Cloudron Forum

As @avatar1024 said, the current OIDC/SSO installed instances will not get updates anymore. It will continue working for foreseeable future. Thnk of the current package visible in the app store as a totally different app. If you want to use the old app, put `stirlingpdf.frooodle.cloudronapp in the url bar after clicking on stirling.

@girish @nebulon @james I am seeing a flood of unauthorized attempts to connect to the TURN server on each Cloudron. I have no apps installed that are using TURN. It seems like a potential security vulnerability and certainly a waste of CPU/RAM (256MB Cloudron min)/Disk resources. One TURN log was already up to 50MB! In the absence of a "switch" in Cloudron to disable this, I wanted some advice on two temporary solutions: (1) docker stop turn coupled with docker update --restart=no turn (2) Adding a crontab entry: @reboot /usr/bin/docker stop turn Option 1 prevents the container from starting. Option 2 allows it to start, but stops it when rebooting. @d19dotca Thanks for starting my thinking on this! Option 1 seems better, but I wanted an expert opinion on the consequences of using either. Lastly, I guess I will need to be aware that installing any apps that require the TURN service could fail (unless I enable the TURN container once again). If I forget and install an app like Jitsi, will Cloudron restart the TURN container and revert the --restart=no option?

Most of it can be mitigated by implementing the already available blacklist and whitelist.

This is the out of the box results on a fully patched/updated Cloudron per Wazuh (as of about 90 seconds ago). [image: 1767059999892-73d259c6-b25d-4067-8a26-f02727500baa-image-resized.png] I will be deploying a test instance of Cloudron on a VM with a set of CIS/NIST ansible playbooks to get the node to 100% compliance and see if anything breaks.

@james said in Vaultwarden fails to start after update – DB migration error (SSO): Hello @archos I think, I have the same issue. This is the log: [2025-12-29 19:23:43.075][panic][ERROR] thread 'main' panicked at 'Error running migrations: QueryError(DieselMigrationName { name: "2024-03-06-170000_add_sso_users", version: MigrationVersion("20240306170000") }, DatabaseError(Unknown, "Referencing column 'user_uuid' and referenced column 'uuid' in foreign key constraint 'sso_users_ibfk_1' are incompatible."))': src/db/mod.rs:505 And seems to be already reported upstream: https://github.com/dani-garcia/vaultwarden/issues/6611 EDIT: I followed the guided instructions and was able to fix it => https://github.com/dani-garcia/vaultwarden/wiki/Using-the-MariaDB-(MySQL)-Backend#foreign-key-errors-collation-and-charset be sure to replace "vaultwarden" in the SQL querries with your cloudron database name. I experienced the exact same issue when upgrading to the latest version. I managed to resolve it following @james's suggestion. Here is a recap of the step-by-step process I executed, which might help others: Enter Recovery Mode Go to the Cloudron dashboard and enable Recovery Mode for your Vaultwarden application. Access the MySQL Database Open the application Terminal and click the MySQL button to access the database console.. Identify the Vaultwarden Database Name Run the following command to see the list of databases: SHOW DATABASES; Note the database name that appears (it is usually a random string like 9121d...). You will need this for the next steps. Change the Database Charset Replace YourDatabaseVaultwarden in the command below with the actual database name retrieved in Step 3, then run: ALTER DATABASE `YourDatabaseVaultwarden` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; Generate Table Modification Commands Run this query to generate the specific ALTER TABLE commands for your existing tables: SELECT CONCAT('ALTER TABLE `', TABLE_NAME,'` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA="YourDatabaseVaultwarden" AND TABLE_TYPE="BASE TABLE"; Copy the output generated by this command. You can paste this list into ChatGPT or Gemini and ask it to format it for the next step (wrapping it between the foreign key check commands). Execute the Final Fix The final command block should follow this structure: SET foreign_key_checks=0; -- Copy/Paste the output from above here SET foreign_key_checks=1; If you are unsure about the formatting, I simply copied the raw table list from the terminal in Step 5 and asked an AI to format it into valid MySQL syntax using the structure above. Here is an example of what the final command looks like (Note: Do not copy-paste the specific table list below; use the one generated from your own database in Step 5, as your tables might differ): SET foreign_key_checks=0; ALTER TABLE `__diesel_schema_migrations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `attachments` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `ciphers_collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `ciphers` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `devices` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `emergency_access` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `favorites` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `folders_ciphers` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `folders` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `invitations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `org_policies` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `organizations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `sends` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `twofactor_incomplete` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `twofactor` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `users_collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `users_organizations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; ALTER TABLE `users` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; SET foreign_key_checks=1; Once you have adapted the command to your specific tables, execute it in the MySQL terminal. Finally, disable Recovery Mode and restart your Vaultwarden app. Hopefully, this serves as a solution for you as well. Apologies if there are any technical inaccuracies; I utilized AI to guide me through this solution, and thankfully, it worked perfectly. Thanks, Regards

I packaged this so I could test it: https://git.due.ren/andreas/blinko-cloudron andreasdueren/blinko-cloudron:20251230-014843-727262a70

Thanks for sharing. Is there a package source code repo to follow?

Roundcube regularly fixes security issues, see: https://github.com/roundcube/roundcubemail/blob/master/CHANGELOG.md; a new version 1.7 is in the works Roundcube has been part of Nextcloud since 2023 (https://roundcube.net/news/2023/11/30/nextcloud-the-new-home-for-roundcube) and is part of their enterprise offering (https://nextcloud.com/roundcube/) Snappymail (fork of Rainloop) is the fastest of the bunch but effectively dead: https://github.com/the-djmaze/snappymail/issues/1911 That being said, all webmail clients are terrible IMHO as they usually neglect their search features (e.g. fulltext search is slow, you can’t search across folders; Cloudron‘s „virtuall all mail folder“ could help but throws off iOS mail) or have the plugin disease (essential features like MFA are outsourced to a plugin, see Roundcube). It‘s a sad state of affairs. For my personal mail, I either rely on desktop software / a mobile device or - if I need to have access to my mail the web when I’m not at home, I use Vivaldi Mail in a local Ubuntu Container to which I connect via Apache Guacamole.