Weblate 2026.7

Not yet released.

New features

Improvements

• Management interface access control is now more fine-grained with dedicated site-wide permissions.

• Default commit and merge request message templates now use Conventional Commits, and settings forms can restore installation defaults for individual message templates.

• Documented Legal module customizations and added options to hide legal pages or disable document numbering.

Bug fixes

• Webhook target fallback matching is now stricter and reported in component diagnostics.

Compatibility

Upgrading

Please follow Generic upgrade instructions in order to perform update.

Contributors

All changes in detail.

Weblate 2026.6.1

Released on June 1st 2026.

Bug fixes

• Language-wide Announcements no longer break language overview pages.

Upgrading

Please follow Generic upgrade instructions in order to perform update.

Contributors

Code contributions

Michal Čihař

Documentation contributions

Michal Čihař

All changes in detail.

Weblate 2026.6

Released on June 1st 2026.

New features

• Announcements can now also be managed via the Weblate’s REST API for specific project languages.

• Team memberships can now be limited to selected languages for per-user translation permissions.

• Added cost estimates to translation reports.

• Added optional OpenTelemetry tracing for backend requests and tasks, and Google Cloud Error Reporting for handled server errors.

• Added Workspaces to group related projects, with workspace project listings, workspace-scoped teams and project creation permissions, inherited workspace, project, and category defaults for selected component settings, and billing details when available.

Improvements

• Docker containers can now configure WEBLATE_SAML_SECURITY_CONFIG to customize SAML security settings, and adjust WEBLATE_FORMATS using WEBLATE_ADD_FORMATS and WEBLATE_REMOVE_FORMATS.

• Improved performance of the Inconsistent check on large projects.

• Contributor stats now de-duplicate repeated work on the same string by default, with an option to count all changes.

• Code hosting integrations now documents HTTPS access-token URLs and dedicated-user SSH URLs for accessing repositories, and Continuous localization now explains why squash merging Weblate conflict-resolution pull requests can require a repository reset.

• Translation component diagnostics now include dismissible component diagnostics for community localization.

• Screenshots and visual context now support bulk assignment from search or image text recognition results, make finding strings in uploaded images easier to discover, show source string coverage counts, and include advanced listing search.

• Software Bill of Material release artifacts now include CISA 2025 document-level metadata.

Bug fixes

• Outbound URL validation now rejects additional non-public targets (GHSA-vmfc-9982-2m45).

• Project-language Announcements no longer appear across the whole project.

• Hardened POST /api/screenshots/ access checks against private project enumeration.

• Registration-attempt account activity e-mails now link to password reset to help users finish account setup.

• Inviting new users links now work for signed-in users whose account owns the invited e-mail address.

• Searching for strings with content changes without a recorded author now supports changed_by:"", and combined change filters now apply to the same change event.

• Gitea and Forgejo pull requests no longer reconfigure existing fork remotes to point to the source repository.

• Project and category language translation sessions now keep strings grouped by component priority and show component switch warnings reliably.

• Engage page task links now stay centered and show the target translation language.

• Gettext POT update add-ons now rescan translations after committing updated POT and PO files.

• Git repositories now update branches correctly when the remote also has a tag with the same name.

• Conflicting repository setup alerts now allow same-branch direct pushes.

• Obsolete cleanup schedules are now removed from Celery beat during upgrade.

• Translation pages for workspace projects no longer crash when workspace fields are deferred.

Upgrading

Please follow Generic upgrade instructions in order to perform update.

• There is a change in INSTALLED_APPS; weblate.workspaces should be added.

• The database migrations might take longer on larger instances.

Contributors

Code contributions

Michal Čihař, Karen Konou, Weblate CI, Basheer Radman, michael-smt, Kristián Kunc, felixfon

Translations contributions

Michal Čihař, VfBFan, 大王叫我来巡山, Emin Tufan Çetin, Basheer Radman, 為什麼不加空格, Peter Vančo, Christian Wia, Любомир Василев, Matthaiks, Andrei Stepanov, Libre, Besnik Bleta, ℂ𝕠𝕠𝕠𝕝 (𝕘𝕚𝕥𝕙𝕦𝕓.𝕔𝕠𝕞/ℂ𝕠𝕠𝕠𝕝), Balázs Meskó, Aindriú Mac Giolla Eoin, Adam Havránek, Dick Groskamp, Arif Budiman, Mickaël Binos, Ryo Nakano, hoanghuy309, Pierfrancesco Passerini, Alefsander Ribeiro Nascimento, Massimo Pissarello, justcontributor, 이정희, Cabdi Waaxid Siciid, Yaron Shahrabani, User2068, Kyotaro Iijima, pan93412, jernejp21, libermax, Phileas Fogg, Fjuro, Jim Kats, Fulup Jakez, Priit Jõerüüt, Ldm Public, Andi Chandler, Burak SDN, ojppe

Documentation contributions

Michal Čihař, VfBFan, Basheer Radman, Weblate CI, michael-smt, felixfon

All changes in detail.

Weblate 2026.5

Released on May 15th 2026.

New features

• Added MDX files support for translating Markdown text while preserving JSX syntax, with File format parameters shared with Markdown files for line wrapping, code blocks, front matter, and placeholder handling.

• Added extended LLM translation context for automatic suggestions, covering string context, explanations, secondary-language translations, plurals, failing checks, and placeholders.

• Added a digest-only translation activity summary notification, see Notifications.

• CSV and XLSX downloads in Downloading translations now export plural strings as separate plural-form rows that can be imported back.

• Added Gettext PO and POT File format parameters to control whether Weblate updates the Language-Team, Last-Translator, X-Generator, and Report-Msgid-Bugs-To headers.

• Added a backup to run configured backup services synchronously.

• The translation memory lookup API can now skip fuzzy matching with the exact query parameter.

• Added Translation files CDN to publish translation files to the configured CDN.

Improvements

• Using DOS line endings can now be configured using the dos_eol File format parameters.

• OpenAI and Alibaba no longer require their vendor Python SDKs.

• Audited project and component setting changes are now recorded in history.

• Gerrit review pushes now use Push branch as the target branch.

• Weblate now checks whether CACHE_DIR allows executing generated helper files.

• The Software Bill of Material is now generated during release and published as a versioned release asset instead of being stored in the source repository.

• The translating page now separates screenshots from string information, collapses rarely used string details, and groups glossary and screenshot actions more consistently.

• Project access management now paginates users and better explains site-wide automatic team assignments.

• Added provider-oriented code hosting documentation and Gettext-style Plural formula guidance.

• The Python wheel no longer ships source translation catalogs, test files, or deployment example files, reducing the installed package size.

• The engage page now highlights actionable translation task buckets for newcomers.

• RSS feeds can now use the same filters as the changes browsing page.

• Update gettext template (Django) now supports gettext PO files used as templates when they are excluded by the language filter.

• Reworked Weblate threat model into a contract-style document.

Bug fixes

• Hardened search previews and Automatic suggestions suggestion origins against XSS, and stopped exposing database error details in upload failures (CVE 2026-45106 / GHSA-6wxc-8mgq-w26m).

• Screenshot URL uploads, remote HTML extraction in JavaScript localization CDN, and URL health-check redirects now reject internal or non-public targets by default.

• Gerrit review pushes now reject target branches containing push options, track the target branch before invoking git-review, and suggest short branch names when full refs are supplied.

• Category Announcements no longer appear across the whole project, and translation announcement deletion now honors language-scoped permissions.

• Merge request pushes now refresh stale fork remotes after changing repository hosting.

• Plural counts parsed from translation file headers are now bounded, and plural formulas are rejected when they can evaluate outside the configured plural form range.

• Per-project access tokens expiring today now remain valid until the end of the day.

• Malformed ALTCHA CAPTCHA submissions and repository URLs in webhook payloads no longer cause server errors.

• Placeholders now merges overlapping non-nested spans from multiple flags.

• Backing up and moving Weblate logs no longer include OpenSSH post-quantum key exchange warnings from remote Borg connections.

• Category repository paths are now handled more safely during cleanup and moves.

• Locked component pages now show an unsubscribe action after subscribing to unlock notifications.

• Project level backups imports now restore in the background to avoid web worker memory limits.

Compatibility

• The dos-eol flag is no longer supported. Use the dos_eol File format parameters instead.

• The registration CAPTCHA now uses the ALTCHA widget v3 protocol with Argon2id proof-of-work.

• The set_language_team project attribute has been replaced with the po_set_language_team file format parameter at the component level; see File format parameters.

• Weblate now uses calendar versioning for releases, see Release cycle.

• Weblate now uses stricter dependency version constraints to better control runtime environment.

Upgrading

Please follow Generic upgrade instructions in order to perform update.

• The ALTCHA_MAX_NUMBER setting has been replaced by ALTCHA_COST, ALTCHA_MEMORY_COST, and ALTCHA_PARALLELISM; please adjust your settings accordingly.

• The upgrading policy was changed, and upgrades are only supported from the current or previous calendar year.

• The COMMENT_CLEANUP_DAYS and SUGGESTION_CLEANUP_DAYS settings are migrated once to site-wide Stale comment removal and Stale suggestion removal add-ons; configure those add-ons instead.

Contributors

Code contributions

Michal Čihař, Karen Konou, AliceVisek, Gersona, Weblate CI

Translations contributions

이정희, Andrei Stepanov, Milo Ivir, ssantos, 大王叫我来巡山, Kaya Zeren, reducedradius, Peter Vančo, amano, Michal Čihař, Anucha Hlownonkor, Yaron Shahrabani, UDP, Максим Горпиніч, Agnieszka C, VfBFan, Blueberry, ojppe, Francisco Serrador, Aindriú Mac Giolla Eoin, Fjuro, Любомир Василев, Frank Paul Silye, Temuri Doghonadze, Yuri Chornoivan, Sergio Granadoz, Sketch6580, Hyeonjeong Lee, 為什麼不加空格, ℂ𝕠𝕠𝕠𝕝 (𝕘𝕚𝕥𝕙𝕦𝕓.𝕔𝕠𝕞/ℂ𝕠𝕠𝕠𝕝), justcontributor, Kristijan "Fremen" Velkovski, Pierfrancesco Passerini, Besnik Bleta, Arif Budiman, Andi Chandler, jernejp21, Manuela Silva, Sjur N Moshagen, Abduqadir Abliz, Laitei, Кирилл Ванин, Matthaiks, Nozomu Matsui, Dick Groskamp, MrZwave, hoanghuy309, Jim Spentzos, Adam Havránek, Ricky Tigg, Christian Wia, ButterflyOfFire

Documentation contributions

Michal Čihař, Gersona, Karen Konou, AliceVisek

All changes in detail.