docker(deps): Bump astral-sh/uv

Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.6.5-python3.12-bookworm-slim to 0.6.9-python3.12-bookworm-slim.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.6.5...0.6.9)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Dockerfile

@@ -32,7 +32,7 @@ RUN set -eux \
 # Purpose: Installs s6-overlay and rootfs
 # Comments:
 #  - Don't leave anything extra in here either
-FROM ghcr.io/astral-sh/uv:0.6.5-python3.12-bookworm-slim AS s6-overlay-base
+FROM ghcr.io/astral-sh/uv:0.6.9-python3.12-bookworm-slim AS s6-overlay-base
 
 WORKDIR /usr/src/s6
 

docs/administration.md

@@ -565,19 +565,15 @@ document.
 
 ### Managing encryption {#encryption}
 
-Documents can be stored in Paperless using GnuPG encryption.
-
 !!! warning
 
-    Encryption is deprecated since [paperless-ng 0.9](changelog.md#paperless-ng-090) and doesn't really
+    Encryption was removed in [paperless-ng 0.9](changelog.md#paperless-ng-090)
-    provide any additional security, since you have to store the passphrase
+    because it did not really provide any additional security, the passphrase
-    in a configuration file on the same system as the encrypted documents
+    was stored in a configuration file on the same system as the documents.
-    for paperless to work. Furthermore, the entire text content of the
+    Furthermore, the entire text content of the documents is stored plain in
-    documents is stored plain in the database, even if your documents are
+    the database, even if your documents are encrypted. Filenames are not
-    encrypted. Filenames are not encrypted as well.
+    encrypted as well. Finally, the web server provides transparent access to
-
+    your encrypted documents.
-    Also, the web server provides transparent access to your encrypted
-    documents.
 
     Consider running paperless on an encrypted filesystem instead, which
     will then at least provide security against physical hardware theft.

docs/api.md

@@ -270,7 +270,7 @@ The following methods are supported:
 -   `remove_tag`
     -   Requires `parameters`: `{ "tag": TAG_ID }`
 -   `modify_tags`
-    -   Requires `parameters`: `{ "add_tags": [LIST_OF_TAG_IDS] }` and / or `{ "remove_tags": [LIST_OF_TAG_IDS] }`
+    -   Requires `parameters`: `{ "add_tags": [LIST_OF_TAG_IDS] }` and `{ "remove_tags": [LIST_OF_TAG_IDS] }`
 -   `delete`
     -   No `parameters` required
 -   `reprocess`

docs/configuration.md

@@ -631,12 +631,6 @@ If both the [PAPERLESS_ACCOUNT_DEFAULT_GROUPS](#PAPERLESS_ACCOUNT_DEFAULT_GROUPS
 
     If you do not have a working email server set up you should set this to 'none'.
 
-#### [`PAPERLESS_ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS=<bool>`](#PAPERLESS_ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS) {#PAPERLESS_ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS}
-
-: See the relevant [django-allauth documentation](https://docs.allauth.org/en/latest/account/configuration.html)
-
-    Defaults to True (from allauth)
-
 #### [`PAPERLESS_DISABLE_REGULAR_LOGIN=<bool>`](#PAPERLESS_DISABLE_REGULAR_LOGIN) {#PAPERLESS_DISABLE_REGULAR_LOGIN}
 
 : Disables the regular frontend username / password login, i.e. once you have setup SSO. Note that this setting does not disable the Django admin login nor logging in with local credentials via the API. To prevent access to the Django admin, consider blocking `/admin/` in your [web server or reverse proxy configuration](https://github.com/paperless-ngx/paperless-ngx/wiki/Using-a-Reverse-Proxy-with-Paperless-ngx).

docs/setup.md

@@ -708,7 +708,8 @@ Paperless runs on Raspberry Pi. However, some things are rather slow on
 the Pi and configuring some options in paperless can help improve
 performance immensely:
 
--   Stick with SQLite to save some resources.
+-   Stick with SQLite to save some resources. See [troubleshooting](troubleshooting.md#log-reports-creating-paperlesstask-failed)
+    if you encounter issues with SQLite locking.
 -   If you do not need the filesystem-based consumer, consider disabling it
     entirely by setting [`PAPERLESS_CONSUMER_DISABLE`](configuration.md#PAPERLESS_CONSUMER_DISABLE) to `true`.
 -   Consider setting [`PAPERLESS_OCR_PAGES`](configuration.md#PAPERLESS_OCR_PAGES) to 1, so that paperless will

docs/troubleshooting.md

@@ -292,7 +292,9 @@ many workers attempting to access the database simultaneously.
 Consider changing to the PostgreSQL database if you will be processing
 many documents at once often. Otherwise, try tweaking the
 [`PAPERLESS_DB_TIMEOUT`](configuration.md#PAPERLESS_DB_TIMEOUT) setting to allow more time for the database to
-unlock. This may have minor performance implications.
+unlock. Additionally, you can change your SQLite database to use ["Write-Ahead Logging"](https://sqlite.org/wal.html).
+These changes may have minor performance implications but can help
+prevent database locking issues.
 
 ## granian fails to start with "is not a valid port number"
 

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "paperless-ngx"
-version = "2.14.7"
+version = "2.15.0"
 description = "A community-supported supercharged version of paperless: scan, index and archive all your physical documents"
 readme = "README.md"
 requires-python = ">=3.10"

src-ui/src/app/services/rest/saved-view.service.spec.ts

@@ -156,6 +156,72 @@ describe(`Additional service tests for SavedViewService`, () => {
     httpTestingController.verify() // no reload
   })
 
+  it('should reload after create, delete, patch and patchMany', () => {
+    const reloadSpy = jest.spyOn(service, 'reload')
+    service
+      .create({
+        name: 'New Saved View',
+        show_on_dashboard: true,
+        show_in_sidebar: true,
+        sort_field: 'name',
+        sort_reverse: true,
+        filter_rules: [],
+      })
+      .subscribe()
+    httpTestingController
+      .expectOne(`${environment.apiBaseUrl}${endpoint}/`)
+      .flush({})
+    expect(reloadSpy).toHaveBeenCalled()
+    reloadSpy.mockClear()
+    httpTestingController
+      .expectOne(
+        `${environment.apiBaseUrl}${endpoint}/?page=1&page_size=100000`
+      )
+      .flush({
+        results: saved_views,
+      })
+    service.delete(saved_views[0]).subscribe()
+    httpTestingController
+      .expectOne(`${environment.apiBaseUrl}${endpoint}/1/`)
+      .flush({})
+    expect(reloadSpy).toHaveBeenCalled()
+    reloadSpy.mockClear()
+    httpTestingController
+      .expectOne(
+        `${environment.apiBaseUrl}${endpoint}/?page=1&page_size=100000`
+      )
+      .flush({
+        results: saved_views,
+      })
+    service.patch(saved_views[0], true).subscribe()
+    httpTestingController
+      .expectOne(`${environment.apiBaseUrl}${endpoint}/1/`)
+      .flush({})
+    expect(reloadSpy).toHaveBeenCalled()
+    httpTestingController
+      .expectOne(
+        `${environment.apiBaseUrl}${endpoint}/?page=1&page_size=100000`
+      )
+      .flush({
+        results: saved_views,
+      })
+    service.patchMany(saved_views).subscribe()
+    saved_views.forEach((saved_view) => {
+      const req = httpTestingController.expectOne(
+        `${environment.apiBaseUrl}${endpoint}/${saved_view.id}/`
+      )
+      req.flush({})
+    })
+    expect(reloadSpy).toHaveBeenCalled()
+    httpTestingController
+      .expectOne(
+        `${environment.apiBaseUrl}${endpoint}/?page=1&page_size=100000`
+      )
+      .flush({
+        results: saved_views,
+      })
+  })
+
   beforeEach(() => {
     // Dont need to setup again
 

src-ui/src/environments/environment.prod.ts

@@ -5,7 +5,7 @@ export const environment = {
   apiBaseUrl: document.baseURI + 'api/',
   apiVersion: '7',
   appTitle: 'Paperless-ngx',
-  version: '2.14.7',
+  version: '2.15.0',
   webSocketHost: window.location.host,
   webSocketProtocol: window.location.protocol == 'https:' ? 'wss:' : 'ws:',
   webSocketBaseUrl: base_url.pathname + 'ws/',

src/documents/signals/handlers.py

@@ -784,10 +784,10 @@ def run_workflows(
                         field=field,
                         document=document,
                     ).first()
-                    if instance:
+                    if instance and args[value_field_name] is not None:
                         setattr(instance, value_field_name, args[value_field_name])
                         instance.save()
-                    else:
+                    elif not instance:
                         CustomFieldInstance.objects.create(
                             **args,
                             field=field,

src/documents/tests/test_api_bulk_edit.py

@@ -211,7 +211,7 @@ class TestBulkEditAPI(DirectoriesMixin, APITestCase):
     def test_api_modify_tags_not_provided(self, m):
         """
         GIVEN:
-            - API data to modify tags is missing modify_tags field
+            - API data to modify tags is missing remove_tags field
         WHEN:
             - API to edit tags is called
         THEN:

src/paperless/settings.py

@@ -507,11 +507,6 @@ ACCOUNT_EMAIL_VERIFICATION = os.getenv(
     "optional",
 )
 
-ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS = __get_boolean(
-    "PAPERLESS_ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS",
-    "True",
-)
-
 ACCOUNT_SESSION_REMEMBER = __get_boolean("PAPERLESS_ACCOUNT_SESSION_REMEMBER", "True")
 SESSION_EXPIRE_AT_BROWSER_CLOSE = not ACCOUNT_SESSION_REMEMBER
 SESSION_COOKIE_AGE = int(
@@ -554,6 +549,9 @@ def _parse_remote_user_settings() -> str:
 
 HTTP_REMOTE_USER_HEADER_NAME = _parse_remote_user_settings()
 
+# X-Frame options for embedded PDF display:
+X_FRAME_OPTIONS = "SAMEORIGIN"
+
 # The next 3 settings can also be set using just PAPERLESS_URL
 CSRF_TRUSTED_ORIGINS = __get_list("PAPERLESS_CSRF_TRUSTED_ORIGINS")
 

src/paperless/version.py

@@ -1,6 +1,6 @@
 from typing import Final
 
-__version__: Final[tuple[int, int, int]] = (2, 14, 7)
+__version__: Final[tuple[int, int, int]] = (2, 15, 0)
 # Version string like X.Y.Z
 __full_version_str__: Final[str] = ".".join(map(str, __version__))
 # Version string like X.Y