[1.8.0] Update 2FAuth to 6.0.0 Full Changelog 2FAuth can now fetch icons from offline icon packs. Visit the new Icon documentation page to learn how to set them up (#203). The sort order of 2FA accounts is saved to user preferences when changed from the Manage mode. This allows the account list to be reordered automatically after a new account is registered. (#377). Groups can be reordered (manually, from the Group management view) (#419). A new filter is available to only show 2FA accounts that do not belong to any group (#430). The Import feature now supports Bitwarden export (#501). Group names now accept single quote (#465). Upon logging out, users are now redirected to the last login form they used: Password, SSO or Webauthn. (#478). Catchable errors that occur during the sending of a test email are now displayed in the UI to help you understand what's going on. issue #447 Unable to import Google Authenticator. issue #464 Import error not correctly reported in the GUI.

[1.7.1] Update Ackee to 3.5.1 Full Changelog Several dependencies have been updated to their latest versions to bring in security patches and improvements ackee-tracker has been updated to fix an issue where visits were not recorded when the website had an empty document.referrer. You might have seen lower visit counts since version 3.5.0 when your website had no referrer, e.g., when visiting it directly or via bookmarks.

[1.21.0] Update actual to 26.1.0 Full Changelog Breaking changes: Removed support for legacy CSV import format Features: Added new budgeting overview page Features: Improved sync performance with cloud accounts Bug fixes: Fixed issue with transaction duplication on import Bug fixes: Resolved crash when opening settings on macOS Bug fixes: Corrected display issue in dark mode Bug fixes: Fixed bug causing incorrect currency conversion rates

[1.14.10] Update AdGuardHome to 0.107.71 Full Changelog In this release, the schema version has changed from 31 to 32. Added a new string fields dns.cache_optimistic_answer_ttl and dns.cache_optimistic_max_age. Optimistic DNS cache not working ([#​8148]).

This look like a good replacement for Alltube (which we were using) https://github.com/alexta69/metube

[1.24.0] Update dependency ampache/ampache to v7.8.0

[1.6.1] Update answer to 1.7.1 Full Changelog New: SchemaForm Input always a string (@shuashuai #1425) New: <input type="number"> needs to set the min|max values on the front-end when necessary (@Dinesht04 #1417) Fixed: Getting Language file not found. error when trying to change the Timezone in the admin settings (@LinkinStars #1427) Fixed: 500 error on opening any question (@shuashuai @LinkinStars #1426) Fixed: Edited answers do not update after moderation (@LinkinStars #1423) Fixed: After installation, the default-generated Q&A does not have initial version information when edited (@krypt0n123 #1436) Fixed: Multi-byte rune boundary issue when cutting long titles (@ferhatelmas #1431) Fixed: Null pointer access in UI when getting branding fails (@ferhatelmas #1433 Fixed: Right language handler usage (GetLangByCtx) for proper language detection (@liruohrh #1444

@perelin said in ArchiveBox initial setup: Should I use the regular login mask, but what password to use / where to set a password. If you followed the first time setup guid step by step, you should be able to user your cloudron username and password in the login mask. I have just tested and confirmed it is working if the first time setup guide is followed.

Hello @andreasdueren Thanks for the report. Fixing it right now.

[1.96.1] Update audiobookshelf to 2.32.1 Full Changelog Important: New authentication system was added in v2.26.0. See https://github.com/advplyr/audiobookshelf/discussions/4460 for details. Server crash matching with Audible provider #4931 More strings translated Finnish by @pHamala Polish by @MarcinKlejna Russian by @renesat Swedish by @bittin

Thanks for reporting here @gardinermichael . We have in fact hidden the app package because there were many issues with it and we couldn't manage to get it to be stable . Maybe we should revisit this.

[1.33.5] Update baserow to 2.0.6 Full Changelog [Core] Added more advanced formulas. #4318 [Core] Allow array properties to be selected in the formula context when expert mode is selected. #4485 [Builder] Resolve an issue with styling button fields in table elements. #4494 [Database] Ensure m2m field indexes are all set. [Database] Prevent creating a new constraint when the enter key of the default value is pressed.

[1.6.2] Update beszel to 0.18.3 Full Changelog The Windows agent's updated version of LibreHardwareMonitorLib now uses PawnIO instead of WinRing0. If you lose temperature sensors, make sure PawnIO is installed. (See #1657 and #1697.) Container NetworkSent and NetworkRecv fields have been deprecated in favor of Bandwidth. Agents will stop populating those fields in 0.19.0, so please update any integrations to prefer Bandwidth. It's available for all containers on hubs >= 0.18.3. Add experimental sysfs AMD GPU collector. (#737, #1569) Improve container network stats accuracy. Fix SHARE_ALL_SYSTEMS for system_details, smart_devices, and systemd_services. (#1660) Improve CJK truncation in UI. Fix container uptime sorting edge case. (#1696) Remove stale systemd services from tracking after deletion. (#1594) Update honeypot field name and autofill ignores. (#1011) Write health_file to /dev/shm instead of /tmp if available. (#1455)

[1.46.3] Update BookStack to 25.12.3 Full Changelog Page Content - As of this release, most types of form content are now removed from page content on render. If you applied customizations which made use of in-page form content, you may now need to find alternative methods. Updated application PHP dependencies. Updated session-based API authentication to only be active for GET requests. Updated page content filtering to remove many common form elements & attributes. Updated translations with latest Crowdin changes. (#5997)

Hello @miednr @miednr said in Docker Remote Builder cannot push to private Cloudron Registry – no basic auth credentials due to read-only HOME / missing Docker config: Could you please provide some commands to check, where the problem's cause is? I have set up my docker registery under dr.cloudron.dev and the build service under cbs.cloudron.dev. I run the command from the build service once: cloudron build login --url 'https://cbs.cloudron.dev' --build-token 4d9e63406e98c078e296f6f273d5d9adb080643d50dd1d82b687af8c414cf915 When I now build a custom app I run: cloudron build --file ./Dockerfile --set-repository dr.cloudron.dev/org.cloudron.copyparty --tag 0.1.0

[2.12.8] Update cal.com to 6.1.9 Full Changelog refactor: use DI-ed cached FeaturesRepository in flags router by @eunjae-lee in #27394 feat: Routing trace presenter by @joeauyeung in #27372 feat: add index on channelId for SelectedCalendar by @volnei in #27403 perf: increase Office365 calendarView page size to 999 to minimize pagination by @keithwillcode in #27407 feat: add configurable wildcard domain matching to watchlist by @emrysal in #27409 fix: allow wildcard prefix in domain validation by @emrysal in #27413 feat(companion): dark mode by @dhairyashiil in #27305 fix: remove unnecessary border when event type details are hidden by @hariombalhara in #27421 refactor: remove 10 trpc imports from features package by moving 16 tRPC-driven components to apps/web/modules by @hbjORbj in #27336 fix: align feature opt-in toggle labels with enable/disable wording by @eunjae-lee in #27425

[1.27.1] Update calibre to 8.16.2

The bug has been officially addressed now. https://code.castopod.org/adaures/castopod/-/commit/44fb904

[1.27.6] Update changedetection.io to 0.52.9 Full Changelog Update messages.po // German "From" by @DominikHerold in #3793 Open github link on new tab by @mstrey in #3791 Update French translation by @sCreami in #3788 Browser page fetching speedup - Element locking was adding up to 1minute page load time, Element locking 'off' by default (so they dont move when the screenshot scroll happens), only lock top viewport elements. Improve logging. by @dgtlmoon in #3796 Make language selection sticky and provide a way to return back to default auto-detect #3792 by @dgtlmoon in #3795 Use credentials to fetch the web manifest by @ianis in #3790 Memory management improvements by @dgtlmoon in #3798

Hello @webmaster-srpl I was able to set up the Facebook Messenger with chatwoot according to the official chatwoot documentation. I did not need to configure anything with /webhooks/facebook so I am curious how you are trying to set up the Facebook Messenger in chatwoot. [image: 1769179599246-600be0a5-9028-4453-8be5-5d9cb87c9bd3-image-resized.png] [image: 1769179549380-fc97ccc6-92f9-41ec-8b35-96091f4edbc9-image-resized.png]

[1.41.0] Update code to 25.04.8.1.1

[1.7.0] Update comentario to 3.16.0 Full Changelog Per-page email notifications (#209) - abae9cf, 12c20cd, cd5e8b2, f0aed95, bac6b97 AdminUI: fix base href when deployed on a non-root path (#217) - 7d8e292 Backend: Resolve repeated notifications - cd5e8b2 Backend: use correct paths in site.webmanifest - 7d8e292 Docs: add explicit mentions of Edit domain page (#210) - 6e53611 I18n: improve logging for missing messages, add contribute page link - 257753b I18n: DE: add missing messages - 1e9bc35

@gh0stface yup, they made a release yesterday it seems and it should have the PRs we made upstream. @vladimir-d is checking the package again.

@girish Yep, exactly that. AnyType and Appflowy are growing in popularity. Would be nice to see them

@atridad Thanks for the heads up, the app is gone from our library as well.

[1.12.0] Update cryptpad to 2025.9.0 Full Changelog Update icons #1987 Make client compatible with new server #2059 Guard against misconfiguration of fileHost setting #2017 @ansuz Add a checkup page test for /upload-blob #1995 @ansuz Add forceRedirect to SSO #1868 @avinash-0007 SSO login redirect #2057 Make sure OnlyOffice user index does not change #2066 Office documents corruption on server issues #2064 Fix disappearing sheets #1991 Hardcoded values in PDF export metadata #2015

[1.25.0] Update ctfreak to 1.35.0 Full Changelog

[2.7.0] Update cubby to 2.7.0

[1.5.1] Update dawarich to 1.0.1 Full Changelog SSL certificate verification can now be disabled for Immich and Photoprism integrations to support self-signed certificates. A prominent security warning is displayed when this option is enabled. #1645 Photo timestamps from Immich are now correctly parsed as UTC, fixing the double timezone offset bug where times were displayed incorrectly. #1752 Trip photo grids now update immediately after photos are imported, instead of showing cached/stale results for up to 24 hours. #627 #988 Immich API responses are now validated for content-type and JSON format before parsing, providing clear diagnostic error messages when the API returns unexpected responses. #698 #1013 #1078 Response validator logs truncated response bodies (max 1000 chars) when JSON parsing fails, improving debugging capabilities. GeoJSON formatted points now have correct timestamp parsed from raw_data['properties']['date'] field. Reduce number of iterations during cache cleaning to improve performance. Version in the navbar is now correct. #2154 Fix an error on the Trips page when trip is created but no path is yet calculated. #1426 Catch an error with invalid response during reverse-geocoding. #1439

[2.14.1] Update directus to 11.14.1 Full Changelog Added multi-domain support for OAuth/OpenID (#26312) Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml) Removed the "Comment" tab from the activities page (#26440 by @Abdallah-Awwad) Fixed getAsset returning all file fields instead of only those allowed by the users permissions (#25905 by @gaetansenn) Added a new AI_ENABLED environment variable to allow opting out of our AI chat feature (#26458 by @bryantgillespie) Added concurrency control for file uploads via a new FILES_MAX_UPLOAD_CONCURRENCY env variable (#26424 by @thomas-svrts) Added nested validation rules to validation error notice (#26389 by @robluton) Added Comparison modal wysiwyg diff highlighting (#26301 by @robluton) Fixed an issue that would cause some drawer header icons from being displayed too large (#26442 by @kekekuli) Added support for specifying a KMS Key ID in S3 storage when using aws:kms Server Side Encryption (#26377 by @Joey92)

[2.9.4] Update discourse to 3.5.4

Hi Cloudron team and everybody else, I’m running into a persistent issue with the Cloudron Docker Registry and would appreciate your input. Setup: • Cloudron Registry app (DNS only, no Cloudflare proxy) • Images are built and pushed via GitHub Actions using docker/login-action and docker/build-push-action • Login to registry succeeds • Push step completes successfully (no errors reported) Observed behavior: • After a successful push, the repository does not exist in the registry • Registry API returns: • /v2/ → 200 • /v2/<user>/<repo>/tags/list → NAME_UNKNOWN • docker pull results in: • repository name not known to registry • manifest unknown This happens regardless of: • Image name (simple names tested, e.g. rag-gateway) • Tags (latest, sha-…) • Buildx settings (single platform, no provenance, no SBOM) • Explicit registry host in login and tags What was verified: • Disk space is sufficient • Auth is correct (App Password) • Cloudflare is disabled for registry • GitHub Actions runner cannot pull the image either after push • Registry logs show no relevant errors during push or pull attempts Conclusion so far: It appears that the registry accepts the push but never persists the repository/manifest, making it impossible to pull afterwards. Is this a known limitation or bug of the Cloudron Registry when images are pushed externally (e.g. via GitHub Actions / Buildx)? Are there recommended settings or a supported workflow for external CI pushing images into the Cloudron Registry? Thanks a lot for any guidance. Best regards, miednr

[1.16.0] Update documenso to 2.5.0 Full Changelog fix: mark document auth types for translation by @mKoonrad in #2331 fix: mark document visibility options for translation by @mKoonrad in #2330 refactor: simplify field dialog component by @catalinpit in #2369 feat: add audit logs to document details page by @Mythie in #2379 feat: add default recipients for teams and orgs by @catalinpit in #2248 fix: downgrade pdfjs-dist to version 5.4.296 and update react-pdf to version 10.3.0 by @KarloDerEchte in #2383 fix: dont flatten forms for templates by @Mythie in #2386 fix: security CVE-2026-22817 CVE-2026-22818 by @tedliang in #2390 fix: sync envelope state after direct link changes by @ephraimduncan in #2257 refactor: replace pdf-sign with libpdf/core for PDF operations by @Mythie in #2403

[1.12.0] Update community to 5.14.0 Full Changelog Added Spanish language support

[1.13.1] Update docuseal to 2.3.1 Full Changelog Custom fields - now it's possible to save a field with all configurations as a custom field to easily reuse them on new templates Upgrade to Rails 8.1 and Ruby 4.0.1

[1.26.0] Update dokuwiki-plugin-oauth to 2025-10-23

I assume the app as such uses the database just fine? Database access is quite fundamental I would assume for dolibar, so maybe some security setting in dolibarr itself?

[1.7.1] Update easyappointments to 1.5.2 Full Changelog Fix the GTag script URL html rendering (#​1666) Fix the "Load More" JS error in secretaries page (#​1677) Fix the PHP compatibility error of the appointments index API endpoint (#​1678) Catch individual email delivery exceptions (#​1670) Apply permission checks to the appointment and unavailability search (#​1753) Make sure the sync button is visible on provider log in (#​1749) Update unavailable dates after applying appointment data while rescheduling (#​1662) Make sure that any-provider does not include hidden providers while generating availability (#​1733) Provide "text" version of the emails in addition to HTML (#​1711) Trigger webhook requests when managing records via the API (#​1676)

[1.18.2] Update Emby.Releases to 4.9.3.0 Full Changelog Add user option to set user's auto remote quality Add library option to use legacy folder scanning method Music transcoding fixes Add landing tab option for book libraries Support volume control with youtube trailer player Update mixed content tabs to combine Movies & Shows Fix maintenance mode blocking some settings screens Fix embedded audio fields not getting rescanned on file changes Fix loss of genre and collection images after deleting a movie Fix latest section not showing items for some channel plugins

[2.19.5] Update espocrm to 9.2.6 Full Changelog Notification wrongly marked as read #​3539

[4.5.0] Update etherpad-lite to 2.6.0 Full Changelog Added native option to transfer your Etherpad session between browsers. If you use multiple browsers or different PC for Etherpad they are different sessions. Meaning typing on one PC and then switching to another one in the same pad will result in different authorship colors. With this new feature you can now transfer your session to another browser or PC. To do so, open the home page and click on the wheel icon in the top right corner. After that click through the first dialog prompting you to copy a code to your clipboard. On your second browser open the same dialog and switch to "Receive Session" tab. There you can paste the code you copied before and click on "Receive Session". After that your session is transferred, and you can continue editing with the same authorship color as before. Just be aware that you can't have two active sessions at once in a pad. Updated to oidc provider v2.6.0 after resolving compatibility issues.

[1.16.6] Update evcc to 0.300.8 Full Changelog c563112 Add HomeAssistant charger (#27103) 725af06 ChargeX: fix register decoding (#27110) 44dcd03 MQTT: fix namespace clash (revert #26999)

https://feedback.fider.io/posts/329/data-administration-import-accounts-tags-votes-posts-and-comments-via-web-interface this is a known thing in Fider it seems that the UI has no restore option. They have a new version coming this week so maybe it'll get added. I imagine people clone the file structure and PostgreSQL DB now to migrate or restore.

[1.15.0] Update filepizza to 60704b4

[1.1.0] Update fmd-server to 0.14.0 Full Changelog Light mode. And a setting to switch between theme modes. Ability to view the map in fullscreen. Ability to pass a message when locking the device (fmd lock <message>). Setting to switch between metric and imperial units. The command list is much longer, making nearly all commands available in the web UI. The commands now also have a description. The UI now automatically refreshes the location shown on the map. If you select "Remember me" during login, the access token and the private keys will now be stored in the browser's local storage. Enable WAL (write-ahead-logging) in sqlite. (!159) Limit request body size to 15 MB. (!164) Reduce default MaxSavedLoc from 1000 to 500. (!170)

[3.10.10] Update firefly-iii to 6.4.15 Full Changelog Issue 11264 (Add GUI for some settings, replacing environment variables) reported by @jacobburrell Discussion 11433 (Updates to Date Range selection) started by @fett327 Moved some settings to your system settings The following environment variables are removed and will no longer work. They are now in your settings. Removed sentry.io code Issue 11378 (Wrong account balance with initial transfer from different currency) reported by @bozho Issue 11383 (Login flow could redirect to javascript path) reported by @stefvonb Issue 11388 (TypeError bugs during upgrade to 6.4.14 + account_balances corruption) reported by @jaconde2 Issue 11396 (Reconciliation adds extra digits) reported by @niklas2810 Issue 11399 (Unusual behavior in audit logs (multi-currency)) reported by @jgmm81

[2.6.0] Update formbricks to 4.6.0 Full Changelog feat: add (optional) IP address capture functionality to surveys by @Dhruwang in #7079 feat: Custom HTML scripts in link surveys by @jobenjada in #7064 feat: add auto-save for draft surveys and Cmd+S hotkey by @jobenjada in #7087 feat: add support for mp3 file extension and corresponding MIME type by @Dhruwang in #7103 feat: implement robust database seeding strategy by @mattinannt in #7017 feat: introduce language variations by @jobenjada in #7082 feat: question delete dialog by @TheodorTomas in #7144 feat: security signup ui by @pandeymangg in #7088 feat: validation rules by @Dhruwang in #7140 feat: webhook secret by @pandeymangg in #7084

[0.4.0] Update forgejo to 14.0.2 Full Changelog Breaking change: Removed deprecated API endpoints related to user authentication Feature: Added support for two-factor authentication Feature: Improved performance of repository cloning Bug fix: Fixed issue with webhooks not triggering on push events Bug fix: Resolved error when creating new branches via the web UI Bug fix: Corrected display issue in the user profile page Feature: Enhanced search functionality with advanced filters Breaking change: Updated minimum required version of Node.js to 14.0.0 Feature: Introduced dark mode for the user interface Bug fix: Addressed memory leak in background job processing

[1.15.28] Update freescout to 1.8.203 Full Changelog Fixed "Invalid byte sequence for encoding UTF-8" error on PostgreSQL on fetching (#​5159) Make customer email in the conversation list more compact (#​5066) Revert changes made to "Collapse email history in Gmail" to avoid problems with replies separation in FreeScout (#​5136)

[1.27.1] Update FreshRSS to 1.28.1 Full Changelog Handle Web scraping of text/plain as <pre class="text-plain"> #​8340 New customisable message for closed registrations #​8462 Fix unwanted expansion of user queries (saved searches) applied to filters #​8395 Fix encoding of filter actions for labels #​8368 Fix searching of tags #​8425 Fix refreshing feeds with token while anonymous refresh is disabled #​8371 Fix RSS and OPML access by token #​8434 Fix MySQL/MariaDB transliterator_transliterate fallback (when the php-intl extension is unavailable) #​8427 Fix regression with MySQL/MariaDB index hint #​8460 Auto-add lastUserModified database column also during mark-as-read action #​8346

[4.149.1] Update ghost to 6.16.1 Full Changelog This release contains fixes for minor bugs and issues reported by Ghost users.

[1.37.4] Update gitea to 1.25.4 Full Changelog Release attachments must belong to the intended repo (#36347) (#36375) Fix permission check on org project operations (#36318) (#36373) Clean watches when make a repository private and check permission when send release emails (#36319) (#36370) Add more check for stopwatch read or list (#36340) (#36368) Fix openid setting check (#36346) (#36361) Fix cancel auto merge bug (#36341) (#36356) Fix delete attachment check (#36320) (#36355) LFS locks must belong to the intended repo (#36344) (#36349) Fix bug on notification read (#36339) #36387 Add more routes to the "expensive" list (#36290)

Yes, it's only jekyll. Not an expert on next.js but I think it also needs a backend right ? If so, you have to create a custom package - https://docs.cloudron.io/packaging/tutorial/

[1.112.2] Update gitlab-foss to 18.8.2

[0.2.0] Update logo

[1.23.0] Update gogs to 0.14.1 Full Changelog Support comparing tags in addition to branches. #6141 Show file name in browser tab title when viewing files. #5896 Support using TLS for Redis session provider using [session] PROVIDER_CONFIG = ...,tls=true. #7860 Support expanading values in app.ini from environment variables, e.g. [database] PASSWORD = ${DATABASE_PASSWORD}. #8057 Support custom logout URL that users get redirected to after sign out using [auth] CUSTOM_LOGOUT_URL. #8089 The required Go version to compile source code changed to 1.25. The build tag cert has been removed, and the gogs cert subcommand is now always available. #7883 Switched to pure-Go SQLite driver, CGO is no longer required to compile Gogs. #7882 Security: Unauthenticated file upload. #8128 - GHSA-fc3h-92p8-h36f Security: Protected branch bypass in web UI. #8124 - GHSA-2c6v-8r3v-gh6p

[2.3.2] Update grafana to 12.3.2 Full Changelog API: Add missing scope check on dashboards #116888, @Proximyst Avatar: Require sign-in, remove queue, respect timeout #116893, @macabu ElasticSearch: Update annotation time-range properties #115566, @aangelisc Explore: Reset legend when a new query is run #116590, @ifrost Go: Update to 1.25.6 #116396, @macabu Alerting: Fix a race condition panic in ResetStateByRuleUID #115680, @alexander-akhmetov Alerting: Fix data source recording rules editor #116303, @soniaAguilarPeiron

IMPORTANT Packages starting 1.8.6 to 1.9.0 have been revoked. 1.8.6 - 1.8.13 - Upstream has removed all 1.7.50.x packages. See https://discourse.getgrav.org/t/upgrade-to-grav-v1-7-50-9-not-working/29222/4 1.9.0 - had incorrect beta version update

[1.9.0] Update greenlight to 3.7.0 Full Changelog Improve copy recordings functionality (#6154) Added popovers that describe recording formats (#6136) Fixed a few Host Header vulnerabilities related to asset urls Removed role_id from permitted update params (#6117) Updated multiple gems and packages Clear recordings before the sync starts (#6164)

@jdaviescoates yes I am on version 0.4.0

Hello @albertbeaufrand and welcome to the Cloudron Forum This topic is a duplication of https://forum.cloudron.io/post/97415 and will be merged into it. Please read the responses above to get the full answer to your question.

[1.11.0] Update base image to 5.0.0

[1.21.2] Update hedgedoc to 1.10.5 Full Changelog Fix the bundled healthcheck in the docker container GHSA-gmgw-rcmh-7x47 reports potential cross-site side-effects due to not applying sandboxing to iframes. GHSA-6wm6-3vpq-6qvv reports a possible CSRF vulnerability when using certain social login providers because the state parameter is not used and checked. Add enableUploads (CMD_ENABLE_UPLOADS) config option to restrict uploads to registered users, all users or Allow links to protocols such as xmpp, webcal or geo Switch from deprecated shortid to nanoid module, with 10 character long aliases in "public" links Ensure compatibility with Node 24 Protect user history from accidental or malicious deletion by adding a CSRF-like token Many enhancements in the documentation at docs.hedgedoc.org Ignore the healthcheck endpoint in the "too busy" limiter Send the referrer origin for YouTube embeddings due to their requirement

[1.15.4] Update core to 2026.1.3 Full Changelog

Ok thanks for letting us know.

[1.97.1] Update immich to 2.5.2 Full Changelog Fixed a bug where the video aspect ratio is played incorrectly for the remote asset Fixed a bug where memory generation failed Fixed a bug where memories don't show on the web until the page is refreshed Fixed a bug where the Load original image option doesn't render the image on iOS fix: deleting asset from asset-viewer on search results by @midzelis in #25596 fix: escape handling in search asset viewer by @danieldietzler in #25621 fix: correctly show owner in album options modal by @danieldietzler in #25618 fix(server): don't assume maintenance action is set by @insertish in #25622 fix: album card ranges by @danieldietzler in #25639 fix(mobile): show controls by default on motion photos by @goalie2002 in #25638

[1.19.0] Rename to Ip2location due to trademark collision

@jdaviescoates Thanks - Not the I have not though about this, but, at last, this could only be a temporary solution following our infrastructure setup. It also does not solve the underlying OIDC issue, which I very much find intriguing.

Current version is not able to fetch new episodes of subscriptions. Fix is coming wth https://github.com/iv-org/invidious/pull/5614

[1.21.5] Update invoiceninja to 5.12.52 Full Changelog Force app.url for password resets. Updated translations by @turbo124 in #11628 v5.12.52 by @turbo124 in #11629

[1.13.2] Update jellyfin to 10.11.6 Full Changelog Prioritize better matches on search [MR #15983], by @Shadowghost Fix artist display order [MR #15816], by @theguymadmax Restore weekly refresh for library folder images [MR #16046], by @theguymadmax Be more strict about PersonType assignment [MR #15872], by @Shadowghost Fix birthplace not saving correctly [MR #16020], by @theguymadmax Trim music artist names [MR #15808], by @theguymadmax Add mblink creation logic to library update endpoint. [MR #15965], by @Collin-Swish Fix watched state not kept on Media replace/rename [MR #15899], by @MarcoCoreDuo Skip hidden directories and .ignore paths in library monitoring [MR #16029], by @theguymadmax Revert "always sort season by index number" [MR #15950], by @theguymadmax

App discontinued due to no upstream updates.

[1.12.1] Update Jirafeau to 4.7.1 Full Changelog Fixed another possibility to bypass the checks for CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066 (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image". When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled. The default value of max_upload_chunk_size_bytes was set to 5000000. Higher values could trigger a bug Chromium-based browsers on servers with HTTP/3 enabled, causing asynchronous uploads to fail.

Hello @girish, hello everyone, Is there any hope that Jitsi Meet (https://forum.cloudron.io/topic/10900/updates-to-jitsi) will be offered on Cloudron again? It’s such a great tool! Thank you very much!

[2.4.1] Update joplin to 3.5.2 Full Changelog

[1.58.3] Update jupyterhub to 5.4.3 Full Changelog

[1.17.5] Update kanboard to 1.2.49 Full Changelog fix(ldap): ensure LDAP placeholders are escaped fix: restore Ctrl+Enter submission on the task creation form feat(locale): update translations feat: prevent protocol-relative URL redirects after login feat: block private network access for external web link (configurable) feat: add TRUSTED_PROXY_NETWORKS config option

[1.9.1] Add optional OpenID integration for new installations

[1.5.2] Update keycloak to 26.5.2 Full Changelog #​44994 CVE-2025-67735 - netty-codec-http: Request Smuggling via CRLF Injection dependencies #​43443 Keycloak should warn when ISPN or JGROUPS is running in debug level logging #​45498 Ignore OpenAPI artifacts when disabled dist/quarkus #​44785 Can not get through SSO login if using a custom attribute with default value user-profile #​45015 Deadlock in Infinispan virtual threads infinispan #​45250 IDToken contains duplicate address claims oidc #​45333 User admin events don't show role, group mapping, reset password like events admin/ui #​45396 Database Migration fails when updating to 26.5.0 on MS SQL core #​45415 cache-remote-host becomes mandatory at build time when using clusterless feature infinispan #​45417 Unmanaged Attributes Type (Only administrators can view) allows admin API to set Unmanaged Attributes user-profile

[0.3.0] Update keila to 0.18.0 Full Changelog Added public archive links for campaigns Added ability to review sent campaigns Added $empty operator to Contact query language and segment editor Added segment filtering based on campaign interactions Added text color tool to Block Editor Added social media icons block to Block Editor (see #444) success_url in contact forms is now processed with Liquid, allowing personalized redirects Added support for id_type in API Contact deletion endpoint Preview emails are now prefixed with "[Preview]" Added Spanish translation (thanks @PedroMartpico)

[2.41.0] Update kimai to 2.47.0 Full Changelog Further SecurityPolicy hardening for twig invoice and export templates (#5784) Fix: moved "print" export to self-contained template (#5784) Fix: synchronisation problem when editing user-preferences of the currently logged-in user (#5784) Fix: selected text highlight color in dark mode (#5784) Fix: remove backdrop from the "loading indicator" (#5784) Do not show report toolbars in a card, following the general Kimai UI principles (#5784) Removed most toast messages, replacing them by a tiny loading indicator. reason: an app should work as expected and not need to indicate that an action was successful, instead it should only warn if something fails. toasts were kept for ticktack / restarting of timesheets and error messages, as those might be started from any screen. (#5784)

[1.34.0] Update koel to 8.3.0 Full Changelog fix: hover status on context menu items by @phanan in #2184

Running TURN server on port 443 only matters for setups where a Client is unable to contact the server on non-port 443. This is only common in some ultra locked down intranet setups.

@james Komf is a stand-alone application but I think it ought to accompany Komga, if we support Komga, and we do. (It supports Kavita similarly.) It is a dynamic duo: batman and robin, salt and pepper. I will create an app request for it.

[2.4.1] Set supportsDisplayName to false in manifest

Hello @chmod777 I have rebased the oidc-support branch against the master branch. You should be able to run git pull in the oidc-support branch now.

[1.27.0] Update languagetool to 97476d3

[1.11.1] Update leantime to 3.6.2 Full Changelog Fix timer not starting after v3.6.0 update by @gloriafolaron in #3215 fix(db): Fix zp_entity_relationship table migration issues by @gloriafolaron in #3221 Timer Not Starting - Fixed an issue where the stopwatch/timer feature stopped working after the 3.6.0 update (#3208) Database Migration Fix - Added migration to fix entity relationship table issues that caused dashboard and ticket errors (#3221)

[1.1.1] Update LibreChat to 0.8.2 Full Changelog Cross-replica support for resumable streams in Redis mode, enabling seamless horizontal scaling for production deployments. Add, configure, and share MCP servers directly from the UI with full access control. Includes API key authentication support, domain restrictions for remote transports, and improved OAuth handling. Pin frequently used agents and models to the sidebar for quick access. Render Mermaid diagrams inline within chat messages with enhanced UX and focus rendering. Extensive improvements to meet WCAG standards with better screen reader support, keyboard navigation, focus management, and contrast ratios across the entire application. Moonshot Kimi K2 Bedrock support Anthropic Beta support for Bedrock Anthropic Vertex AI support Gemini Image Generation Tool (Nano Banana) Bedrock Guardrails support

[1.55.4] Update LimeSurvey to 6.16.4+260113

[1.26.1] oidc: add env template to optionally disable login form

[1.20.0] add dumb-init to collect zombies

[1.15.0] Update listmonk to 6.0.0 Full Changelog TOTP two-factor authentication. E-mail based Forgot password reset flow. Ability to archive lists. Subscriber activity in the Subscriber profile UI. Ability to send transactional mails to non-subscribers via the /api/tx API. Campaign-level JSON JSON {} attributes just like subscriber attributes. Granular override on subscriptions / subscriber profile in bulk import. In-built Postgres VACUUM cron in Maintenance settings for large databases. Add attribs to campaign docs. Upgrade altcha JS to latest version.

[1.17.5] Update loomio to 3.0.17 Full Changelog Fix duplicate email crashes in OAuth and SAML SSO authentication remove unused canViewPublicGroups code Prevent non-members from seeing tags on closed groups remove hiredis gem

[2.41.0] Update Lychee to 7.3.1 Full Changelog Version 7.3.1 for automated deployement by @ildyria in #4036 Fix missing top level permission by @ildyria in #4034 Add more contributions guides by @ildyria in #4006 Clarify album rights propagation by @ildyria in #4019 [SE] Add LDAP support by @ildyria in #4020 Fix ugly header bar in light mode when showing photo details by @ildyria in #4029 Migration breaking on some installations by @ildyria in #4028 Version 7.3.0 by @ildyria in #4030 Fix missing dependency: ldap by @ildyria in #4033

@girish That is a super handy feature!

[1.17.4] Update mastodon to 4.5.4 Full Changelog Fix custom emojis not being rendered in profile fields (#37365 by @ClearlyClaire) Fix serialization of context pages (#37376 by @ClearlyClaire) Fix quotes with CWs but no text not having fallback link (#37361 by @ClearlyClaire) Fix outdated link target for locked warning (#37366 by @ClearlyClaire) Fix local custom emojis sometimes being rendered in remote posts (#37284 by @ChaosExAnima) Fix some assets not being loaded from configured CDN (#37310 by @ChaosExAnima) Fix notifications page error in Tor browser (#37285 by @diondiondion) Fix custom emojis not being displayed in CWs and fav/boost notifications (#37272 and #37306 by @ChaosExAnima and @ClearlyClaire) Fix default Admin role not including view_feeds permission (#37301 by @ClearlyClaire) Fix hashtag autocomplete replacing suggestion's first characters with input (#37281 by @ClearlyClaire)

[1.54.0] Update matomo to 5.7.0 Full Changelog #23725 Track AI Bots through our HTTP Tracking API [by @sgiehl, @mneudert, @caddoo] #23870 Adds reporting around requests made by AI bots [by @sgiehl] #23818 Remove MadMimi from Newsletter privacy note [by @sgiehl] #23903 Fix issue for saving of preferences throwing errors and redirecting when logged in as anonymous user [by @chippison, @caddoo] #23743 Prevent logging tracking failure for obviously malformed idsite or token auth [by @sgiehl] #23768 Fix and Improve period selection via keyboard navigation [by @tzi] #23771 Allow to star and unstar stored segment [by @tzi] #23783 Redirect to login page when session ends [by @chippison] #23792 Segment selector: max out at 5-6, instead of throwing many errors in reporting interface [by @chippison]

Yes, this makes perfect sense to me. That's also why I only want to change two specific parameters (localpart_template and display_name_template) and not the whole OIDC setup, which should be unmutable so to say. And in my case, I also wanted to ensure that email_template is kept in sync with the Cloudron account email, only giving freedom to set a desired handle and display name (although that one can be modified afterwards by the user). P.S.: I did not test yet if other settings are persistent or not, as I intend to set a retention policy for synapse as well.

[1.23.1] Update mattermost to 11.2.2 Full Changelog

@jayonrails are you referring to the Mautic App or Cloudron? For Mautic - we have a monthly online meetup for DACH every first monday at 12:30 CET. Except for today - its moved to 12th of january. (https://meet.mauticamp.de/adm-suk-gfm-ath). Also we have a poll for a real world meetup running: https://forum.mautic.org/t/neues-jahr-neues-meetup-terminfindung-fur-das-d-a-ch-mauticamp-2026/36991

[1.32.2] Update mealie to 3.9.2 Full Changelog fix: Make quantity input in shopping list item editor visually consistent with other inputs @lehnerpat (#6810) fix: allow start attribute on ordered lists (SafeMarkdown) @p0lycarpio (#6820) fix: Exception handling for recipe image reprocessing @michael-genson (#6822)

[3.6.1] Update mediawiki to 1.45.1 Full Changelog

Closed due to inactivity

[1.4.2] Update memos to 0.25.3 Full Changelog The markdown parser/renderer now follows CommonMark and GFM specifications for better compatibility and consistency feat: add Focus Mode for distraction-free writing - New writing mode that minimizes distractions for focused memo creation feat: add ability to delete unused attachments (#5272) - Clean up unused attachments to save storage space feat: standardize theme system with auto sync option (#5231) - Theme now syncs with system preferences automatically feat: add load more button and pagination to attachments page (#5258) - Better navigation for large attachment lists fix: resolve tag sidebar filtering and reactivity issues - Tags now filter properly in the sidebar fix: prevent memory exhaustion in thumbnail generation - More stable thumbnail generation fix: markdown list auto-completion creates new line correctly (#5238) - List continuation works as expected

[2.34.0] Update metabase to 0.58.4.2 Full Changelog

[2.36.23] Update bedrock to 1.21.132.3

Also @senthilkumaran If you are just now updating to @miniflux version 2.0.49 on Cloudron, which was packaged and published Oct 16, 2023, you are years behind with updates. This would also explain why you run into this issue, since this was also resolved with @miniflux version 2.2.13 which was packaged and published Sep 19, 2025, 9:18 AM

Time to poke RustFS too. No fear.

[2.5.45] Update mirotalksfu to 2.0.97

The app package runs the cron job as outlined in https://github.com/monicahq/monica/blob/4.x/docs/installation/providers/generic.md#4-configure-cron-job Can you open a webterminal into the app and run it manually via: sudo -E -u www-data php /app/code/artisan schedule:run and see if it shows an error or sends the mails then?

@osobo Moodle package has quite a complicated setup. The app has over 25 (!) plugin types and each plugin writing all over the source code. For this reason, source code is treated as data. /app/code is just the released tarball. The app runs off /app/data/moodle . The package seems to make some best effort update by copying latest /app/code into /app/data/moodle .

[4.4.3] Update n8n to 2.4.8 Full Changelog core: Use fsRealpath instead of resolve to get the real path (#24185) (5c69970) Zendesk Trigger Node: Add webhook signature verification (#24881) (dad522a)

[1.26.0] Update navidrome to 0.59.0 Full Changelog Scanner Improvements: Selective folder scanning and enhancements to the file system watcher for better performance and reliability. Scrobble History: Native scrobble/listen history tracking, allowing Navidrome to keep a record of your listening habits. This will be used in future visualizations and features (Navidrome Wrapped maybe?). User Administration: New CLI commands for user management, making it easier to handle user accounts from the terminal. New Themes: Two new themes have been added: SquiddiesGlass and AMusic (Apple Music inspired). General: Numerous bug fixes, translation updates, and configuration options for advanced use cases. Add AMusic (Apple Music inspired) theme. (#4723 by @metalheim) Add SquiddiesGlass Theme. (#4632 by @rendergraf) Add loading state to artist action buttons for improved user experience. (f6b2ab572 by @deluan) Add SizeField to display total size in LibraryList. (73ec89e1a by @deluan) Update totalSize formatting to display two decimal places. (c3e8c6711 by @deluan)

[5.6.6] Fix worker configuration

Thank you @girish ! I just tried a "invite" action that is supposed to send an email and I received the email as expected!

[2.24.1] Update NodeBB to 4.8.1 Full Changelog upgrade script to handle topics that were already pruned (03b7374) closes #​13899 (f98de3e) #​10682, fix all the other rss routes as well (385a4d0) protocol (da5605e) closes #​12986 (310e90c) #​13919 (b2c6fbe) use min (090b9f5) #​13918, make arrayLimit configurable increase default to 50 (d25e772) closes #​13258, dont mark digest as delivered if it fails (f29c9f0) wrap fields in quotes in user csv export (1b08aef)

[1.19.0] Update ntfy to 2.16.0 Full Changelog This release adds support for updating and deleting notifications, heartbeat-style / dead man's switch notifications, custom Twilio call format. It also adds a "New version available" banner to the web app. Support for updating and deleting notifications (#​303, #​1536, ntfy-android#151, thanks to @​wunter8 for the initial implementation) Support for heartbeat-style / dead man's switch notifications aka updating and deleting scheduled notifications (#​1556, #​1142, #​954, thanks to @​GamerGirlandCo for the initial implementation) Configure custom Twilio call format for phone calls (#​1289, thanks to @​mmichaa for the initial implementation) ntfy serve now works on Windows, including support for running it as a Windows service (#​1104, #​1552, originally #​1328, thanks to @​wtf911) Web app: "New version available" banner (#​1554)

[1.3.3] Update ollama to 0.15.4 Full Changelog ollama launch openclaw will now enter the standard OpenClaw onboarding flow if this has not yet been completed. Renamed ollama launch clawdbot to ollama launch openclaw to reflect the project's new name Improved tool calling for Ministral models ollama launch will now use the value of OLLAMA_HOST when running it

I looked into the logs and it was the outdated Commons module. Thanks for your help and keep up the great work with cloudron!

[1.24.1] Update DocumentServer to 9.2.1

[0.5.1] Update opencloud to 5.0.1 Full Changelog Do not ever set a TTL for the ID cache. It's not supposed to expire. [#2223] Apply changed TTL settings to existing buckets [#509]

[1.8.1] Update openhab-distro to 5.1.1 Full Changelog Switch to using asynchronous send with Jetty websockets Fix UIResource GET endpoints require no auth if implicit user role disabled Use quotes for numbers stored as strings when generating YAML Normalize thing/channel config in response of /file-format/parse API Allow cross-binding bridges when generating code for a thing Add special handling to thing/channel config param of Fix NullPointerException for POI mode Fix XML error handling Support bridges with hardware embedded accessory things Properly consider special values in DP value validation

[3.45.2] Update openproject to 17.0.2 Full Changelog Bugfix: Unable to change to earlier finish date for automatically scheduled successor [#​65130] Bugfix: Meeting outcomes cannot be saved with ctrl/cmd+enter [#​69974] Bugfix: AXe Accessibility error: invalid list structure [#​70573] Bugfix: Fix AXe Accessibility error: Navigation toggler must have discernible text [#​70574] Bugfix: Documents module is missing meaningfull html title [#​70614] Bugfix: Users with the "Manage Users" permission did not see links to Lock/Unlock users [#​70796] Bugfix: Cannot authorise OpenProject app with OpenProject when user has 2FA enabled [#​70966] Bugfix: Running docker slim image, runs slim-bim one [#​70980] Bugfix: 'For all projects' project attributes are not displayed during new project creation [#​70982] Bugfix: Fix revision parsing in git diff output [#​71020]

Hi @girish so I learned something while setting up my Radicale and OWC. It seems like the calendar client publishing in to the ICS in Radicale (or wherever your ICS source lives) can matter. When I used the Calendar app on macOS I saw no descriptions. When I used Thunderbird I do. You can see it on my live page that has the OWC page in an iframe https://kb.filewave.com/books/community-engagement/page/customer-event-schedule and if you click on events in the agenda then the description shows. I think initially I was also hoping to show description on the Agenda page without clicking on an event but originally I was bothered that I just couldn't get description to show up. So now it does at least show up when you click an event. I haven't looked at why Calendar doesn't make a summary that shows and Thunderbird does but I'm fine using Thunderbird to put events in my calendar feed.

Newest package that ships Open WebUI 0.7.2 resolved this

[1.1.0] Update opodsync to 0.5.0 Full Changelog Add URL of instance on homepage, with copy button Add support for being used as an external app inside KaraDAV

The latest update seems to have fixed it. Patience is a virtue xD

[1.19.0] Update outline to 1.4.0 Full Changelog New "Toggle blocks" allow creating content that is collapsed by default in #8317 Table cells can now have a custom background color set in #10930 Search results are now highlighted in the document when navigating from search in #11262 A new Figma integration allows unfurling information about Figma links in documents by @hmacr in #11044 Added support for sorting dates in table columns by @lucawimmer in #11198 Document changes made through the API are now synced to clients in realtime in #11186 The rate limiter now prefers user ID over ip address for logged in sessions, prevents issues on larger office networks in #11215 The markdown importer now supports more file layouts in #11278 Fixed some typos comments and messages by @NAM-MAN in #11203 Fixed an issue where mentions would sometimes break when using drag and drop in a list in #11208

[1.6.1] Update owncast to 0.2.4 Full Changelog Lots of localization changes, both in how they work across the web application, and adding more support for them. So more places should show more languages. The backend refactor continues with more splitting things off into standalone data repositories and services. Higher bitrates can now be selected in the video encoding settings. There's a new webhook that fires when you get a new Fediverse follower. Admin: add line divider in sidebar #4098 Display shortcut keys of hide/show chat in Dropdown menu #4096 Create a custom Translation component #4428 Add support for pluralization in the new Translation component #4440 Add support for translations in the web project #3950 Add server status as a default field in all webhooks #4384

[1.3.0] Update base image to 5.0.0

[1.47.1] Update paperless-ngx to 2.20.6 Full Changelog Fix: extract all ids for nested tags @shamoon (#11888) Fix: prevent note deletion outside doc @shamoon e4b861d Performance: improve treenode inefficiencies @shamoon (#11606) Fixhancement: change date calculation for 'this year' to include future documents @shamoon (#11884) Fix: Running management scripts under rootless could fail @stumpylog (#11870) Fix: use correct field id for overrides @shamoon (#11869)

You can still install it like this https://my.<cloudron>/#/appstore/rocks.paperwork.cloudronapp . But note that it was last updated 3 years ago. I tried to build a new version with latest with PHP a year ago and the app was not even building anymore. They have been re-writing a new version for a couple of years now.

I recently hit an issue where my PeerTube instance stopped being able to upload videos to my Scaleway S3 bucket. All move-to-object-storage jobs were failing with this error: NoSuchBucket: The specified bucket does not exist The confusing part was that the bucket definitely existed, and I could even connect to it successfully from the PeerTube web terminal using the AWS SDK directly. The Problem Recent versions of PeerTube (v6+) changed the object storage config format. New storage sections are now required: user_exports:, original_video_files:, and captions:. The v6.0.0 changelog also mentions that Docker environment variables were renamed (e.g., PEERTUBE_OBJECT_STORAGE_VIDEOS_* → PEERTUBE_OBJECT_STORAGE_WEB_VIDEOS_*), which the Cloudron devs will have implemented. However, the YAML config key videos: still appears to work based on the AWS example in the docs and this Hetzner S3 guide from October 2025. See the official PeerTube Remote Storage documentation for the current config format. My old config (broken in PeerTube v6+): object_storage: enabled: true endpoint: 'https://s3.fr-par.scw.cloud' region: 'fr-par' videos: bucket_name: 'your-bucket-name' prefix: 'videos/' streaming_playlists: bucket_name: 'your-bucket-name' prefix: 'streaming-playlists/' credentials: access_key_id: 'YOUR_ACCESS_KEY' secret_access_key: 'YOUR_SECRET_KEY' max_upload_part: 2GB My new config (working with PeerTube v6+): object_storage: enabled: true endpoint: 'https://s3.fr-par.scw.cloud' region: 'fr-par' credentials: access_key_id: 'YOUR_ACCESS_KEY' secret_access_key: 'YOUR_SECRET_KEY' max_upload_part: 2GB web_videos: bucket_name: 'your-bucket-name' prefix: 'web-videos/' streaming_playlists: bucket_name: 'your-bucket-name' prefix: 'streaming-playlists/' user_exports: bucket_name: 'your-bucket-name' prefix: 'user-exports/' original_video_files: bucket_name: 'your-bucket-name' prefix: 'original-video-files/' captions: bucket_name: 'your-bucket-name' prefix: 'captions/' Key changes: videos: → web_videos: (matches the Docker env var rename, though videos: may still work) prefix: 'videos/' → prefix: 'web-videos/' (not strictly necessary, but matches the Backblaze example in the docs) Added required sections: user_exports:, original_video_files:, and captions: After updating production.yaml and restarting PeerTube from the Cloudron dashboard, all my failed jobs completed successfully. Hope this helps someone else!

[1.14.0] Update penpot to 2.12.1 Full Changelog Fix setting a portion of text as bold or underline messes things up Github #7980 The backend RPC API URLS are changed from /api/rpc/command/<name> to /api/main/methods/<name>. The previous PATH is preserved for backward compatibility; however, if you are a user of this API, it is strongly recommended that you adapt your code to use the new PATH. The OAuth / Single Sign-On (SSO) callback endpoint has changed to align with the new OpenID Connect (OIDC) implementation. Add the ability to select boards to export as PDF Taiga #12320 Add toggle for switching boolean property values Taiga #12341 Make the file export process more reliable Taiga #12555 Add auth flow changes Taiga #12333 Add new shape validation mechanism for shapes Github #7696 Apply color tokens from sidebar Taiga #11353 Display tokens in the inspect tab Taiga #9313

App discontinued due to no upstream updates.

The upstream project has not released in almost 3 years now. We had to build from develop to get some PHP 8 support going, but there are bugs like https://github.com/phpservermon/phpservermon/issues/1196 , https://github.com/phpservermon/phpservermon/issues/1232 . There's also a bunch of basic issues: Normal user cannot login after admin user logs in. Some issue related to service worker. LDAP functionality is incomplete

[3.2.0] Update Piwigo to 16.2.0 Full Changelog

@james Thanks again for your response and also for reporting the issue on the Pixelfed GitHub.

[1.14.2] Update pocketbase to 0.36.2 Full Changelog Updated modernc.org/sqlite to v1.44.3 (race check fix), goja (circular references fix) and other go deps. Other minor fixes (updated tests to silence some of the race detector errors, updated FindFirstRecordByData with more clear error message when missing or invalid key is used, etc.).

Hello @zigmasdirigeant Thanks to your detailed report I was able to reproduce this issue right away. I will look into it. Either setting client_max_body_size 0; or make it configurable.

[1.4.0] Update pretix to 2026.1.0 Full Changelog Breaking change: Removed deprecated API endpoints for ticket validation Feature: Added support for multi-currency payments Feature: Introduced a new dashboard for event analytics Bug fix: Fixed issue with email notifications not being sent Bug fix: Resolved payment gateway timeout errors Feature: Enhanced security for user authentication Breaking change: Changed default settings for new events Bug fix: Corrected display issue on mobile devices Feature: Implemented new search functionality for events Bug fix: Addressed problem with data export feature

[1.11.3] Update PrivateBin to 2.0.3 Full Changelog FIXED: Prevent arbitrary PHP file inclusion when enabling template switching FIXED: Malicious filename can be used for self-XSS / HTML injection locally for users FIXED: Unable to create a new paste from the cloned one when a JSON file attached (#1585)

[2.9.1] Update prometheus to 3.9.1 Full Changelog [BUGFIX] Agent: fix crash shortly after startup from invalid type of object. #​17802 [BUGFIX] Scraping: fix relabel keep/drop not working. #​17807

[2.25.3] Update VueTorrent to 2.31.3 Full Changelog lsio-mod: Fix invalid permissions on non-root users (#2597) (85a1fb3) RightClick: Prevent selecting text when opening menu on apple touch devices (#2598) (f1846ec) RSSArticles: Prevent unread status inconsistency (#2624) (6963f29) Wrong message for category delete confirmation (#2599) (5f9fc86) ActiveFilters: Click on chip disables only active filters (#2606) (bfca3d4) Content: Double click on a node to toggle selection (#2607) (2bcce0a) Improve URL detection (#2590) (26ea94d) Overview: Wrap comment to prevent text overflow (#2589) (c48c2e0) RSSArticles: Use vue-concurrency (#2624) (e28bfcd) TorrentDetail: Change title to use torrent name (#2608) (bbbe846)

[2.11.0] chore(deps): update dependency radicale to v3.6.0

[2.6.1] Update rallly to 4.6.2 Full Changelog This patch fixes a client-side crash that occurred when accessing the profile and general settings pages.

App discontinued due to no upstream updates.

Did the update (package v5.3.1) help?

[3.9.3] Update redmine_oauth to 3.0.9

Indeed, that app treats each user individually and since an app would have to actively sync up some deactivated (or even deleted) user state explicitly, which releasebell does not, it just keeps working for that user. Since the app uses OpenID, there is actually no real way for the app, to know if a user even still exists to then purge the user. A login of the user would of course not work, but since this works in releasebell without a login-session, not sure what to besides manually purging that user. Have to think more about how to better handle that, until that you may have to actually do what you proposed. I was trying to quickly come up with a mysql statement to purge, but that is more involved than I thought, due to all the constraints.

This will take some time because it requires Mongo DB 8.x . Cloudron's mongodb was in 6.x but was just upgraded to 7.x in Cloudron 9.0.16 . Cloudron 9.1 will have mongodb 8.x . We can only move step by step because mongodb does not support jumping versions.

[2.9.2] Update roundcubemail to 1.6.12 Full Changelog Support IPv6 in database DSN (#9937) Don't force specific error_reporting setting Fix compatibility with PHP 8.5 regarding array_first() Remove X-XSS-Protection example from .htaccess file (#9875) Fix "Assign to group" action state after creation of a first group (#9889) Fix bug where contacts search would fail if contactlist_fields contained vcard fields (#9850) Fix bug where an mbox export file could include inconsistent message delimiters (#9879) Fix parsing of inline styles that aren't well-formatted (#9948) Fix Cross-Site-Scripting vulnerability via SVG's animate tag Fix Information Disclosure vulnerability in the HTML style sanitizer

[1.15.0] Update rss-bridge to 2025-08-05 Full Changelog [FabBridge] Pull 100% discounted items via Fab API by @thefranke in https://github.com/RSS-Bridge/rss-bridge/pull/4584 [GoComicsBridge] Fix for JSON being removed by @TReKiE in https://github.com/RSS-Bridge/rss-bridge/pull/4585 [IdealoBridge] Bypass bot protection by @sysadminstory in https://github.com/RSS-Bridge/rss-bridge/pull/4588 [GoComicsBridge] Add fallback when link to current comic is missing by @TReKiE in https://github.com/RSS-Bridge/rss-bridge/pull/4589 [GolemBridge] Add tables to content by @Mynacol in https://github.com/RSS-Bridge/rss-bridge/pull/4613 [ZeitBridge] Improvements by @Mynacol in https://github.com/RSS-Bridge/rss-bridge/pull/4617 [NasestrechaBridge] Add bridge by @pprenghy in https://github.com/RSS-Bridge/rss-bridge/pull/4591 [WaggaCouncilBridge] Add bridge by @Scrub000 in https://github.com/RSS-Bridge/rss-bridge/pull/4593 [HeiseBridge] removes language-info-text, add archive.is link for people without subscription by @Tone866 in https://github.com/RSS-Bridge/rss-bridge/pull/4594 [CentreFranceBridge] Fix parser following website update by @quent1-fr in https://github.com/RSS-Bridge/rss-bridge/pull/4596

Given that the upstream project is not maintained anymore, we have hidden this in the appstore. I had also submitted a PR upstream for a basic issue which is ignored - https://github.com/aliasaria/scrumblr/pull/161

[2.76.0] Update searxng to ad42b55

[1.2.0] checklist added to manifest

Guys, tyvm for your feedback. As a workaround I simply disallowed dav on a group level. Nevertheless I'll feature request this during Christmas time. ^^

[2.18.0] Update Shaarli to 0.16.0 Full Changelog v0.x branches and tags will no longer be maintained after v0.16. Always upgrade to the latest release to receive bugfixes and security patches. docs: update PHP version compatibility table fix stored XSS via suggested tags (GHSA-g3xq-mj52-f8pg) build(deps): update frontend build dependencies (js-yaml/glob)

@girish said in SickChill unlisted from app store: I hope they atleast bring back the issue tracker Out of interest, why does this matter for Cloudron? BTW, someone has replied to the thread I started on Discord informing me that the master releases are these https://pypi.org/project/sickchill/ Doesn't look like there has been a new one since March though.

[1.3.0] Update shiori to 1.8.0 Full Changelog feat(apiv1): refactor tags api (#1075) feat: add PWA support share functionality (#1060) feat: add apis to handle bookmark tags (#1081) feat: allow tag filtering and count retrieval via api v1 (#1079) feat: improve SQLite performance (#1024) feat: reverts message in json output and allows configuration (#1082) feat: support proxy forward headers authentication (#1105) fix: auth validation on existing sessions, rely on token only (#1069) fix: incorrectly set cookie's expires value in login.js (#1049) fix: parse pocket new CSV format (#1112

The upstream project is archived - https://github.com/boypt/simple-torrent/ . There has been no changes in 2 years and modules are not updated.

Hello @darrendavid and welcome to the Cloudron forum Could you please explain a little how this is connected to Cloudron? I am not sure if you are in the correct place here for this question.

[1.18.7] Update snipe-it to 8.3.7 Full Changelog Add new 'git remote' management to change Snipe-IT URLs by @uberbrady in #18245 Fixes [FD-52064] Avery L6009_A & L4736_A label field overflow with scaling by @Godmartinz in #18246 Optimize queries for Components listing by @uberbrady in #18251 Added endpoint & use_path_style_endpoint configs for public/private S3 by @Valinwolf in #18266 Experiment: simpler light/dark toggle by @snipe in #18249 Refactor assignee in Checkoutable to accept null by @Godmartinz in #18273 Check That Email Exists on Recipient in Checkout Acceptance by @spencerrlongg in #18274 Fixed #18160 - Multi-create validation fixes by @uberbrady in #18247 Fixes Manager View not displaying subordinates EULAs properly in View Assets page by @iryadifarhan in #18257 adds #17422 [FD-49345] --expired-licenses command parameter to snipeit:expiring-alerts by @Godmartinz in #18244

@james thank you so much! SOGoMailCustomFromEnabled worked prefectly!

Just checked on this again but it seems statping-ng is not going forward much . https://github.com/statping-ng/statping-ng/tags says the release was almost a year ago.

[3.4.3] Update Stirling-PDF to 2.4.3 Full Changelog Correctly show desktop and server versioning separately Support for watched folders to be recursive and multiple directories to be defined Desktop login expiry fix Desktop self-host connection improvements (self-sign fixes and others) Page editor performance and UI improvements frontend error screen appearing during SSO fix Desktop CORS fixes feat(settings): display frontend/backend versions and warn on client-server mismatch by @Ludy87 in Stirling-Tools#5571 Support multiple pipeline watch directories and configurable pipeline base path by @Frooodle in Stirling-Tools#5545 Stop type checking TypeScript files that won't be run by @jbrunton96 in Stirling-Tools#5607

[1.12.0] chore(deps): update dependency apache-superset to v6

This is fixed with latest package update.

[1.33.14] Update syncthing to 2.0.13 Full Changelog Database backend switched from LevelDB to SQLite. There is a migration on first launch which can be lengthy for larger setups. The new database is easier to understand and maintain and, hopefully, less buggy. The logging format has changed to use structured log entries (a message plus several key-value pairs). Additionally, we can now control the log level per package, and a new log level WARNING has been inserted between INFO and ERROR (which was previously known as WARNING...). The INFO level has become more verbose, indicating the sync actions taken by Syncthing. A new command line flag --log-level sets the default log level for all packages, and the STTRACE environment variable and GUI has been updated to set log levels per package. The --verbose and --logflags command line options have been removed and will be ignored if given. Deleted items are no longer kept forever in the database, instead they are forgotten after fifteen months. If your use case require deletes to take effect after more than a fifteen month delay, set the --db-delete-retention-interval command line option or corresponding environment variable to zero, or a longer time interval of your choosing. Modernised command line options parsing. Old single-dash long options are no longer supported, e.g. -home must be given as --home. Some options have been renamed, others have become subcommands. All serve options are now also accepted as environment variables. See syncthing --help and syncthing serve --help for details. Rolling hash detection of shifted data is no longer supported as this effectively never helped. Instead, scanning and syncing is faster and more efficient without it. A "default folder" is no longer created on first startup. Multiple connections are now used by default between v2 devices. The new default value is to use three connections: one for index metadata and two for data exchange. The following platforms unfortunately no longer get prebuilt binaries for download at syncthing.net and on GitHub, due to complexities related to cross compilation with SQLite: The handling of conflict resolution involving deleted files has changed. A delete can now be the winning outcome of conflict resolution, resulting in the deleted file being moved to a conflict copy. fix(beacon): don't join multicast groups on non-multicast interfaces (fixes #10497) by @marbens-arch in #10498

We only published a fixed package now, based on the alternative LDAP plugin

[1.10.2] Update recipes to 2.4.2 Full Changelog added quick link from start page to search with pre-filled parameters added diameter based scaling fixed uploading images on mobile #4400 fixed items per page not saving in search view #4275 fixed rating filter less than or equal to not working #4280 (thanks to @smilerz #4396)

[1.5.1] checklist added to manifest

@timconsidine said in Teddit Subscriptions no longer working: Just FYI - my LibReddit - selfhosted as Docker on another VPS = is still working. But now it is down. Maybe they have caught up with me.

[1.22.1] checklist added to manifest

@Sam_uk we have unlisted TLDraw by now. Please see https://forum.cloudron.io/topic/10806/no-more-updates-to-tldraw . The license and company direction has changed.

No no, I‘ve the actual version running! It‘s just that it stopped working on 29th of November and when I looked into the events i noticed that on this day 1.21 was installed!

[2.6.2] Update libretranslate to 1.8.3 Full Changelog Update apscheduler by @pierotofy in #892 Fix health checks, bind address in IPv4 only setups by @pierotofy in #894 Show version on index by @pierotofy in #886 Loosen torch dependency by @pierotofy in #887 Remove sessions by @pierotofy in #890 Fix installation on Python 3.13, 3.14 by @pierotofy in #891

[2.5.0] Update transmission to 4.1.0 Full Changelog Improved TP download performance. (#​6508) Added support for IPv6 and dual-stack UDP trackers. (#​6687) Support trackers that only support the old BEP-7 with &ipv4= and &ipv6=. (#​7481) New JSON-RPC 2.0-compliant RPC API. (#​7269) Added optional sequential downloading. (#​4795) Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#​7819, Qt Client) Fixed 4.0.6 bug where Transmission might spam HTTP tracker announces. (#​7086) Improved libtransmission code to use less CPU. (#​4876, #​5645, #​5715, #​5734, #​5740, #​5792, #​6103, #​6111, #​6325, #​6549, #​6589, #​6712, #​7027, #​7744, #​7800) Avoid unnecessary heap memory allocations. (#​5519, #​5520, #​5522, #​5527, #​5540, #​5649, #​5666, #​5672, #​5676, #​5720, #​5722, #​5725, #​5726, #​5768, #​5788, #​5830, #​6542) Slightly reduced latency when sending protocol messages to peers. (#​5394)

[1.27.2] Update Trilium to 0.101.3 Full Changelog SQL Console: cannot copy table data by @SiriusXT Title is not selected when creating a note via the launcher by @SiriusXT Popup editor closing after inserting a note link by @SiriusXT New Mermaid diagrams do not save content by @lzinga Can't scroll mermaid diagram code Max content width is not respected when switching between note types in the same tab Crash When a Note Includes Itself Severe Performance Degradation and Crash Issues Due to Recursive Inclusion in Included Notes is not a launcher even though it's in the launcher subtree Archived subnotes of direct children appear in grid view without #includeArchived

[2.76.0] Update tt-rss to c625ca6

[1.23.2] Update typebot.io to 3.15.2 Full Changelog Fix app router automatically adding transfer-encoding: chunked header to backend requests 69efa2f

[3.23.0] Add optional redis

[2.0.6] Update cloudflared to 2026.1.2

Closed due to inactivity note: mods are working, asked @BrutalBirdie he tested it briefly

[1.82.2] Update vault to 1.21.2 Full Changelog auth/oci: bump plugin to v0.20.1 core: Bump Go version to 1.25.5 packaging: Container images are now exported using a compressed OCI image layout. packaging: UBI container images are now built on the UBI 10 minimal image. secrets/azure: Update plugin to v0.25.1+ent. Improves retry handling during Azure application and service principal creation to reduce transient failures. storage: Upgrade aerospike client library to v8. core/activitylog (enterprise): Resolve a stability issue where Vault Enterprise could encounter a panic during month-end billing activity rollover. http: skip JSON limit parsing on cluster listener. quotas: Vault now protects plugins with ResolveRole operations from panicking on quota creation. replication (enterprise): fix rare panic due to race when enabling a secondary with Consul storage.

Hello @nilp and welcome to the Cloudron Forum This issue has been adressed and a fix is avaiable here: https://forum.cloudron.io/post/117779 I will merge this topic into the existing one.

[1.72.5] Update verdaccio to 6.2.4 Full Changelog fix: allow docker listen address to be configured (6.x) by @markormesher in #5503

[1.18.0] Update vikunja to 1.0.0 Full Changelog (editor) Prevent crash when exiting edit mode in tiptap (files) Make sure base directory exists when using local file system (#2166) (routes) Restore SPA routing after Echo v5 upgrade Use dark shadows for email template in dark mode (#2155) (28593e6) Add required checkbox to confirm issue search before submission (d61caab) Add vikunja doctor command for diagnostic checks (#2165) (3aa1e90)

@timconsidine said in Self-hosted VPN server made EASY!: Fine - live in your own world then. I tried but some people can't read the room

[2.5.6] Update wallabag to 2.6.14 Full Changelog Change version in wallabag.yml by @nicosomb in #8251 Fix deprecation by @j0k3r in #8267 Add annotations filter to entries API endpoint by @skn in #8346 Update dependencies by @yguedidi in #8435 Bump deps (mostly for siteconfig) by @j0k3r in #8489 Fix reading time computation for short entries by @andreadecorte in #8332 Fix urls parameter when sending many urls to be stored using the API by @j0k3r in #8488 Prepare 2.6.14 by @j0k3r in #8494

[1.19.0] OIDC auth implemented, OIDC auth tests implemented

[1.20.1] Update whitebophir to 1.22.1 Full Changelog

[1.36.1] Update weblate to 5.15.2 Full Changelog Statistics generator is now triggered upon installation. Screenshots updated from the repository have proper history. reStructuredText syntax error now reports unintended list conversion. Unchanged translation check ignores AsciiDoc source code blocks. Information leak via screenshots (CVE 2026-21889 / GHSA-3g2f-4rjg-9385). Explanation sync in TermBase eXchange format. User interface fixes. Clarified needs editing/checking/rewriting states. Automatically translated flag with bulk approvals. GitHub forks no longer trigger actions.

[4.97.0] Update wekan to 8.27 Full Changelog Updated MongoDB to 7.0.29 at Windows install docs Fix async/await in copy/move card operations Migrate wekan-accounts-lockout to async API for Meteor 3.0 Added Docs: Spreadsheet vs Kanban Updated dependencies Reduce visual overflow in Member Settings menu by extending container height Fix Card copy menu is not displayed Fix Bug: Rules view translation not is not shown correctly

[1.13.4] Update wiki to 2.5.311 Full Changelog b950e06 - stop dompurify from breaking draw.io diagrams (MR #​7888 by @​tribut) 19c26e5 - handle breadcrumb locale prefix correctly (commit by @​NGPixel) 857c172 - css editor in page properties dialog not loading (commit by @​NGPixel) 7d4627b - rocketchat auth prototype pollution via userProfile function (commit by @​NGPixel) 1d0d87a - add cookie secure flag when site is using https (commit by @​NGPixel) 85c304f - add cookie secure flag when site is using https (client-side) (commit by @​NGPixel)

[2.14.0] Update woodpecker to 3.13.0 Full Changelog Update quic-go/qpack & quic-go/quic-go #5885 fix: updateRepoPermissions to cleanup old permissions #5790 Add cli contexts #5929 Use repo-user for api call of cron #5967 Close opened file on LogFind #5961 Delete/Deactivate repo ignores missing repo at forge #5953 Correctly update repo permissions #5928 Revert repos pagination for GH and BB #5924 fix: send correct argument to rpc call for name/url #5922 fix: secrets-file flag #5909

It was resolved by activating the OpenID plugin. I am not sure how it was deactivated in the first place.

@luckow the past 2 days I rented a VPS, installed Bunkerweb and played with it but its way to much and way too complicated! I created this https://forum.cloudron.io/topic/14982/feature-request-simple-per-app-waf-with-templates-kiss and hope the @girish and @nebulon will have a look at it?

[1.4.1] checklist added to manifest