ]]; then
+            # Bump minor version of the chart and reset patch version to 0
+            CHART_MINOR_VERSION=$((CHART_MINOR_VERSION+1))
+            CHART_PATCH_VERSION=0
+          elif [[ "$APP_PATCH_VERSION" != "$PREV_APP_PATCH_VERSION" ]]; then
+            # Bump patch version of the chart
+            CHART_PATCH_VERSION=$((CHART_PATCH_VERSION+1))
+          fi
+
+          # Update the chart version in Chart.yaml
+          CHART_NEW_VERSION="${CHART_MAJOR_VERSION}.${CHART_MINOR_VERSION}.${CHART_PATCH_VERSION}"
+          sed -i "s/^version:.*/version: ${CHART_NEW_VERSION}/" "$CHART/Chart.yaml"
+
+      - name: Ensure documentation is updated
+        if: steps.list-changed.outputs.changed == 'true'
+        uses: docker://jnorwood/helm-docs:v1.14.2@sha256:7e562b49ab6b1dbc50c3da8f2dd6ffa8a5c6bba327b1c6335cc15ce29267979c
+
+      - name: Commit changes
+        if: steps.list-changed.outputs.changed == 'true'
+        env:
+          CHART: ${{ steps.list-changed.outputs.changed_list }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          GITHUB_HEAD_REF: ${{ github.head_ref }}
+        run: |
+          # Define the target directory
+          TARGET_DIR="$CHART"
+
+          # Fetch deleted files in the target directory
+          DELETED_FILES=$(git diff --diff-filter=D --name-only HEAD -- "$TARGET_DIR")
+
+          # Fetch added/modified files in the target directory
+          MODIFIED_FILES=$(git diff --diff-filter=ACM --name-only HEAD -- "$TARGET_DIR")
+
+          # Create a temporary file for JSON output
+          FILE_CHANGES_JSON_FILE=$(mktemp)
+
+          # Initialize JSON structure in the file
+          echo '{ "deletions": [], "additions": [] }' > "$FILE_CHANGES_JSON_FILE"
+
+          # Add deletions
+          for file in $DELETED_FILES; do
+            jq --arg path "$file" '.deletions += [{"path": $path}]' "$FILE_CHANGES_JSON_FILE" > "$FILE_CHANGES_JSON_FILE.tmp"
+            mv "$FILE_CHANGES_JSON_FILE.tmp" "$FILE_CHANGES_JSON_FILE"
+          done
+
+          # Add additions (new or modified files)
+          for file in $MODIFIED_FILES; do
+            BASE64_CONTENT=$(base64 -w 0 <"$file")  # Encode file content
+            jq --arg path "$file" --arg content "$BASE64_CONTENT" \
+              '.additions += [{"path": $path, "contents": $content}]' "$FILE_CHANGES_JSON_FILE" > "$FILE_CHANGES_JSON_FILE.tmp"
+            mv "$FILE_CHANGES_JSON_FILE.tmp" "$FILE_CHANGES_JSON_FILE"
+          done
+
+          # Create a temporary file for the final JSON payload
+          JSON_PAYLOAD_FILE=$(mktemp)
+
+          # Construct the final JSON using jq and store it in a file
+          jq -n --arg repo "$GITHUB_REPOSITORY" \
+                --arg branch "$GITHUB_HEAD_REF" \
+                --arg message "fix: post upgrade changes from renovate" \
+                --arg expectedOid "$GITHUB_SHA" \
+                --slurpfile fileChanges "$FILE_CHANGES_JSON_FILE" \
+                '{
+                  query: "mutation ($input: CreateCommitOnBranchInput!) {
+                    createCommitOnBranch(input: $input) {
+                      commit {
+                        url
+                      }
+                    }
+                  }",
+                  variables: {
+                    input: {
+                      branch: {
+                        repositoryNameWithOwner: $repo,
+                        branchName: $branch
+                      },
+                      message: { headline: $message },
+                      fileChanges: $fileChanges[0],
+                      expectedHeadOid: $expectedOid
+                    }
+                  }
+                }' > "$JSON_PAYLOAD_FILE"
+
+          # Call GitHub API
+          curl https://api.github.com/graphql -f \
+               -sSf -H "Authorization: Bearer $GITHUB_TOKEN" \
+               --data "@$JSON_PAYLOAD_FILE"
+
+          # Clean up temporary files
+          rm "$FILE_CHANGES_JSON_FILE" "$JSON_PAYLOAD_FILE"

.github/workflows/seerr-labeller.yml

@@ -0,0 +1,111 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: 'Seerr Labeller'
+
+on:
+  pull_request_target:
+    types: [labeled, unlabeled, reopened]
+  issues:
+    types: [labeled, unlabeled, reopened]
+
+permissions: {}
+
+jobs:
+  ai-generated-support:
+    if: >
+      github.event_name == 'pull_request_target' &&
+      (github.event.label.name == 'ai-generated' || (github.event.action == 'reopened' && contains(github.event.pull_request.labels.*.name, 'ai-generated')))
+    runs-on: ubuntu-24.04
+    concurrency:
+      group: ai-generated-${{ github.event.pull_request.number }}
+      cancel-in-progress: true
+    permissions:
+      pull-requests: write
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      GH_REPO: ${{ github.repository }}
+      NUMBER: ${{ github.event.pull_request.number }}
+      PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+    steps:
+      - name: Label added, comment and close pull request
+        if: github.event.action == 'labeled' && github.event.label.name == 'ai-generated'
+        shell: bash
+        env:
+          BODY: >
+            :wave: @${{ env.PR_AUTHOR }}, thank you for your contribution!
+
+            However, this pull request has been closed because it appears to contain a significant amount of AI-generated code without sufficient human review or supervision.
+
+            AI-generated code can often introduce subtle bugs, poor design patterns, or inconsistent styles that make long-term maintenance difficult and reduce overall code quality. For the sake of the project's future stability and readability, we require that all contributions meet our established coding standards and demonstrate clear developer oversight.
+
+            This pull request is also too large for effective human review. Please discuss with us on how to break down these changes into smaller, more focused PRs to ensure a thorough and efficient review process.
+            If you'd like to revise and resubmit your changes with careful review and cleanup, we'd be happy to take another look.
+        run: |
+          retry() { n=0; until "$@"; do n=$((n+1)); [ $n -ge 3 ] && break; echo "retry $n: $*" >&2; sleep 2; done; }
+          retry gh pr comment "$NUMBER" -R "$GH_REPO" -b "$BODY" || true
+          retry gh pr close "$NUMBER" -R "$GH_REPO" || true
+          gh pr lock "$NUMBER" -R "$GH_REPO" -r "spam" || true
+
+      - name: Label removed, reopen and unlock pull request
+        if: github.event.action == 'unlabeled' && github.event.label.name == 'ai-generated'
+        shell: bash
+        run: |
+          retry() { n=0; until "$@"; do n=$((n+1)); [ $n -ge 3 ] && break; echo "retry $n: $*" >&2; sleep 2; done; }
+          retry gh pr reopen "$NUMBER" -R "$GH_REPO" || true
+          gh pr unlock "$NUMBER" -R "$GH_REPO" || true
+
+      - name: Remove AI-generated label on manual reopen
+        if: github.event.action == 'reopened'
+        shell: bash
+        run: |
+          gh pr edit "$NUMBER" -R "$GH_REPO" --remove-label "ai-generated" || true
+          gh pr unlock "$NUMBER" -R "$GH_REPO" || true
+
+  support:
+    if: >
+      github.event_name == 'issues' &&
+      (github.event.label.name == 'support' ||
+      (github.event.action == 'reopened' && contains(github.event.issue.labels.*.name, 'support')))
+    runs-on: ubuntu-24.04
+    concurrency:
+      group: support-${{ github.event.issue.number }}
+      cancel-in-progress: true
+    permissions:
+      issues: write
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      GH_REPO: ${{ github.repository }}
+      NUMBER: ${{ github.event.issue.number }}
+      ISSUE_AUTHOR: ${{ github.event.issue.user.login }}
+    steps:
+      - name: Label added, comment and close issue
+        if: github.event.action == 'labeled' && github.event.label.name == 'support'
+        shell: bash
+        env:
+          BODY: >
+            :wave: @${{ env.ISSUE_AUTHOR }}, we use the issue tracker exclusively
+            for bug reports and feature requests. However, this issue appears
+            to be a support request. Please use our support channels
+            to get help with Seerr.
+
+            - [Discord](https://discord.gg/seerr)
+        run: |
+          retry() { n=0; until "$@"; do n=$((n+1)); [ $n -ge 3 ] && break; echo "retry $n: $*" >&2; sleep 2; done; }
+          retry gh issue comment "$NUMBER" -R "$GH_REPO" -b "$BODY" || true
+          retry gh issue close "$NUMBER" -R "$GH_REPO" || true
+          gh issue lock "$NUMBER" -R "$GH_REPO" -r "off_topic" || true
+
+      - name: Label removed, reopen and unlock issue
+        if: github.event.action == 'unlabeled' && github.event.label.name == 'support'
+        shell: bash
+        run: |
+          retry() { n=0; until "$@"; do n=$((n+1)); [ $n -ge 3 ] && break; echo "retry $n: $*" >&2; sleep 2; done; }
+          retry gh issue reopen "$NUMBER" -R "$GH_REPO" || true
+          gh issue unlock "$NUMBER" -R "$GH_REPO" || true
+
+      - name: Remove support label on manual reopen
+        if: github.event.action == 'reopened'
+        shell: bash
+        run: |
+          gh issue edit "$NUMBER" -R "$GH_REPO" --remove-label "support" || true
+          gh issue unlock "$NUMBER" -R "$GH_REPO" || true

.github/workflows/support.yml

@@ -1,58 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
-name: 'Support requests'
-
-on:
-  issues:
-    types: [labeled, unlabeled, reopened]
-
-permissions:
-  issues: read
-
-concurrency:
-  group: support-${{ github.event.issue.number }}
-  cancel-in-progress: true
-
-jobs:
-  support:
-    if: github.event.label.name == 'support' || github.event.action == 'reopened'
-    runs-on: ubuntu-24.04
-    permissions:
-      issues: write
-    env:
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_REPO: ${{ github.repository }}
-      NUMBER: ${{ github.event.issue.number }}
-      ISSUE_AUTHOR: ${{ github.event.issue.user.login }}
-    steps:
-      - name: Label added, comment and close issue
-        if: github.event.action == 'labeled' && github.event.label.name == 'support'
-        shell: bash
-        env:
-          BODY: >
-            :wave: @${{ env.ISSUE_AUTHOR }}, we use the issue tracker exclusively
-            for bug reports and feature requests. However, this issue appears
-            to be a support request. Please use our support channels
-            to get help with Seerr.
-
-            - [Discord](https://discord.gg/seerr)
-        run: |
-          retry() { n=0; until "$@"; do n=$((n+1)); [ $n -ge 3 ] && break; echo "retry $n: $*" >&2; sleep 2; done; }
-          retry gh issue comment "$NUMBER" -R "$GH_REPO" -b "$BODY" || true
-          retry gh issue close "$NUMBER" -R "$GH_REPO" || true
-          gh issue lock "$NUMBER" -R "$GH_REPO" -r "off_topic" || true
-
-      - name: Reopened or label removed, unlock issue
-        if: github.event.action == 'unlabeled' && github.event.label.name == 'support'
-        shell: bash
-        run: |
-          retry() { n=0; until "$@"; do n=$((n+1)); [ $n -ge 3 ] && break; echo "retry $n: $*" >&2; sleep 2; done; }
-          retry gh issue reopen "$NUMBER" -R "$GH_REPO" || true
-          gh issue unlock "$NUMBER" -R "$GH_REPO" || true
-
-      - name: Remove support label on manual reopen
-        if: github.event.action == 'reopened'
-        shell: bash
-        run: |
-          gh issue edit "$NUMBER" -R "$GH_REPO" --remove-label "support" || true
-          gh issue unlock "$NUMBER" -R "$GH_REPO" || true

.github/workflows/test-docs-deploy.yml

@@ -36,7 +36,7 @@ jobs:
           package-manager-cache: false
 
       - name: Pnpm Setup
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
 
       - name: Get pnpm store directory
         shell: sh

.github/workflows/trivy-scan.yml

@@ -56,6 +56,6 @@ jobs:
           ignore-unfixed: true
 
       - name: Upload SARIF to code scanning
-        uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
+        uses: github/codeql-action/upload-sarif@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
         with:
           sarif_file: trivy.sarif

.gitignore

@@ -71,3 +71,6 @@ tsconfig.tsbuildinfo
 
 # Config Cache Directory
 config/cache
+
+# Docker compose
+compose.override.yaml

.prettierignore

@@ -2,7 +2,6 @@
 .next/
 dist/
 config/
-CHANGELOG.md
 pnpm-lock.yaml
 cypress/config/settings.cypress.json
 

CONTRIBUTING.md

@@ -151,9 +151,9 @@ When adding new UI text, please try to adhere to the following guidelines:
 
 ## Translation
 
-We use [Weblate](https://jellyseerr.borgcube.de/projects/jellyseerr/jellyseerr-frontend/) for our translations, and your help with localizing Seerr would be greatly appreciated! If your language is not listed below, please [open a feature request](/../../issues/new/choose).
+We use [Weblate](https://translate.seerr.dev/projects/seerr/seerr-frontend/) for our translations, and your help with localizing Seerr would be greatly appreciated! If your language is not listed below, please [open a feature request](/../../issues/new/choose).
 
-<a href="https://jellyseerr.borgcube.de/engage/jellysseerr/"><img src="https://jellyseerr.borgcube.de/widget/jellyseerr/multi-auto.svg" alt="Translation status" /></a>
+<a href="https://translate.seerr.dev/engage/seerr/"><img src="https://translate.seerr.dev/widget/seerr/multi-auto.svg" alt="Translation status" /></a>
 
 ## Migrations
 

Dockerfile

@@ -13,7 +13,10 @@ WORKDIR /app
 FROM base AS prod-deps
 RUN --mount=type=cache,id=pnpm,target=/pnpm/store CI=true pnpm install --prod --frozen-lockfile
 
-FROM base as build
+FROM base AS build
+
+ARG COMMIT_TAG
+ENV COMMIT_TAG=${COMMIT_TAG}
 
 RUN \
   case "${TARGETPLATFORM}" in \

README.md

@@ -7,8 +7,8 @@
 </p>
 <p align="center">
 <a href="https://discord.gg/seerr"><img src="https://img.shields.io/discord/783137440809746482" alt="Discord"></a>
-<a href="https://hub.docker.com/r/fallenbagel/jellyseerr"><img src="https://img.shields.io/docker/pulls/fallenbagel/jellyseerr" alt="Docker pulls"></a>
-<a href="http://translate.jellyseerr.dev/engage/jellyseerr/"><img src="http://translate.jellyseerr.dev/widget/jellyseerr/jellyseerr-frontend/svg-badge.svg" alt="Translation status" /></a>
+<a href="https://hub.docker.com/r/seerr/seerr"><img src="https://img.shields.io/docker/pulls/seerr/seerr" alt="Docker pulls"></a>
+<a href="https://translate.seerr.dev/engage/seerr/"><img src="https://translate.seerr.dev/widget/seerr/svg-badge.svg" alt="Translation status" /></a>
 <a href="https://github.com/seerr-team/seerr/blob/develop/LICENSE"><img alt="GitHub" src="https://img.shields.io/github/license/seerr-team/seerr"></a>
 
 **Seerr** is a free and open source software application for managing requests for your media library. It integrates with the media server of your choice: [Jellyfin](https://jellyfin.org), [Plex](https://plex.tv), and [Emby](https://emby.media/). In addition, it integrates with your existing services, such as **[Sonarr](https://sonarr.tv/)**, **[Radarr](https://radarr.video/)**.
@@ -32,15 +32,27 @@ With more features on the way! Check out our [issue tracker](/../../issues) to s
 
 ## Getting Started
 
-Check out our documentation for instructions on how to install and run Seerr:
+For instructions on how to install and run **Jellyseerr**, please refer to the official documentation:
 
 https://docs.seerr.dev/getting-started/
 
-### Packages:
+> [!IMPORTANT]
+> **Seerr is not officially released yet.**  
+> The project is currently available **only on the `develop` branch** and is intended for **beta testing only**.
 
-Archlinux: [AUR](https://aur.archlinux.org/packages/jellyseerr)
+The documentation linked above is for running the **latest Jellyseerr** release.
 
-Nix: [Nixpkg](https://search.nixos.org/packages?channel=unstable&show=jellyseerr)
+> [!WARNING]
+> If you are migrating from **Overseerr** to **Seerr** for beta testing, **do not follow the Jellyseerr latest setup guide**.
+
+Instead, follow the dedicated migration guide (with `:develop` tag):
+https://github.com/seerr-team/seerr/blob/develop/docs/migration-guide.mdx
+
+> [!CAUTION]
+> **DO NOT run Jellyseerr (latest) using an existing Overseerr database. This includes third-party images with `seerr:latest` (as it points to jellyseerr 2.7.3 and not seerr.**  
+> Doing so **may cause database corruption and/or irreversible data loss and/or weird unintended behaviour**. 
+
+For migration assistance, beta testing questions, or troubleshooting, please join our **Discord** and ask for support there.
 
 ## Preview
 

charts/seerr-chart/Chart.yaml

@@ -4,8 +4,8 @@ name: seerr-chart
 description: Seerr helm chart for Kubernetes
 type: application
 version: 3.0.0
-# renovate: image=ghcr.io/fallenbagel/jellyseerr
-appVersion: '2.7.3'
+# renovate: image=ghcr.io/seerr-team/seerr
+appVersion: '3.0.0'
 maintainers:
   - name: Seerr Team
     url: https://github.com/orgs/seerr-team/people

charts/seerr-chart/README.md

@@ -1,6 +1,6 @@
 # seerr-chart
 
-![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.7.3](https://img.shields.io/badge/AppVersion-2.7.3-informational?style=flat-square)
+![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0](https://img.shields.io/badge/AppVersion-3.0.0-informational?style=flat-square)
 
 Seerr helm chart for Kubernetes
 
@@ -20,11 +20,15 @@ Seerr helm chart for Kubernetes
 
 Kubernetes: `>=1.23.0-0`
 
+## Installation
+
+Refer to [Seerr kubernetes documentation](https://docs.seerr.dev/getting-started/kubernetes)
+
 ## Update Notes
 
 ### Updating to 3.0.0
 
-Nothing has changed; we just rebranded the `jellyseerr` Helm chart to `seerr` 🥳.
+Nothing has changed; we just rebranded the `jellyseerr` Helm chart to `seerr` 🥳 refer to our [Migration guide](https://docs.seerr.dev/migration-guide).
 
 ### Updating to 2.7.0
 
@@ -66,12 +70,20 @@ If `replicaCount` value was used - remove it. Helm update should work fine after
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
-| podSecurityContext | object | `{}` |  |
+| podSecurityContext.fsGroup | int | `1000` |  |
+| podSecurityContext.fsGroupChangePolicy | string | `"OnRootMismatch"` |  |
 | probes.livenessProbe | object | `{}` | Configure liveness probe |
 | probes.readinessProbe | object | `{}` | Configure readiness probe |
 | probes.startupProbe | string | `nil` | Configure startup probe |
 | resources | object | `{}` |  |
-| securityContext | object | `{}` |  |
+| securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| securityContext.privileged | bool | `false` |  |
+| securityContext.readOnlyRootFilesystem | bool | `false` |  |
+| securityContext.runAsGroup | int | `1000` |  |
+| securityContext.runAsNonRoot | bool | `true` |  |
+| securityContext.runAsUser | int | `1000` |  |
+| securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | service.port | int | `80` |  |
 | service.type | string | `"ClusterIP"` |  |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |

charts/seerr-chart/README.md.gotmpl

@@ -14,11 +14,15 @@
 
 {{ template "chart.requirementsSection" . }}
 
+## Installation
+
+Refer to [Seerr kubernetes documentation](https://docs.seerr.dev/getting-started/kubernetes)
+
 ## Update Notes
 
 ### Updating to 3.0.0
 
-Nothing change we just rebranded `jellyseerr` helm-chart to `seerr` :)
+Nothing has changed; we just rebranded the `jellyseerr` Helm chart to `seerr` 🥳 refer to our [Migration guide](https://docs.seerr.dev/migration-guide).
 
 ### Updating to 2.7.0
 

charts/seerr-chart/values.yaml

@@ -50,16 +50,22 @@ serviceAccount:
 podAnnotations: {}
 podLabels: {}
 
-podSecurityContext: {}
-# fsGroup: 2000
+podSecurityContext:
+  fsGroup: 1000
+  fsGroupChangePolicy: OnRootMismatch
 
-securityContext: {}
-# capabilities:
-#   drop:
-#   - ALL
-# readOnlyRootFilesystem: true
-# runAsNonRoot: true
-# runAsUser: 1000
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: false
+  runAsNonRoot: true
+  privileged: false
+  runAsUser: 1000
+  runAsGroup: 1000
+  seccompProfile:
+    type: RuntimeDefault
 
 service:
   type: ClusterIP

compose.postgres.yaml

@@ -31,6 +31,6 @@ services:
     ports:
       - '5432:5432'
     volumes:
-      - postgres:var/lib/postgresql/18/docker
+      - postgres:/var/lib/postgresql
 volumes:
   postgres:

docs/extending-seerr/database-config.mdx

@@ -20,7 +20,7 @@ DB_LOG_QUERIES="false" # (optional) Whether to log the DB queries for debugging.
 ## PostgreSQL Options
 
 :::caution
-When migrating Postgres from version 17 to 18 in Docker, note that the data mount point has changed. Instead of using `/var/lib/postgresql/data`, the correct mount path is now `/var/lib/postgresql/18/docker`.
+When migrating Postgres from version 17 to 18 in Docker, note that the data mount point has changed. Instead of using `/var/lib/postgresql/data`, the correct mount path is now `/var/lib/postgresql`.
 Refer to the [PostgreSQL Docker documentation](https://hub.docker.com/_/postgres/#pgdata) to learn how to migrate or opt out of this change.
 :::
 

docs/extending-seerr/reverse-proxy.mdx

@@ -266,3 +266,36 @@ Add the following Location block to your existing Server configuration.
 </TabItem>
 
 </Tabs>
+
+## HAProxy (v3)
+
+:::warning
+This is a third-party documentation maintained by the community. We can't provide support for this setup and are unable to test it.
+:::
+
+    Add the following frontend and backend configurations for your seerr instance:
+    ```haproxy
+    frontend seerr-frontend
+      bind 0.0.0.0:80
+      bind 0.0.0.0:443 ssl crt /etc/ssl/private/seerr.example.com.pem
+      mode http
+      log global
+      option httplog
+      option http-keep-alive
+      http-request set-header X-Real-IP %[src]
+      option forwardfor
+      acl seerr hdr(host) -i seerr.example.com
+      redirect scheme https code 301 if !{ ssl_fc }
+      use_backend seerr-backend if seerr
+
+    backend seerr-backend
+      mode http
+      log global
+      option httplog
+      http-response set-header Strict-Transport-Security max-age=15552000
+      option httpchk GET /api/v1/status
+      timeout connect 30000
+      timeout server 30000
+      retries 3
+      server seerr 127.0.0.1:5055 check inter 1000
+    ```

docs/getting-started/buildfromsource.mdx

@@ -24,10 +24,9 @@ import TabItem from '@theme/TabItem';
 ```bash
 sudo mkdir -p /opt/seerr && cd /opt/seerr
 ```
-2. Clone the Seerr repository and checkout the develop branch:
+2. Clone the Seerr repository and checkout the main branch:
 ```bash
-git clone https://github.com/fallenbagel/jellyseerr.git
-cd jellyseerr
+git clone https://github.com/seerr-team/seerr.git .
 git checkout main
 ```
 3. Install the dependencies:
@@ -199,9 +198,9 @@ pm2 status seerr
 mkdir C:\seerr
 cd C:\seerr
 ```
-2. Clone the Seerr repository and checkout the develop branch:
+2. Clone the Seerr repository and checkout the main branch:
 ```powershell
-git clone https://github.com/fallenbagel/jellyseerr.git .
+git clone https://github.com/seerr-team/seerr.git .
 git checkout main
 ```
 3. Install the dependencies:

docs/getting-started/docker.mdx

@@ -11,6 +11,16 @@ Details on how to install Docker can be found on the [official Docker website](h
 Refer to [Configuring Databases](/extending-seerr/database-config#postgresql-options) for details on how to configure your database.
 :::
 
+:::info
+An alternative Docker image is available on Docker Hub for this project. You can find it at [Docker Hub Repository Link](https://hub.docker.com/r/seerr/seerr)
+:::
+
+:::info
+All official Seerr images are cryptographically signed and include a verified [Software Bill of Materials (SBOM)](https://cyclonedx.org/).
+
+To confirm that the container image you are using is authentic and unmodified, please refer to the [Verifying Signed Artifacts](/using-seerr/advanced/verifying-signed-artifacts#verifying-signed-images) guide.
+:::
+
 ## Unix (Linux, macOS)
 :::warning
 Be sure to replace `/path/to/appdata/config` in the below examples with a valid host directory path. If this volume mount is not configured correctly, your Seerr settings/data will not be persisted when the container is recreated (e.g., when updating the image or rebooting your machine).
@@ -38,7 +48,7 @@ docker run -d \
   -p 5055:5055 \
   -v /path/to/appdata/config:/app/config \
   --restart unless-stopped \
-  ghcr.io/seerr-team/seerr
+  ghcr.io/seerr-team/seerr:latest
 ```
 
 The argument `-e PORT=5055` is optional.
@@ -62,7 +72,7 @@ docker stop seerr && docker rm seerr
 ```
 Pull the latest image:
 ```bash
-docker pull ghcr.io/seerr-team/seerr
+docker pull ghcr.io/seerr-team/seerr:latest
 ```
 Finally, run the container with the same parameters originally used to create the container:
 ```bash
@@ -125,15 +135,6 @@ You may alternatively use a third-party mechanism like [dockge](https://github.c
   </TabItem>
 </Tabs>
 
-
-## Unraid
-
-1. Ensure you have the **Community Applications** plugin installed.
-2. Inside the **Community Applications** app store, search for **Seerr**.
-3. Click the **Install Button**.
-4. On the following **Add Container** screen, make changes to the **Host Port** and **Host Path 1** \(Appdata\) as needed.
-5. Click apply and access "Seerr" at your `<ServerIP:HostPort>` in a web browser.
-
 ## Windows
 
 Please refer to the [Docker Desktop for Windows user manual](https://docs.docker.com/docker-for-windows/) for details on how to install Docker on Windows. There is no need to install a Linux distro if using named volumes like in the example below.
@@ -165,7 +166,7 @@ docker run -d \
   -p 5055:5055 \
   -v seerr-data:/app/config \
   --restart unless-stopped \
-  ghcr.io/seerr-team/seerr
+  ghcr.io/seerr-team/seerr:latest
 ```
 
 The argument `-e PORT=5055` is optional.

docs/getting-started/kubernetes.mdx

@@ -1,21 +1,26 @@
 ---
 title: Kubernetes (Advanced)
-description: Install Jellyseerr in Kubernetes
-sidebar_position: 5
+description: Install Seerr in Kubernetes
+sidebar_position: 3
 ---
 # Kubernetes
-:::info
+:::warning
 This method is not recommended for most users. It is intended for advanced users who are using Kubernetes.
 :::
 
+:::info
+All official Seerr charts are cryptographically signed and include a verified [Software Bill of Materials (SBOM)](https://cyclonedx.org/).
+
+To confirm that the chart you are using is authentic and unmodified, please refer to the [Verifying Signed Artifacts](/using-seerr/advanced/verifying-signed-artifacts#verifying-signed-helm-charts) guide.
+:::
+
 ## Installation
 ```console
 helm install seerr oci://ghcr.io/seerr-team/seerr/seerr-chart
 ```
-Helm values can be found in the Jellyseerr repository under [charts/jellyseerr-chart/README.md](https://github.com/fallenbagel/jellyseerr/tree/develop/charts/jellyseerr-chart).
+Helm values can be found in the Seerr repository under [charts/seerr-chart/README.md](https://github.com/seerr-team/seerr/tree/develop/charts/seerr-chart).
 
 Verify the signature with [cosign](https://docs.sigstore.dev/cosign/system_config/installation/) (replace [tag], with the TAG you want to verify) :
 ```console
-cosign verify ghcr.io/fallenbagel/jellyseerr/jellyseerr-chart:[tag] --certificate-identity=https://github.com/fallenbagel/jellyseerr/.github/workflows/helm.yml@refs/heads/main --certificate-oidc-issuer=https://token.ac
-tions.githubusercontent.com
+cosign verify ghcr.io/seerr-team/seerr/seerr-chart:[tag] --certificate-identity=https://github.com/seerr-team/seerr/.github/workflows/helm.yml@refs/heads/main --certificate-oidc-issuer=https://token.actions.githubusercontent.com
 ```

docs/getting-started/nixpkg.mdx

@@ -1,271 +0,0 @@
----
-title: Nix Package Manager (Advanced)
-description: Install Seerr using Nix
-sidebar_position: 3
----
-
-import { SeerrVersion, NixpkgVersion } from '@site/src/components/SeerrVersion';
-import Admonition from '@theme/Admonition';
-import Tabs from '@theme/Tabs';
-import TabItem from '@theme/TabItem';
-
-# Nix Package Manager (Advanced)
-:::info
-This method is not recommended for most users. It is intended for advanced users who are using Nix as their package manager.
-:::
-
-export const VersionMismatchWarning = () => {
-  let seerrVersion = null;
-  let nixpkgVersions = null;
-  try {
-    seerrVersion = SeerrVersion();
-    nixpkgVersions = NixpkgVersion();
-  } catch (err) {
-    return (
-      <Admonition type="error">
-        Failed to load version information. Error: {err.message || JSON.stringify(err)}
-      </Admonition>
-    );
-  }
-
-    if (!nixpkgVersions || nixpkgVersions.error) {
-    return (
-      <Admonition type="error">
-        Failed to fetch Nixpkg versions: {nixpkgVersions?.error || 'Unknown error'}
-      </Admonition>
-    );
-  }
-
-  const isUnstableUpToDate = seerrVersion === nixpkgVersions.unstable;
-  const isStableUpToDate = seerrVersion === nixpkgVersions.stable;
-
-  return (
-     <>
-      {!isStableUpToDate ? (
-  <Admonition type="warning">
-    The{' '}
-    <a href="https://github.com/NixOS/nixpkgs/blob/nixos-24.11/pkgs/servers/jellyseerr/default.nix#L14">
-      upstream Jellyseerr Nix Package (v{nixpkgVersions.stable})
-    </a>{' '}
-    is not <b>up-to-date</b>. If you want to use <b>Jellyseerr v{seerrVersion}</b>,{' '}
-    {isUnstableUpToDate ? (
-      <>
-        consider using the{' '}
-        <a href="https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/je/jellyseerr/package.nix">
-          unstable package
-        </a>{' '}
-        instead.
-      </>
-    ) : (
-      <>
-        you will need to{' '}
-        <a href="#overriding-the-package-derivation">override the package derivation</a>.
-      </>
-    )}
-  </Admonition>
-) : null}
-    </>
-  );
-};
-
-<VersionMismatchWarning />
-
-## Installation
-To get up and running with jellyseerr using Nix, you can add the following to your `configuration.nix`:
-
-```nix
-{ config, pkgs, ... }:
-
-{
-  services.jellyseerr.enable = true;
-}
-```
-
-If you want more advanced configuration options, you can use the following:
-
-<Tabs groupId="nixpkg-methods" queryString>
-  <TabItem value="default" label="Default Configurations">
-```nix
-{ config, pkgs, ... }:
-
-{
-  services.jellyseerr = {
-    enable = true;
-    port = 5055;
-    openFirewall = true;
-    package = pkgs.jellyseerr; # Use the unstable package if stable is not up-to-date
-  };
-}
-```
-  </TabItem>
-  <TabItem value="custom" label="Database Configurations">
-In order to use postgres, you will need to add override the default module of jellyseerr with the following as the current default module is not compatible with postgres:
-```nix
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.services.jellyseerr;
-in
-{
-  meta.maintainers = [ maintainers.camillemndn ];
-
-  disabledModules = [ "services/misc/jellyseerr.nix" ];
-
-  options.services.jellyseerr = {
-    enable = mkEnableOption ''Jellyseerr, a requests manager for Jellyfin'';
-
-    openFirewall = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''Open port in the firewall for the Jellyseerr web interface.'';
-    };
-
-    port = mkOption {
-      type = types.port;
-      default = 5055;
-      description = ''The port which the Jellyseerr web UI should listen to.'';
-    };
-
-    package = mkOption {
-      type = types.package;
-      default = pkgs.jellyseerr;
-      defaultText = literalExpression "pkgs.jellyseerr";
-      description = ''
-        Jellyseerr package to use.
-      '';
-    };
-
-    databaseConfig = mkOption {
-      type = types.attrsOf types.str;
-      default = {
-        type = "sqlite";
-        configDirectory = "config";
-        logQueries = "false";
-      };
-      description = ''
-        Database configuration. For "sqlite", only "type", "configDirectory", and "logQueries" are relevant.
-        For "postgres", include host, port, user, pass, name, and optionally socket.
-        Example:
-        {
-          type = "postgres";
-          socket = "/run/postgresql";
-          user = "jellyseerr";
-          name = "jellyseerr";
-          logQueries = "false";
-        }
-        or
-        {
-          type = "postgres";
-          host = "localhost";
-          port = "5432";
-          user = "dbuser";
-          pass = "password";
-          name = "jellyseerr";
-          logQueries = "false";
-        }
-        or
-        {
-          type = "sqlite";
-          configDirectory = "config";
-          logQueries = "false";
-        }
-      '';
-    };
-  };
-
-  config = mkIf cfg.enable {
-    systemd.services.jellyseerr = {
-      description = "Jellyseerr, a requests manager for Jellyfin";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      environment =
-        let
-          dbConfig = cfg.databaseConfig;
-        in
-        {
-          PORT = toString cfg.port;
-          DB_TYPE = toString dbConfig.type;
-          CONFIG_DIRECTORY = toString dbConfig.configDirectory or "";
-          DB_LOG_QUERIES = toString dbConfig.logQueries;
-          DB_HOST = if dbConfig.type == "postgres" && !(hasAttr "socket" dbConfig) then toString dbConfig.host or "" else "";
-          DB_PORT = if dbConfig.type == "postgres" && !(hasAttr "socket" dbConfig) then toString dbConfig.port or "" else "";
-          DB_SOCKET_PATH = if dbConfig.type == "postgres" && hasAttr "socket" dbConfig then toString dbConfig.socket or "" else "";
-          DB_USER = if dbConfig.type == "postgres" then toString dbConfig.user or "" else "";
-          DB_PASS = if dbConfig.type == "postgres" then toString dbConfig.pass or "" else "";
-          DB_NAME = if dbConfig.type == "postgres" then toString dbConfig.name or "" else "";
-        };
-      serviceConfig = {
-        Type = "exec";
-        StateDirectory = "jellyseerr";
-        WorkingDirectory = "${cfg.package}/libexec/jellyseerr";
-        DynamicUser = true;
-        ExecStart = "${cfg.package}/bin/jellyseerr";
-        BindPaths = [ "/var/lib/jellyseerr/:${cfg.package}/libexec/jellyseerr/config/" ];
-        Restart = "on-failure";
-        ProtectHome = true;
-        ProtectSystem = "strict";
-        PrivateTmp = true;
-        PrivateDevices = true;
-        ProtectHostname = true;
-        ProtectClock = true;
-        ProtectKernelTunables = true;
-        ProtectKernelModules = true;
-        ProtectKernelLogs = true;
-        ProtectControlGroups = true;
-        NoNewPrivileges = true;
-        RestrictRealtime = true;
-        RestrictSUIDSGID = true;
-        RemoveIPC = true;
-        PrivateMounts = true;
-      };
-    };
-
-    networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; };
-  };
-}
-```
-Then, import the module into your `configuration.nix`:
-```nix
-{ config, pkgs, ... }:
-{
-  imports = [ ./modules/jellyseerr.nix ];
-
-  services.jellyseerr = {
-    enable = true;
-    port = 5055;
-    openFirewall = true;
-    package = pkgs.unstable.jellyseerr; # use the unstable package if stable is not up-to-date
-    databaseConfig = {
-      type = "postgres";
-      host = "localhost"; # or socket: "/run/postgresql"
-      port = "5432"; # if using socket, this is not needed
-      user = "jellyseerr";
-      pass = "jellyseerr";
-      name = "jellyseerr";
-      logQueries = "false";
-    };
-  }
-}
-```
-  </TabItem>
-</Tabs>
-
-After adding the configuration to your `configuration.nix`, you can run the following command to install jellyseerr:
-
-```bash
-nixos-rebuild switch
-```
-After rebuild is complete jellyseerr should be running, verify that it is with the following command.
-```bash
-systemctl status jellyseerr
-```
-
-:::info
-You can now access Seerr by visiting `http://localhost:5055` in your web browser.
-:::
-

docs/getting-started/third-parties/aur.mdx

@@ -1,16 +1,15 @@
 ---
-title: AUR (Arch User Repository)
+title: AUR (Advanced)
 description: Install Seerr using the Arch User Repository
-sidebar_position: 4
+sidebar_position: 2
 ---
 
-# AUR (Arch User Repository)
-
-:::note Disclaimer
-This AUR package is not maintained by us but by a third party. Please refer to the maintainer for any issues.
+# AUR
+:::warning
+Third-party installation methods are maintained by the community. The Seerr team is not responsible for these packages.
 :::
 
-:::info
+:::warning
 This method is not recommended for most users. It is intended for advanced users who are using Arch Linux or an Arch-based distribution.
 :::
 
@@ -24,12 +23,12 @@ import TabItem from '@theme/TabItem';
 <Tabs groupId="aur-methods" queryString>
   <TabItem value="yay" label="yay">
     ```bash
-    yay -S jellyseerr
+    yay -S seerr
     ```
   </TabItem>
   <TabItem value="paru" label="paru">
     ```bash
-    paru -S jellyseerr
+    paru -S seerr
     ```
   </TabItem>
 </Tabs>
@@ -39,5 +38,5 @@ After installing Seerr, configure it by visiting the web UI at `http://[address]
 :::
 
 :::tip
-You can find the environment file at `/etc/conf.d/jellyseerr` and the service file at `/etc/systemd/system/jellyseerr.service`.
+You can find the environment file at `/etc/conf.d/seerr` and the service file at `/etc/systemd/system/seerr.service`.
 :::

docs/getting-started/third-parties/index.mdx

@@ -0,0 +1,11 @@
+---
+title: Third-party Installation Methods
+---
+import DocCardList from '@theme/DocCardList';
+
+:::warning
+Third-party installation methods are maintained by the community. The Seerr team is not responsible for these packages.
+:::
+
+
+<DocCardList />

docs/getting-started/third-parties/nixpkg.mdx

@@ -0,0 +1,17 @@
+---
+title: Nix Package Manager (Advanced)
+description: Install Seerr using Nixpkgs
+sidebar_position: 1
+---
+
+import { SeerrVersion, NixpkgVersion } from '@site/src/components/SeerrVersion';
+import Admonition from '@theme/Admonition';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# Nix Package Manager
+:::warning
+Third-party installation methods are maintained by the community. The Seerr team is not responsible for these packages.
+:::
+
+Refer to [NixOS documentation](https://search.nixos.org/options?channel=25.05&query=seerr)

docs/getting-started/third-parties/unraid.mdx

@@ -0,0 +1,20 @@
+---
+title: Unraid (Advanced)
+description: Install Seerr using Unraid
+sidebar_position: 3
+---
+
+# Unraid
+:::warning
+Third-party installation methods are maintained by the community. The Seerr team is not responsible for these packages.
+:::
+
+:::warning
+This method is not recommended for most users. It is intended for advanced users who are using Unraid.
+:::
+
+1. Ensure you have the **Community Applications** plugin installed.
+2. Inside the **Community Applications** app store, search for **Seerr**.
+3. Click the **Install Button**.
+4. On the following **Add Container** screen, make changes to the **Host Port** and **Host Path 1** \(Appdata\) as needed.
+5. Click apply and access "Seerr" at your `<ServerIP:HostPort>` in a web browser.

docs/migration-guide.mdx

@@ -0,0 +1,168 @@
+---
+title: Migration guide
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+Whether you come from Overseerr or Jellyseerr, you don't need to perform any manual migration steps, your instance will automatically be migrated to Seerr.
+This migration will run automatically the first time you start your instance using the Seerr codebase (Docker image or source build or Kubernetes, etc.).
+An additional migration will happen for Overseerr users, to migrate their configuration to the new codebase.
+
+:::warning
+Before doing anything you should backup your existing instance so that you can rollback in case something goes wrong.
+See [Backups](/using-seerr/backups) for details on how to properly backup your instance.
+:::
+
+## Docker
+Refer to [Seerr Docker Documentation](/getting-started/docker), all of our examples have been updated to reflect the below change.
+
+Changes :
+- Renamed all references from `overseerr` or `jellyseerr` to `seerr`.
+- The container image reference has been updated.
+- The container can now be run as a non-root user (`node` user); remove the `user` directive if you have configured it.
+- The container no longer provides an init process, so you must configure it by adding `init: true` for Docker Compose or `--init` for the Docker CLI.
+
+:::info
+**Config folder permissions**: Since the container now runs as the `node` user (UID 1000), you must ensure your config folder has the correct permissions. The `node` user must have read and write access to the `/app/config` directory.
+
+If you're migrating from a previous installation, you may need to update the ownership of your config folder:
+```bash
+docker run --rm -v /path/to/appdata/config:/data alpine chown -R 1000:1000 /data
+```
+
+This ensures the `node` user (UID 1000) owns the config directory and can read and write to it.
+:::
+
+### Unix
+
+Summary of changes :
+<Tabs groupId="docker-methods" queryString>
+  <TabItem value="docker-compose" label="Docker compose">
+  ```yaml {3-6}
+  ---
+  services:
+    seerr:
+      image: ghcr.io/seerr-team/seerr:latest
+      init: true
+      container_name: seerr
+      environment:
+        - LOG_LEVEL=debug
+        - TZ=Asia/Tashkent
+        - PORT=5055 #optional
+      ports:
+        - 5055:5055
+      volumes:
+        - /path/to/appdata/config:/app/config
+      healthcheck:
+        test: wget --no-verbose --tries=1 --spider http://localhost:5055/api/v1/status || exit 1
+        start_period: 20s
+        timeout: 3s
+        interval: 15s
+        retries: 3
+      restart: unless-stopped
+  ```
+  </TabItem>
+  <TabItem value="docker-cli" label="Docker CLI">
+  ```bash {2-3,10}
+  docker run -d \
+    --name seerr \
+    --init \
+    -e LOG_LEVEL=debug \
+    -e TZ=Asia/Tashkent \
+    -e PORT=5055 \
+    -p 5055:5055 \
+    -v /path/to/appdata/config:/app/config \
+    --restart unless-stopped \
+    ghcr.io/seerr-team/seerr:latest
+  ```
+  </TabItem>
+</Tabs>
+
+### Windows
+Summary of changes :
+<Tabs groupId="docker-methods" queryString>
+  <TabItem value="docker-compose" label="Docker compose">
+  ```yaml {3-6,13,23}
+  ---
+  services:
+    seerr:
+      image: ghcr.io/seerr-team/seerr:latest
+      init: true
+      container_name: seerr
+      environment:
+        - LOG_LEVEL=debug
+        - TZ=Asia/Tashkent
+      ports:
+        - 5055:5055
+      volumes:
+        - seerr-data:/app/config
+      healthcheck:
+        test: wget --no-verbose --tries=1 --spider http://localhost:5055/api/v1/status || exit 1
+        start_period: 20s
+        timeout: 3s
+        interval: 15s
+        retries: 3
+      restart: unless-stopped
+
+  volumes:
+    seerr-data:
+      external: true
+  ```
+  </TabItem>
+  <TabItem value="docker-cli" label="Docker CLI">
+  ```bash {2-3,8,10}
+  docker run -d \
+    --name seerr \
+    --init \
+    -e LOG_LEVEL=debug \
+    -e TZ=Asia/Tashkent \
+    -e PORT=5055 \
+    -p 5055:5055 \
+    -v seerr-data:/app/config \
+    --restart unless-stopped \
+    ghcr.io/seerr-team/seerr:latest
+  ```
+  </TabItem>
+</Tabs>
+
+## Kubernetes
+Refer to [Seerr Kubernetes Documentation](/getting-started/kubernetes), all of our examples have been updated to reflect the below change.
+
+Changes :
+- All references to `jellyseerr` have been renamed to `seerr` in the manifests.
+- The container image reference has been updated.
+- The default `securityContext` and `podSecurityContext` have been updated to support running the container without root permissions.
+
+Summary of changes :
+<Tabs groupId="kubernetes-values" queryString>
+  <TabItem value="old" label="Old values">
+  ```yaml
+  image:
+    repository: fallenbagel/jellyseerr
+  podSecurityContext: {}
+  securityContext: {}
+  ```
+  </TabItem>
+  <TabItem value="new" label="New values">
+  ```yaml
+  image:
+    repository: seerr-team/seerr
+  podSecurityContext:
+    fsGroup: 1000
+    fsGroupChangePolicy: OnRootMismatch
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    readOnlyRootFilesystem: false
+    runAsNonRoot: true
+    privileged: false
+    runAsUser: 1000
+    runAsGroup: 1000
+    seccompProfile:
+      type: RuntimeDefault
+  ```
+  </TabItem>
+</Tabs>

docs/troubleshooting.mdx

@@ -103,7 +103,7 @@ If you can't change your DNS servers or force IPV4 resolution, you can use Seerr
 
 In some places (like China), the ISP blocks not only the DNS resolution but also the connection to the TMDB API.
 
-You can configure Seerr to use a proxy with the [HTTP(S) Proxy](/using-seerr/settings/general#https-proxy) setting.
+You can configure Seerr to use a proxy with the [HTTP(S) Proxy](/using-seerr/settings/general#enable-proxy-support) setting.
 
 ### Option 3: Force IPV4 resolution first
 
@@ -174,4 +174,36 @@ This can happen if you have a new installation of Jellyfin/Emby or if you have c
 
 This process should restore your admin privileges while preserving your settings.
 
+## Failed to enable web push notifications
+
+### Option 1: You are using Pi-hole
+
+When using Pi-hole, you need to whitelist the proper domains in order for the queries to not be intercepted and blocked by Pi-hole.
+If you are using a chromium based browser (eg: Chrome, Brave, Edge...), the domain you need to whitelist is `fcm.googleapis.com`
+If you are using Firefox, the domain you need to whitelist is `push.services.mozilla.com`
+
+1. Log into your Pi-hole through the admin interface, then click on Domains situated under GROUP MANAGEMENT.
+2. Add the domain corresponding to your browser in the `Domain to be added` field and then click on Add to allowed domains.
+3. Now in order for those changes to be used you need to flush your current dns cache.
+4. You can do so by using this command line in your Pi-hole terminal:
+    ```bash
+    pihole restartdns
+    ```
+If this command fails (which is unlikely), use this equivalent:
+    ```bash
+    pihole -f && pihole restartdns
+    ```
+5. Then restart your Seerr instance and try to enable the web push notifications again.
+
+
+### Option 2: You are using Brave browser
+
+Brave is a "De-Googled" browser. So by default or if you refused a prompt in the past, it cuts the access to the FCM (Firebase Cloud Messaging) service, which is mandatory for the web push notifications on Chromium based browsers.
+
+1. Open Brave and paste this address in the url bar: `brave://settings/privacy`
+2. Look for the option: "Use Google services for push messaging"
+3. Activate this option
+4. Relaunch Brave completely
+5. You should now see the notifications prompt appearing instead of an error message.
+
 If you still encounter issues, please reach out on our support channels.

docs/using-seerr/advanced/index.mdx

@@ -0,0 +1,15 @@
+---
+title: Advanced Features
+description: Advanced configuration and use cases.
+sidebar_position: 6
+---
+
+# Advanced Features
+
+## Advanced Configuration and Use Cases
+
+Seerr currently offers advanced features for power users and specific use cases:
+
+import DocCardList from '@theme/DocCardList';
+
+<DocCardList />

docs/using-seerr/advanced/verifying-signed-artifacts.mdx

@@ -0,0 +1,386 @@
+---
+id: verifying-signed-artifacts
+title: Verifying Signed Artifacts
+sidebar_label: Verify Signed Artifacts
+description: Learn how to verify Seerr's signed artifacts and SBOM attestations.
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# Verifying Signed Artifacts
+
+These artifacts are cryptographically signed using [Sigstore Cosign](https://docs.sigstore.dev/quickstart/quickstart-cosign/):
+- Container images
+- Helm charts
+
+This ensures that the images you pull are authentic, tamper-proof, and built by the official Seerr release pipeline.
+
+Additionally each container image also includes a CycloneDX SBOM (Software Bill of Materials) attestation, generated with [Trivy](https://aquasecurity.github.io/trivy/), providing transparency about all dependencies included in the image.
+
+---
+
+## Prerequisites
+
+You will need the following tools installed:
+
+- [Cosign](https://docs.sigstore.dev/cosign/system_config/installation/)
+
+To verify images:
+
+- [Docker](https://docs.docker.com/get-docker/) **or** [Podman](https://podman.io/getting-started/installation) (including [Skopeo](https://github.com/containers/skopeo/blob/main/install.md))
+
+---
+
+## Verifying Signed Images
+
+### Image Locations
+
+Official Seerr images are available from:
+
+- GitHub Container Registry (GHCR): `ghcr.io/seerr-team/seerr:<tag>`
+- Docker Hub: `seerr/seerr:<tag>`
+
+You can view all available tags on the [Seerr Releases page](https://github.com/seerr-team/seerr/releases).
+
+---
+
+### Verifying a Specific Release Tag
+
+Each tagged release (for example `v2.7.4`) is immutable and cryptographically signed.
+Verification should always be performed using the image digest (SHA256).
+
+#### Retrieve the Image Digest
+
+<Tabs groupId="verify-methods">
+  <TabItem value="docker" label="Docker">
+
+```bash
+docker buildx imagetools inspect ghcr.io/seerr-team/seerr:v2.7.4 --format '{{json .Manifest.Digest}}' | tr -d '"'
+```
+  </TabItem>
+
+  <TabItem value="podman" label="Podman / Skopeo">
+
+```bash
+skopeo inspect docker://ghcr.io/seerr-team/seerr:v2.7.4 --format '{{.Digest}}'
+```
+  </TabItem>
+</Tabs>
+
+Example output:
+
+```
+sha256:abcd1234...
+```
+
+---
+
+#### Verify the Image Signature
+
+<Tabs groupId="registry-methods">
+  <TabItem value="ghcr" label="GitHub Container Registry (GHCR)">
+
+```bash
+cosign verify ghcr.io/seerr-team/seerr@sha256:abcd1234... \
+  --certificate-identity "https://github.com/seerr-team/seerr/.github/workflows/release.yml@refs/tags/v2.7.4" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+  </TabItem>
+
+  <TabItem value="dockerhub" label="Docker Hub">
+
+```bash
+cosign verify seerr/seerr@sha256:abcd1234... \
+  --certificate-identity "https://github.com/seerr-team/seerr/.github/workflows/release.yml@refs/tags/v2.7.4" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+  </TabItem>
+</Tabs>
+
+:::info Successful Verification Example
+Verification for `ghcr.io/seerr-team/seerr@sha256:abcd1234...`
+
+The following checks were performed:
+
+- Cosign claims validated
+- Signatures verified against the transparency log
+- Certificate issued by Fulcio to the expected workflow identity
+:::
+
+---
+
+### Verifying the `latest` Tag
+
+:::warning Latest Tag Warning
+The `latest` tag is **mutable**, meaning it will change with each new release.
+Always verify the digest that `latest` currently points to.
+:::
+
+#### Retrieve the Digest for `latest`
+
+<Tabs groupId="verify-methods">
+  <TabItem value="docker" label="Docker">
+
+```bash
+docker buildx imagetools inspect ghcr.io/seerr-team/seerr:latest --format '{{json .Manifest.Digest}}' | tr -d '"'
+```
+  </TabItem>
+
+  <TabItem value="podman" label="Podman / Skopeo">
+
+```bash
+skopeo inspect docker://ghcr.io/seerr-team/seerr:latest --format '{{.Digest}}'
+```
+  </TabItem>
+</Tabs>
+
+Example output:
+
+```
+sha256:abcd1234...
+```
+
+#### Verify the Signature
+
+<Tabs groupId="registry-methods">
+  <TabItem value="ghcr" label="GHCR">
+
+```bash
+cosign verify ghcr.io/seerr-team/seerr@sha256:abcd1234... \
+  --certificate-identity-regexp "https://github.com/seerr-team/seerr/.github/workflows/release.yml@refs/tags/v.*" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+  </TabItem>
+
+  <TabItem value="dockerhub" label="Docker Hub">
+
+```bash
+cosign verify seerr/seerr@sha256:abcd1234... \
+  --certificate-identity-regexp "https://github.com/seerr-team/seerr/.github/workflows/release.yml@refs/tags/v.*" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+  </TabItem>
+</Tabs>
+
+:::tip
+The wildcard `v.*` ensures verification works for any versioned release that `latest` represents.
+:::
+
+---
+
+### Verifying SBOM Attestations
+
+Each image includes a CycloneDX SBOM attestation.
+
+#### Verify the Attestation
+
+```bash
+cosign verify-attestation ghcr.io/seerr-team/seerr@sha256:abcd1234... \
+  --type cyclonedx \
+  --certificate-identity "https://github.com/seerr-team/seerr/.github/workflows/release.yml@refs/tags/v2.7.4" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+:::info Successful Verification Example
+Verification for `ghcr.io/seerr-team/seerr@sha256:abcd1234...`
+
+The following checks were performed:
+
+- Cosign claims validated
+- Signatures verified against the transparency log
+- Certificate issued by Fulcio to the expected workflow identity
+:::
+
+#### Extract the SBOM for Inspection
+
+```bash
+cosign verify-attestation ghcr.io/seerr-team/seerr@sha256:abcd1234... \
+  --type cyclonedx \
+  --certificate-identity "https://github.com/seerr-team/seerr/.github/workflows/release.yml@refs/tags/v2.7.4" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" | jq -r '.payload | @base64d' > sbom.json
+```
+
+You can open `sbom.json` in a CycloneDX viewer or analyse it with [Trivy](https://aquasecurity.github.io/trivy/) or [Dependency-Track](https://dependencytrack.org/).
+
+---
+
+### Expected Certificate Identity
+
+The expected certificate identity for all signed Seerr images is:
+
+```
+https://github.com/seerr-team/seerr/.github/workflows/release.yml@refs/tags/v*
+```
+
+This confirms that the image was:
+
+- Built by the official Seerr Release workflow
+- Produced from the seerr-team/seerr repository
+- Signed using GitHub’s OIDC identity via Sigstore Fulcio
+
+---
+
+### Example: Full Verification Flow
+
+<Tabs groupId="verify-examples">
+  <TabItem value="docker" label="Docker">
+
+```bash
+DIGEST=$(docker buildx imagetools inspect ghcr.io/seerr-team/seerr:latest --format '{{json .Manifest.Digest}}' | tr -d '"')
+
+cosign verify ghcr.io/seerr-team/seerr@"$DIGEST" \
+  --certificate-identity-regexp "https://github.com/seerr-team/seerr/.github/workflows/release.yml@refs/tags/v.*" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+
+cosign verify-attestation ghcr.io/seerr-team/seerr@"$DIGEST" \
+  --type cyclonedx \
+  --certificate-identity-regexp "https://github.com/seerr-team/seerr/.github/workflows/release.yml@refs/tags/v.*" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+  </TabItem>
+
+  <TabItem value="podman" label="Podman / Skopeo">
+
+```bash
+DIGEST=$(skopeo inspect docker://ghcr.io/seerr-team/seerr:latest --format '{{.Digest}}')
+
+cosign verify ghcr.io/seerr-team/seerr@"$DIGEST" \
+  --certificate-identity-regexp "https://github.com/seerr-team/seerr/.github/workflows/release.yml@refs/tags/v.*" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+  </TabItem>
+</Tabs>
+
+## Verifying Signed Helm charts
+
+### Helm Chart Locations
+
+Official Seerr helm charts are available from:
+
+- GitHub Container Registry (GHCR): `ghcr.io/seerr-team/seerr/seerr-chart/seerr-chart:<tag>`
+
+You can view all available tags on the [Seerr Releases page](https://github.com/seerr-team/seerr/pkgs/container/seerr%2Fseerr-chart).
+
+---
+
+### Verifying a Specific Release Tag
+
+Each tagged release (for example `3.0.0`) is immutable and cryptographically signed.
+Verification should always be performed using the image digest (SHA256).
+
+#### Retrieve the Helm Chart Digest
+
+<Tabs groupId="verify-methods">
+  <TabItem value="docker" label="Docker">
+
+```bash
+docker buildx imagetools inspect ghcr.io/seerr-team/seerr/seerr-chart:3.0.0 --format '{{json .Manifest.Digest}}' | tr -d '"'
+```
+  </TabItem>
+
+  <TabItem value="podman" label="Podman / Skopeo">
+
+```bash
+skopeo inspect docker://ghcr.io/seerr-team/seerr/seerr-chart:3.0.0 --format '{{.Digest}}'
+```
+  </TabItem>
+</Tabs>
+
+Example output:
+
+```
+sha256:abcd1234...
+```
+
+---
+
+#### Verify the Helm Chart Signature
+
+```bash
+cosign verify ghcr.io/seerr-team/seerr/seerr-chart@sha256:abcd1234... \
+  --certificate-identity "https://github.com/seerr-team/seerr/.github/workflows/helm.yml@refs/heads/main" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+
+:::info Successful Verification Example
+Verification for `ghcr.io/seerr-team/seerr/seerr-chart@sha256:abcd1234...`
+
+The following checks were performed:
+
+- Cosign claims validated
+- Signatures verified against the transparency log
+- Certificate issued by Fulcio to the expected workflow identity
+:::
+
+---
+
+### Expected Certificate Identity
+
+The expected certificate identity for all signed Seerr images is:
+
+```
+https://github.com/seerr-team/seerr/.github/workflows/helm.yml@refs/heads/main
+```
+
+This confirms that the image was:
+
+- Built by the official Seerr Release workflow
+- Produced from the seerr-team/seerr repository
+- Signed using GitHub’s OIDC identity via Sigstore Fulcio
+
+---
+
+### Example: Full Verification Flow
+
+<Tabs groupId="verify-examples">
+  <TabItem value="docker" label="Docker">
+
+```bash
+DIGEST=$(docker buildx imagetools inspect ghcr.io/seerr-team/seerr/seerr-chart:3.0.0 --format '{{json .Manifest.Digest}}' | tr -d '"')
+
+cosign verify ghcr.io/seerr-team/seerr/seerr-chart@"$DIGEST" \
+  --certificate-identity-regexp "https://github.com/seerr-team/seerr/.github/workflows/helm.yml@refs/heads/main" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+
+cosign verify-attestation ghcr.io/seerr-team/seerr/seerr-chart@"$DIGEST" \
+  --type cyclonedx \
+  --certificate-identity-regexp "https://github.com/seerr-team/seerr/.github/workflows/helm.yml@refs/heads/main" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+  </TabItem>
+
+  <TabItem value="podman" label="Podman / Skopeo">
+
+```bash
+DIGEST=$(skopeo inspect docker://ghcr.io/seerr-team/seerr/seerr-chart:3.0.0 --format '{{.Digest}}')
+
+cosign verify ghcr.io/seerr-team/seerr/seerr-chart@"$DIGEST" \
+  --certificate-identity-regexp "https://github.com/seerr-team/seerr/.github/workflows/helm.yml@refs/heads/main" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+  </TabItem>
+</Tabs>
+
+---
+
+## Troubleshooting
+
+| Issue | Likely Cause | Suggested Fix |
+|-------|---------------|----------------|
+| `no matching signatures` | Incorrect digest or tag | Retrieve the digest again using Docker or Skopeo |
+| `certificate identity does not match expected` | Workflow reference changed | Ensure your `--certificate-identity` matches this documentation |
+| `cosign: command not found` | Cosign not installed | Install Cosign from the official release |
+| `certificate expired` | Old release | Verify a newer tag or digest |
+
+---
+
+## Further Reading
+
+- [Sigstore Documentation](https://docs.sigstore.dev)
+- [Cosign Verification Guide](https://docs.sigstore.dev/cosign/verifying/verify/)
+- [CycloneDX Specification](https://cyclonedx.org/specification/overview/)
+- [Trivy Documentation](https://trivy.dev/latest/docs/)
+- [Skopeo Documentation](https://github.com/containers/skopeo)
+- [Podman Documentation](https://podman.io/get-started/)
+- [Docker Documentation](https://docs.docker.com/)
+- [Seerr GitHub Repository](https://github.com/seerr-team/seerr)

docs/using-seerr/notifications/index.mdx

@@ -22,4 +22,4 @@ Users can customize their notification preferences in their own user notificatio
 
 ## Requesting New Notification Agents
 
-If we do not currently support your preferred notification agent, feel free to [submit a feature request on GitHub](https://github.com/fallenbagel/jellyseerr/issues). However, please be sure to search first and confirm that there is not already an existing request for the agent!
+If we do not currently support your preferred notification agent, feel free to [submit a feature request on GitHub](https://github.com/seerr-team/seerr/issues). However, please be sure to search first and confirm that there is not already an existing request for the agent!

docs/using-seerr/notifications/pushover.md

@@ -16,7 +16,7 @@ User notifications are separate from system notifications, and the available not
 
 ### Application/API Token
 
-[Register an application](https://pushover.net/apps/build) and enter the API token in this field. (You can use one of the [official icons in our GitHub repository](https://github.com/fallenbagel/jellyseerr/tree/develop/public) when configuring the application.)
+[Register an application](https://pushover.net/apps/build) and enter the API token in this field. (You can use one of the [official icons in our GitHub repository](https://github.com/seerr-team/seerr/tree/develop/public) when configuring the application.)
 
 For more details on registering applications or the API token, please see the [Pushover API documentation](https://pushover.net/api#registration).
 

gen-docs/blog/2025-09-29-introducing-jellyseerr-blog.md

@@ -1,24 +0,0 @@
----
-title: Welcome to the Jellyseerr Blog
-description: The official Jellyseerr blog for release notes, technical updates, and community news.
-slug: welcome
-authors: [fallenbagel, gauthier-th]
-tags: [announcement, jellyseerr, blog]
-image: https://raw.githubusercontent.com/fallenbagel/jellyseerr/refs/heads/develop/gen-docs/static/img/logo.svg
-hide_table_of_contents: false
----
-
-We are pleased to introduce the official Jellyseerr blog.
-
-This space will serve as the central place for:
-
-- Release announcements
-- Updates on new features and improvements
-- Technical articles, such as details on our [**DNS caching package**](https://github.com/jellyseerr/dns-caching) and other enhancements
-- Community-related news
-
-<!--truncate-->
-
-Our goal is to keep the community informed and provide deeper insights into the ongoing development of Jellyseerr.
-
-Thank you for being part of the Jellyseerr project. More updates will follow soon.

gen-docs/blog/2025-09-29-introducing-seerr-blog.md

@@ -0,0 +1,24 @@
+---
+title: Welcome to the Seerr Blog
+description: The official Seerr blog for release notes, technical updates, and community news.
+slug: welcome
+authors: [fallenbagel, gauthier-th]
+tags: [announcement, seerr, blog]
+image: https://raw.githubusercontent.com/seerr-team/seerr/refs/heads/develop/gen-docs/static/img/logo.svg
+hide_table_of_contents: false
+---
+
+We are pleased to introduce the official Seerr blog.
+
+This space will serve as the central place for:
+
+- Release announcements
+- Updates on new features and improvements
+- Technical articles, such as details on our [**DNS caching package**](https://github.com/seerr/dns-caching) and other enhancements
+- Community-related news
+
+<!--truncate-->
+
+Our goal is to keep the community informed and provide deeper insights into the ongoing development of Seerr.
+
+Thank you for being part of the Seerr project. More updates will follow soon.

gen-docs/src/components/SeerrVersion/index.tsx

@@ -7,7 +7,7 @@ export const SeerrVersion = () => {
     async function fetchVersion() {
       try {
         const response = await fetch(
-          'https://raw.githubusercontent.com/fallenbagel/jellyseerr/main/package.json'
+          'https://raw.githubusercontent.com/seerr-team/seerr/main/package.json'
         );
 
         const data = await response.json();

package.json

@@ -2,7 +2,7 @@
   "name": "seerr",
   "version": "0.1.0",
   "private": true,
-  "packageManager": "pnpm@10.17.1",
+  "packageManager": "pnpm@10.24.0",
   "scripts": {
     "preinstall": "npx only-allow pnpm",
     "postinstall": "node postinstall-win.js",
@@ -33,39 +33,38 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@dr.pogodin/csurf": "^1.14.1",
-    "@formatjs/intl-displaynames": "6.2.6",
+    "@dr.pogodin/csurf": "^1.16.6",
+    "@formatjs/intl-displaynames": "6.8.13",
     "@formatjs/intl-locale": "3.1.1",
-    "@formatjs/intl-pluralrules": "5.1.10",
+    "@formatjs/intl-pluralrules": "5.4.6",
     "@formatjs/intl-utils": "3.8.4",
     "@formatjs/swc-plugin-experimental": "^0.4.0",
     "@headlessui/react": "1.7.12",
-    "@heroicons/react": "2.0.16",
+    "@heroicons/react": "2.2.0",
     "@supercharge/request-ip": "1.2.0",
     "@svgr/webpack": "6.5.1",
-    "@tanem/react-nprogress": "5.0.30",
+    "@tanem/react-nprogress": "5.0.56",
     "@types/ua-parser-js": "^0.7.36",
     "@types/wink-jaro-distance": "^2.0.2",
-    "ace-builds": "1.15.2",
-    "axios": "1.10.0",
-    "axios-rate-limit": "1.3.0",
+    "ace-builds": "1.43.4",
+    "axios": "1.13.2",
+    "axios-rate-limit": "1.4.0",
     "bcrypt": "5.1.0",
-    "bowser": "2.11.0",
+    "bowser": "2.13.1",
     "connect-typeorm": "1.1.4",
     "cookie-parser": "1.4.7",
     "copy-to-clipboard": "3.3.3",
-    "country-flag-icons": "1.5.5",
+    "country-flag-icons": "1.6.4",
     "cronstrue": "2.23.0",
     "date-fns": "2.29.3",
-    "dayjs": "1.11.7",
+    "dayjs": "1.11.19",
     "dns-caching": "^0.2.7",
-    "email-templates": "12.0.1",
-    "email-validator": "2.0.4",
+    "email-templates": "12.0.3",
     "express": "4.21.2",
     "express-openapi-validator": "4.13.8",
     "express-rate-limit": "6.7.0",
-    "express-session": "1.17.3",
-    "formik": "^2.4.6",
+    "express-session": "1.18.2",
+    "formik": "^2.4.9",
     "gravatar-url": "3.1.0",
     "http-proxy-agent": "^7.0.2",
     "https-proxy-agent": "^7.0.6",
@@ -77,19 +76,19 @@
     "node-schedule": "2.1.1",
     "nodemailer": "6.10.0",
     "openpgp": "5.11.2",
-    "pg": "8.11.0",
+    "pg": "8.16.3",
     "plex-api": "5.3.2",
     "pug": "3.0.3",
     "react": "^18.3.1",
     "react-ace": "10.1.0",
     "react-animate-height": "2.1.2",
-    "react-aria": "3.23.0",
+    "react-aria": "3.44.0",
     "react-dom": "^18.3.1",
     "react-intersection-observer": "9.4.3",
     "react-intl": "^6.6.8",
     "react-markdown": "8.0.5",
     "react-popper-tooltip": "4.4.2",
-    "react-select": "5.7.0",
+    "react-select": "5.10.2",
     "react-spring": "9.7.1",
     "react-tailwindcss-datepicker-sct": "1.3.4",
     "react-toast-notifications": "2.5.1",
@@ -98,18 +97,19 @@
     "react-use-clipboard": "1.0.9",
     "reflect-metadata": "0.1.13",
     "secure-random-password": "0.2.3",
-    "semver": "7.7.1",
+    "semver": "7.7.3",
     "sharp": "^0.33.4",
     "sqlite3": "5.1.7",
     "swagger-ui-express": "4.6.2",
-    "swr": "2.2.5",
+    "swr": "2.3.7",
     "tailwind-merge": "^2.6.0",
     "typeorm": "0.3.12",
     "ua-parser-js": "^1.0.35",
-    "undici": "^7.3.0",
-    "web-push": "3.5.0",
+    "undici": "^7.16.0",
+    "validator": "^13.15.23",
+    "web-push": "3.6.7",
     "wink-jaro-distance": "^2.0.0",
-    "winston": "3.8.2",
+    "winston": "3.18.3",
     "winston-daily-rotate-file": "4.7.1",
     "xml2js": "0.4.23",
     "yamljs": "0.3.0",
@@ -123,31 +123,33 @@
     "@tailwindcss/forms": "0.5.10",
     "@tailwindcss/typography": "0.5.16",
     "@types/bcrypt": "5.0.0",
-    "@types/cookie-parser": "1.4.3",
-    "@types/country-flag-icons": "1.2.0",
-    "@types/csurf": "1.11.2",
+    "@types/cookie-parser": "1.4.10",
+    "@types/country-flag-icons": "1.2.2",
+    "@types/csurf": "1.11.5",
     "@types/email-templates": "8.0.4",
     "@types/express": "4.17.17",
-    "@types/express-session": "1.17.6",
-    "@types/lodash": "4.14.191",
+    "@types/express-session": "1.18.2",
+    "@types/lodash": "4.17.21",
     "@types/mime": "3",
     "@types/node": "22.10.5",
-    "@types/node-schedule": "2.1.0",
+    "@types/node-schedule": "2.1.8",
     "@types/nodemailer": "6.4.7",
     "@types/react": "^18.3.3",
     "@types/react-dom": "^18.3.0",
-    "@types/react-transition-group": "4.4.5",
+    "@types/react-transition-group": "4.4.12",
     "@types/secure-random-password": "0.2.1",
-    "@types/semver": "7.3.13",
-    "@types/swagger-ui-express": "4.1.3",
-    "@types/web-push": "3.3.2",
+    "@types/semver": "7.7.1",
+    "@types/swagger-ui-express": "4.1.8",
+    "@types/validator": "^13.15.10",
+    "@types/web-push": "3.6.4",
     "@types/xml2js": "0.4.11",
     "@types/yamljs": "0.2.31",
     "@types/yup": "0.29.14",
     "@typescript-eslint/eslint-plugin": "5.54.0",
     "@typescript-eslint/parser": "5.54.0",
-    "autoprefixer": "10.4.13",
-    "commitizen": "4.3.0",
+    "autoprefixer": "10.4.22",
+    "baseline-browser-mapping": "^2.8.32",
+    "commitizen": "4.3.1",
     "copyfiles": "2.4.1",
     "cy-mobile-commands": "0.3.0",
     "cypress": "14.1.0",
@@ -156,22 +158,22 @@
     "eslint-config-next": "^14.2.4",
     "eslint-config-prettier": "8.6.0",
     "eslint-plugin-formatjs": "4.9.0",
-    "eslint-plugin-jsx-a11y": "6.7.1",
-    "eslint-plugin-no-relative-import-paths": "1.5.2",
+    "eslint-plugin-jsx-a11y": "6.10.2",
+    "eslint-plugin-no-relative-import-paths": "1.6.1",
     "eslint-plugin-prettier": "4.2.1",
-    "eslint-plugin-react": "7.32.2",
+    "eslint-plugin-react": "7.37.5",
     "eslint-plugin-react-hooks": "4.6.0",
     "husky": "8.0.3",
     "lint-staged": "13.1.2",
-    "nodemon": "3.1.9",
-    "postcss": "8.4.31",
+    "nodemon": "3.1.11",
+    "postcss": "8.5.6",
     "prettier": "2.8.4",
     "prettier-plugin-organize-imports": "3.2.2",
     "prettier-plugin-tailwindcss": "0.2.3",
     "tailwindcss": "3.2.7",
-    "ts-node": "10.9.1",
-    "tsc-alias": "1.8.2",
-    "tsconfig-paths": "4.1.2",
+    "ts-node": "10.9.2",
+    "tsc-alias": "1.8.16",
+    "tsconfig-paths": "4.2.0",
     "typescript": "4.9.5"
   },
   "engines": {
@@ -180,7 +182,7 @@
   },
   "overrides": {
     "sqlite3/node-gyp": "8.4.1",
-    "@types/express-session": "1.17.6"
+    "@types/express-session": "1.18.2"
   },
   "config": {
     "commitizen": {
@@ -201,74 +203,13 @@
       "@commitlint/config-conventional"
     ]
   },
-  "release": {
-    "plugins": [
-      "@semantic-release/commit-analyzer",
-      "@semantic-release/release-notes-generator",
-      "@semantic-release/npm",
-      [
-        "@codedependant/semantic-release-docker",
-        {
-          "dockerArgs": {
-            "COMMIT_TAG": "${GITHUB_SHA}"
-          },
-          "dockerLogin": false,
-          "dockerProject": "fallenbagel",
-          "dockerImage": "jellyseerr",
-          "dockerTags": [
-            "latest",
-            "{{major}}",
-            "{{major}}.{{minor}}",
-            "{{major}}.{{minor}}.{{patch}}"
-          ],
-          "dockerPlatform": [
-            "linux/amd64",
-            "linux/arm64"
-          ]
-        }
-      ],
-      [
-        "@codedependant/semantic-release-docker",
-        {
-          "dockerArgs": {
-            "COMMIT_TAG": "${GITHUB_SHA}"
-          },
-          "dockerLogin": false,
-          "dockerRegistry": "ghcr.io",
-          "dockerProject": "fallenbagel",
-          "dockerImage": "jellyseerr",
-          "dockerTags": [
-            "latest",
-            "{{major}}",
-            "{{major}}.{{minor}}",
-            "{{major}}.{{minor}}.{{patch}}"
-          ],
-          "dockerPlatform": [
-            "linux/amd64",
-            "linux/arm64"
-          ]
-        }
-      ],
-      [
-        "@semantic-release/github",
-        {
-          "addReleases": "bottom"
-        }
-      ]
-    ],
-    "branches": [
-      "main"
-    ],
-    "npmPublish": false,
-    "publish": [
-      "@codedependant/semantic-release-docker",
-      "@semantic-release/github"
-    ]
-  },
   "pnpm": {
     "onlyBuiltDependencies": [
-      "sqlite3",
-      "bcrypt"
+      "@swc/core",
+      "bcrypt",
+      "cypress",
+      "sharp",
+      "sqlite3"
     ]
   }
 }

seerr-api.yml

@@ -2339,8 +2339,12 @@ paths:
                   properties:
                     username:
                       type: string
-                    userId:
-                      type: integer
+                    id:
+                      type: string
+                    thumb:
+                      type: string
+                    email:
+                      type: string
   /settings/jellyfin/sync:
     get:
       summary: Get status of full Jellyfin library sync
@@ -6908,6 +6912,10 @@ paths:
                 is4k:
                   type: boolean
                   example: false
+                  description: |
+                    When true, updates the 4K status field (status4k).
+                    When false or not provided, updates the regular status field (status).
+                    This applies to all status values (available, partial, processing, pending, unknown).
       responses:
         '200':
           description: Returned media

server/api/jellyfin.ts

@@ -112,6 +112,10 @@ export interface JellyfinLibraryItemExtended extends JellyfinLibraryItem {
   DateCreated?: string;
 }
 
+type EpisodeReturn<T> = T extends { includeMediaInfo: true }
+  ? JellyfinLibraryItemExtended[]
+  : JellyfinLibraryItem[];
+
 export interface JellyfinItemsReponse {
   Items: JellyfinLibraryItemExtended[];
   TotalRecordCount: number;
@@ -145,7 +149,7 @@ class JellyfinAPI extends ExternalAPI {
       {},
       {
         headers: {
-          'X-Emby-Authorization': authHeaderVal,
+          Authorization: authHeaderVal,
           'Content-Type': 'application/json',
           Accept: 'application/json',
         },
@@ -415,13 +419,22 @@ class JellyfinAPI extends ExternalAPI {
     }
   }
 
-  public async getEpisodes(
+  public async getEpisodes<
+    T extends { includeMediaInfo?: boolean } | undefined = undefined
+  >(
     seriesID: string,
-    seasonID: string
-  ): Promise<JellyfinLibraryItem[]> {
+    seasonID: string,
+    options?: T
+  ): Promise<EpisodeReturn<T>> {
     try {
       const episodeResponse = await this.get<any>(
-        `/Shows/${seriesID}/Episodes?seasonId=${seasonID}`
+        `/Shows/${seriesID}/Episodes`,
+        {
+          params: {
+            seasonId: seasonID,
+            ...(options?.includeMediaInfo && { fields: 'MediaSources' }),
+          },
+        }
       );
 
       return episodeResponse.Items.filter(

server/api/themoviedb/index.ts

@@ -73,6 +73,7 @@ export interface TmdbCertificationResponse {
 interface DiscoverMovieOptions {
   page?: number;
   includeAdult?: boolean;
+  includeVideo?: boolean;
   language?: string;
   primaryReleaseDateGte?: string;
   primaryReleaseDateLte?: string;
@@ -490,6 +491,7 @@ class TheMovieDb extends ExternalAPI implements TvShowProvider {
     sortBy = 'popularity.desc',
     page = 1,
     includeAdult = false,
+    includeVideo = true,
     language = this.locale,
     primaryReleaseDateGte,
     primaryReleaseDateLte,
@@ -527,6 +529,7 @@ class TheMovieDb extends ExternalAPI implements TvShowProvider {
           sort_by: sortBy,
           page,
           include_adult: includeAdult,
+          include_video: includeVideo,
           language,
           region: this.discoverRegion || '',
           with_original_language:

server/datasource.ts

@@ -77,7 +77,7 @@ const postgresDevConfig: DataSourceOptions = {
   database: process.env.DB_NAME ?? 'seerr',
   ssl: buildSslConfig(),
   synchronize: false,
-  migrationsRun: false,
+  migrationsRun: true,
   logging: boolFromEnv('DB_LOG_QUERIES'),
   entities: ['server/entity/**/*.ts'],
   migrations: ['server/migration/postgres/**/*.ts'],

server/entity/UserPushSubscription.ts

@@ -1,8 +1,15 @@
 import { DbAwareColumn } from '@server/utils/DbColumnHelper';
-import { Column, Entity, ManyToOne, PrimaryGeneratedColumn } from 'typeorm';
+import {
+  Column,
+  Entity,
+  ManyToOne,
+  PrimaryGeneratedColumn,
+  Unique,
+} from 'typeorm';
 import { User } from './User';
 
 @Entity()
+@Unique(['endpoint', 'user'])
 export class UserPushSubscription {
   @PrimaryGeneratedColumn()
   public id: number;

server/lib/availabilitySync.ts

@@ -666,6 +666,16 @@ class AvailabilitySync {
   ): Promise<boolean> {
     let existsInRadarr = false;
 
+    if (is4k && media.status4k === MediaStatus.AVAILABLE) {
+      logger.debug(
+        `Checking if 4K movie [TMDB ID ${media.tmdbId}] exists in Radarr`,
+        {
+          label: 'AvailabilitySync',
+          externalServiceId4k: media.externalServiceId4k,
+        }
+      );
+    }
+
     // Check for availability in all of the available radarr servers
     // If any find the media, we will assume the media exists
     for (const server of this.radarrServers.filter(
@@ -870,6 +880,32 @@ class AvailabilitySync {
           this.plexSeasonsCache[ratingKey4k] =
             await this.plexClient?.getChildrenMetadata(ratingKey4k);
         }
+
+        if (plexMedia) {
+          if (media.mediaType === 'movie') {
+            const has4kByWidth = plexMedia.Media?.some(
+              (mediaItem) => (mediaItem.width ?? 0) >= 2000
+            );
+
+            if (is4k) {
+              if (ratingKey === ratingKey4k || !has4kByWidth) {
+                plexMedia = undefined;
+              }
+            } else {
+              const hasNon4kByWidth = plexMedia.Media?.some(
+                (mediaItem) =>
+                  (mediaItem.width ?? 0) < 2000 && (mediaItem.width ?? 0) > 0
+              );
+              if (!hasNon4kByWidth && has4kByWidth) {
+                plexMedia = undefined;
+              }
+            }
+          } else if (media.mediaType === 'tv' && is4k) {
+            if (ratingKey === ratingKey4k) {
+              plexMedia = undefined;
+            }
+          }
+        }
       }
 
       if (plexMedia) {

server/lib/downloadtracker.ts

@@ -56,6 +56,7 @@ class DownloadTracker {
 
   public async resetDownloadTracker() {
     this.radarrServers = {};
+    this.sonarrServers = {};
   }
 
   public updateDownloads() {

server/lib/notifications/agents/email.ts

@@ -7,8 +7,8 @@ import type { NotificationAgentEmail } from '@server/lib/settings';
 import { getSettings, NotificationAgentKey } from '@server/lib/settings';
 import logger from '@server/logger';
 import type { EmailOptions } from 'email-templates';
-import * as EmailValidator from 'email-validator';
 import path from 'path';
+import validator from 'validator';
 import { Notification, shouldSendAdminNotification } from '..';
 import type { NotificationAgent, NotificationPayload } from './agent';
 import { BaseAgent } from './agent';
@@ -221,7 +221,9 @@ class EmailAgent
             this.getSettings(),
             payload.notifyUser.settings?.pgpKey
           );
-          if (EmailValidator.validate(payload.notifyUser.email)) {
+          if (
+            validator.isEmail(payload.notifyUser.email, { require_tld: false })
+          ) {
             await email.send(
               this.buildMessage(
                 type,
@@ -283,7 +285,7 @@ class EmailAgent
                 this.getSettings(),
                 user.settings?.pgpKey
               );
-              if (EmailValidator.validate(user.email)) {
+              if (validator.isEmail(user.email, { require_tld: false })) {
                 await email.send(
                   this.buildMessage(type, payload, user.email, user.displayName)
                 );

server/lib/notifications/agents/webpush.ts

@@ -24,6 +24,15 @@ interface PushNotificationPayload {
   isAdmin?: boolean;
 }
 
+interface WebPushError extends Error {
+  statusCode?: number;
+  status?: number;
+  body?: string | unknown;
+  response?: {
+    body?: string | unknown;
+  };
+}
+
 class WebPushAgent
   extends BaseAgent<NotificationAgentConfig>
   implements NotificationAgent
@@ -188,19 +197,30 @@ class WebPushAgent
           notificationPayload
         );
       } catch (e) {
+        const webPushError = e as WebPushError;
+        const statusCode = webPushError.statusCode || webPushError.status;
+        const errorMessage = webPushError.message || String(e);
+
+        // RFC 8030: 410/404 are permanent failures, others are transient
+        const isPermanentFailure = statusCode === 410 || statusCode === 404;
+
         logger.error(
-          'Error sending web push notification; removing subscription',
+          isPermanentFailure
+            ? 'Error sending web push notification; removing invalid subscription'
+            : 'Error sending web push notification (transient error, keeping subscription)',
           {
             label: 'Notifications',
             recipient: pushSub.user.displayName,
             type: Notification[type],
             subject: payload.subject,
-            errorMessage: e.message,
+            errorMessage,
+            statusCode: statusCode || 'unknown',
           }
         );
 
-        // Failed to send notification so we need to remove the subscription
-        userPushSubRepository.remove(pushSub);
+        if (isPermanentFailure) {
+          await userPushSubRepository.remove(pushSub);
+        }
       }
     };
 

server/lib/overseerrMerge.ts

@@ -97,6 +97,13 @@ const checkOverseerrMerge = async (): Promise<boolean> => {
       media.status = 7;
       await mediaRepository.save(media);
     }
+    const media4kToUpdate = await mediaRepository.find({
+      where: { status4k: 6 },
+    });
+    for (const media of media4kToUpdate) {
+      media.status4k = 7;
+      await mediaRepository.save(media);
+    }
   } catch (error) {
     logger.error('Failed to update Media status from Blacklisted to Deleted', {
       label: 'Seerr Migration',

server/lib/scanners/baseScanner.ts

@@ -34,6 +34,8 @@ interface ProcessOptions {
   is4k?: boolean;
   mediaAddedAt?: Date;
   ratingKey?: string;
+  jellyfinMediaId?: string;
+  imdbId?: string;
   serviceId?: number;
   externalServiceId?: number;
   externalServiceSlug?: string;
@@ -95,6 +97,8 @@ class BaseScanner<T> {
       is4k = false,
       mediaAddedAt,
       ratingKey,
+      jellyfinMediaId,
+      imdbId,
       serviceId,
       externalServiceId,
       externalServiceSlug,
@@ -133,6 +137,21 @@ class BaseScanner<T> {
           changedExisting = true;
         }
 
+        if (
+          jellyfinMediaId &&
+          existing[is4k ? 'jellyfinMediaId4k' : 'jellyfinMediaId'] !==
+            jellyfinMediaId
+        ) {
+          existing[is4k ? 'jellyfinMediaId4k' : 'jellyfinMediaId'] =
+            jellyfinMediaId;
+          changedExisting = true;
+        }
+
+        if (imdbId && !existing.imdbId) {
+          existing.imdbId = imdbId;
+          changedExisting = true;
+        }
+
         if (
           serviceId !== undefined &&
           existing[is4k ? 'serviceId4k' : 'serviceId'] !== serviceId
@@ -173,6 +192,7 @@ class BaseScanner<T> {
       } else {
         const newMedia = new Media();
         newMedia.tmdbId = tmdbId;
+        newMedia.imdbId = imdbId;
 
         newMedia.status =
           !is4k && !processing
@@ -203,6 +223,13 @@ class BaseScanner<T> {
           newMedia.ratingKey4k =
             is4k && this.enable4kMovie ? ratingKey : undefined;
         }
+
+        if (jellyfinMediaId) {
+          newMedia.jellyfinMediaId = !is4k ? jellyfinMediaId : undefined;
+          newMedia.jellyfinMediaId4k =
+            is4k && this.enable4kMovie ? jellyfinMediaId : undefined;
+        }
+
         await mediaRepository.save(newMedia);
         this.log(`Saved new media: ${title}`);
       }
@@ -221,11 +248,12 @@ class BaseScanner<T> {
    */
   protected async processShow(
     tmdbId: number,
-    tvdbId: number,
+    tvdbId: number | undefined,
     seasons: ProcessableSeason[],
     {
       mediaAddedAt,
       ratingKey,
+      jellyfinMediaId,
       serviceId,
       externalServiceId,
       externalServiceSlug,
@@ -257,7 +285,7 @@ class BaseScanner<T> {
           (es) => es.seasonNumber === season.seasonNumber
         );
 
-        // We update the rating keys in the seasons loop because we need episode counts
+        // We update the rating keys and jellyfinMediaId in the seasons loop because we need episode counts
         if (media && season.episodes > 0 && media.ratingKey !== ratingKey) {
           media.ratingKey = ratingKey;
         }
@@ -271,6 +299,23 @@ class BaseScanner<T> {
           media.ratingKey4k = ratingKey;
         }
 
+        if (
+          media &&
+          season.episodes > 0 &&
+          media.jellyfinMediaId !== jellyfinMediaId
+        ) {
+          media.jellyfinMediaId = jellyfinMediaId;
+        }
+
+        if (
+          media &&
+          season.episodes4k > 0 &&
+          this.enable4kShow &&
+          media.jellyfinMediaId4k !== jellyfinMediaId
+        ) {
+          media.jellyfinMediaId4k = jellyfinMediaId;
+        }
+
         if (existingSeason) {
           // Here we update seasons if they already exist.
           // If the season is already marked as available, we
@@ -491,6 +536,22 @@ class BaseScanner<T> {
             )
               ? ratingKey
               : undefined,
+          jellyfinMediaId: newSeasons.some(
+            (sn) =>
+              sn.status === MediaStatus.PARTIALLY_AVAILABLE ||
+              sn.status === MediaStatus.AVAILABLE
+          )
+            ? jellyfinMediaId
+            : undefined,
+          jellyfinMediaId4k:
+            this.enable4kShow &&
+            newSeasons.some(
+              (sn) =>
+                sn.status4k === MediaStatus.PARTIALLY_AVAILABLE ||
+                sn.status4k === MediaStatus.AVAILABLE
+            )
+              ? jellyfinMediaId
+              : undefined,
           status: isAllStandardSeasons
             ? MediaStatus.AVAILABLE
             : newSeasons.some(

server/lib/scanners/jellyfin/index.ts

@@ -1,5 +1,8 @@
 import animeList from '@server/api/animelist';
-import type { JellyfinLibraryItem } from '@server/api/jellyfin';
+import type {
+  JellyfinLibraryItem,
+  JellyfinLibraryItemExtended,
+} from '@server/api/jellyfin';
 import JellyfinAPI from '@server/api/jellyfin';
 import { getMetadataProvider } from '@server/api/metadata';
 import TheMovieDb from '@server/api/themoviedb';
@@ -8,132 +11,119 @@ import type {
   TmdbKeyword,
   TmdbTvDetails,
 } from '@server/api/themoviedb/interfaces';
-import { MediaStatus, MediaType } from '@server/constants/media';
 import { MediaServerType } from '@server/constants/server';
 import { getRepository } from '@server/datasource';
-import Media from '@server/entity/Media';
-import Season from '@server/entity/Season';
 import { User } from '@server/entity/User';
+import type {
+  ProcessableSeason,
+  RunnableScanner,
+  StatusBase,
+} from '@server/lib/scanners/baseScanner';
+import BaseScanner from '@server/lib/scanners/baseScanner';
 import type { Library } from '@server/lib/settings';
 import { getSettings } from '@server/lib/settings';
-import logger from '@server/logger';
-import AsyncLock from '@server/utils/asyncLock';
 import { getHostname } from '@server/utils/getHostname';
-import { randomUUID as uuid } from 'crypto';
 import { uniqWith } from 'lodash';
 
-const BUNDLE_SIZE = 20;
-const UPDATE_RATE = 4 * 1000;
-
-interface SyncStatus {
-  running: boolean;
-  progress: number;
-  total: number;
+interface JellyfinSyncStatus extends StatusBase {
   currentLibrary: Library;
   libraries: Library[];
 }
 
-class JellyfinScanner {
-  private sessionId: string;
-  private tmdb: TheMovieDb;
+class JellyfinScanner
+  extends BaseScanner<JellyfinLibraryItem>
+  implements RunnableScanner<JellyfinSyncStatus>
+{
   private jfClient: JellyfinAPI;
-  private items: JellyfinLibraryItem[] = [];
-  private progress = 0;
   private libraries: Library[];
   private currentLibrary: Library;
-  private running = false;
   private isRecentOnly = false;
-  private enable4kMovie = false;
-  private enable4kShow = false;
-  private asyncLock = new AsyncLock();
   private processedAnidbSeason: Map<number, Map<number, number>>;
 
   constructor({ isRecentOnly }: { isRecentOnly?: boolean } = {}) {
-    this.tmdb = new TheMovieDb();
-
+    super('Jellyfin Sync');
     this.isRecentOnly = isRecentOnly ?? false;
   }
 
-  private async getExisting(tmdbId: number, mediaType: MediaType) {
-    const mediaRepository = getRepository(Media);
+  private async extractMovieIds(jellyfinitem: JellyfinLibraryItem): Promise<{
+    tmdbId: number;
+    imdbId?: string;
+    metadata: JellyfinLibraryItemExtended;
+  } | null> {
+    let metadata = await this.jfClient.getItemData(jellyfinitem.Id);
 
-    const existing = await mediaRepository.findOne({
-      where: { tmdbId: tmdbId, mediaType },
-    });
+    if (!metadata?.Id) {
+      this.log('No Id metadata for this title. Skipping', 'debug', {
+        jellyfinItemId: jellyfinitem.Id,
+      });
+      return null;
+    }
 
-    return existing;
+    const anidbId = Number(metadata.ProviderIds.AniDB ?? null);
+    let tmdbId = Number(metadata.ProviderIds.Tmdb ?? null);
+    let imdbId = metadata.ProviderIds.Imdb;
+
+    // We use anidb only if we have the anidbId and nothing else
+    if (anidbId && !imdbId && !tmdbId) {
+      const result = animeList.getFromAnidbId(anidbId);
+      tmdbId = Number(result?.tmdbId ?? null);
+      imdbId = result?.imdbId;
+    }
+
+    if (imdbId && !tmdbId) {
+      const tmdbMovie = await this.tmdb.getMediaByImdbId({
+        imdbId: imdbId,
+      });
+      tmdbId = tmdbMovie.id;
+    }
+
+    if (!tmdbId) {
+      throw new Error('Unable to find TMDb ID');
+    }
+
+    // With AniDB we can have mixed libraries with movies in a "show" library
+    // We take the first episode of the first season (the movie) and use it to
+    // get more information, like the MediaSource
+    if (anidbId && metadata.Type === 'Series') {
+      const season = (await this.jfClient.getSeasons(jellyfinitem.Id)).find(
+        (md) => {
+          return md.IndexNumber === 1;
+        }
+      );
+      if (!season) {
+        this.log('No season found for anidb movie', 'debug', {
+          jellyfinitem,
+        });
+        return null;
+      }
+      const episodes = await this.jfClient.getEpisodes(
+        jellyfinitem.Id,
+        season.Id
+      );
+      if (!episodes[0]) {
+        this.log('No episode found for anidb movie', 'debug', {
+          jellyfinitem,
+        });
+        return null;
+      }
+      metadata = await this.jfClient.getItemData(episodes[0].Id);
+      if (!metadata) {
+        this.log('No metadata found for anidb movie', 'debug', {
+          jellyfinitem,
+        });
+        return null;
+      }
+    }
+
+    return { tmdbId, imdbId, metadata };
   }
 
-  private async processMovie(jellyfinitem: JellyfinLibraryItem) {
-    const mediaRepository = getRepository(Media);
-
+  private async processJellyfinMovie(jellyfinitem: JellyfinLibraryItem) {
     try {
-      let metadata = await this.jfClient.getItemData(jellyfinitem.Id);
-      const newMedia = new Media();
+      const extracted = await this.extractMovieIds(jellyfinitem);
+      if (!extracted) return;
 
-      if (!metadata?.Id) {
-        logger.debug('No Id metadata for this title. Skipping', {
-          label: 'Jellyfin Sync',
-          jellyfinItemId: jellyfinitem.Id,
-        });
-        return;
-      }
-
-      const anidbId = Number(metadata.ProviderIds.AniDB ?? null);
-
-      newMedia.tmdbId = Number(metadata.ProviderIds.Tmdb ?? null);
-      newMedia.imdbId = metadata.ProviderIds.Imdb;
-
-      // We use anidb only if we have the anidbId and nothing else
-      if (anidbId && !newMedia.imdbId && !newMedia.tmdbId) {
-        const result = animeList.getFromAnidbId(anidbId);
-        newMedia.tmdbId = Number(result?.tmdbId ?? null);
-        newMedia.imdbId = result?.imdbId;
-      }
-
-      if (newMedia.imdbId && !isNaN(newMedia.tmdbId)) {
-        const tmdbMovie = await this.tmdb.getMediaByImdbId({
-          imdbId: newMedia.imdbId,
-        });
-        newMedia.tmdbId = tmdbMovie.id;
-      }
-      if (!newMedia.tmdbId) {
-        throw new Error('Unable to find TMDb ID');
-      }
-
-      // With AniDB we can have mixed libraries with movies in a "show" library
-      // We take the first episode of the first season (the movie) and use it to
-      // get more information, like the MediaSource
-      if (anidbId && metadata.Type === 'Series') {
-        const season = (await this.jfClient.getSeasons(jellyfinitem.Id)).find(
-          (md) => {
-            return md.IndexNumber === 1;
-          }
-        );
-        if (!season) {
-          this.log('No season found for anidb movie', 'debug', {
-            jellyfinitem,
-          });
-          return;
-        }
-        const episodes = await this.jfClient.getEpisodes(
-          jellyfinitem.Id,
-          season.Id
-        );
-        if (!episodes[0]) {
-          this.log('No episode found for anidb movie', 'debug', {
-            jellyfinitem,
-          });
-          return;
-        }
-        metadata = await this.jfClient.getItemData(episodes[0].Id);
-        if (!metadata) {
-          this.log('No metadata found for anidb movie', 'debug', {
-            jellyfinitem,
-          });
-          return;
-        }
-      }
+      const { tmdbId, imdbId, metadata } = extracted;
 
       const has4k = metadata.MediaSources?.some((MediaSource) => {
         return MediaSource.MediaStreams.filter(
@@ -151,93 +141,29 @@ class JellyfinScanner {
         });
       });
 
-      await this.asyncLock.dispatch(newMedia.tmdbId, async () => {
-        if (!metadata) {
-          // this will never execute, but typescript thinks somebody could reset tvShow from
-          // outer scope back to null before this async gets called
-          return;
-        }
+      const mediaAddedAt = metadata.DateCreated
+        ? new Date(metadata.DateCreated)
+        : undefined;
 
-        const existing = await this.getExisting(
-          newMedia.tmdbId,
-          MediaType.MOVIE
-        );
+      if (hasOtherResolution || (!this.enable4kMovie && has4k)) {
+        await this.processMovie(tmdbId, {
+          is4k: false,
+          mediaAddedAt,
+          jellyfinMediaId: metadata.Id,
+          imdbId,
+          title: metadata.Name,
+        });
+      }
 
-        if (existing) {
-          let changedExisting = false;
-
-          if (
-            (hasOtherResolution || (!this.enable4kMovie && has4k)) &&
-            existing.status !== MediaStatus.AVAILABLE
-          ) {
-            existing.status = MediaStatus.AVAILABLE;
-            existing.mediaAddedAt = new Date(metadata.DateCreated ?? '');
-            changedExisting = true;
-          }
-
-          if (
-            has4k &&
-            this.enable4kMovie &&
-            existing.status4k !== MediaStatus.AVAILABLE
-          ) {
-            existing.status4k = MediaStatus.AVAILABLE;
-            changedExisting = true;
-          }
-
-          if (!existing.mediaAddedAt && !changedExisting) {
-            existing.mediaAddedAt = new Date(metadata.DateCreated ?? '');
-            changedExisting = true;
-          }
-
-          if (
-            (hasOtherResolution || (has4k && !this.enable4kMovie)) &&
-            existing.jellyfinMediaId !== metadata.Id
-          ) {
-            existing.jellyfinMediaId = metadata.Id;
-            changedExisting = true;
-          }
-
-          if (
-            has4k &&
-            this.enable4kMovie &&
-            existing.jellyfinMediaId4k !== metadata.Id
-          ) {
-            existing.jellyfinMediaId4k = metadata.Id;
-            changedExisting = true;
-          }
-
-          if (changedExisting) {
-            await mediaRepository.save(existing);
-            this.log(
-              `Request for ${metadata.Name} exists. New media types set to AVAILABLE`,
-              'info'
-            );
-          } else {
-            this.log(
-              `Title already exists and no new media types found ${metadata.Name}`
-            );
-          }
-        } else {
-          newMedia.status =
-            hasOtherResolution || (!this.enable4kMovie && has4k)
-              ? MediaStatus.AVAILABLE
-              : MediaStatus.UNKNOWN;
-          newMedia.status4k =
-            has4k && this.enable4kMovie
-              ? MediaStatus.AVAILABLE
-              : MediaStatus.UNKNOWN;
-          newMedia.mediaType = MediaType.MOVIE;
-          newMedia.mediaAddedAt = new Date(metadata.DateCreated ?? '');
-          newMedia.jellyfinMediaId =
-            hasOtherResolution || (!this.enable4kMovie && has4k)
-              ? metadata.Id
-              : null;
-          newMedia.jellyfinMediaId4k =
-            has4k && this.enable4kMovie ? metadata.Id : null;
-          await mediaRepository.save(newMedia);
-          this.log(`Saved ${metadata.Name}`);
-        }
-      });
+      if (has4k && this.enable4kMovie) {
+        await this.processMovie(tmdbId, {
+          is4k: true,
+          mediaAddedAt,
+          jellyfinMediaId: metadata.Id,
+          imdbId,
+          title: metadata.Name,
+        });
+      }
     } catch (e) {
       this.log(
         `Failed to process Jellyfin item, id: ${jellyfinitem.Id}`,
@@ -286,9 +212,7 @@ class JellyfinScanner {
     return tvShow;
   }
 
-  private async processShow(jellyfinitem: JellyfinLibraryItem) {
-    const mediaRepository = getRepository(Media);
-
+  private async processJellyfinShow(jellyfinitem: JellyfinLibraryItem) {
     let tvShow: TmdbTvDetails | null = null;
 
     try {
@@ -297,8 +221,7 @@ class JellyfinScanner {
       const metadata = await this.jfClient.getItemData(Id);
 
       if (!metadata?.Id) {
-        logger.debug('No Id metadata for this title. Skipping', {
-          label: 'Jellyfin Sync',
+        this.log('No Id metadata for this title. Skipping', 'debug', {
           jellyfinItemId: jellyfinitem.Id,
         });
         return;
@@ -315,6 +238,7 @@ class JellyfinScanner {
           });
         }
       }
+
       if (!tvShow && metadata.ProviderIds.Tvdb) {
         try {
           tvShow = await this.getTvShow({
@@ -326,6 +250,7 @@ class JellyfinScanner {
           });
         }
       }
+
       let tvdbSeasonFromAnidb: number | undefined;
       if (!tvShow && metadata.ProviderIds.AniDB) {
         const anidbId = Number(metadata.ProviderIds.AniDB);
@@ -344,71 +269,49 @@ class JellyfinScanner {
         }
         // With AniDB we can have mixed libraries with movies in a "show" library
         else if (result?.imdbId || result?.tmdbId) {
-          await this.processMovie(jellyfinitem);
+          await this.processJellyfinMovie(jellyfinitem);
           return;
         }
       }
 
       if (tvShow) {
-        await this.asyncLock.dispatch(tvShow.id, async () => {
-          if (!tvShow) {
-            // this will never execute, but typescript thinks somebody could reset tvShow from
-            // outer scope back to null before this async gets called
-            return;
-          }
+        const seasons = tvShow.seasons;
+        const jellyfinSeasons = await this.jfClient.getSeasons(Id);
 
-          // Lets get the available seasons from Jellyfin
-          const seasons = tvShow.seasons;
-          const media = await this.getExisting(tvShow.id, MediaType.TV);
+        const processableSeasons: ProcessableSeason[] = [];
 
-          const newSeasons: Season[] = [];
+        const settings = getSettings();
+        const filteredSeasons = settings.main.enableSpecialEpisodes
+          ? seasons
+          : seasons.filter((sn) => sn.season_number !== 0);
 
-          const currentStandardSeasonAvailable = (
-            media?.seasons.filter(
-              (season) => season.status === MediaStatus.AVAILABLE
-            ) ?? []
-          ).length;
-          const current4kSeasonAvailable = (
-            media?.seasons.filter(
-              (season) => season.status4k === MediaStatus.AVAILABLE
-            ) ?? []
-          ).length;
+        for (const season of filteredSeasons) {
+          const matchedJellyfinSeason = jellyfinSeasons.find((md) => {
+            if (tvdbSeasonFromAnidb) {
+              // In AniDB we don't have the concept of seasons,
+              // we have multiple shows with only Season 1 (and sometimes a season with index 0 for specials).
+              // We use tvdbSeasonFromAnidb to check if we are on the correct TMDB season and
+              // md.IndexNumber === 1 to be sure to find the correct season on jellyfin
+              return (
+                tvdbSeasonFromAnidb === season.season_number &&
+                md.IndexNumber === 1
+              );
+            } else {
+              return Number(md.IndexNumber) === season.season_number;
+            }
+          });
 
-          for (const season of seasons) {
-            const JellyfinSeasons = await this.jfClient.getSeasons(Id);
-            const matchedJellyfinSeason = JellyfinSeasons.find((md) => {
-              if (tvdbSeasonFromAnidb) {
-                // In AniDB we don't have the concept of seasons,
-                // we have multiple shows with only Season 1 (and sometimes a season with index 0 for specials).
-                // We use tvdbSeasonFromAnidb to check if we are on the correct TMDB season and
-                // md.IndexNumber === 1 to be sure to find the correct season on jellyfin
-                return (
-                  tvdbSeasonFromAnidb === season.season_number &&
-                  md.IndexNumber === 1
-                );
-              } else {
-                return Number(md.IndexNumber) === season.season_number;
-              }
-            });
+          // Check if we found the matching season and it has all the available episodes
+          if (matchedJellyfinSeason) {
+            let totalStandard = 0;
+            let total4k = 0;
 
-            const existingSeason = media?.seasons.find(
-              (es) => es.seasonNumber === season.season_number
-            );
-
-            // Check if we found the matching season and it has all the available episodes
-            if (matchedJellyfinSeason) {
-              // If we have a matched Jellyfin season, get its children metadata so we can check details
+            if (!this.enable4kShow) {
               const episodes = await this.jfClient.getEpisodes(
                 Id,
                 matchedJellyfinSeason.Id
               );
 
-              //Get count of episodes that are HD and 4K
-              let totalStandard = 0;
-              let total4k = 0;
-
-              //use for loop to make sure this loop _completes_ in full
-              //before the next section
               for (const episode of episodes) {
                 let episodeCount = 1;
 
@@ -421,238 +324,94 @@ class JellyfinScanner {
                     episode.IndexNumberEnd - episode.IndexNumber + 1;
                 }
 
-                if (!this.enable4kShow) {
-                  totalStandard += episodeCount;
-                } else {
-                  const ExtendedEpisodeData = await this.jfClient.getItemData(
-                    episode.Id
-                  );
+                totalStandard += episodeCount;
+              }
+            } else {
+              // 4K detection enabled - request media info to check resolution
+              const episodes = await this.jfClient.getEpisodes(
+                Id,
+                matchedJellyfinSeason.Id,
+                { includeMediaInfo: true }
+              );
 
-                  ExtendedEpisodeData?.MediaSources?.some((MediaSource) => {
-                    return MediaSource.MediaStreams.some((MediaStream) => {
-                      if (MediaStream.Type === 'Video') {
-                        if ((MediaStream.Width ?? 0) >= 2000) {
-                          total4k += episodeCount;
-                        } else {
-                          totalStandard += episodeCount;
-                        }
-                      }
-                    });
-                  });
+              for (const episode of episodes) {
+                let episodeCount = 1;
+
+                // count number of combined episodes
+                if (
+                  episode.IndexNumber !== undefined &&
+                  episode.IndexNumberEnd !== undefined
+                ) {
+                  episodeCount =
+                    episode.IndexNumberEnd - episode.IndexNumber + 1;
                 }
-              }
 
-              // With AniDB we can have multiple shows for one season, so we need to save
-              // the episode from all the jellyfin entries to get the total
-              if (tvdbSeasonFromAnidb) {
-                if (this.processedAnidbSeason.has(tvShow.id)) {
-                  const show = this.processedAnidbSeason.get(tvShow.id)!;
-                  if (show.has(season.season_number)) {
-                    show.set(
-                      season.season_number,
-                      show.get(season.season_number)! + totalStandard
-                    );
-
-                    totalStandard = show.get(season.season_number)!;
-                  } else {
-                    show.set(season.season_number, totalStandard);
-                  }
-                } else {
-                  this.processedAnidbSeason.set(
-                    tvShow.id,
-                    new Map([[season.season_number, totalStandard]])
-                  );
-                }
-              }
-
-              if (
-                media &&
-                (totalStandard > 0 || (total4k > 0 && !this.enable4kShow)) &&
-                media.jellyfinMediaId !== Id
-              ) {
-                media.jellyfinMediaId = Id;
-              }
-
-              if (
-                media &&
-                total4k > 0 &&
-                this.enable4kShow &&
-                media.jellyfinMediaId4k !== Id
-              ) {
-                media.jellyfinMediaId4k = Id;
-              }
-
-              if (existingSeason) {
-                // These ternary statements look super confusing, but they are simply
-                // setting the status to AVAILABLE if all of a type is there, partially if some,
-                // and then not modifying the status if there are 0 items
-                existingSeason.status =
-                  totalStandard >= season.episode_count ||
-                  existingSeason.status === MediaStatus.AVAILABLE
-                    ? MediaStatus.AVAILABLE
-                    : totalStandard > 0
-                    ? MediaStatus.PARTIALLY_AVAILABLE
-                    : existingSeason.status;
-                existingSeason.status4k =
-                  (this.enable4kShow && total4k >= season.episode_count) ||
-                  existingSeason.status4k === MediaStatus.AVAILABLE
-                    ? MediaStatus.AVAILABLE
-                    : this.enable4kShow && total4k > 0
-                    ? MediaStatus.PARTIALLY_AVAILABLE
-                    : existingSeason.status4k;
-              } else {
-                newSeasons.push(
-                  new Season({
-                    seasonNumber: season.season_number,
-                    // This ternary is the same as the ones above, but it just falls back to "UNKNOWN"
-                    // if we dont have any items for the season
-                    status:
-                      totalStandard >= season.episode_count
-                        ? MediaStatus.AVAILABLE
-                        : totalStandard > 0
-                        ? MediaStatus.PARTIALLY_AVAILABLE
-                        : MediaStatus.UNKNOWN,
-                    status4k:
-                      this.enable4kShow && total4k >= season.episode_count
-                        ? MediaStatus.AVAILABLE
-                        : this.enable4kShow && total4k > 0
-                        ? MediaStatus.PARTIALLY_AVAILABLE
-                        : MediaStatus.UNKNOWN,
-                  })
+                const has4k = episode.MediaSources?.some((MediaSource) =>
+                  MediaSource.MediaStreams.some(
+                    (MediaStream) =>
+                      MediaStream.Type === 'Video' &&
+                      (MediaStream.Width ?? 0) > 2000
+                  )
                 );
+
+                const hasStandard = episode.MediaSources?.some((MediaSource) =>
+                  MediaSource.MediaStreams.some(
+                    (MediaStream) =>
+                      MediaStream.Type === 'Video' &&
+                      (MediaStream.Width ?? 0) <= 2000
+                  )
+                );
+
+                // Count in both if episode has both versions
+                // TODO: Make this more robust in the future
+                // Currently, this detection is based solely on file resolution, not which
+                // Radarr/Sonarr instance the file came from. If a 4K request results in
+                // 1080p files (no 4K release available yet), those files will be counted
+                // as "standard" even though they're in the 4K library. This can cause
+                // non-4K users to see content as "available" when they can't access it.
+                // See issue https://github.com/seerr-team/seerr/issues/1744 for details.
+                if (hasStandard) totalStandard += episodeCount;
+                if (has4k) total4k += episodeCount;
               }
             }
-          }
 
-          // Remove extras season. We dont count it for determining availability
-          const filteredSeasons = tvShow.seasons.filter(
-            (season) => season.season_number !== 0
-          );
+            // With AniDB we can have multiple shows for one season, so we need to save
+            // the episode from all the jellyfin entries to get the total
+            if (tvdbSeasonFromAnidb) {
+              let show = this.processedAnidbSeason.get(tvShow.id);
 
-          const isAllStandardSeasons =
-            newSeasons.filter(
-              (season) => season.status === MediaStatus.AVAILABLE
-            ).length +
-              (media?.seasons.filter(
-                (season) => season.status === MediaStatus.AVAILABLE
-              ).length ?? 0) >=
-            filteredSeasons.length;
-
-          const isAll4kSeasons =
-            newSeasons.filter(
-              (season) => season.status4k === MediaStatus.AVAILABLE
-            ).length +
-              (media?.seasons.filter(
-                (season) => season.status4k === MediaStatus.AVAILABLE
-              ).length ?? 0) >=
-            filteredSeasons.length;
-
-          if (media) {
-            // Update existing
-            media.seasons = [...media.seasons, ...newSeasons];
-
-            const newStandardSeasonAvailable = (
-              media.seasons.filter(
-                (season) => season.status === MediaStatus.AVAILABLE
-              ) ?? []
-            ).length;
-
-            const new4kSeasonAvailable = (
-              media.seasons.filter(
-                (season) => season.status4k === MediaStatus.AVAILABLE
-              ) ?? []
-            ).length;
-
-            // If at least one new season has become available, update
-            // the lastSeasonChange field so we can trigger notifications
-            if (newStandardSeasonAvailable > currentStandardSeasonAvailable) {
-              this.log(
-                `Detected ${
-                  newStandardSeasonAvailable - currentStandardSeasonAvailable
-                } new standard season(s) for ${tvShow.name}`,
-                'debug'
-              );
-              media.lastSeasonChange = new Date();
-              media.mediaAddedAt = new Date(metadata.DateCreated ?? '');
+              if (!show) {
+                show = new Map([[season.season_number, totalStandard]]);
+                this.processedAnidbSeason.set(tvShow.id, show);
+              } else {
+                const currentCount = show.get(season.season_number) ?? 0;
+                const newCount = currentCount + totalStandard;
+                show.set(season.season_number, newCount);
+                totalStandard = newCount;
+              }
             }
 
-            if (new4kSeasonAvailable > current4kSeasonAvailable) {
-              this.log(
-                `Detected ${
-                  new4kSeasonAvailable - current4kSeasonAvailable
-                } new 4K season(s) for ${tvShow.name}`,
-                'debug'
-              );
-              media.lastSeasonChange = new Date();
-            }
-
-            if (!media.mediaAddedAt) {
-              media.mediaAddedAt = new Date(metadata.DateCreated ?? '');
-            }
-
-            // If the show is already available, and there are no new seasons, dont adjust
-            // the status
-            const shouldStayAvailable =
-              media.status === MediaStatus.AVAILABLE &&
-              newSeasons.filter(
-                (season) => season.status !== MediaStatus.UNKNOWN
-              ).length === 0;
-            const shouldStayAvailable4k =
-              media.status4k === MediaStatus.AVAILABLE &&
-              newSeasons.filter(
-                (season) => season.status4k !== MediaStatus.UNKNOWN
-              ).length === 0;
-
-            media.status =
-              isAllStandardSeasons || shouldStayAvailable
-                ? MediaStatus.AVAILABLE
-                : media.seasons.some(
-                    (season) => season.status !== MediaStatus.UNKNOWN
-                  )
-                ? MediaStatus.PARTIALLY_AVAILABLE
-                : MediaStatus.UNKNOWN;
-            media.status4k =
-              (isAll4kSeasons || shouldStayAvailable4k) && this.enable4kShow
-                ? MediaStatus.AVAILABLE
-                : this.enable4kShow &&
-                  media.seasons.some(
-                    (season) => season.status4k !== MediaStatus.UNKNOWN
-                  )
-                ? MediaStatus.PARTIALLY_AVAILABLE
-                : MediaStatus.UNKNOWN;
-            await mediaRepository.save(media);
-            this.log(`Updating existing title: ${tvShow.name}`);
-          } else {
-            const newMedia = new Media({
-              mediaType: MediaType.TV,
-              seasons: newSeasons,
-              tmdbId: tvShow.id,
-              tvdbId: tvShow.external_ids.tvdb_id,
-              mediaAddedAt: new Date(metadata.DateCreated ?? ''),
-              jellyfinMediaId: isAllStandardSeasons ? Id : null,
-              jellyfinMediaId4k:
-                isAll4kSeasons && this.enable4kShow ? Id : null,
-              status: isAllStandardSeasons
-                ? MediaStatus.AVAILABLE
-                : newSeasons.some(
-                    (season) => season.status !== MediaStatus.UNKNOWN
-                  )
-                ? MediaStatus.PARTIALLY_AVAILABLE
-                : MediaStatus.UNKNOWN,
-              status4k:
-                isAll4kSeasons && this.enable4kShow
-                  ? MediaStatus.AVAILABLE
-                  : this.enable4kShow &&
-                    newSeasons.some(
-                      (season) => season.status4k !== MediaStatus.UNKNOWN
-                    )
-                  ? MediaStatus.PARTIALLY_AVAILABLE
-                  : MediaStatus.UNKNOWN,
+            processableSeasons.push({
+              seasonNumber: season.season_number,
+              totalEpisodes: season.episode_count,
+              episodes: totalStandard,
+              episodes4k: total4k,
             });
-            await mediaRepository.save(newMedia);
-            this.log(`Saved ${tvShow.name}`);
           }
-        });
+        }
+
+        await this.processShow(
+          tvShow.id,
+          tvShow.external_ids?.tvdb_id,
+          processableSeasons,
+          {
+            mediaAddedAt: metadata.DateCreated
+              ? new Date(metadata.DateCreated)
+              : undefined,
+            jellyfinMediaId: Id,
+            title: tvShow.name,
+          }
+        );
       } else {
         this.log(
           `No information found for the show: ${metadata.Name}`,
@@ -668,70 +427,17 @@ class JellyfinScanner {
           jellyfinitem.SeriesId ?? jellyfinitem.SeasonId ?? jellyfinitem.Id
         }`,
         'error',
-        {
-          errorMessage: e.message,
-          jellyfinitem,
-        }
+        { errorMessage: e.message, jellyfinitem }
       );
     }
   }
 
-  private async processItems(slicedItems: JellyfinLibraryItem[]) {
-    this.processedAnidbSeason = new Map();
-    await Promise.all(
-      slicedItems.map(async (item) => {
-        if (item.Type === 'Movie') {
-          await this.processMovie(item);
-        } else if (item.Type === 'Series') {
-          await this.processShow(item);
-        }
-      })
-    );
-  }
-
-  private async loop({
-    start = 0,
-    end = BUNDLE_SIZE,
-    sessionId,
-  }: {
-    start?: number;
-    end?: number;
-    sessionId?: string;
-  } = {}) {
-    const slicedItems = this.items.slice(start, end);
-
-    if (!this.running) {
-      throw new Error('Sync was aborted.');
+  private async processItem(item: JellyfinLibraryItem): Promise<void> {
+    if (item.Type === 'Movie') {
+      await this.processJellyfinMovie(item);
+    } else if (item.Type === 'Series') {
+      await this.processJellyfinShow(item);
     }
-
-    if (this.sessionId !== sessionId) {
-      throw new Error('New session was started. Old session aborted.');
-    }
-
-    if (start < this.items.length) {
-      this.progress = start;
-      await this.processItems(slicedItems);
-
-      await new Promise<void>((resolve, reject) =>
-        setTimeout(() => {
-          this.loop({
-            start: start + BUNDLE_SIZE,
-            end: end + BUNDLE_SIZE,
-            sessionId,
-          })
-            .then(() => resolve())
-            .catch((e) => reject(new Error(e.message)));
-        }, UPDATE_RATE)
-      );
-    }
-  }
-
-  private log(
-    message: string,
-    level: 'info' | 'error' | 'debug' | 'warn' = 'debug',
-    optional?: Record<string, unknown>
-  ): void {
-    logger[level](message, { label: 'Jellyfin Sync', ...optional });
   }
 
   public async run(): Promise<void> {
@@ -744,14 +450,9 @@ class JellyfinScanner {
       return;
     }
 
-    const sessionId = uuid();
-    this.sessionId = sessionId;
-    logger.info('Jellyfin Sync Starting', {
-      sessionId,
-      label: 'Jellyfin Sync',
-    });
+    const sessionId = this.startRun();
+
     try {
-      this.running = true;
       const userRepository = getRepository(User);
       const admin = await userRepository.findOne({
         where: { id: 1 },
@@ -777,25 +478,11 @@ class JellyfinScanner {
 
       await animeList.sync();
 
-      this.enable4kMovie = settings.radarr.some((radarr) => radarr.is4k);
-      if (this.enable4kMovie) {
-        this.log(
-          'At least one 4K Radarr server was detected. 4K movie detection is now enabled',
-          'info'
-        );
-      }
-
-      this.enable4kShow = settings.sonarr.some((sonarr) => sonarr.is4k);
-      if (this.enable4kShow) {
-        this.log(
-          'At least one 4K Sonarr server was detected. 4K series detection is now enabled',
-          'info'
-        );
-      }
-
       if (this.isRecentOnly) {
         for (const library of this.libraries) {
           this.currentLibrary = library;
+          // Reset AniDB season tracking per library
+          this.processedAnidbSeason = new Map();
           this.log(
             `Beginning to process recently added for library: ${library.name}`,
             'info'
@@ -815,16 +502,19 @@ class JellyfinScanner {
             return mediaA.Id === mediaB.Id;
           });
 
-          await this.loop({ sessionId });
+          await this.loop(this.processItem.bind(this), { sessionId });
         }
       } else {
         for (const library of this.libraries) {
           this.currentLibrary = library;
+          // Reset AniDB season tracking per library
+          this.processedAnidbSeason = new Map();
           this.log(`Beginning to process library: ${library.name}`, 'info');
           this.items = await this.jfClient.getLibraryContents(library.id);
-          await this.loop({ sessionId });
+          await this.loop(this.processItem.bind(this), { sessionId });
         }
       }
+
       this.log(
         this.isRecentOnly
           ? 'Recently Added Scan Complete'
@@ -832,19 +522,13 @@ class JellyfinScanner {
         'info'
       );
     } catch (e) {
-      logger.error('Sync interrupted', {
-        label: 'Jellyfin Sync',
-        errorMessage: e.message,
-      });
+      this.log('Sync interrupted', 'error', { errorMessage: e.message });
     } finally {
-      // If a new scanning session hasnt started, set running back to false
-      if (this.sessionId === sessionId) {
-        this.running = false;
-      }
+      this.endRun(sessionId);
     }
   }
 
-  public status(): SyncStatus {
+  public status(): JellyfinSyncStatus {
     return {
       running: this.running,
       progress: this.progress,
@@ -853,10 +537,6 @@ class JellyfinScanner {
       libraries: this.libraries,
     };
   }
-
-  public cancel(): void {
-    this.running = false;
-  }
 }
 
 export const jellyfinFullScanner = new JellyfinScanner();

server/lib/settings/migrations/0007_migrate_arr_tags.ts

@@ -13,9 +13,7 @@ const migrationArrTags = async (settings: any): Promise<AllSettings> => {
   }
 
   const userRepository = getRepository(User);
-  const users = await userRepository.find({
-    select: ['id'],
-  });
+  const users = await userRepository.find();
 
   let errorOccurred = false;
 
@@ -30,15 +28,26 @@ const migrationArrTags = async (settings: any): Promise<AllSettings> => {
       });
       const radarrTags = await radarr.getTags();
       for (const user of users) {
-        const userTag = radarrTags.find((v) =>
-          v.label.startsWith(user.id + ' - ')
+        const userTag = radarrTags.find(
+          (v) =>
+            v.label.startsWith(user.id + ' - ') ||
+            v.label.startsWith(user.id + '-')
         );
         if (!userTag) {
           continue;
         }
         await radarr.renameTag({
           id: userTag.id,
-          label: userTag.label.replace(`${user.id} - `, `${user.id}-`),
+          label:
+            user.id +
+            '-' +
+            user.displayName
+              .normalize('NFD')
+              .replace(/[\u0300-\u036f]/g, '')
+              .replace(/\s+/g, '-')
+              .replace(/[^a-z0-9-]/gi, '')
+              .replace(/-+/g, '-')
+              .replace(/^-|-$/g, ''),
         });
       }
     } catch (error) {
@@ -61,15 +70,26 @@ const migrationArrTags = async (settings: any): Promise<AllSettings> => {
       });
       const sonarrTags = await sonarr.getTags();
       for (const user of users) {
-        const userTag = sonarrTags.find((v) =>
-          v.label.startsWith(user.id + ' - ')
+        const userTag = sonarrTags.find(
+          (v) =>
+            v.label.startsWith(user.id + ' - ') ||
+            v.label.startsWith(user.id + '-')
         );
         if (!userTag) {
           continue;
         }
         await sonarr.renameTag({
           id: userTag.id,
-          label: userTag.label.replace(`${user.id} - `, `${user.id}-`),
+          label:
+            user.id +
+            '-' +
+            user.displayName
+              .normalize('NFD')
+              .replace(/[\u0300-\u036f]/g, '')
+              .replace(/\s+/g, '-')
+              .replace(/[^a-z0-9-]/gi, '')
+              .replace(/-+/g, '-')
+              .replace(/^-|-$/g, ''),
         });
       }
     } catch (error) {

server/migration/postgres/1765233385034-AddUniqueConstraintToPushSubscription.ts

@@ -0,0 +1,28 @@
+import type { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddUniqueConstraintToPushSubscription1765233385034
+  implements MigrationInterface
+{
+  name = 'AddUniqueConstraintToPushSubscription1765233385034';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`
+      DELETE FROM "user_push_subscription"
+      WHERE id NOT IN (
+        SELECT MAX(id)
+        FROM "user_push_subscription"
+        GROUP BY "endpoint", "userId"
+      )
+    `);
+
+    await queryRunner.query(
+      `ALTER TABLE "user_push_subscription" ADD CONSTRAINT "UQ_6427d07d9a171a3a1ab87480005" UNIQUE ("endpoint", "userId")`
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "user_push_subscription" DROP CONSTRAINT "UQ_6427d07d9a171a3a1ab87480005"`
+    );
+  }
+}

server/migration/sqlite/1765233385034-AddUniqueConstraintToPushSubscription.ts

@@ -0,0 +1,26 @@
+import type { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddUniqueConstraintToPushSubscription1765233385034
+  implements MigrationInterface
+{
+  name = 'AddUniqueConstraintToPushSubscription1765233385034';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`
+      DELETE FROM "user_push_subscription"
+      WHERE id NOT IN (
+        SELECT MAX(id)
+        FROM "user_push_subscription"
+        GROUP BY "endpoint", "userId"
+      )
+    `);
+
+    await queryRunner.query(
+      `CREATE UNIQUE INDEX "UQ_6427d07d9a171a3a1ab87480005" ON "user_push_subscription" ("endpoint", "userId")`
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`DROP INDEX "UQ_6427d07d9a171a3a1ab87480005"`);
+  }
+}

server/routes/auth.ts

@@ -15,9 +15,9 @@ import { ApiError } from '@server/types/error';
 import { getAppVersion } from '@server/utils/appVersion';
 import { getHostname } from '@server/utils/getHostname';
 import axios from 'axios';
-import * as EmailValidator from 'email-validator';
 import { Router } from 'express';
 import net from 'net';
+import validator from 'validator';
 
 const authRoutes = Router();
 
@@ -37,7 +37,7 @@ authRoutes.get('/me', isAuthenticated(), async (req, res) => {
   const settings = await getSettings();
   if (
     settings.notifications.agents.email.options.userEmailRequired &&
-    !EmailValidator.validate(user.email)
+    !validator.isEmail(user.email, { require_tld: false })
   ) {
     user.warnings.push('userEmailRequired');
     logger.warn(`User ${user.username} has no valid email address`);
@@ -626,76 +626,6 @@ authRoutes.post('/local', async (req, res, next) => {
       });
     }
 
-    const mainUser = await userRepository.findOneOrFail({
-      select: { id: true, plexToken: true, plexId: true },
-      where: { id: 1 },
-    });
-    const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? '');
-
-    if (!user.plexId) {
-      try {
-        const plexUsersResponse = await mainPlexTv.getUsers();
-        const account = plexUsersResponse.MediaContainer.User.find(
-          (account) =>
-            account.$.email &&
-            account.$.email.toLowerCase() === user.email.toLowerCase()
-        )?.$;
-
-        if (
-          account &&
-          (await mainPlexTv.checkUserAccess(parseInt(account.id)))
-        ) {
-          logger.info(
-            'Found matching Plex user; updating user with Plex data',
-            {
-              label: 'API',
-              ip: req.ip,
-              email: body.email,
-              userId: user.id,
-              plexId: account.id,
-              plexUsername: account.username,
-            }
-          );
-
-          user.plexId = parseInt(account.id);
-          user.avatar = account.thumb;
-          user.email = account.email;
-          user.plexUsername = account.username;
-          user.userType = UserType.PLEX;
-
-          await userRepository.save(user);
-        }
-      } catch (e) {
-        logger.error('Something went wrong fetching Plex users', {
-          label: 'API',
-          errorMessage: e.message,
-        });
-      }
-    }
-
-    if (
-      user.plexId &&
-      user.plexId !== mainUser.plexId &&
-      !(await mainPlexTv.checkUserAccess(user.plexId))
-    ) {
-      logger.warn(
-        'Failed sign-in attempt from Plex user without access to the media server',
-        {
-          label: 'API',
-          account: {
-            ip: req.ip,
-            email: body.email,
-            userId: user.id,
-            plexId: user.plexId,
-          },
-        }
-      );
-      return next({
-        status: 403,
-        message: 'Access denied.',
-      });
-    }
-
     // Set logged in session
     if (user && req.session) {
       req.session.userId = user.id;
@@ -775,7 +705,7 @@ authRoutes.post('/logout', async (req, res, next) => {
         });
         return next({ status: 500, message: 'Failed to destroy session.' });
       }
-      logger.info('Successfully logged out user', {
+      logger.debug('Successfully logged out user', {
         label: 'Auth',
         userId,
       });

server/routes/media.ts

@@ -112,7 +112,7 @@ mediaRoutes.post<
       return next({ status: 404, message: 'Media does not exist.' });
     }
 
-    const is4k = Boolean(req.body.is4k);
+    const is4k = String(req.body.is4k) === 'true';
 
     switch (req.params.status) {
       case 'available':
@@ -145,16 +145,16 @@ mediaRoutes.post<
             message: 'Only series can be set to be partially available',
           });
         }
-        media.status = MediaStatus.PARTIALLY_AVAILABLE;
+        media[is4k ? 'status4k' : 'status'] = MediaStatus.PARTIALLY_AVAILABLE;
         break;
       case 'processing':
-        media.status = MediaStatus.PROCESSING;
+        media[is4k ? 'status4k' : 'status'] = MediaStatus.PROCESSING;
         break;
       case 'pending':
-        media.status = MediaStatus.PENDING;
+        media[is4k ? 'status4k' : 'status'] = MediaStatus.PENDING;
         break;
       case 'unknown':
-        media.status = MediaStatus.UNKNOWN;
+        media[is4k ? 'status4k' : 'status'] = MediaStatus.UNKNOWN;
     }
 
     await mediaRepository.save(media);
@@ -198,7 +198,7 @@ mediaRoutes.delete(
         where: { id: Number(req.params.id) },
       });
 
-      const is4k = req.query.is4k === 'true';
+      const is4k = String(req.query.is4k) === 'true';
       const isMovie = media.mediaType === MediaType.MOVIE;
 
       let serviceSettings;
@@ -212,18 +212,19 @@ mediaRoutes.delete(
         );
       }
 
+      const specificServiceId = is4k ? media.serviceId4k : media.serviceId;
       if (
-        media.serviceId &&
-        media.serviceId >= 0 &&
-        serviceSettings?.id !== media.serviceId
+        specificServiceId &&
+        specificServiceId >= 0 &&
+        serviceSettings?.id !== specificServiceId
       ) {
         if (isMovie) {
           serviceSettings = settings.radarr.find(
-            (radarr) => radarr.id === media.serviceId
+            (radarr) => radarr.id === specificServiceId
           );
         } else {
           serviceSettings = settings.sonarr.find(
-            (sonarr) => sonarr.id === media.serviceId
+            (sonarr) => sonarr.id === specificServiceId
           );
         }
       }
@@ -257,13 +258,7 @@ mediaRoutes.delete(
       }
 
       if (isMovie) {
-        await (service as RadarrAPI).removeMovie(
-          parseInt(
-            is4k
-              ? (media.externalServiceSlug4k as string)
-              : (media.externalServiceSlug as string)
-          )
-        );
+        await (service as RadarrAPI).removeMovie(media.tmdbId);
       } else {
         const tmdb = new TheMovieDb();
         const series = await tmdb.getTvShow({ tvId: media.tmdbId });

server/routes/user/index.ts

@@ -4,7 +4,7 @@ import TautulliAPI from '@server/api/tautulli';
 import { MediaType } from '@server/constants/media';
 import { MediaServerType } from '@server/constants/server';
 import { UserType } from '@server/constants/user';
-import { getRepository } from '@server/datasource';
+import dataSource, { getRepository } from '@server/datasource';
 import Media from '@server/entity/Media';
 import { MediaRequest } from '@server/entity/MediaRequest';
 import { User } from '@server/entity/User';
@@ -25,7 +25,8 @@ import { getHostname } from '@server/utils/getHostname';
 import { Router } from 'express';
 import gravatarUrl from 'gravatar-url';
 import { findIndex, sortBy } from 'lodash';
-import { In } from 'typeorm';
+import type { EntityManager } from 'typeorm';
+import { In, Not } from 'typeorm';
 import userSettingsRoutes from './usersettings';
 
 const router = Router();
@@ -188,30 +189,82 @@ router.post<
   }
 >('/registerPushSubscription', async (req, res, next) => {
   try {
-    const userPushSubRepository = getRepository(UserPushSubscription);
+    // This prevents race conditions where two requests both pass the checks
+    await dataSource.transaction(
+      async (transactionalEntityManager: EntityManager) => {
+        const transactionalRepo =
+          transactionalEntityManager.getRepository(UserPushSubscription);
 
-    const existingSubs = await userPushSubRepository.find({
-      relations: { user: true },
-      where: { auth: req.body.auth, user: { id: req.user?.id } },
-    });
+        // Check for existing subscription by auth or endpoint within transaction
+        const existingSubscription = await transactionalRepo.findOne({
+          relations: { user: true },
+          where: [
+            { auth: req.body.auth, user: { id: req.user?.id } },
+            { endpoint: req.body.endpoint, user: { id: req.user?.id } },
+          ],
+        });
 
-    if (existingSubs.length > 0) {
-      logger.debug(
-        'User push subscription already exists. Skipping registration.',
-        { label: 'API' }
-      );
-      return res.status(204).send();
-    }
+        if (existingSubscription) {
+          // If endpoint matches but auth is different, update with new keys (iOS refresh case)
+          if (
+            existingSubscription.endpoint === req.body.endpoint &&
+            existingSubscription.auth !== req.body.auth
+          ) {
+            existingSubscription.auth = req.body.auth;
+            existingSubscription.p256dh = req.body.p256dh;
+            existingSubscription.userAgent = req.body.userAgent;
 
-    const userPushSubscription = new UserPushSubscription({
-      auth: req.body.auth,
-      endpoint: req.body.endpoint,
-      p256dh: req.body.p256dh,
-      userAgent: req.body.userAgent,
-      user: req.user,
-    });
+            await transactionalRepo.save(existingSubscription);
 
-    userPushSubRepository.save(userPushSubscription);
+            logger.debug(
+              'Updated existing push subscription with new keys for same endpoint.',
+              { label: 'API' }
+            );
+            return;
+          }
+
+          logger.debug(
+            'Duplicate subscription detected. Skipping registration.',
+            { label: 'API' }
+          );
+          return;
+        }
+
+        // Clean up old subscriptions from the same device (userAgent) for this user
+        // iOS can silently refresh endpoints, leaving stale subscriptions in the database
+        // Only clean up if we're creating a new subscription (not updating an existing one)
+        if (req.body.userAgent) {
+          const staleSubscriptions = await transactionalRepo.find({
+            relations: { user: true },
+            where: {
+              userAgent: req.body.userAgent,
+              user: { id: req.user?.id },
+              // Only remove subscriptions with different endpoints (stale ones)
+              // Keep subscriptions that might be from different browsers/tabs
+              endpoint: Not(req.body.endpoint),
+            },
+          });
+
+          if (staleSubscriptions.length > 0) {
+            await transactionalRepo.remove(staleSubscriptions);
+            logger.debug(
+              `Removed ${staleSubscriptions.length} stale push subscription(s) from same device.`,
+              { label: 'API' }
+            );
+          }
+        }
+
+        const userPushSubscription = new UserPushSubscription({
+          auth: req.body.auth,
+          endpoint: req.body.endpoint,
+          p256dh: req.body.p256dh,
+          userAgent: req.body.userAgent,
+          user: req.user,
+        });
+
+        await transactionalRepo.save(userPushSubscription);
+      }
+    );
 
     return res.status(204).send();
   } catch (e) {
@@ -269,16 +322,20 @@ router.delete<{ userId: number; endpoint: string }>(
     try {
       const userPushSubRepository = getRepository(UserPushSubscription);
 
-      const userPushSub = await userPushSubRepository.findOneOrFail({
-        relations: {
-          user: true,
-        },
+      const userPushSub = await userPushSubRepository.findOne({
+        relations: { user: true },
         where: {
           user: { id: req.params.userId },
           endpoint: req.params.endpoint,
         },
       });
 
+      // If not found, just return 204 to prevent push disable failure
+      // (rare scenario where user push sub does not exist)
+      if (!userPushSub) {
+        return res.status(204).send();
+      }
+
       await userPushSubRepository.remove(userPushSub);
       return res.status(204).send();
     } catch (e) {

server/subscriber/MediaRequestSubscriber.ts

@@ -29,6 +29,16 @@ import type {
 } from 'typeorm';
 import { EventSubscriber } from 'typeorm';
 
+const sanitizeDisplayName = (displayName: string): string => {
+  return displayName
+    .normalize('NFD')
+    .replace(/[\u0300-\u036f]/g, '')
+    .replace(/\s+/g, '-')
+    .replace(/[^a-z0-9-]/gi, '')
+    .replace(/-+/g, '-')
+    .replace(/^-|-$/g, '');
+};
+
 @EventSubscriber()
 export class MediaRequestSubscriber
   implements EntitySubscriberInterface<MediaRequest>
@@ -310,11 +320,15 @@ export class MediaRequestSubscriber
               mediaId: entity.media.id,
               userId: entity.requestedBy.id,
               newTag:
-                entity.requestedBy.id + '-' + entity.requestedBy.displayName,
+                entity.requestedBy.id +
+                '-' +
+                sanitizeDisplayName(entity.requestedBy.displayName),
             });
             userTag = await radarr.createTag({
               label:
-                entity.requestedBy.id + '-' + entity.requestedBy.displayName,
+                entity.requestedBy.id +
+                '-' +
+                sanitizeDisplayName(entity.requestedBy.displayName),
             });
           }
           if (userTag.id) {
@@ -631,11 +645,15 @@ export class MediaRequestSubscriber
               mediaId: entity.media.id,
               userId: entity.requestedBy.id,
               newTag:
-                entity.requestedBy.id + '-' + entity.requestedBy.displayName,
+                entity.requestedBy.id +
+                '-' +
+                sanitizeDisplayName(entity.requestedBy.displayName),
             });
             userTag = await sonarr.createTag({
               label:
-                entity.requestedBy.id + '-' + entity.requestedBy.displayName,
+                entity.requestedBy.id +
+                '-' +
+                sanitizeDisplayName(entity.requestedBy.displayName),
             });
           }
           if (userTag.id) {

src/components/Blacklist/index.tsx

@@ -354,7 +354,7 @@ const BlacklistedItem = ({ item, revalidateList }: BlacklistedItemProps) => {
               src={
                 title?.posterPath
                   ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${title.posterPath}`
-                  : '/images/jellyseerr_poster_not_found.png'
+                  : '/images/seerr_poster_not_found.png'
               }
               alt=""
               sizes="100vw"

src/components/CollectionDetails/index.tsx

@@ -233,7 +233,7 @@ const CollectionDetails = ({ collection }: CollectionDetailsProps) => {
             src={
               data.posterPath
                 ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${data.posterPath}`
-                : '/images/jellyseerr_poster_not_found.png'
+                : '/images/seerr_poster_not_found.png'
             }
             alt=""
             sizes="100vw"

src/components/Common/LabeledCheckbox/index.tsx

@@ -25,7 +25,7 @@ const LabeledCheckbox: React.FC<LabeledCheckboxProps> = ({
           <Field type="checkbox" id={id} name={id} onChange={onChange} />
         </div>
         <div className="ml-3 text-sm leading-6">
-          <label htmlFor="localLogin" className="block">
+          <label htmlFor="localLogin" className="block" aria-label={label}>
             <div className="flex flex-col">
               <span className="font-medium text-white">{label}</span>
               <span className="font-normal text-gray-400">{description}</span>

src/components/IssueDetails/index.tsx

@@ -232,7 +232,7 @@ const IssueDetails = () => {
             src={
               data.posterPath
                 ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${data.posterPath}`
-                : '/images/jellyseerr_poster_not_found.png'
+                : '/images/seerr_poster_not_found.png'
             }
             alt=""
             sizes="100vw"

src/components/IssueList/IssueItem/index.tsx

@@ -151,7 +151,7 @@ const IssueItem = ({ issue }: IssueItemProps) => {
               src={
                 title.posterPath
                   ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${title.posterPath}`
-                  : '/images/jellyseerr_poster_not_found.png'
+                  : '/images/seerr_poster_not_found.png'
               }
               alt=""
               sizes="100vw"

src/components/Login/AddEmailModal.tsx

@@ -5,6 +5,7 @@ import { Transition } from '@headlessui/react';
 import axios from 'axios';
 import { Field, Formik } from 'formik';
 import { useIntl } from 'react-intl';
+import validator from 'validator';
 import * as Yup from 'yup';
 
 const messages = defineMessages('components.Login', {
@@ -36,7 +37,11 @@ const AddEmailModal: React.FC<AddEmailModalProps> = ({
 
   const EmailSettingsSchema = Yup.object().shape({
     email: Yup.string()
-      .email(intl.formatMessage(messages.validationEmailFormat))
+      .test(
+        'email',
+        intl.formatMessage(messages.validationEmailFormat),
+        (value) => !value || validator.isEmail(value, { require_tld: false })
+      )
       .required(intl.formatMessage(messages.validationEmailRequired)),
   });
 

src/components/Login/PlexLoginButton.tsx

@@ -3,6 +3,7 @@ import Button from '@app/components/Common/Button';
 import { SmallLoadingSpinner } from '@app/components/Common/LoadingSpinner';
 import usePlexLogin from '@app/hooks/usePlexLogin';
 import defineMessages from '@app/utils/defineMessages';
+import { Fragment } from 'react';
 import { FormattedMessage } from 'react-intl';
 
 const messages = defineMessages('components.Login', {
@@ -46,8 +47,12 @@ const PlexLoginButton = ({
         >
           {(chunks) => (
             <>
-              {chunks.map((c) =>
-                typeof c === 'string' ? <span>{c}</span> : c
+              {chunks.map((c, index) =>
+                typeof c === 'string' ? (
+                  <span key={index}>{c}</span>
+                ) : (
+                  <Fragment key={index}>{c}</Fragment>
+                )
               )}
             </>
           )}

src/components/ManageSlideOver/index.tsx

@@ -25,6 +25,7 @@ import {
 } from '@server/constants/media';
 import { MediaServerType } from '@server/constants/server';
 import type { MediaWatchDataResponse } from '@server/interfaces/api/mediaInterfaces';
+import type { DownloadingItem } from '@server/lib/downloadtracker';
 import type { RadarrSettings, SonarrSettings } from '@server/lib/settings';
 import type { MovieDetails } from '@server/models/Movie';
 import type { TvDetails } from '@server/models/Tv';
@@ -33,6 +34,17 @@ import Link from 'next/link';
 import { useIntl } from 'react-intl';
 import useSWR from 'swr';
 
+const filterDuplicateDownloads = (
+  items: DownloadingItem[] = []
+): DownloadingItem[] => {
+  const seen = new Set<string>();
+  return items.filter((item) => {
+    if (seen.has(item.downloadId)) return false;
+    seen.add(item.downloadId);
+    return true;
+  });
+};
+
 const messages = defineMessages('components.ManageSlideOver', {
   manageModalTitle: 'Manage {mediaType}',
   manageModalIssues: 'Open Issues',
@@ -150,6 +162,31 @@ const ManageSlideOver = ({
     return false;
   };
 
+  const isDefault4kService = () => {
+    if (data.mediaInfo) {
+      if (data.mediaInfo.mediaType === MediaType.MOVIE) {
+        return (
+          radarrData?.find(
+            (radarr) =>
+              radarr.isDefault &&
+              radarr.is4k &&
+              radarr.id === data.mediaInfo?.serviceId4k
+          ) !== undefined
+        );
+      } else {
+        return (
+          sonarrData?.find(
+            (sonarr) =>
+              sonarr.isDefault &&
+              sonarr.is4k &&
+              sonarr.id === data.mediaInfo?.serviceId4k
+          ) !== undefined
+        );
+      }
+    }
+    return false;
+  };
+
   const markAvailable = async (is4k = false) => {
     if (data.mediaInfo) {
       await axios.post(`/api/v1/media/${data.mediaInfo?.id}/available`, {
@@ -205,26 +242,30 @@ const ManageSlideOver = ({
             </h3>
             <div className="overflow-hidden rounded-md border border-gray-700 shadow">
               <ul>
-                {data.mediaInfo?.downloadStatus?.map((status, index) => (
-                  <Tooltip
-                    key={`dl-status-${status.externalId}-${index}`}
-                    content={status.title}
-                  >
-                    <li className="border-b border-gray-700 last:border-b-0">
-                      <DownloadBlock downloadItem={status} />
-                    </li>
-                  </Tooltip>
-                ))}
-                {data.mediaInfo?.downloadStatus4k?.map((status, index) => (
-                  <Tooltip
-                    key={`dl-status-${status.externalId}-${index}`}
-                    content={status.title}
-                  >
-                    <li className="border-b border-gray-700 last:border-b-0">
-                      <DownloadBlock downloadItem={status} is4k />
-                    </li>
-                  </Tooltip>
-                ))}
+                {filterDuplicateDownloads(data.mediaInfo?.downloadStatus).map(
+                  (status, index) => (
+                    <Tooltip
+                      key={`dl-status-${status.externalId}-${index}`}
+                      content={status.title}
+                    >
+                      <li className="border-b border-gray-700 last:border-b-0">
+                        <DownloadBlock downloadItem={status} />
+                      </li>
+                    </Tooltip>
+                  )
+                )}
+                {filterDuplicateDownloads(data.mediaInfo?.downloadStatus4k).map(
+                  (status, index) => (
+                    <Tooltip
+                      key={`dl-status-4k-${status.externalId}-${index}`}
+                      content={status.title}
+                    >
+                      <li className="border-b border-gray-700 last:border-b-0">
+                        <DownloadBlock downloadItem={status} is4k />
+                      </li>
+                    </Tooltip>
+                  )
+                )}
               </ul>
             </div>
           </div>
@@ -572,7 +613,7 @@ const ManageSlideOver = ({
                         </span>
                       </Button>
                     </a>
-                    {isDefaultService() && (
+                    {isDefault4kService() && (
                       <div>
                         <ConfirmButton
                           onClick={() => deleteMediaFile(true)}

src/components/MovieDetails/index.tsx

@@ -490,7 +490,7 @@ const MovieDetails = ({ movie }: MovieDetailsProps) => {
             src={
               data.posterPath
                 ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${data.posterPath}`
-                : '/images/jellyseerr_poster_not_found.png'
+                : '/images/seerr_poster_not_found.png'
             }
             alt=""
             sizes="100vw"

src/components/NotificationTypeSelector/NotificationType/index.tsx

@@ -46,7 +46,7 @@ const NotificationType = ({
           />
         </div>
         <div className="ml-3 text-sm leading-6">
-          <label htmlFor={option.id} className="block">
+          <label htmlFor={option.id} className="block" aria-label={option.name}>
             <div className="flex flex-col">
               <span className="font-medium text-white">{option.name}</span>
               <span className="font-normal text-gray-400">

src/components/PermissionOption/index.tsx

@@ -123,7 +123,7 @@ const PermissionOption = ({
           />
         </div>
         <div className="ml-3 text-sm leading-6">
-          <label htmlFor={option.id} className="block">
+          <label htmlFor={option.id} className="block" aria-label={option.name}>
             <div className="flex flex-col">
               <span className="font-medium text-white">{option.name}</span>
               <span className="font-normal text-gray-400">

src/components/PersonDetails/index.tsx

@@ -292,6 +292,7 @@ const PersonDetails = () => {
               </div>
             )}
           </div>
+          <div className="lg:hidden">{mediaTypePicker}</div>
           {data.biography && (
             <div className="relative text-left">
               {/* eslint-disable-next-line jsx-a11y/click-events-have-key-events */}
@@ -314,7 +315,6 @@ const PersonDetails = () => {
           )}
         </div>
       </div>
-      <div className="lg:hidden">{mediaTypePicker}</div>
       {data.knownForDepartment === 'Acting' ? [cast, crew] : [crew, cast]}
       {isLoading && <LoadingSpinner />}
     </>

src/components/RequestCard/index.tsx

@@ -617,7 +617,7 @@ const RequestCard = ({ request, onTitleData }: RequestCardProps) => {
             src={
               title.posterPath
                 ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${title.posterPath}`
-                : '/images/jellyseerr_poster_not_found.png'
+                : '/images/seerr_poster_not_found.png'
             }
             alt=""
             sizes="100vw"

src/components/RequestList/RequestItem/index.tsx

@@ -440,7 +440,7 @@ const RequestItem = ({ request, revalidateList }: RequestItemProps) => {
                 src={
                   title.posterPath
                     ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${title.posterPath}`
-                    : '/images/jellyseerr_poster_not_found.png'
+                    : '/images/seerr_poster_not_found.png'
                 }
                 alt=""
                 sizes="100vw"

src/components/RequestModal/CollectionRequestModal.tsx

@@ -450,7 +450,7 @@ const CollectionRequestModal = ({
                                 src={
                                   part.posterPath
                                     ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${part.posterPath}`
-                                    : '/images/jellyseerr_poster_not_found.png'
+                                    : '/images/seerr_poster_not_found.png'
                                 }
                                 alt=""
                                 sizes="100vw"

src/components/RequestModal/SearchByNameModal/index.tsx

@@ -92,8 +92,7 @@ const SearchByNameModal = ({
                 <CachedImage
                   type="tvdb"
                   src={
-                    item.remotePoster ??
-                    '/images/jellyseerr_poster_not_found.png'
+                    item.remotePoster ?? '/images/seerr_poster_not_found.png'
                   }
                   alt={item.title}
                   className="w-100 h-auto rounded-md"

src/components/ResetPassword/RequestResetLink.tsx

@@ -10,6 +10,7 @@ import Image from 'next/image';
 import Link from 'next/link';
 import { useState } from 'react';
 import { useIntl } from 'react-intl';
+import validator from 'validator';
 import * as Yup from 'yup';
 
 const messages = defineMessages('components.ResetPassword', {
@@ -29,7 +30,11 @@ const ResetPassword = () => {
 
   const ResetSchema = Yup.object().shape({
     email: Yup.string()
-      .email(intl.formatMessage(messages.validationemailrequired))
+      .test(
+        'email',
+        intl.formatMessage(messages.validationemailrequired),
+        (value) => !value || validator.isEmail(value, { require_tld: false })
+      )
       .required(intl.formatMessage(messages.validationemailrequired)),
   });
 

src/components/Selector/index.tsx

@@ -12,7 +12,6 @@ import type {
   TmdbGenre,
   TmdbKeywordSearchResponse,
 } from '@server/api/themoviedb/interfaces';
-import type { GenreSliderItem } from '@server/interfaces/api/discoverInterfaces';
 import type { UserResultsResponse } from '@server/interfaces/api/userInterfaces';
 import type {
   Keyword,
@@ -185,9 +184,7 @@ export const GenreSelector = ({
   }, [defaultValue, type]);
 
   const loadGenreOptions = async (inputValue: string) => {
-    const results = await axios.get<GenreSliderItem[]>(
-      `/api/v1/discover/genreslider/${type}`
-    );
+    const results = await axios.get<TmdbGenre[]>(`/api/v1/genres/${type}`);
 
     return results.data
       .map((result) => ({
@@ -201,7 +198,7 @@ export const GenreSelector = ({
 
   return (
     <AsyncSelect
-      key={`genre-select-${defaultDataValue}`}
+      key={`genre-select-${type}-${defaultDataValue}`}
       className="react-select-container"
       classNamePrefix="react-select"
       defaultValue={isMulti ? defaultDataValue : defaultDataValue?.[0]}

src/components/Settings/Notifications/NotificationsEmail.tsx

@@ -11,6 +11,7 @@ import { useState } from 'react';
 import { useIntl } from 'react-intl';
 import { useToasts } from 'react-toast-notifications';
 import useSWR, { mutate } from 'swr';
+import validator from 'validator';
 import * as Yup from 'yup';
 
 const messages = defineMessages('components.Settings.Notifications', {
@@ -77,7 +78,11 @@ const NotificationsEmail = () => {
             .required(intl.formatMessage(messages.validationEmail)),
           otherwise: Yup.string().nullable(),
         })
-        .email(intl.formatMessage(messages.validationEmail)),
+        .test(
+          'email',
+          intl.formatMessage(messages.validationEmail),
+          (value) => !value || validator.isEmail(value, { require_tld: false })
+        ),
       smtpHost: Yup.string().when('enabled', {
         is: true,
         then: Yup.string()

src/components/Settings/Notifications/NotificationsWebhook/index.tsx

@@ -288,7 +288,7 @@ const NotificationsWebhook = () => {
             {values.supportVariables && (
               <div className="mt-2">
                 <Link
-                  href="https://docs.seerr.dev/using-jellyseerr/notifications/webhook#template-variables"
+                  href="https://docs.seerr.dev/using-seerr/notifications/webhook#template-variables"
                   passHref
                   legacyBehavior
                 >
@@ -376,7 +376,7 @@ const NotificationsWebhook = () => {
                     <span>{intl.formatMessage(messages.resetPayload)}</span>
                   </Button>
                   <Link
-                    href="https://docs.seerr.dev/using-jellyseerr/notifications/webhook#template-variables"
+                    href="https://docs.seerr.dev/using-seerr/notifications/webhook#template-variables"
                     passHref
                     legacyBehavior
                   >

src/components/Settings/OverrideRule/OverrideRuleModal.tsx

@@ -337,7 +337,13 @@ const OverrideRuleModal = ({
                   <div className="form-input-area">
                     <div className="form-input-field">
                       <GenreSelector
-                        type={values.radarrServiceId ? 'movie' : 'tv'}
+                        type={
+                          values.radarrServiceId != null
+                            ? 'movie'
+                            : values.sonarrServiceId != null
+                            ? 'tv'
+                            : 'tv'
+                        }
                         defaultValue={values.genre}
                         isMulti
                         isDisabled={!isValidated || isTesting}

src/components/Settings/SettingsMetadata.tsx

@@ -320,12 +320,14 @@ const SettingsMetadata = () => {
 
               addToast(intl.formatMessage(messages.metadataSettingsSaved), {
                 appearance: 'success',
+                autoDismiss: true,
               });
             } catch (e) {
               addToast(
                 intl.formatMessage(messages.failedToSaveMetadataSettings),
                 {
                   appearance: 'error',
+                  autoDismiss: true,
                 }
               );
             }
@@ -422,6 +424,7 @@ const SettingsMetadata = () => {
                                 ),
                                 {
                                   appearance: 'success',
+                                  autoDismiss: true,
                                 }
                               );
                             }

src/components/Settings/SettingsPlex.tsx

@@ -377,6 +377,7 @@ const SettingsPlex = ({ onComplete }: SettingsPlexProps) => {
           webAppUrl: data?.webAppUrl,
         }}
         validationSchema={PlexSettingsSchema}
+        validateOnMount={true}
         onSubmit={async (values) => {
           let toastId: string | null = null;
           try {
@@ -423,6 +424,7 @@ const SettingsPlex = ({ onComplete }: SettingsPlexProps) => {
           values,
           handleSubmit,
           setFieldValue,
+          setValues,
           isSubmitting,
           isValid,
         }) => {
@@ -445,9 +447,12 @@ const SettingsPlex = ({ onComplete }: SettingsPlexProps) => {
                           availablePresets[Number(e.target.value)];
 
                         if (targPreset) {
-                          setFieldValue('hostname', targPreset.address);
-                          setFieldValue('port', targPreset.port);
-                          setFieldValue('useSsl', targPreset.ssl);
+                          setValues({
+                            ...values,
+                            hostname: targPreset.address,
+                            port: targPreset.port,
+                            useSsl: targPreset.ssl,
+                          });
                         }
                       }}
                     >

src/components/Setup/JellyfinSetup.tsx

@@ -8,6 +8,7 @@ import axios from 'axios';
 import { Field, Form, Formik } from 'formik';
 import { FormattedMessage, useIntl } from 'react-intl';
 import { useToasts } from 'react-toast-notifications';
+import validator from 'validator';
 import * as Yup from 'yup';
 
 const messages = defineMessages('components.Login', {
@@ -90,7 +91,11 @@ function JellyfinSetup({
         (value) => !value || !value.endsWith('/')
       ),
     email: Yup.string()
-      .email(intl.formatMessage(messages.validationemailformat))
+      .test(
+        'email',
+        intl.formatMessage(messages.validationemailformat),
+        (value) => !value || validator.isEmail(value, { require_tld: false })
+      )
       .required(intl.formatMessage(messages.validationemailrequired)),
     username: Yup.string().required(
       intl.formatMessage(messages.validationusernamerequired)

src/components/Setup/LoginWithPlex.tsx

@@ -28,7 +28,8 @@ const LoginWithPlex = ({ onComplete }: LoginWithPlexProps) => {
       const response = await axios.post('/api/v1/auth/plex', { authToken });
 
       if (response.data?.id) {
-        revalidate();
+        const { data: user } = await axios.get('/api/v1/auth/me');
+        revalidate(user, false);
       }
     };
     if (authToken) {

src/components/TitleCard/index.tsx

@@ -335,7 +335,7 @@ const TitleCard = ({
             src={
               image
                 ? `https://image.tmdb.org/t/p/w300_and_h450_face${image}`
-                : `/images/jellyseerr_poster_not_found_logo_top.png`
+                : `/images/seerr_poster_not_found_logo_top.png`
             }
             style={{ width: '100%', height: '100%', objectFit: 'cover' }}
             fill

src/components/TvDetails/index.tsx

@@ -532,7 +532,7 @@ const TvDetails = ({ tv }: TvDetailsProps) => {
             src={
               data.posterPath
                 ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${data.posterPath}`
-                : '/images/jellyseerr_poster_not_found.png'
+                : '/images/seerr_poster_not_found.png'
             }
             alt=""
             sizes="100vw"

src/components/UserList/index.tsx

@@ -36,6 +36,7 @@ import { useEffect, useState } from 'react';
 import { useIntl } from 'react-intl';
 import { useToasts } from 'react-toast-notifications';
 import useSWR from 'swr';
+import validator from 'validator';
 import * as Yup from 'yup';
 import JellyfinImportModal from './JellyfinImportModal';
 
@@ -210,7 +211,11 @@ const UserList = () => {
     ),
     email: Yup.string()
       .required()
-      .email(intl.formatMessage(messages.validationEmail)),
+      .test(
+        'email',
+        intl.formatMessage(messages.validationEmail),
+        (value) => !value || validator.isEmail(value, { require_tld: false })
+      ),
     password: Yup.lazy((value) =>
       !value
         ? Yup.string()

src/components/UserProfile/UserSettings/UserGeneralSettings/index.tsx

@@ -23,6 +23,7 @@ import { useEffect, useState } from 'react';
 import { useIntl } from 'react-intl';
 import { useToasts } from 'react-toast-notifications';
 import useSWR from 'swr';
+import validator from 'validator';
 import * as Yup from 'yup';
 
 const messages = defineMessages(
@@ -105,10 +106,18 @@ const UserGeneralSettings = () => {
       user?.id === 1 ||
       (user?.userType !== UserType.JELLYFIN && user?.userType !== UserType.EMBY)
         ? Yup.string()
-            .email(intl.formatMessage(messages.validationemailformat))
+            .test(
+              'email',
+              intl.formatMessage(messages.validationemailformat),
+              (value) =>
+                !value || validator.isEmail(value, { require_tld: false })
+            )
             .required(intl.formatMessage(messages.validationemailrequired))
-        : Yup.string().email(
-            intl.formatMessage(messages.validationemailformat)
+        : Yup.string().test(
+            'email',
+            intl.formatMessage(messages.validationemailformat),
+            (value) =>
+              !value || validator.isEmail(value, { require_tld: false })
           ),
     discordId: Yup.string()
       .nullable()

src/components/UserProfile/UserSettings/UserNotificationSettings/UserNotificationsWebPush/index.tsx

@@ -109,10 +109,28 @@ const UserWebPushSettings = () => {
   // Deletes/disables corresponding push subscription from database
   const disablePushNotifications = async (endpoint?: string) => {
     try {
-      await unsubscribeToPushNotifications(user?.id, endpoint);
+      const unsubscribedEndpoint = await unsubscribeToPushNotifications(
+        user?.id,
+        endpoint
+      );
 
       localStorage.setItem('pushNotificationsEnabled', 'false');
       setWebPushEnabled(false);
+
+      // Only delete the current browser's subscription, not all devices
+      const endpointToDelete = unsubscribedEndpoint || subEndpoint || endpoint;
+      if (endpointToDelete) {
+        try {
+          await axios.delete(
+            `/api/v1/user/${user?.id}/pushSubscription/${encodeURIComponent(
+              endpointToDelete
+            )}`
+          );
+        } catch {
+          // Ignore deletion failures - backend cleanup is best effort
+        }
+      }
+
       addToast(intl.formatMessage(messages.webpushhasbeendisabled), {
         autoDismiss: true,
         appearance: 'success',
@@ -152,7 +170,33 @@ const UserWebPushSettings = () => {
   useEffect(() => {
     const verifyWebPush = async () => {
       const enabled = await verifyPushSubscription(user?.id, currentSettings);
-      setWebPushEnabled(enabled);
+      let isEnabled = enabled;
+
+      if (!enabled && 'serviceWorker' in navigator) {
+        const { subscription } = await getPushSubscription();
+        if (subscription) {
+          isEnabled = true;
+        }
+      }
+
+      if (!isEnabled && dataDevices && dataDevices.length > 0) {
+        const currentUserAgent = navigator.userAgent;
+        const hasMatchingDevice = dataDevices.some(
+          (device) => device.userAgent === currentUserAgent
+        );
+
+        if (hasMatchingDevice) {
+          isEnabled = true;
+        }
+      }
+
+      setWebPushEnabled(isEnabled);
+      if (localStorage.getItem('pushNotificationsEnabled') === null) {
+        localStorage.setItem(
+          'pushNotificationsEnabled',
+          isEnabled ? 'true' : 'false'
+        );
+      }
     };
 
     if (user?.id) {