Skip to content
SourceBans++ SourceBans++

Project announcements

The home dashboard shows a slim “Latest announcement” strip between the stat cards and the recent-activity panels. It’s visible only to logged-in administrators. Content comes from a JSON feed the SourceBans++ maintainers publish at:

https://sbpp.github.io/announcements.json

The panel fetches the feed once per install per day in the background, caches it on disk, and renders the latest non-expired entry on every dashboard load. The fetch uses the same opt-out architecture as the panel’s update check: a shutdown hook fires after the response is flushed, so it never delays a request and never fails one if the upstream is unreachable.

What gets fetched

Section titled “What gets fetched”

The feed is a public JSON file you can open in your browser. There’s no hidden state. A typical entry looks like this:

[
  {
    "id": "2026-05-rc1",
    "title": "v2.0.0 RC1 is now available",
    "body_md": "Read the [release notes](https://github.com/sbpp/sourcebans-pp/releases/tag/v2.0.0-rc1).",
    "url": "https://github.com/sbpp/sourcebans-pp/releases/tag/v2.0.0-rc1",
    "published_at": "2026-05-15T00:00:00Z",
    "expires_at": "2026-08-15T00:00:00Z"
  }
]

Field-by-field:

  • id: short stable identifier (≤64 chars). Required.
  • title: one-line headline. Required.
  • body_md: optional Markdown body. Rendered through CommonMark in safe mode (raw HTML is escaped, javascript: and data: URLs are stripped). Same renderer your dashboard intro uses.
  • url: optional “read more” link. Must be http:// or https://.
  • published_at: optional ISO-8601 timestamp. Sets the displayed date and the sort order.
  • expires_at: optional ISO-8601 timestamp. The panel stops rendering the entry after this time and drops it from the cache.

What’s NOT sent

Section titled “What’s NOT sent”

The fetch is a plain HTTP GET with no query parameters, no cookies, no tracking pixels. The only outbound metadata is the User-Agent header, which carries your panel’s version number (parity with the existing update-check call):

User-Agent: SourceBans++/<version> (announcements)

Why this is opt-out by default

Section titled “Why this is opt-out by default”

The strip is narrow: one banner, admin-only, low-frequency content (security advisories, release announcements, occasional release-blocker heads-up). The maintainers want a way to reach panel operators with visibility for things like:

  • A critical CVE is published. Please update.
  • A backwards-incompatible upgrade landed. Read the upgrade notes before running the updater.
  • A new SourceMod or MariaDB version requirement is shipping.

Operators can audit content via the public diff history of the docs/public/announcements.json file. Every change ships through a pull request with the same review process as the rest of the project. There’s no separate announcements server or admin-only API endpoint to compromise. The upstream is just a static file in this git repo.

The cost of “always on” is one HTTPS GET per install per day to sbpp.github.io, capped at 256 KiB of response body, with a 5-second timeout. If the upstream is unreachable, the panel keeps showing the previously cached announcement until a successful fetch overwrites it.

How to disable the fetch

Section titled “How to disable the fetch”

If your panel runs in an air-gapped environment, or you don’t want the outbound network call regardless, define SB_ANNOUNCEMENTS_URL to the empty string in your config.php:

// In web/config.php (or wherever your install keeps it)
define('SB_ANNOUNCEMENTS_URL', '');

With an empty string, the shutdown hook short-circuits before flushing the response. No network call fires, the cache file is never written, and the dashboard omits the strip. There is no in-panel toggle: the feed is low-frequency and audit-friendly, so the only “off” position is the air-gap escape hatch above.

How announcements are proposed

Section titled “How announcements are proposed”

If you maintain a fork or care about a specific upcoming announcement, the workflow is the same as any other change to the docs site:

  1. Open a PR against sbpp/sourcebans-pp.
  2. Edit docs/public/announcements.json to prepend your entry. The panel sorts by published_at, but the file convention is “newest at the top of the array” so reviewers see the most relevant change first.
  3. The maintainers will review and merge. The docs deploy trigger workflow ships the updated file to https://sbpp.github.io/announcements.json within a few minutes of merge.

The strict schema, audit history, and one-file source make this auditable: any operator with internet access can review every announcement before it lands on their dashboard.