Calibre is back with version 9.2.1 (download here), and this one feels like a housekeeping update in the best possible way. There is nothing flashy here, no big interface shakeups or headline grabbing features, but there is a clear focus on security, stability, and fixing things that should not have broken in the first place.
One of the more important changes happens quietly under-the-hood. ZIP output now switches its HTML templating engine from templite to Mustache. That sounds arcane, but the reason matters. This change improves safety and performance and closes off a security issue tied to how templates were handled before. The downside is that it is a breaking change for anyone using custom ZIP output templates. That is inconvenient, but it also feels like the right call. When software spends its life ingesting files from all over the internet, safer defaults should win.
Security hardening shows up in a few other places, too. CHM input now ignores internal files whose paths would escape the container, blocking path-traversal attacks from malicious CHM files. EPUB handling gets a similar fix, making sure font obfuscation only touches files that actually belong to the EPUB being processed. These are not abstract concerns. Plenty of Calibre users load books from less-than-pristine sources, and tightening up how files are handled is just smart defensive engineering.
The content server also gets a notable change. In 9.2.1, template-based searches are disabled when the server is used without authentication. That feature might have been handy, but it was also risky. If you are exposing the content server to unauthenticated users, this update closes off a potential attack surface. Again, convenience takes a back seat to safety, and that is probably a good thing.
Outside of security, this release spends a lot of time fixing regressions introduced in earlier versions. Several bugs trace back to Calibre 9.0, which made parts of the app feel rougher than they should have. The e-book viewer, in particular, gets some much-needed attention. The Go-to-page function works again, dictionary lookup results are readable, and PageUp and PageDown no longer require repeated key presses at internal HTML-file boundaries in flow mode. These are small things, but if you read a lot inside Calibre, they add up quickly.
Platform-specific issues are addressed as well. On Windows, there is a workaround for a Qt 6.10 bug that caused Read Aloud to crash when stopped and restarted. On macOS, a problem that left the bookshelf view blank on some systems is now fixed. There is also a tweak to avoid rendering the bookshelf while it is still being resized during initial display, which should smooth out some odd behavior on slower machines.
Library management gets a practical new option, too. You can now rebuild the annotations search index, which is useful if you rely heavily on highlights and notes and something goes wrong. It is not exciting, but it is exactly the kind of tool you want to exist when you need it.
Elsewhere, this release quietly cleans up a bunch of irritations. Drag-and-drop into the bookshelf view works again. Mouse-wheel scrolling in the cover grid no longer jumps a full row at a time, undoing a regression from 9.0. Automatic cleanup of downloaded HTML in news downloads is restored after breaking in 8.11. None of these fixes will sell the update on their own, but together they make Calibre feel more solid and predictable.
