PeerTube on AWS 3.0.0: A Major Jump from 7.0.1 to 8.1.5

April 29, 2026

Our AWS Marketplace PeerTube pattern now ships PeerTube 8.1.5, jumping a full major version from 7.0.1 — bringing channel collaboration, a redesigned video player, seven JFrog-disclosed CVE fixes, plus a new `pnpm`-based install toolchain and Ubuntu 24.04 base AMI.

We just published version 3.0.0 of the PeerTube on AWS by FOSSonCloud pattern to AWS Marketplace. This is a major-version pattern bump that crosses a major-version PeerTube upgrade — from 7.0.1 all the way to 8.1.5.

What’s in this release

PeerTube 8.1.5 (up from 7.0.1)

Upstream shipped four minor releases (7.1, 7.2, 7.3, 8.0, 8.1) plus a stack of patch releases between our 2.1.0 and 3.0.0. Highlights:

  • Channel collaboration — channel owners can invite other users on their instance to become editors who manage videos, playlists and comments. New Activity page logs actions performed within a channel.
  • Video player redesign — a new modern theme called Lucide ships alongside the original (now renamed Galaxy). Admins can pick a default; channels and individual videos can override.
  • Redesigned video managementManage my videos and the per-video update page were both reworked. Studio and Stats are now folded into a single Manage video tool with a lateral menu.
  • NSFW/sensitive content overhaul — content warnings, sensitive-flag taxonomy (Violent, etc.), per-flag viewer overrides, and a new Warn policy that sits between Display and Blur.
  • Web configuration wizard for first-time admins, plus a redesigned admin config with a lateral menu, a Customization page (colors, shape) and a Logo page.
  • Email translations — operator-facing emails are no longer English-only.
  • Optimized transcoding job queue — videos publish without waiting for every resolution; low-res variants get lower priority during upload bursts.
  • Performance — torrents created in worker threads, optimized SQL for trending/hot lists, raw file passthrough for downloads when possible, faster HLS seek.
  • PostgreSQL TLS and Redis TLS / Sentinel support, plus path-style object storage requests.
  • Image processing moved to sharp (native, prebuilt binaries — faster and more reliable than the prior pure-JS path).
  • ActivityPub FEP-1b12 compatibility (Lemmy, PieFed, Mbin), GoToSocial federation fix, Mastodon link verification.
  • Embed domain restrictions — uploaders can now restrict which domains may embed their videos.
  • Channel sync is significantly more reliable: fewer youtube-dl calls, handles missing/post-processing videos, retries failed imports.

Security fixes pulled in

Crossing 7.1, 7.2 and 7.3 patches means we sweep up every vulnerability fixed upstream in that range:

  • DoS and blind SSRF on ActivityPub playlist creation (CVE-2025-32948)
  • Infinite loop DoS when crawling ActivityPub data (CVE-2025-32947)
  • Arbitrary playlist creation in another user’s channel via ActivityPub (CVE-2025-32946)
  • Arbitrary playlist creation in another user’s channel via REST API (CVE-2025-32945)
  • ZIP bomb resource exhaustion on user import (CVE-2025-32949)
  • Persistent DoS via illegal filename in user import archive (CVE-2025-32944)
  • Private HLS playlist leak via path traversal (CVE-2025-32943)
  • ReDoS in useragent package (deprecated Do Not Track feature removed in 7.2.2)
  • multer DoS via malformed request (dependency upgrade in 7.2.3)
  • Updates to vulnerable dependencies (8.1.3)

These were disclosed by Ori Hollander of the JFrog Vulnerability Research team.

Pattern-level modernization (not from upstream)

We also refreshed the deployment tooling underneath the pattern:

  • Base AMI Ubuntu 22.04 → Ubuntu 24.04 (Noble Numbat)
  • OE CDK common library4.5.1 — Aurora PostgreSQL 15.415.13, ElastiCache Redis 6.27.0
  • OE devenv2.8.3
  • aws-cdk-lib2.225.0
  • Versioned AMI parameter (AsgAmiIdv300) — CloudFormation now treats each release’s AMI swap as an explicit parameter change
  • New captions object-storage bucket wired into the same S3 bucket + CloudFront distribution (PeerTube 7.1 introduced the captions bucket as a separate config key — we route it to the existing assets infrastructure so no new buckets are needed)
  • pnpm toolchain — upstream replaced yarn; the AMI now installs dependencies via npm run install-node-dependencies

Fresh deployments

Just subscribe on AWS Marketplace and launch. You’ll need a Route 53 hosted zone and an ACM certificate in advance — everything else the template provisions (VPC, ALB, Aurora Postgres, ElastiCache Redis, S3, CloudFront, SES, the singleton ASG with its data EBS volume).

What’s next

PeerTube continues to ship at a healthy clip — we’ll be watching the v8.2 milestone and the next round of upstream patch releases. We’re also continuing to invest in the marketing-content automation pipeline that drafted this post.

As always, thanks to everyone running the pattern and filing issues. If you hit anything in 3.0.0, ping us on GitHub.

— FOSSonCloud