[1.8.0] Update 2FAuth to 6.0.0 Full Changelog 2FAuth can now fetch icons from offline icon packs. Visit the new Icon documentation page to learn how to set them up (#203). The sort order of 2FA accounts is saved to user preferences when changed from the Manage mode. This allows the account list to be reordered automatically after a new account is registered. (#377). Groups can be reordered (manually, from the Group management view) (#419). A new filter is available to only show 2FA accounts that do not belong to any group (#430). The Import feature now supports Bitwarden export (#501). Group names now accept single quote (#465). Upon logging out, users are now redirected to the last login form they used: Password, SSO or Webauthn. (#478). Catchable errors that occur during the sending of a test email are now displayed in the UI to help you understand what's going on. issue #447 Unable to import Google Authenticator. issue #464 Import error not correctly reported in the GUI.

[1.7.1] Update Ackee to 3.5.1 Full Changelog Several dependencies have been updated to their latest versions to bring in security patches and improvements ackee-tracker has been updated to fix an issue where visits were not recorded when the website had an empty document.referrer. You might have seen lower visit counts since version 3.5.0 when your website had no referrer, e.g., when visiting it directly or via bookmarks.

[1.21.0] Update actual to 26.1.0 Full Changelog Breaking changes: Removed support for legacy CSV import format Features: Added new budgeting overview page Features: Improved sync performance with cloud accounts Bug fixes: Fixed issue with transaction duplication on import Bug fixes: Resolved crash when opening settings on macOS Bug fixes: Corrected display issue in dark mode Bug fixes: Fixed bug causing incorrect currency conversion rates

[1.14.10] Update AdGuardHome to 0.107.71 Full Changelog In this release, the schema version has changed from 31 to 32. Added a new string fields dns.cache_optimistic_answer_ttl and dns.cache_optimistic_max_age. Optimistic DNS cache not working ([#​8148]).

This look like a good replacement for Alltube (which we were using) https://github.com/alexta69/metube

[1.24.0] Update dependency ampache/ampache to v7.8.0

[1.7.0] Update answer to 2.0.0 Full Changelog New: AI Assistant feature (@​shuashuai @​LinkinStars #​1479) New: MCP server feature (@​LinkinStars @​shuashuai #​1480) New: API Keys feature (@​LinkinStars @​shuashuai #​1482) New: Editor plugin support (@​robinv8 #​1481) Fixed: Add user in the Admin, no result prompt after submission (@​bimakw #​1457) Fixed: Fix/external id notification (@​IfDougelseSa #​1465) Fixed: fix: expand avatar column length from 1024 to 2048 (@​csouls #​1463) Fixed: When the input type of SchemeForm is a number, the default value of 0 is not displayed.@​shuashuai

@perelin said in ArchiveBox initial setup: Should I use the regular login mask, but what password to use / where to set a password. If you followed the first time setup guid step by step, you should be able to user your cloudron username and password in the login mask. I have just tested and confirmed it is working if the first time setup guide is followed.

Hello @andreasdueren Thanks for the report. Fixing it right now.

[1.96.1] Update audiobookshelf to 2.32.1 Full Changelog Important: New authentication system was added in v2.26.0. See https://github.com/advplyr/audiobookshelf/discussions/4460 for details. Server crash matching with Audible provider #4931 More strings translated Finnish by @pHamala Polish by @MarcinKlejna Russian by @renesat Swedish by @bittin

Thanks for reporting here @gardinermichael . We have in fact hidden the app package because there were many issues with it and we couldn't manage to get it to be stable . Maybe we should revisit this.

[1.33.5] Update baserow to 2.0.6 Full Changelog [Core] Added more advanced formulas. #4318 [Core] Allow array properties to be selected in the formula context when expert mode is selected. #4485 [Builder] Resolve an issue with styling button fields in table elements. #4494 [Database] Ensure m2m field indexes are all set. [Database] Prevent creating a new constraint when the enter key of the default value is pressed.

[1.6.2] Update beszel to 0.18.3 Full Changelog The Windows agent's updated version of LibreHardwareMonitorLib now uses PawnIO instead of WinRing0. If you lose temperature sensors, make sure PawnIO is installed. (See #1657 and #1697.) Container NetworkSent and NetworkRecv fields have been deprecated in favor of Bandwidth. Agents will stop populating those fields in 0.19.0, so please update any integrations to prefer Bandwidth. It's available for all containers on hubs >= 0.18.3. Add experimental sysfs AMD GPU collector. (#737, #1569) Improve container network stats accuracy. Fix SHARE_ALL_SYSTEMS for system_details, smart_devices, and systemd_services. (#1660) Improve CJK truncation in UI. Fix container uptime sorting edge case. (#1696) Remove stale systemd services from tracking after deletion. (#1594) Update honeypot field name and autofill ignores. (#1011) Write health_file to /dev/shm instead of /tmp if available. (#1455)

[1.46.3] Update BookStack to 25.12.3 Full Changelog Page Content - As of this release, most types of form content are now removed from page content on render. If you applied customizations which made use of in-page form content, you may now need to find alternative methods. Updated application PHP dependencies. Updated session-based API authentication to only be active for GET requests. Updated page content filtering to remove many common form elements & attributes. Updated translations with latest Crowdin changes. (#5997)

Hello @miednr @miednr said in Docker Remote Builder cannot push to private Cloudron Registry – no basic auth credentials due to read-only HOME / missing Docker config: Could you please provide some commands to check, where the problem's cause is? I have set up my docker registery under dr.cloudron.dev and the build service under cbs.cloudron.dev. I run the command from the build service once: cloudron build login --url 'https://cbs.cloudron.dev' --build-token 4d9e63406e98c078e296f6f273d5d9adb080643d50dd1d82b687af8c414cf915 When I now build a custom app I run: cloudron build --file ./Dockerfile --set-repository dr.cloudron.dev/org.cloudron.copyparty --tag 0.1.0

[2.12.14] Update cal.com to 6.1.16 Full Changelog fix: Booking Drawer - text overlap in footer by @​hariombalhara in #​27897 refactor: migrate Icon to component icons from @​coss/ui/icons by @​eunjae-lee in #​27458 feat: active user billing by @​sean-brydon in #​27867 feat: add annual plans for teams/organizations by @​sean-brydon in #​27896 fix: use personal credits if no more team credits by @​CarinaWolli in #​27518 refactor: move data-table hooks/contexts/provider from features to web modules by @​eunjae-lee in #​27833 fix: update data-table hook imports missed in #​27833 refactor by @​eunjae-lee in #​27900 fix: Organised the OOO page by @​Recxsmacx in #​27865 fix: Trimmed License Section in README by @​Kmadhav824 in #​27903 fix: include locale-prefixed paths in botid client-side protection by @​volnei in #​27910

[1.29.1] Update calibre-web to 0.6.26 Full Changelog Enabled multi-edit of books in the book list Added Instapaper configuration to Kobo sync Renamed Google Books Metadata provider Renamed environment variable CACHE_DIR to CACHE_DIRECTORY Improved performance during certain search operations (#​3476) Added Books button to EPUB reader to return to Calibre-Web Added page count display in EPUB reader (e.g. 1/1234 locations) Fixed compatibility with Calibre 9 Added certifi to requirements on macOS (fixes #​3385) Fixed read status not updating when a book is archived and a custom column is used

[2.12.2] Fix session files

[1.27.6] Update changedetection.io to 0.52.9 Full Changelog Update messages.po // German "From" by @DominikHerold in #3793 Open github link on new tab by @mstrey in #3791 Update French translation by @sCreami in #3788 Browser page fetching speedup - Element locking was adding up to 1minute page load time, Element locking 'off' by default (so they dont move when the screenshot scroll happens), only lock top viewport elements. Improve logging. by @dgtlmoon in #3796 Make language selection sticky and provide a way to return back to default auto-detect #3792 by @dgtlmoon in #3795 Use credentials to fetch the web manifest by @ianis in #3790 Memory management improvements by @dgtlmoon in #3798

Hello @webmaster-srpl I was able to set up the Facebook Messenger with chatwoot according to the official chatwoot documentation. I did not need to configure anything with /webhooks/facebook so I am curious how you are trying to set up the Facebook Messenger in chatwoot. [image: 1769179599246-600be0a5-9028-4453-8be5-5d9cb87c9bd3-image-resized.png] [image: 1769179549380-fc97ccc6-92f9-41ec-8b35-96091f4edbc9-image-resized.png]

[1.43.0] Update code to 25.04.8.3.1

[1.7.0] Update comentario to 3.16.0 Full Changelog Per-page email notifications (#209) - abae9cf, 12c20cd, cd5e8b2, f0aed95, bac6b97 AdminUI: fix base href when deployed on a non-root path (#217) - 7d8e292 Backend: Resolve repeated notifications - cd5e8b2 Backend: use correct paths in site.webmanifest - 7d8e292 Docs: add explicit mentions of Edit domain page (#210) - 6e53611 I18n: improve logging for missing messages, add contribute page link - 257753b I18n: DE: add missing messages - 1e9bc35

@gh0stface yup, they made a release yesterday it seems and it should have the PRs we made upstream. @vladimir-d is checking the package again.

@girish Yep, exactly that. AnyType and Appflowy are growing in popularity. Would be nice to see them

@atridad Thanks for the heads up, the app is gone from our library as well.

[1.13.0] Update cryptpad to 2026.2.0 Full Changelog Upgrade Office applications to OnlyOffice v9.2.0.119 OnlyOffice history browsing #​2134 Update drive tree UI #​2102 Fix incorrect error message for invalid credentials #​2163 Delete 2FA data when archiving account #​2177 Fix padding for profile action buttons #​2081 Fix contact page name overflow #​2084 Fix: Profile description editor now shows saved value without requiring focus #​2100 Fix rtChannel not always stored and pinned #​2168 Preserve drive list sorting order across reloads #​2115

[1.26.0] Update ctfreak to 1.36.1 Full Changelog Personal Access Tokens: generate personal access tokens to authenticate API calls without using the OAuth token endpoint, facilitating integration of CTFreak with third-party tools such as Zabbix Add GitLab notifier to automatically create a GitLab issue on execution failure Add Ntfy notifier to send alerting notifications to a ntfy topic Add Gitea and Forgejo incoming webhook types with signature verification

[2.7.0] Update cubby to 2.7.0

[1.5.2] Update dawarich to 1.0.4 Full Changelog Wrong path helper in the navbar for Settings link. #2215 #2213 Gemfile being not updated #2210 Excessive memory usage during visits suggestions job (thanks @nareddyt!) #2119 SMTP_STARTTLS environment variable to enable STARTTLS for SMTP connections. Disabled by default. App-level DNS cache with 5 minutes TTL to reduce DNS lookups and improve performance. #2183 New Insights page with comprehensive analytics and visualizations: Transportation mode detection for tracks: Tracks are now automatically segmented by transportation mode (walking, cycling, driving, etc.) with configurable speed thresholds in settings. Modes are recalculated when threshold settings change. Near real-time track generation: Tracks are now generated within ~45 seconds of receiving new points (via OwnTracks, Overland, or the Points API) using a Redis-based debouncer. This replaces the previous 4-hour polling cycle for most cases. Daily generation job frequency reduced from every 4 hours to every 12 hours as a fallback. Track merging: Consecutive tracks that belong to the same journey are automatically merged when the gap between them is within the configured time threshold. Email preferences moved to "General" tab in user settings for better organization.

[2.14.1] Update directus to 11.14.1 Full Changelog Added multi-domain support for OAuth/OpenID (#26312) Removed the deprecated /webhooks functionality across the stack. This includes the API route and its related tests, (#26311 by @mobml) Removed the "Comment" tab from the activities page (#26440 by @Abdallah-Awwad) Fixed getAsset returning all file fields instead of only those allowed by the users permissions (#25905 by @gaetansenn) Added a new AI_ENABLED environment variable to allow opting out of our AI chat feature (#26458 by @bryantgillespie) Added concurrency control for file uploads via a new FILES_MAX_UPLOAD_CONCURRENCY env variable (#26424 by @thomas-svrts) Added nested validation rules to validation error notice (#26389 by @robluton) Added Comparison modal wysiwyg diff highlighting (#26301 by @robluton) Fixed an issue that would cause some drawer header icons from being displayed too large (#26442 by @kekekuli) Added support for specifying a KMS Key ID in S3 storage when using aws:kms Server Side Encryption (#26377 by @Joey92)

[2.9.4] Update discourse to 3.5.4

@miednr I build all my apps using local device docker, push to a cloudron private registry and use cloudron install --image xxx. I feel guilty in some way for not using Cloudron Builder, but local gets the job done fine, so good that you got your build out and deployed.

[1.17.0] Update documenso to 2.6.0 Full Changelog fix: exclude soft-deleted documents from folder count by @misha366 in #2410 fix: send organisation member removal email to correct user by @catalinpit in #2405 feat: add bulk document selection and move functionality by @catalinpit in #2387 fix: correct webhook event name in documentation by @Lahirudahampath03 in #2424 fix(i18n): mark missing strings for translation in card components by @mKoonrad in #2308 feat: autoplace fields from placeholders by @catalinpit in #2111 feat: add license integration by @dguyen in #2346 feat: allow non-team members as default recipients by @catalinpit in #2404 fix: resolve safari cert download issues by @dguyen in #2430 fix: add license logging by @dguyen in #2431

[1.12.0] Update community to 5.14.0 Full Changelog Added Spanish language support

[1.13.4] Update docuseal to 2.3.3 Full Changelog New app logo. Now signature and initials are prefilled from the recipient full name. Increased the webhook request timeout duration.

[1.26.0] Update dokuwiki-plugin-oauth to 2025-10-23

Hello, Is a solution has been found because I'm experiencing the same issue. Video => https://www.loom.com/share/a526c2ccf8ff46108d791ae6e4d862e8 Logs => https://file.thivinfo.com/Cloudron/82a18dde-001d-4c51-a69b-5ac33376e6b5 (1).log

[1.7.1] Update easyappointments to 1.5.2 Full Changelog Fix the GTag script URL html rendering (#​1666) Fix the "Load More" JS error in secretaries page (#​1677) Fix the PHP compatibility error of the appointments index API endpoint (#​1678) Catch individual email delivery exceptions (#​1670) Apply permission checks to the appointment and unavailability search (#​1753) Make sure the sync button is visible on provider log in (#​1749) Update unavailable dates after applying appointment data while rescheduling (#​1662) Make sure that any-provider does not include hidden providers while generating availability (#​1733) Provide "text" version of the emails in addition to HTML (#​1711) Trigger webhook requests when managing records via the API (#​1676)

[1.18.2] Update Emby.Releases to 4.9.3.0 Full Changelog Add user option to set user's auto remote quality Add library option to use legacy folder scanning method Music transcoding fixes Add landing tab option for book libraries Support volume control with youtube trailer player Update mixed content tabs to combine Movies & Shows Fix maintenance mode blocking some settings screens Fix embedded audio fields not getting rescanned on file changes Fix loss of genre and collection images after deleting a movie Fix latest section not showing items for some channel plugins

[2.20.0] Update espocrm to 9.3.0 Full Changelog OpenAPI specification generation #3535 Currency exchange rates stored as entities #3544 PDF Template: Filename with placeholder #3510 PDF Template: Currency symbol helper #3529 Decimal field type #3508 Preferences: Parameter to receive notifications about reactions in non-followed records #3479 In-app notification about being added as a collaborator #3530 Users auto-follow the record when added as colloborators #3532 Personal email account: Map IMAP folders to personal email folders #3513 Formula: Support column data in record\relate function #3537

Got it. Thank you.

[1.16.6] Update evcc to 0.300.8 Full Changelog c563112 Add HomeAssistant charger (#27103) 725af06 ChargeX: fix register decoding (#27110) 44dcd03 MQTT: fix namespace clash (revert #26999)

https://feedback.fider.io/posts/329/data-administration-import-accounts-tags-votes-posts-and-comments-via-web-interface this is a known thing in Fider it seems that the UI has no restore option. They have a new version coming this week so maybe it'll get added. I imagine people clone the file structure and PostgreSQL DB now to migrate or restore.

[1.15.0] Update filepizza to 60704b4

[1.1.0] Update fmd-server to 0.14.0 Full Changelog Light mode. And a setting to switch between theme modes. Ability to view the map in fullscreen. Ability to pass a message when locking the device (fmd lock <message>). Setting to switch between metric and imperial units. The command list is much longer, making nearly all commands available in the web UI. The commands now also have a description. The UI now automatically refreshes the location shown on the map. If you select "Remember me" during login, the access token and the private keys will now be stored in the browser's local storage. Enable WAL (write-ahead-logging) in sqlite. (!159) Limit request body size to 15 MB. (!164) Reduce default MaxSavedLoc from 1000 to 500. (!170)

[3.10.12] Update firefly-iii to 6.4.17 Full Changelog Batch processing. Firefly III now has a setting (under /settings) that allows you to send "batch_processing": true with new transactions over the API. If this setting is enabled and the value is true, Firefly III will not fire rules, webhooks or other events untill you either send false with a transaction OR use the API end point /v1/api/batch/finish. This should speed up (large) data imports. It's a little experimental, use at your own risk. Issue 11614 (Add New Taiwan Dollar to Currency Seeder) reported by @nick322 Issue 11246 (Distinguish automatically converted amount from foreign amount) reported by @jfpedroza A lot of code in Firefly III is code responding to changes made by other code. These lines of code are called events, listeners, observers, handlers, etc. They were a bit of a mess and I cleaned them all up. This should greatly improve the reliability of debt amounts and running balance consistency. Bugs are always possible, let me know. PHP 8.4 is still on my list to be disabled, beware. Issue 11399 (Unusual behavior in audit logs (multi-currency)) reported by @jgmm81 Discussion 11431 (Settings don't get saved) started by @PVTejas Issue 11541 (Display running balance fails for transactions between accounts with different currencies) reported by @SledgehammerPL Issue 11544 (Clean up events and handlers) reported by @JC5 Issue 11546 (Wrong invitation expiry time) reported by @GunoH

@Divemasterza Which provider is this? R2 doesn't work, seemingly because it doesn't support the S3 POST Object operation Edit: Got Hetzner working with these Settings: S3_BUCKET_NAME=redacted S3_FORCE_PATH_STYLE=1 S3_ENDPOINT_URL=https://fsn1.your-objectstorage.com S3_REGION=fsn1 S3_ACCESS_KEY=redacted S3_SECRET_KEY=redacted

@dennisj thanks for reporting, fixed now!

[1.15.29] Update freescout to 1.8.204 Full Changelog Remove Australia/Queensland timezone (#​5175) Add base-uri rule to CSP tag. Use PHP library to fetch via POP3 instead of IMAP extension.

Hello @p44 The latest version is 1.28.1. Please update your app to ensure this is not an issue that has already been fixed.

[4.152.0] Update ghost to 6.19.0 Full Changelog Fixed 404 when navigating between post stats and editor (#​26285) - Troy Ciesco Fixed Content API settings missing GA labs flags (#​26374) - Rob Lester Fixed comment permalinks not scrolling to selected comment - Kevin Ansfield Fixed redirect back to account pages after login (#​26369) - Rob Lester

Thank you! I went with Github Actions for now because I don't really need to isolate it, it would be just nice-to-have.

Yes, it's only jekyll. Not an expert on next.js but I think it also needs a backend right ? If so, you have to create a custom package - https://docs.cloudron.io/packaging/tutorial/

[1.112.4] Update gitlab-foss to 18.8.4 Full Changelog

new package version has this fixed

[1.23.0] Update gogs to 0.14.1 Full Changelog Support comparing tags in addition to branches. #6141 Show file name in browser tab title when viewing files. #5896 Support using TLS for Redis session provider using [session] PROVIDER_CONFIG = ...,tls=true. #7860 Support expanading values in app.ini from environment variables, e.g. [database] PASSWORD = ${DATABASE_PASSWORD}. #8057 Support custom logout URL that users get redirected to after sign out using [auth] CUSTOM_LOGOUT_URL. #8089 The required Go version to compile source code changed to 1.25. The build tag cert has been removed, and the gogs cert subcommand is now always available. #7883 Switched to pure-Go SQLite driver, CGO is no longer required to compile Gogs. #7882 Security: Unauthenticated file upload. #8128 - GHSA-fc3h-92p8-h36f Security: Protected branch bypass in web UI. #8124 - GHSA-2c6v-8r3v-gh6p

[2.3.3] Update grafana to 12.3.3 Full Changelog Alerting: Add limits for the size of expanded notification templates #​117709, @​yuri-tceretian Correlations: Remove support for org_id=0 #​116934, @​gelicia Go: Update to 1.25.7 #​117471, @​macabu Security(Public dashboards annotations): use dashboard timerange if time selection disabled #​117860, @​dana-axinte Security(TraceView): Sanitize html #​117866, @​github-actions[bot]

IMPORTANT Packages starting 1.8.6 to 1.9.0 have been revoked. 1.8.6 - 1.8.13 - Upstream has removed all 1.7.50.x packages. See https://discourse.getgrav.org/t/upgrade-to-grav-v1-7-50-9-not-working/29222/4 1.9.0 - had incorrect beta version update

[1.9.0] Update greenlight to 3.7.0 Full Changelog Improve copy recordings functionality (#6154) Added popovers that describe recording formats (#6136) Fixed a few Host Header vulnerabilities related to asset urls Removed role_id from permitted update params (#6117) Updated multiple gems and packages Clear recordings before the sync starts (#6164)

The latest cloudron package symlinks the config.json into /app/data. This allows to enable the enterprise edition mode. One thing to note is, that the env.sh file needs the line with GRIST_DEFAULT_EMAIL to be enabled and set to the users's email address. Otherwise the admin UI will not grant the user access.

Hello @albertbeaufrand and welcome to the Cloudron Forum This topic is a duplication of https://forum.cloudron.io/post/97415 and will be merged into it. Please read the responses above to get the full answer to your question.

[1.11.0] Update base image to 5.0.0

[1.21.3] Update hedgedoc to 1.10.6 Full Changelog GHSA-x74j-jmf9-534w reports a bug where security headers for upload files were not set correctly. GHSA-672m-p72w-gw28 reports potential security issues with limited script execution in uploaded SVG files.

[1.16.1] Update core to 2026.2.1 Full Changelog

[1.9.0] Update humhub to 1.18.0 Full Changelog Bootstrap 5 is the default CSS framework, which may require migration of custom modules or themes. Caching must now be configured via the configuration file, with FileCache as the default. Fix #​7921: Alert widget broken since beta.6 Fix #​7925: Space Members dropdown menu Fix #​7924: Admin Pending Approvals buttons layout Fix #​7928: Top menu: long usernames overlap notification buttons for md screen sizes Fix #​7930: Remove bottom margin to RichText Create Input fields Fix #​7937: Spaces and Marketplace layouts are missing fluid container Fix #​7932: Fix content default visibility after form submit

[1.97.4] Update immich to 2.5.6 Full Changelog Fixed an issue where thumbnail generation runs every night when full-size image generation option is enabled. Fixed an issue where iOS is slow to start in some cases. Fixed an issue where Android device cannot delete asset using Free Up Space feature if it has more than a few thousand assets fix: enhance album sorting functionality with order handling by @​LeLunZ in #​24816 fix: add missing translations for image editor by @​michelheusschen in #​25957 fix: image and video download complete notification shows "file_name" by @​romoisverycool in #​25975 fix: user profile refetched each time on opening app dialog by @​shenlong-tanwen in #​25992 fix: improve albums page load time on firefox by @​michelheusschen in #​26025 fix: reduce queue graph jitter and include paused count by @​michelheusschen in #​26023 fix(web): toast fixed location by @​YarosMallorca in #​25966

[1.19.0] Rename to Ip2location due to trademark collision

@jdaviescoates Thanks - Not the I have not though about this, but, at last, this could only be a temporary solution following our infrastructure setup. It also does not solve the underlying OIDC issue, which I very much find intriguing.

[1.12.0] Update invidious to v2.20260207.0 Full Changelog Livestream experiences are restored: Trending shows livestreams again, the gaming feed remains accessible, and "Watch on YouTube" links stop carrying stale timestamps (#5480, #5555, #5481) Channel and playlist metadata is richer thanks to pronoun support, topic playlist thumbnails, and accurate related video counts (#5617, #5616, #5446) Downloads get smoother because download actions are URL-safe and downloads can flow through Invidious companion when available (#5367, #5561) Users see clearer feedback with Erroneous CAPTCHA messages, DMCA controls restored, and a footer link pointing at the current release (#5508, #5228, #4702) Companion integration is sturdier: CSP is generated once, check identifiers persist, and the helper hyperlink is fixed (#5497, #5575, #5491) Proxied images and videoplayback strip unwanted response headers (shared header-strip list) (#5595) Runtime and packaging updates pin docker/OCI builds to Crystal 1.16.3, bring an optional Crystal 1.18.2 + Alpine 3.23 image, and compile OpenSSL from source to mitigate the memory leak seen with Alpine-provided OpenSSL (#5604, #5577, #5574, #5441) Server stability improves via a larger max_request_line_size that is required to be able to access some next pages of Youtube channels videos and a rewritten static file handler (#5566, #5338) Top-level constants moved into dedicated modules, preferences handling was cleaned up, and the legacy signature helper is finally removed (#5596, #5450, #5550) Crystal API updates replaced the deprecated Socket#blocking property and restored the shard target plus SPDX license metadata (#5538, #5608, #5552)

[1.21.8] Update invoiceninja to 5.12.58 Full Changelog Fixes for Schedule request form. Add missing config property by @​beganovich in #​11663 Fix paymentlink price and promo_price when using inclusive taxes by @​TheNewSound in #​11666 Use between rule for frequency_id validation, instead of digits_between by @​TheNewSound in #​11674

[1.13.2] Update jellyfin to 10.11.6 Full Changelog Prioritize better matches on search [MR #15983], by @Shadowghost Fix artist display order [MR #15816], by @theguymadmax Restore weekly refresh for library folder images [MR #16046], by @theguymadmax Be more strict about PersonType assignment [MR #15872], by @Shadowghost Fix birthplace not saving correctly [MR #16020], by @theguymadmax Trim music artist names [MR #15808], by @theguymadmax Add mblink creation logic to library update endpoint. [MR #15965], by @Collin-Swish Fix watched state not kept on Media replace/rename [MR #15899], by @MarcoCoreDuo Skip hidden directories and .ignore paths in library monitoring [MR #16029], by @theguymadmax Revert "always sort season by index number" [MR #15950], by @theguymadmax

App discontinued due to no upstream updates.

[1.12.1] Update Jirafeau to 4.7.1 Full Changelog Fixed another possibility to bypass the checks for CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066 (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image". When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled. The default value of max_upload_chunk_size_bytes was set to 5000000. Higher values could trigger a bug Chromium-based browsers on servers with HTTP/3 enabled, causing asynchronous uploads to fail.

Hello @girish, hello everyone, Is there any hope that Jitsi Meet (https://forum.cloudron.io/topic/10900/updates-to-jitsi) will be offered on Cloudron again? It’s such a great tool! Thank you very much!

[2.4.1] Update joplin to 3.5.2 Full Changelog

[1.58.3] Update jupyterhub to 5.4.3 Full Changelog

[1.17.5] Update kanboard to 1.2.49 Full Changelog fix(ldap): ensure LDAP placeholders are escaped fix: restore Ctrl+Enter submission on the task creation form feat(locale): update translations feat: prevent protocol-relative URL redirects after login feat: block private network access for external web link (configurable) feat: add TRUSTED_PROXY_NETWORKS config option

[1.9.1] Add optional OpenID integration for new installations

[1.5.3] Update keycloak to 26.5.3 Full Changelog 46144 CVE-2026-1609 Disabled users can still obtain tokens via JWT Authorization Grant 46145 CVE-2026-1529 Forged invitation JWT enables cross-organization self-registration 46146 CVE-2026-1486 Logic Bypass in JWT Authorization Grant Allows Authentication via Disabled Identity Providers 46147 CVE-2025-14778 Incorrect ownership checks in /uma-policy/ 45892 Upgrade minikube for CI tests operator 44379 Node.js admin client does not refresh tokens admin/client-js 45459 k8s multiple restart (oomkilled) in v26.5.0-0 during startup because of RAM dist/quarkus 45662 Increase in startup memory consumption in post 26.5 versions dist/quarkus 45677 Hibernate Validator is enabled by default when not used dist/quarkus 45708 Unpexted value '' in mixed-cluster-compatibility-tests testsuite

[0.3.0] Update keila to 0.18.0 Full Changelog Added public archive links for campaigns Added ability to review sent campaigns Added $empty operator to Contact query language and segment editor Added segment filtering based on campaign interactions Added text color tool to Block Editor Added social media icons block to Block Editor (see #444) success_url in contact forms is now processed with Liquid, allowing personalized redirects Added support for id_type in API Contact deletion endpoint Preview emails are now prefixed with "[Preview]" Added Spanish translation (thanks @PedroMartpico)

[2.41.0] Update kimai to 2.47.0 Full Changelog Further SecurityPolicy hardening for twig invoice and export templates (#5784) Fix: moved "print" export to self-contained template (#5784) Fix: synchronisation problem when editing user-preferences of the currently logged-in user (#5784) Fix: selected text highlight color in dark mode (#5784) Fix: remove backdrop from the "loading indicator" (#5784) Do not show report toolbars in a card, following the general Kimai UI principles (#5784) Removed most toast messages, replacing them by a tiny loading indicator. reason: an app should work as expected and not need to indicate that an action was successful, instead it should only warn if something fails. toasts were kept for ticktack / restarting of timesheets and error messages, as those might be started from any screen. (#5784)

[1.34.0] Update koel to 8.3.0 Full Changelog fix: hover status on context menu items by @phanan in #2184

Running TURN server on port 443 only matters for setups where a Client is unable to contact the server on non-port 443. This is only common in some ultra locked down intranet setups.

https://forum.cloudron.io/topic/15003/komf-on-cloudron-komga-and-kavita-metadata-fetcher

[2.4.1] Set supportsDisplayName to false in manifest

[5.0.4] Update php-src to 8.5.3

[1.29.0] Update languagetool to b3d204f

[1.11.1] Update leantime to 3.6.2 Full Changelog Fix timer not starting after v3.6.0 update by @gloriafolaron in #3215 fix(db): Fix zp_entity_relationship table migration issues by @gloriafolaron in #3221 Timer Not Starting - Fixed an issue where the stopwatch/timer feature stopped working after the 3.6.0 update (#3208) Database Migration Fix - Added migration to fix entity relationship table issues that caused dashboard and ticket errors (#3221)

[1.1.1] Update LibreChat to 0.8.2 Full Changelog Cross-replica support for resumable streams in Redis mode, enabling seamless horizontal scaling for production deployments. Add, configure, and share MCP servers directly from the UI with full access control. Includes API key authentication support, domain restrictions for remote transports, and improved OAuth handling. Pin frequently used agents and models to the sidebar for quick access. Render Mermaid diagrams inline within chat messages with enhanced UX and focus rendering. Extensive improvements to meet WCAG standards with better screen reader support, keyboard navigation, focus management, and contrast ratios across the entire application. Moonshot Kimi K2 Bedrock support Anthropic Beta support for Bedrock Anthropic Vertex AI support Gemini Image Generation Tool (Nano Banana) Bedrock Guardrails support

[1.55.5] Update LimeSurvey to 6.16.7+260205

[1.26.1] oidc: add env template to optionally disable login form

[1.20.0] add dumb-init to collect zombies

[1.15.0] Update listmonk to 6.0.0 Full Changelog TOTP two-factor authentication. E-mail based Forgot password reset flow. Ability to archive lists. Subscriber activity in the Subscriber profile UI. Ability to send transactional mails to non-subscribers via the /api/tx API. Campaign-level JSON JSON {} attributes just like subscriber attributes. Granular override on subscriptions / subscriber profile in bulk import. In-built Postgres VACUUM cron in Maintenance settings for large databases. Add attribs to campaign docs. Upgrade altcha JS to latest version.

[1.17.8] Update loomio_channel_server to 1cb973b

[2.41.0] Update Lychee to 7.3.1 Full Changelog Version 7.3.1 for automated deployement by @ildyria in #4036 Fix missing top level permission by @ildyria in #4034 Add more contributions guides by @ildyria in #4006 Clarify album rights propagation by @ildyria in #4019 [SE] Add LDAP support by @ildyria in #4020 Fix ugly header bar in light mode when showing photo details by @ildyria in #4029 Migration breaking on some installations by @ildyria in #4028 Version 7.3.0 by @ildyria in #4030 Fix missing dependency: ldap by @ildyria in #4033

@girish That is a super handy feature!

[1.17.4] Update mastodon to 4.5.4 Full Changelog Fix custom emojis not being rendered in profile fields (#37365 by @ClearlyClaire) Fix serialization of context pages (#37376 by @ClearlyClaire) Fix quotes with CWs but no text not having fallback link (#37361 by @ClearlyClaire) Fix outdated link target for locked warning (#37366 by @ClearlyClaire) Fix local custom emojis sometimes being rendered in remote posts (#37284 by @ChaosExAnima) Fix some assets not being loaded from configured CDN (#37310 by @ChaosExAnima) Fix notifications page error in Tor browser (#37285 by @diondiondion) Fix custom emojis not being displayed in CWs and fav/boost notifications (#37272 and #37306 by @ChaosExAnima and @ClearlyClaire) Fix default Admin role not including view_feeds permission (#37301 by @ClearlyClaire) Fix hashtag autocomplete replacing suggestion's first characters with input (#37281 by @ClearlyClaire)

[1.54.1] Update matomo to 5.7.1

[1.127.1] Update synapse to 1.147.1 Full Changelog Block federation requests and events authenticated using a known insecure signing key. See CVE-2026-24044 / ELEMENTSEC-2025-1670. (#​19459)

[1.24.1] Update mattermost to 11.3.1 Full Changelog Mattermost Platform Release 11.3.1 contains medium to high severity level security fixes.

@jayonrails are you referring to the Mautic App or Cloudron? For Mautic - we have a monthly online meetup for DACH every first monday at 12:30 CET. Except for today - its moved to 12th of january. (https://meet.mauticamp.de/adm-suk-gfm-ath). Also we have a poll for a real world meetup running: https://forum.mautic.org/t/neues-jahr-neues-meetup-terminfindung-fur-das-d-a-ch-mauticamp-2026/36991

[1.33.1] Update mealie to 3.10.2 Full Changelog fix: use BASE_URL config for redirect_url if available @​whattheschnell (#​6995) fix: OIDC caching @​michael-genson (#​7009) fix(deps): update dependency fastapi to v0.128.1 @​renovate (#​7008)

[3.6.1] Update mediawiki to 1.45.1 Full Changelog

Closed due to inactivity

[1.5.1] pin package source by hash

[2.35.5] Update metabase to 0.58.5.5 Full Changelog

[2.37.0] Update bedrock to 1.26.0.2

Also @senthilkumaran If you are just now updating to @miniflux version 2.0.49 on Cloudron, which was packaged and published Oct 16, 2023, you are years behind with updates. This would also explain why you run into this issue, since this was also resolved with @miniflux version 2.2.13 which was packaged and published Sep 19, 2025, 9:18 AM

Time to poke RustFS too. No fear.

[2.6.1] Update mirotalksfu to 2.1.11

The app package runs the cron job as outlined in https://github.com/monicahq/monica/blob/4.x/docs/installation/providers/generic.md#4-configure-cron-job Can you open a webterminal into the app and run it manually via: sudo -E -u www-data php /app/code/artisan schedule:run and see if it shows an error or sends the mails then?

[4.0.3] Update moodle to 5.1.3 Full Changelog

[4.5.1] Update n8n to 2.6.4 Full Changelog Refine webhook conflict checks to ignore waiting webhooks (#25395) (f883c66) Disallow usage of unsupported protocols in oauth fields (#25170) (cfd2761) Kafka Trigger Node: Refactoring and fixes (#25088) (29ccf3a)

[1.27.2] Update navidrome to 0.60.3 Full Changelog 34c6f12: feat(server): add explicit status support in smart playlists (#​5031) (@​kgarner7) 408aa78: fix(scanner): log warning when metadata extraction fails (@​deluan) ed79a88: fix(scanner): pass filename hint to gotaglib's OpenStream for format detection (#​5012) (@​deluan) fd09ca1: fix(scanner): resolve data race on conf.Server access in getScanner (@​deluan) 0a47228: fix(subsonic): validate JSONP callback parameter (@​deluan) eb9ebc3: fix(ui): add missing keys in Danish translation (#​5011) (@​denisarissa) 62f9c3a: fix: linux service should restart when upgrading (#​5001) (@​mintsoft) e05a7e2: fix: prevent data race on conf.Server during cleanup in e2e tests (@​deluan) bee0305: fix: split reflex -R flags to preserve directory exclusion optimization (@​deluan)

[5.6.7] Update server to 32.0.6 Full Changelog

@o1lab it's understandable in this economy. I only have two real requests for your team: 2FA / MFA needs to be one of those enterprise features you give to the community. It is becoming trivial to use tools like Opus 4.6 to find vulnerabilities in open source code and exploit it. You need to come up with a plan for the small business self hosted users. I want to support your product development but I don't need you to host it. I hope you guys seriously consider unlocking a "Community Plus" option.

[2.24.1] Update NodeBB to 4.8.1 Full Changelog upgrade script to handle topics that were already pruned (03b7374) closes #​13899 (f98de3e) #​10682, fix all the other rss routes as well (385a4d0) protocol (da5605e) closes #​12986 (310e90c) #​13919 (b2c6fbe) use min (090b9f5) #​13918, make arrayLimit configurable increase default to 50 (d25e772) closes #​13258, dont mark digest as delivered if it fails (f29c9f0) wrap fields in quotes in user csv export (1b08aef)

[1.20.0] Update ntfy to 2.17.0 Full Changelog Server: Support templating in the priority field (#​1426, thanks to @​seantomburke for reporting) Server: Add admin-only GET /v1/version endpoint returning server version, build commit, and date (#​1599, thanks to @​crivchri for reporting) Server/Web: Support "copy" action button to copy a value to the clipboard (#​1364, thanks to @​SudoWatson for reporting) Web: Show red notification dot on favicon when there are unread messages (#​1017, thanks to @​ad-si for reporting) Server: Fix crash when commit string is shorter than 7 characters in non-GitHub-Action builds (#​1493, thanks to @​cyrinux for reporting) Server: Fix server crash (nil pointer panic) when subscriber disconnects during publish (#​1598) Server: Fix log spam from http: response.WriteHeader on hijacked connection for WebSocket errors (#​1362, thanks to @​bonfiresh for reporting) Server: Use slices.Contains from stdlib to simplify code (#​1406, thanks to @​tanhuaan) Web: Fix clear=true on action buttons not clearing the notification (#​1029, thanks to @​ElFishi for reporting) Web: Fix Markdown message line height to match plain text (1.5 instead of 1.2) (#​1139, thanks to @​etfz for reporting)

[1.4.0] Update ollama to 0.16.1 Full Changelog Installing Ollama via the curl install script on macOS will now only prompt for your password if its required Installing Ollama via the iem install script in Windows will now show progress Image generation models will now respect the OLLAMA_LOAD_TIMEOUT variable GLM-5: A strong reasoning and agentic model from Z.ai with 744B total parameters (40B active), built for complex systems engineering and long-horizon tasks. MiniMax-M2.5: a new state-of-the-art large language model designed for real-world productivity and coding tasks. The new ollama command makes it easy to launch your favorite apps with models using Ollama Launch Pi with ollama launch pi Improvements to Ollama's MLX runner to support GLM-4.7-Flash Ctrl+G will now allow for editing text prompts in a text editor when running a model

I looked into the logs and it was the outdated Commons module. Thanks for your help and keep up the great work with cloudron!

[1.24.1] Update DocumentServer to 9.2.1

[0.5.2] Update opencloud to 5.0.2 Full Changelog CVE-2026-23989, a security issue in public links is resolved in v5.0.2.

[1.8.2] Update openhab-distro to 5.1.2 Full Changelog Log warning on Thing config errors API /file-format/parse: do not extend thing/channel config Change ambient server domain Fix premature event scheduling Fix unit for energy values while polling Improve thread synchronization Fix UoM for state updates Fix HTTP Host Header adopted allowed values for currents since easee also allows 1-5A. Upgrade wattpilot4j to 2.3.0 & OSGi-ify it

[3.46.0] Update openproject to 17.1.0 Full Changelog Work package created for a project initiation request Automatically generated project initiation artifact (PDF) Add new or existing work packages as meeting outcomes Show iCal responses in OpenProject Duplicate agenda items to the next recurring meeting occurrence Release Attribute highlighting to Community

Hi @girish so I learned something while setting up my Radicale and OWC. It seems like the calendar client publishing in to the ICS in Radicale (or wherever your ICS source lives) can matter. When I used the Calendar app on macOS I saw no descriptions. When I used Thunderbird I do. You can see it on my live page that has the OWC page in an iframe https://kb.filewave.com/books/community-engagement/page/customer-event-schedule and if you click on events in the agenda then the description shows. I think initially I was also hoping to show description on the Agenda page without clicking on an event but originally I was bothered that I just couldn't get description to show up. So now it does at least show up when you click an event. I haven't looked at why Calendar doesn't make a summary that shows and Thunderbird does but I'm fine using Thunderbird to put events in my calendar feed.

[3.2.0] Update open-webui to 0.8.0 Full Changelog Analytics dashboard. Administrators now have access to an Analytics dashboard showing model usage statistics, token consumption by model and user, user activity rankings, and time-series charts with hourly or daily granularity; clicking any model opens a detail view with feedback history, associated tags, and chat browser, and results can be filtered by user group. #​21106, Commit, Commit Experimental support for Skills. Open WebUI now supports the Skill standard allowing users to create and manage reusable AI skills with detailed instructions, reference them in chats using the "$" command, or attach them to specific models for automatic context in conversations. #​21312 Experimental support for Open Responses protocol. Connections can now be configured to use the experimental Open Responses protocol instead of Chat Completions, enabling native support for extended thinking, streaming reasoning tokens, and richer tool call handling for compatible providers. Commit, Commit, Commit, Commit, Commit, Commit, Commit, Commit, Commit Redesigned access control UI. The access control UI was redesigned with a more intuitive interface that makes it easier to add multiple groups at once. #​21277 Per-user resource sharing. Resources including knowledge bases, prompts, models, tools, channels, and base models can now be shared directly to individual users alongside the existing per-group sharing capability. #​21277 Message queuing. Messages can now be queued while a response is generating rather than being blocked, allowing you to continue your train of thought; queued messages are automatically combined and sent when generation completes, and can be edited, deleted, or sent immediately from the input area. Commit, Commit Active task sidebar indicator. Users can now see which chats have active tasks running directly in the sidebar. Commit Prompt version control. Prompts now include version control with full history tracking, allowing users to commit changes with messages, view past versions, compare differences between versions, and roll back to previous versions when needed. #​20945 Prompt tags. Prompts can now be organized with tags, and users can filter the prompt workspace by tag to quickly find related prompts across large collections. #​20945 Native function calling code execution. Code execution now works with Native function calling mode, allowing models to autonomously run Python code for calculations, data analysis, and visualizations without requiring Default mode. #​20592, Docs:#​998

[1.1.0] Update opodsync to 0.5.0 Full Changelog Add URL of instance on homepage, with copy button Add support for being used as an external app inside KaraDAV

The latest update seems to have fixed it. Patience is a virtue xD

[1.19.0] Update outline to 1.4.0 Full Changelog New "Toggle blocks" allow creating content that is collapsed by default in #8317 Table cells can now have a custom background color set in #10930 Search results are now highlighted in the document when navigating from search in #11262 A new Figma integration allows unfurling information about Figma links in documents by @hmacr in #11044 Added support for sorting dates in table columns by @lucawimmer in #11198 Document changes made through the API are now synced to clients in realtime in #11186 The rate limiter now prefers user ID over ip address for logged in sessions, prevents issues on larger office networks in #11215 The markdown importer now supports more file layouts in #11278 Fixed some typos comments and messages by @NAM-MAN in #11203 Fixed an issue where mentions would sometimes break when using drag and drop in a list in #11208

[1.6.1] Update owncast to 0.2.4 Full Changelog Lots of localization changes, both in how they work across the web application, and adding more support for them. So more places should show more languages. The backend refactor continues with more splitting things off into standalone data repositories and services. Higher bitrates can now be selected in the video encoding settings. There's a new webhook that fires when you get a new Fediverse follower. Admin: add line divider in sidebar #4098 Display shortcut keys of hide/show chat in Dropdown menu #4096 Create a custom Translation component #4428 Add support for pluralization in the new Translation component #4440 Add support for translations in the web project #3950 Add server status as a default field in all webhooks #4384

[1.3.0] Update base image to 5.0.0

[1.47.1] Update paperless-ngx to 2.20.6 Full Changelog Fix: extract all ids for nested tags @shamoon (#11888) Fix: prevent note deletion outside doc @shamoon e4b861d Performance: improve treenode inefficiencies @shamoon (#11606) Fixhancement: change date calculation for 'this year' to include future documents @shamoon (#11884) Fix: Running management scripts under rootless could fail @stumpylog (#11870) Fix: use correct field id for overrides @shamoon (#11869)

You can still install it like this https://my.<cloudron>/#/appstore/rocks.paperwork.cloudronapp . But note that it was last updated 3 years ago. I tried to build a new version with latest with PHP a year ago and the app was not even building anymore. They have been re-writing a new version for a couple of years now.

Has anything new been added to this issue? I came across this guide: https://github.com/Chocobozzz/PeerTube/issues/6522#issuecomment-3698599168 However, I was unable to implement it (I suppose I lack knowledge of CLI and skills).

[1.15.2] Update penpot to 2.13.2 Full Changelog Fix security issue (Path Traversal Vulnerability) on fonts related RPC method

App discontinued due to no upstream updates.

The upstream project has not released in almost 3 years now. We had to build from develop to get some PHP 8 support going, but there are bugs like https://github.com/phpservermon/phpservermon/issues/1196 , https://github.com/phpservermon/phpservermon/issues/1232 . There's also a bunch of basic issues: Normal user cannot login after admin user logs in. Some issue related to service worker. LDAP functionality is incomplete

[3.2.0] Update Piwigo to 16.2.0 Full Changelog

@james Thanks again for your response and also for reporting the issue on the Pixelfed GitHub.

amazing turn around time

From their FAQ: Can I self host Postiz all by myself? Definitely, we are trying to make Postiz to host as easy as possible, check our documentation to find out how

[1.4.0] Update pretix to 2026.1.0 Full Changelog Breaking change: Removed deprecated API endpoints for ticket validation Feature: Added support for multi-currency payments Feature: Introduced a new dashboard for event analytics Bug fix: Fixed issue with email notifications not being sent Bug fix: Resolved payment gateway timeout errors Feature: Enhanced security for user authentication Breaking change: Changed default settings for new events Bug fix: Corrected display issue on mobile devices Feature: Implemented new search functionality for events Bug fix: Addressed problem with data export feature

[1.11.3] Update PrivateBin to 2.0.3 Full Changelog FIXED: Prevent arbitrary PHP file inclusion when enabling template switching FIXED: Malicious filename can be used for self-XSS / HTML injection locally for users FIXED: Unable to create a new paste from the cloned one when a JSON file attached (#1585)

[2.9.1] Update prometheus to 3.9.1 Full Changelog [BUGFIX] Agent: fix crash shortly after startup from invalid type of object. #​17802 [BUGFIX] Scraping: fix relabel keep/drop not working. #​17807

[2.25.3] Update VueTorrent to 2.31.3 Full Changelog lsio-mod: Fix invalid permissions on non-root users (#2597) (85a1fb3) RightClick: Prevent selecting text when opening menu on apple touch devices (#2598) (f1846ec) RSSArticles: Prevent unread status inconsistency (#2624) (6963f29) Wrong message for category delete confirmation (#2599) (5f9fc86) ActiveFilters: Click on chip disables only active filters (#2606) (bfca3d4) Content: Double click on a node to toggle selection (#2607) (2bcce0a) Improve URL detection (#2590) (26ea94d) Overview: Wrap comment to prevent text overflow (#2589) (c48c2e0) RSSArticles: Use vue-concurrency (#2624) (e28bfcd) TorrentDetail: Change title to use torrent name (#2608) (bbbe846)

[2.11.0] chore(deps): update dependency radicale to v3.6.0

[2.7.0] Update rallly to 4.7.0 Full Changelog Update poll status names Upgrade to prisma 7.3.0 Enable account linking

App discontinued due to no upstream updates.

Did the update (package v5.3.1) help?

[3.9.3] Update redmine_oauth to 3.0.9

Indeed, that app treats each user individually and since an app would have to actively sync up some deactivated (or even deleted) user state explicitly, which releasebell does not, it just keeps working for that user. Since the app uses OpenID, there is actually no real way for the app, to know if a user even still exists to then purge the user. A login of the user would of course not work, but since this works in releasebell without a login-session, not sure what to besides manually purging that user. Have to think more about how to better handle that, until that you may have to actually do what you proposed. I was trying to quickly come up with a mysql statement to purge, but that is more involved than I thought, due to all the constraints.

This will take some time because it requires Mongo DB 8.x . Cloudron's mongodb was in 6.x but was just upgraded to 7.x in Cloudron 9.0.16 . Cloudron 9.1 will have mongodb 8.x . We can only move step by step because mongodb does not support jumping versions.

[2.9.3] Update roundcubemail to 1.6.13 Full Changelog Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075) Fix CSS injection vulnerability reported by CERT Polska. Fix remote image blocking bypass via SVG content reported by nullcathedral.

[1.15.0] Update rss-bridge to 2025-08-05 Full Changelog [FabBridge] Pull 100% discounted items via Fab API by @thefranke in https://github.com/RSS-Bridge/rss-bridge/pull/4584 [GoComicsBridge] Fix for JSON being removed by @TReKiE in https://github.com/RSS-Bridge/rss-bridge/pull/4585 [IdealoBridge] Bypass bot protection by @sysadminstory in https://github.com/RSS-Bridge/rss-bridge/pull/4588 [GoComicsBridge] Add fallback when link to current comic is missing by @TReKiE in https://github.com/RSS-Bridge/rss-bridge/pull/4589 [GolemBridge] Add tables to content by @Mynacol in https://github.com/RSS-Bridge/rss-bridge/pull/4613 [ZeitBridge] Improvements by @Mynacol in https://github.com/RSS-Bridge/rss-bridge/pull/4617 [NasestrechaBridge] Add bridge by @pprenghy in https://github.com/RSS-Bridge/rss-bridge/pull/4591 [WaggaCouncilBridge] Add bridge by @Scrub000 in https://github.com/RSS-Bridge/rss-bridge/pull/4593 [HeiseBridge] removes language-info-text, add archive.is link for people without subscription by @Tone866 in https://github.com/RSS-Bridge/rss-bridge/pull/4594 [CentreFranceBridge] Fix parser following website update by @quent1-fr in https://github.com/RSS-Bridge/rss-bridge/pull/4596

Given that the upstream project is not maintained anymore, we have hidden this in the appstore. I had also submitted a PR upstream for a basic issue which is ignored - https://github.com/aliasaria/scrumblr/pull/161

[2.77.0] Update searxng to b5bb27f

[1.2.0] checklist added to manifest

Guys, tyvm for your feedback. As a workaround I simply disallowed dav on a group level. Nevertheless I'll feature request this during Christmas time. ^^

[2.18.0] Update Shaarli to 0.16.0 Full Changelog v0.x branches and tags will no longer be maintained after v0.16. Always upgrade to the latest release to receive bugfixes and security patches. docs: update PHP version compatibility table fix stored XSS via suggested tags (GHSA-g3xq-mj52-f8pg) build(deps): update frontend build dependencies (js-yaml/glob)

@girish said in SickChill unlisted from app store: I hope they atleast bring back the issue tracker Out of interest, why does this matter for Cloudron? BTW, someone has replied to the thread I started on Discord informing me that the master releases are these https://pypi.org/project/sickchill/ Doesn't look like there has been a new one since March though.

[1.3.0] Update shiori to 1.8.0 Full Changelog feat(apiv1): refactor tags api (#1075) feat: add PWA support share functionality (#1060) feat: add apis to handle bookmark tags (#1081) feat: allow tag filtering and count retrieval via api v1 (#1079) feat: improve SQLite performance (#1024) feat: reverts message in json output and allows configuration (#1082) feat: support proxy forward headers authentication (#1105) fix: auth validation on existing sessions, rely on token only (#1069) fix: incorrectly set cookie's expires value in login.js (#1049) fix: parse pocket new CSV format (#1112

The upstream project is archived - https://github.com/boypt/simple-torrent/ . There has been no changes in 2 years and modules are not updated.

Hello @darrendavid and welcome to the Cloudron forum Could you please explain a little how this is connected to Cloudron? I am not sure if you are in the correct place here for this question.

[1.18.7] Update snipe-it to 8.3.7 Full Changelog Add new 'git remote' management to change Snipe-IT URLs by @uberbrady in #18245 Fixes [FD-52064] Avery L6009_A & L4736_A label field overflow with scaling by @Godmartinz in #18246 Optimize queries for Components listing by @uberbrady in #18251 Added endpoint & use_path_style_endpoint configs for public/private S3 by @Valinwolf in #18266 Experiment: simpler light/dark toggle by @snipe in #18249 Refactor assignee in Checkoutable to accept null by @Godmartinz in #18273 Check That Email Exists on Recipient in Checkout Acceptance by @spencerrlongg in #18274 Fixed #18160 - Multi-create validation fixes by @uberbrady in #18247 Fixes Manager View not displaying subordinates EULAs properly in View Assets page by @iryadifarhan in #18257 adds #17422 [FD-49345] --expired-licenses command parameter to snipeit:expiring-alerts by @Godmartinz in #18244

@james thank you so much! SOGoMailCustomFromEnabled worked prefectly!

Just checked on this again but it seems statping-ng is not going forward much . https://github.com/statping-ng/statping-ng/tags says the release was almost a year ago.

[3.4.5] Update Stirling-PDF to 2.4.5 Full Changelog Windows desktop MSI to support headless installation with custom parameters to set up server URL and login mode, an example for this would be msiexec /i "Stirling-PDF-windows-x86_64.msi " /qn STIRLING_SERVER_URL="http://192.168.1.53:2357/" STIRLING_LOCK_CONNECTION=1 SSO UI changes support for login method restrictions in desktop remembers last entered selfhost URL for easy reconnection SSO functionality cleanups (a few more to come soon!) New strict mode for PDF/A conversion for issues were conversation isn't perfect redaction improvements SSO auto login mode now working correctly feat:(pdfa-conversion) Implement Strict PDF/A Mode with Verification by @balazs-szucs in Stirling-Tools#5663 feat(desktop): show and reuse last used server URL in Setup Wizard by @Ludy87 in Stirling-Tools#5659

[1.12.0] chore(deps): update dependency apache-superset to v6

Hello @rosano We actually published a GitHub action for a more generic use-case. https://github.com/cloudron-io/cloudron-push-to-app

[1.33.15] Update syncthing to 2.0.14 Full Changelog

We only published a fixed package now, based on the alternative LDAP plugin

[1.11.0] Update recipes to 2.5.0 Full Changelog added ability to subscribe to meal plan using ical #1254 (button in meal plan view, only visible on desktop for now) added the ability to run tandoor in a container as a non root users (thanks to @wilmardo #4042) added ability to hide login form trough environment variable (thanks to @mattinx #4352) added cooklang importer and docs for creating custom integrations (thanks to @doylelew #4304) added support (and enabled by default) to include child keywords/foods when searching (thanks to @smilerz #4345) improved Chowdown integration and added export (thanks to @buergi #4344) improved import/export docs (thanks to loucasal #4399) improved error messages during default tandoor import (thanks to buergi #4317) improved made the books view more intuitive (thanks to racehd #4154) improved properly handle AI timeouts (thanks to @smilerz #4391

[1.5.1] checklist added to manifest

@timconsidine said in Teddit Subscriptions no longer working: Just FYI - my LibReddit - selfhosted as Docker on another VPS = is still working. But now it is down. Maybe they have caught up with me.

[1.22.1] checklist added to manifest

@Sam_uk we have unlisted TLDraw by now. Please see https://forum.cloudron.io/topic/10806/no-more-updates-to-tldraw . The license and company direction has changed.

No no, I‘ve the actual version running! It‘s just that it stopped working on 29th of November and when I looked into the events i noticed that on this day 1.21 was installed!

[2.6.3] Update libretranslate to 1.8.4 Full Changelog Add --translation-cache by @pierotofy in #912 Update argos-translate, use MINISBD by @pierotofy in #928

[2.5.0] Update transmission to 4.1.0 Full Changelog Improved TP download performance. (#​6508) Added support for IPv6 and dual-stack UDP trackers. (#​6687) Support trackers that only support the old BEP-7 with &ipv4= and &ipv6=. (#​7481) New JSON-RPC 2.0-compliant RPC API. (#​7269) Added optional sequential downloading. (#​4795) Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#​7819, Qt Client) Fixed 4.0.6 bug where Transmission might spam HTTP tracker announces. (#​7086) Improved libtransmission code to use less CPU. (#​4876, #​5645, #​5715, #​5734, #​5740, #​5792, #​6103, #​6111, #​6325, #​6549, #​6589, #​6712, #​7027, #​7744, #​7800) Avoid unnecessary heap memory allocations. (#​5519, #​5520, #​5522, #​5527, #​5540, #​5649, #​5666, #​5672, #​5676, #​5720, #​5722, #​5725, #​5726, #​5768, #​5788, #​5830, #​6542) Slightly reduced latency when sending protocol messages to peers. (#​5394)

[1.27.2] Update Trilium to 0.101.3 Full Changelog SQL Console: cannot copy table data by @SiriusXT Title is not selected when creating a note via the launcher by @SiriusXT Popup editor closing after inserting a note link by @SiriusXT New Mermaid diagrams do not save content by @lzinga Can't scroll mermaid diagram code Max content width is not respected when switching between note types in the same tab Crash When a Note Includes Itself Severe Performance Degradation and Crash Issues Due to Recursive Inclusion in Included Notes is not a launcher even though it's in the launcher subtree Archived subnotes of direct children appear in grid view without #includeArchived

[2.78.0] Update tt-rss to ca31740

[1.23.2] Update typebot.io to 3.15.2 Full Changelog Fix app router automatically adding transfer-encoding: chunked header to backend requests 69efa2f

[3.23.0] Add optional redis

[2.0.7] Update cloudflared to 2026.2.0

Closed due to inactivity note: mods are working, asked @BrutalBirdie he tested it briefly

[1.82.2] Update vault to 1.21.2 Full Changelog auth/oci: bump plugin to v0.20.1 core: Bump Go version to 1.25.5 packaging: Container images are now exported using a compressed OCI image layout. packaging: UBI container images are now built on the UBI 10 minimal image. secrets/azure: Update plugin to v0.25.1+ent. Improves retry handling during Azure application and service principal creation to reduce transient failures. storage: Upgrade aerospike client library to v8. core/activitylog (enterprise): Resolve a stability issue where Vault Enterprise could encounter a panic during month-end billing activity rollover. http: skip JSON limit parsing on cluster listener. quotas: Vault now protects plugins with ResolveRole operations from panicking on quota creation. replication (enterprise): fix rare panic due to race when enabling a secondary with Consul storage.

thank you James !

[1.72.5] Update verdaccio to 6.2.4 Full Changelog fix: allow docker listen address to be configured (6.x) by @markormesher in #5503

Hello @bytepartner Please see: https://docs.cloudron.io/packages/vikunja With the config file you can control e.g.: self-registration (which is disabled by default when using the Cloudron user management). As far as I know, Vinkunja does not have Admin accounts, you will have to use the vinkunja cli => https://vikunja.io/docs/cli/ You can open the Web Terminal of your Vinkunja Cloudron app and just do e.g.: vikunja user create --help Create a new user. Usage: vikunja user create [flags] Flags: -a, --avatar-provider string The avatar provider of the new user. Optional. -e, --email string The email address of the new user. -h, --help help for create -p, --password string The password of the new user. You will be asked to enter it if not provided through the flag. -u, --username string The username of the new user.

@timconsidine said in Self-hosted VPN server made EASY!: Fine - live in your own world then. I tried but some people can't read the room

[2.5.6] Update wallabag to 2.6.14 Full Changelog Change version in wallabag.yml by @nicosomb in #8251 Fix deprecation by @j0k3r in #8267 Add annotations filter to entries API endpoint by @skn in #8346 Update dependencies by @yguedidi in #8435 Bump deps (mostly for siteconfig) by @j0k3r in #8489 Fix reading time computation for short entries by @andreadecorte in #8332 Fix urls parameter when sending many urls to be stored using the API by @j0k3r in #8488 Prepare 2.6.14 by @j0k3r in #8494

[1.19.1] Update Wallos to 4.6.1 Full Changelog vulnerabily on add subscription endpoint (#​991) (76a53df)

[1.20.1] Update whitebophir to 1.22.1 Full Changelog

[1.36.1] Update weblate to 5.15.2 Full Changelog Statistics generator is now triggered upon installation. Screenshots updated from the repository have proper history. reStructuredText syntax error now reports unintended list conversion. Unchanged translation check ignores AsciiDoc source code blocks. Information leak via screenshots (CVE 2026-21889 / GHSA-3g2f-4rjg-9385). Explanation sync in TermBase eXchange format. User interface fixes. Clarified needs editing/checking/rewriting states. Automatically translated flag with bulk approvals. GitHub forks no longer trigger actions.

[4.100.0] Update wekan to 8.32 Full Changelog Migrate wekan-oidc to async API for Meteor 3.0. Migrate wekan-accounts-sandstorm to async API for Meteor 3.0. Migrate wekan-accounts-cas to async API for Meteor 3.0. Updated to MongoDB 7.0.30 at Snap Candidate. Updated MongoDB to 7.0.30 at Helm Chart.

[1.13.5] Update wiki to 2.5.312 Full Changelog 6ae53bf - map OIDC/OAuth2 avatar claims to user pictureUrl (MR #​7908 by @​mod242) 3ba58f7 - apply theme style to embedded diagram svg (MR #​7903 by @​tribut) 3dcf20a - diagram svg styling add !important qualifier for light scheme (MR #​7905 by @​tribut) 7ae6635 - validate loginRedirect cookie to prevent open redirect (MR #​7923 by @​kolega-ai-dev) d14b0a5 - authenticate GraphQL subscription WebSocket connections (MR #​7922 by @​kolega-ai-dev)

[2.14.0] Update woodpecker to 3.13.0 Full Changelog Update quic-go/qpack & quic-go/quic-go #5885 fix: updateRepoPermissions to cleanup old permissions #5790 Add cli contexts #5929 Use repo-user for api call of cron #5967 Close opened file on LogFind #5961 Delete/Deactivate repo ignores missing repo at forge #5953 Correctly update repo permissions #5928 Revert repos pagination for GH and BB #5924 fix: send correct argument to rpc call for name/url #5922 fix: secrets-file flag #5909

[3.15.2] Update openid-connect-generic to 3.10.3

@dsp76 said in Urgent Security update for OIDC plugin Wordpress: switch to app based authorisation meanwhile and deactivate the plugin? That's what I just did. I knew OIDC is more trouble than its worth. BTW, cloning the app won't work. Install a new WP managed app, then import a backup if you decide to go that route.

[1.4.1] checklist added to manifest