[1.8.0] Update 2FAuth to 6.0.0 Full Changelog 2FAuth can now fetch icons from offline icon packs. Visit the new Icon documentation page to learn how to set them up (#203). The sort order of 2FA accounts is saved to user preferences when changed from the Manage mode. This allows the account list to be reordered automatically after a new account is registered. (#377). Groups can be reordered (manually, from the Group management view) (#419). A new filter is available to only show 2FA accounts that do not belong to any group (#430). The Import feature now supports Bitwarden export (#501). Group names now accept single quote (#465). Upon logging out, users are now redirected to the last login form they used: Password, SSO or Webauthn. (#478). Catchable errors that occur during the sending of a test email are now displayed in the UI to help you understand what's going on. issue #447 Unable to import Google Authenticator. issue #464 Import error not correctly reported in the GUI.

[1.7.1] Update Ackee to 3.5.1 Full Changelog Several dependencies have been updated to their latest versions to bring in security patches and improvements ackee-tracker has been updated to fix an issue where visits were not recorded when the website had an empty document.referrer. You might have seen lower visit counts since version 3.5.0 when your website had no referrer, e.g., when visiting it directly or via bookmarks.

@fbartels thank you, it's good news

@james should there be a URL rewrite for /apps/* to /packages/* to help with 404s?

This look like a good replacement for Alltube (which we were using) https://github.com/alexta69/metube

[1.25.0] Update ampache to 7.9.0 Full Changelog Translations 2026-01-20 Database 790001 Update Dropbox catalog authtoken (if installed) Build for PHP 8.5 Add a warning to playlist sort commands because it saves a new order Allow hiding upload artist and album selection rows with CSS (upload_select_row) Custom CSS in public/templates/custom.css when the file exists Add the remote id of songs to the song_map table Extend Dba::check_database_inserted() tables a bit more Support Update from tags actions for Remote Ampache and Subsonic catalogs

[1.7.0] Update answer to 2.0.0 Full Changelog New: AI Assistant feature (@​shuashuai @​LinkinStars #​1479) New: MCP server feature (@​LinkinStars @​shuashuai #​1480) New: API Keys feature (@​LinkinStars @​shuashuai #​1482) New: Editor plugin support (@​robinv8 #​1481) Fixed: Add user in the Admin, no result prompt after submission (@​bimakw #​1457) Fixed: Fix/external id notification (@​IfDougelseSa #​1465) Fixed: fix: expand avatar column length from 1024 to 2048 (@​csouls #​1463) Fixed: When the input type of SchemeForm is a number, the default value of 0 is not displayed.@​shuashuai

@perelin said in ArchiveBox initial setup: Should I use the regular login mask, but what password to use / where to set a password. If you followed the first time setup guid step by step, you should be able to user your cloudron username and password in the login mask. I have just tested and confirmed it is working if the first time setup guide is followed.

Hello @andreasdueren Thanks for the report. Fixing it right now.

[1.96.1] Update audiobookshelf to 2.32.1 Full Changelog Important: New authentication system was added in v2.26.0. See https://github.com/advplyr/audiobookshelf/discussions/4460 for details. Server crash matching with Audible provider #4931 More strings translated Finnish by @pHamala Polish by @MarcinKlejna Russian by @renesat Swedish by @bittin

Thanks for reporting here @gardinermichael . We have in fact hidden the app package because there were many issues with it and we couldn't manage to get it to be stable . Maybe we should revisit this.

[1.34.0] Update baserow to 2.1.0 Full Changelog [Core] Add Kuma to onboarding and reorganize the steps. [Core] Add Ukrainian languauge. [Core] Allow pasting in 6 digit auth code input. [Core] Introduced management command to permanently delete user files uploaded by user. [Core] List all application types in left sidebar, even if there are no items in there. [Database] Fixed FileSizeTooLargeError when importing Airtable database with files. #​3635 [Database] Fixed a bug preventing Collaborator field from being upserted by user ID. #​3954 [Integration] Fixed a bug where the collaborators field couldn't be updated via upsert actions. #​3954 [Database] Improve UX for search items that don't have anything to navigate to #​4182 [Core] Resolved a bug where unsubscribing from a Baserow page's realtime events wouldn't work correctly. #​4520

[1.6.3] Update beszel to 0.18.4 Full Changelog Add outbound heartbeat monitoring to external services by @​amirhmoradi in #​1729 Add experimental GPU monitoring for Apple Silicon by @​raccettura. (#​1747, #​1746, docs) Add nvtop integration for GPU monitoring. (#​1508) Add GPU_COLLECTOR environment variable to manually specify the GPU collector(s). SMART: add eMMC health via sysfs by @​VACInc in #​1736 Add DISABLE_SSH environment variable to disable SSH agent functionality. (#​1061) Add fingerprint command to the agent. (#​1726) Include GTT memory in AMD GPU metrics and improve device name lookup. (#​1569) Improve multiplexed logs detection for Podman. (#​1755) Harden against Docker API path traversal.

[1.46.4] Update BookStack to 25.12.5 Full Changelog This release specifically addresses folder permission issues (often showing as an error when attempting to access content) which could occur from changes introduced in v25.12.4. Updated filter caching folder handling to avoid server filesystem permission issues. (#​6023) Added new option for more granular page filter control. Updated page content filtering to detect extra cases, and to apply a more aggressive allow-list style filter.

Hello @miednr @miednr said in Docker Remote Builder cannot push to private Cloudron Registry – no basic auth credentials due to read-only HOME / missing Docker config: Could you please provide some commands to check, where the problem's cause is? I have set up my docker registery under dr.cloudron.dev and the build service under cbs.cloudron.dev. I run the command from the build service once: cloudron build login --url 'https://cbs.cloudron.dev' --build-token 4d9e63406e98c078e296f6f273d5d9adb080643d50dd1d82b687af8c414cf915 When I now build a custom app I run: cloudron build --file ./Dockerfile --set-repository dr.cloudron.dev/org.cloudron.copyparty --tag 0.1.0

@mathieu this is a bit technical but you can update the custom package over your existing installation. As long as the data is compatible between the packages it will work.

[1.30.1] Update calibre to 9.3.1

[2.13.3] Update castopod to 1.15.4 Full Changelog

[1.28.5] Update changedetection.io to 0.53.7 Full Changelog Upgrading flask-socketio ( #​3910 ) by @​dgtlmoon in #​3918 Bump referencing from 0.35.1 to 0.37.0 by @​dependabot[bot] in #​3677 Dont pin referencing library by @​dgtlmoon in #​3919

[1.49.0] Update chatwoot to 4.11.0 Full Changelog This release focuses on improving how conversations are handled and resolved inside Chatwoot. We are introducing structured resolution workflows, better AI assistance in the reply composer, and UX improvements that reduce friction for agents. We've improved the editor with Captain AI and a better experience for AI-assisted responses. AI reply suggestions now use related FAQs to improve response quality Agents can now: Improve reply, Change tone, Fix grammar and spelling, Suggest a reply, Summarize the conversation, Ask Copilot All of this works directly inside the composer. The agent can review and edit everything before sending.

[1.43.0] Update code to 25.04.8.3.1

[1.7.0] Update comentario to 3.16.0 Full Changelog Per-page email notifications (#209) - abae9cf, 12c20cd, cd5e8b2, f0aed95, bac6b97 AdminUI: fix base href when deployed on a non-root path (#217) - 7d8e292 Backend: Resolve repeated notifications - cd5e8b2 Backend: use correct paths in site.webmanifest - 7d8e292 Docs: add explicit mentions of Edit domain page (#210) - 6e53611 I18n: improve logging for missing messages, add contribute page link - 257753b I18n: DE: add missing messages - 1e9bc35

@gh0stface yup, they made a release yesterday it seems and it should have the PRs we made upstream. @vladimir-d is checking the package again.

@girish Yep, exactly that. AnyType and Appflowy are growing in popularity. Would be nice to see them

@atridad Thanks for the heads up, the app is gone from our library as well.

[1.13.0] Update cryptpad to 2026.2.0 Full Changelog Upgrade Office applications to OnlyOffice v9.2.0.119 OnlyOffice history browsing #​2134 Update drive tree UI #​2102 Fix incorrect error message for invalid credentials #​2163 Delete 2FA data when archiving account #​2177 Fix padding for profile action buttons #​2081 Fix contact page name overflow #​2084 Fix: Profile description editor now shows saved value without requiring focus #​2100 Fix rtChannel not always stored and pinned #​2168 Preserve drive list sorting order across reloads #​2115

[1.27.0] Update ctfreak to 1.37.0 Full Changelog

@nebulon User error confirmed after 15 minutes of testing. Note: adding another domain to Collabora requires the format [a-zA-Z0-9_\-.]*domain1.org|[a-zA-Z0-9_\-.]*domain2.org plus a restart. We should probably update the settings page with this info.

@james wow, this was the trick! Thanks!!

[2.15.3] Update directus to 11.15.3 Full Changelog @​directus/app @​directus/api @​directus/constants @​directus/app @​directus/api

Hello @phneutre On the right side of a topic is a button called Topic Tools there you can press Ask a question, then a topic will be marked as unsolved and can be marked as solved later on. I have done so. Always happy to help.

Hello @timconsidine Thanks for reporting, I will look into this.

The root cause is that self-hosted Teams have no customerId (Stripe ID). The migration copies it onto the Subscription, gets NULL, then deletes the Subscription. Run these before upgrading: sqlUPDATE "Team" SET "customerId" = 'cus_selfhosted_' || id WHERE "customerId" IS NULL; Then create Subscription records for any Teams missing them. If you've already attempted the upgrade and it failed, you'll also need to clean up 10 partially-created tables before retrying.

[1.12.0] Update community to 5.14.0 Full Changelog Added Spanish language support

[1.13.6] Update docuseal to 2.3.5 Full Changelog Rich text email message editor Now it's possible to make signing party invitation conditional when invite via a form field Cloudflare R2 storage fix

[1.26.0] Update dokuwiki-plugin-oauth to 2025-10-23

Hello @sebastienserre Is this still an issue?

[1.7.1] Update easyappointments to 1.5.2 Full Changelog Fix the GTag script URL html rendering (#​1666) Fix the "Load More" JS error in secretaries page (#​1677) Fix the PHP compatibility error of the appointments index API endpoint (#​1678) Catch individual email delivery exceptions (#​1670) Apply permission checks to the appointment and unavailability search (#​1753) Make sure the sync button is visible on provider log in (#​1749) Update unavailable dates after applying appointment data while rescheduling (#​1662) Make sure that any-provider does not include hidden providers while generating availability (#​1733) Provide "text" version of the emails in addition to HTML (#​1711) Trigger webhook requests when managing records via the API (#​1676)

[1.18.2] Update Emby.Releases to 4.9.3.0 Full Changelog Add user option to set user's auto remote quality Add library option to use legacy folder scanning method Music transcoding fixes Add landing tab option for book libraries Support volume control with youtube trailer player Update mixed content tabs to combine Movies & Shows Fix maintenance mode blocking some settings screens Fix embedded audio fields not getting rescanned on file changes Fix loss of genre and collection images after deleting a movie Fix latest section not showing items for some channel plugins

[2.20.0] Update espocrm to 9.3.0 Full Changelog OpenAPI specification generation #3535 Currency exchange rates stored as entities #3544 PDF Template: Filename with placeholder #3510 PDF Template: Currency symbol helper #3529 Decimal field type #3508 Preferences: Parameter to receive notifications about reactions in non-followed records #3479 In-app notification about being added as a collaborator #3530 Users auto-follow the record when added as colloborators #3532 Personal email account: Map IMAP folders to personal email folders #3513 Formula: Support column data in record\relate function #3537

Got it. Thank you.

App is no longer broken on installation. Marking the topic as solved.

https://feedback.fider.io/posts/329/data-administration-import-accounts-tags-votes-posts-and-comments-via-web-interface this is a known thing in Fider it seems that the UI has no restore option. They have a new version coming this week so maybe it'll get added. I imagine people clone the file structure and PostgreSQL DB now to migrate or restore.

[1.15.0] Update filepizza to 60704b4

[1.1.0] Update fmd-server to 0.14.0 Full Changelog Light mode. And a setting to switch between theme modes. Ability to view the map in fullscreen. Ability to pass a message when locking the device (fmd lock <message>). Setting to switch between metric and imperial units. The command list is much longer, making nearly all commands available in the web UI. The commands now also have a description. The UI now automatically refreshes the location shown on the map. If you select "Remember me" during login, the access token and the private keys will now be stored in the browser's local storage. Enable WAL (write-ahead-logging) in sqlite. (!159) Limit request body size to 15 MB. (!164) Reduce default MaxSavedLoc from 1000 to 500. (!170)

[3.10.15] Update firefly-iii to 6.4.23 Full Changelog Issue 11734 (Cache is not cleared for "no category" overview monthly blocks) reported by @​JC5 Issue 11735 (health endpoint no longer performant) reported by @​grgar Discussion 11736 (Deposit from a Liability & the default financial report) started by @​dratze98 Issue 11738 (API endpoint api/v1/batch/finish does not work) reported by @​JC5 Issue 11744 (Webhook and rule execution for imported transactions) reported by @​mleck28 Issue 11752 (ErrorException in OperatorQuerySearch.php when using tag_starts or tag_ends operators via API) reported by @​travelr Issue 11757 ("Remember Me" cookie expires after 1 minute) reported by @​michaeljandrews Invitee mail message would error out, reported over mail. Thanks!

[2.7.2] Update formbricks to 4.7.3 Full Changelog fix: fixes storage resolution issues (#​7310) by @​pandeymangg in #​7319 fix: [Backport] backports adding boolean support by @​pandeymangg in #​7324

@dennisj thanks for reporting, fixed now!

[1.15.31] Update freescout to 1.8.206 Full Changelog Improved PHP 8.5 compatibility (#​5227) Improved Helper::sanitizeUploadedFileName() function. Improved TokenAuth middleware algorithm. Extended Helper::$restricted_extensions list. Remove role from fillable User model fields. Set allowed_classes parameter for unserialize() functions. Update Customer addChannel() method (#​5224)

Hello @p44 The latest version is 1.28.1. Please update your app to ensure this is not an issue that has already been fixed.

[4.152.2] Update ghost to 6.19.2 Full Changelog Fixed alerts positioning inside the editor (#​26510) - Kevin Ansfield Fixed double-encoded HTML entities in email newsletter cards (#​26498) - Kevin Ansfield Fixed comments-ui permalink crash when iframe is detached - Rob Lester Fixed member filters with multiple date based filters returning incorrect results (#​26458) - renovate[bot] Fixed settings page not scrollable on mobile (#​26477) - Kevin Ansfield Hid "open in your email app" button on iOS, where it's unreliable (#​26449) - Evan Hahn Fixed Portal crash when navigating via hash links on a page (#​26445) - Kevin Ansfield

There is a discussion here, but I don't understand it - https://github.com/go-gitea/gitea/issues/22066

Yes, it's only jekyll. Not an expert on next.js but I think it also needs a backend right ? If so, you have to create a custom package - https://docs.cloudron.io/packaging/tutorial/

[1.112.4] Update gitlab-foss to 18.8.4 Full Changelog

[1.0.0] Update glpi to 11.0.5 Full Changelog [SECURITY - MODERATE] Session stealing on externally authenticated user change (CVE-2026-23624) [SECURITY - HIGH] Remote Code Execution via malicious upload (CVE-2026-22248) [SECURITY - MODERATE] SSRF via Webhooks (CVE-2026-22247)

[1.23.1] Update gogs to 0.14.2 Full Changelog Security: Cross-repository LFS object overwrite via missing content hash verification. #​8166 - GHSA-gmf8-978x-2fg2 Security: Stored XSS via data URI in issue comments. #​8174 - GHSA-xrcr-gmf5-2r8j Security: Release tag option injection in release deletion. #​8175 - GHSA-v9vm-r24h-6rqm Security: Stored XSS in branch and wiki views through author and committer names. #​8176 - GHSA-vgvf-m4fw-938j Security: DOM-based XSS via issue meta selection on the issue page. #​8178 - GHSA-vgjm-2cpf-4g7c Unable to update files via web editor and API. #​8184

[2.3.3] Update grafana to 12.3.3 Full Changelog Alerting: Add limits for the size of expanded notification templates #​117709, @​yuri-tceretian Correlations: Remove support for org_id=0 #​116934, @​gelicia Go: Update to 1.25.7 #​117471, @​macabu Security(Public dashboards annotations): use dashboard timerange if time selection disabled #​117860, @​dana-axinte Security(TraceView): Sanitize html #​117866, @​github-actions[bot]

IMPORTANT Packages starting 1.8.6 to 1.9.0 have been revoked. 1.8.6 - 1.8.13 - Upstream has removed all 1.7.50.x packages. See https://discourse.getgrav.org/t/upgrade-to-grav-v1-7-50-9-not-working/29222/4 1.9.0 - had incorrect beta version update

[1.9.0] Update greenlight to 3.7.0 Full Changelog Improve copy recordings functionality (#6154) Added popovers that describe recording formats (#6136) Fixed a few Host Header vulnerabilities related to asset urls Removed role_id from permitted update params (#6117) Updated multiple gems and packages Clear recordings before the sync starts (#6164)

The latest cloudron package symlinks the config.json into /app/data. This allows to enable the enterprise edition mode. One thing to note is, that the env.sh file needs the line with GRIST_DEFAULT_EMAIL to be enabled and set to the users's email address. Otherwise the admin UI will not grant the user access.

Hello @albertbeaufrand and welcome to the Cloudron Forum This topic is a duplication of https://forum.cloudron.io/post/97415 and will be merged into it. Please read the responses above to get the full answer to your question.

[1.11.0] Update base image to 5.0.0

[1.21.3] Update hedgedoc to 1.10.6 Full Changelog GHSA-x74j-jmf9-534w reports a bug where security headers for upload files were not set correctly. GHSA-672m-p72w-gw28 reports potential security issues with limited script execution in uploaded SVG files.

[1.16.3] Update core to 2026.2.3 Full Changelog Add the ability to select region for Roborock ([@​Lash-L] - [#​160898]) ([roborock docs]) Fix dynamic entity creation in eheimdigital ([@​autinerd] - [#​161155]) ([eheimdigital docs]) Fix HomematicIP entity recovery after access point cloud reconnect ([@​lackas] - [#​162575]) ([homematicip_cloud docs][homematicip_cloud docs]) Show progress indicator during backup stage of Core/App update ([@​hbludworth] - [#​162683]) ([hassio docs]) Fix Z-Wave climate set preset ([@​MartinHjelmare] - [#​162728]) ([zwave_js docs][zwave_js docs]) Block redirect to localhost ([@​edenhaus] - [#​162941]) Bump pypck to 0.9.10 ([@​alengwenus] - [#​162333]) ([lcn docs]) (dependency) Bump pypck to 0.9.11 ([@​alengwenus] - [#​163043]) ([lcn docs]) (dependency) Fix blocking call in Xbox config flow ([@​tr4nt0r] - [#​163122]) ([xbox docs]) Bump ical to 13.2.0 ([@​allenporter] - [#​163123]) ([google docs]) ([local_calendar docs][local_calendar docs]) ([local_todo docs][local_todo docs]) ([remote_calendar docs][remote_calendar docs]) (dependency)

[1.9.0] Update humhub to 1.18.0 Full Changelog Bootstrap 5 is the default CSS framework, which may require migration of custom modules or themes. Caching must now be configured via the configuration file, with FileCache as the default. Fix #​7921: Alert widget broken since beta.6 Fix #​7925: Space Members dropdown menu Fix #​7924: Admin Pending Approvals buttons layout Fix #​7928: Top menu: long usernames overlap notification buttons for md screen sizes Fix #​7930: Remove bottom margin to RichText Create Input fields Fix #​7937: Spaces and Marketplace layouts are missing fluid container Fix #​7932: Fix content default visibility after form submit

[1.97.4] Update immich to 2.5.6 Full Changelog Fixed an issue where thumbnail generation runs every night when full-size image generation option is enabled. Fixed an issue where iOS is slow to start in some cases. Fixed an issue where Android device cannot delete asset using Free Up Space feature if it has more than a few thousand assets fix: enhance album sorting functionality with order handling by @​LeLunZ in #​24816 fix: add missing translations for image editor by @​michelheusschen in #​25957 fix: image and video download complete notification shows "file_name" by @​romoisverycool in #​25975 fix: user profile refetched each time on opening app dialog by @​shenlong-tanwen in #​25992 fix: improve albums page load time on firefox by @​michelheusschen in #​26025 fix: reduce queue graph jitter and include paused count by @​michelheusschen in #​26023 fix(web): toast fixed location by @​YarosMallorca in #​25966

[1.19.0] Rename to Ip2location due to trademark collision

@jdaviescoates Thanks - Not the I have not though about this, but, at last, this could only be a temporary solution following our infrastructure setup. It also does not solve the underlying OIDC issue, which I very much find intriguing.

[1.12.0] Update invidious to v2.20260207.0 Full Changelog Livestream experiences are restored: Trending shows livestreams again, the gaming feed remains accessible, and "Watch on YouTube" links stop carrying stale timestamps (#5480, #5555, #5481) Channel and playlist metadata is richer thanks to pronoun support, topic playlist thumbnails, and accurate related video counts (#5617, #5616, #5446) Downloads get smoother because download actions are URL-safe and downloads can flow through Invidious companion when available (#5367, #5561) Users see clearer feedback with Erroneous CAPTCHA messages, DMCA controls restored, and a footer link pointing at the current release (#5508, #5228, #4702) Companion integration is sturdier: CSP is generated once, check identifiers persist, and the helper hyperlink is fixed (#5497, #5575, #5491) Proxied images and videoplayback strip unwanted response headers (shared header-strip list) (#5595) Runtime and packaging updates pin docker/OCI builds to Crystal 1.16.3, bring an optional Crystal 1.18.2 + Alpine 3.23 image, and compile OpenSSL from source to mitigate the memory leak seen with Alpine-provided OpenSSL (#5604, #5577, #5574, #5441) Server stability improves via a larger max_request_line_size that is required to be able to access some next pages of Youtube channels videos and a rewritten static file handler (#5566, #5338) Top-level constants moved into dedicated modules, preferences handling was cleaned up, and the legacy signature helper is finally removed (#5596, #5450, #5550) Crystal API updates replaced the deprecated Socket#blocking property and restored the shard target plus SPDX license metadata (#5538, #5608, #5552)

[1.21.14] Update invoiceninja to 5.12.65 Full Changelog Update translations by @​beganovich in #​11712 v5.12.65 by @​turbo124 in #​11715

[1.13.2] Update jellyfin to 10.11.6 Full Changelog Prioritize better matches on search [MR #15983], by @Shadowghost Fix artist display order [MR #15816], by @theguymadmax Restore weekly refresh for library folder images [MR #16046], by @theguymadmax Be more strict about PersonType assignment [MR #15872], by @Shadowghost Fix birthplace not saving correctly [MR #16020], by @theguymadmax Trim music artist names [MR #15808], by @theguymadmax Add mblink creation logic to library update endpoint. [MR #15965], by @Collin-Swish Fix watched state not kept on Media replace/rename [MR #15899], by @MarcoCoreDuo Skip hidden directories and .ignore paths in library monitoring [MR #16029], by @theguymadmax Revert "always sort season by index number" [MR #15950], by @theguymadmax

App discontinued due to no upstream updates.

[1.12.1] Update Jirafeau to 4.7.1 Full Changelog Fixed another possibility to bypass the checks for CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066 (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image". When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled. The default value of max_upload_chunk_size_bytes was set to 5000000. Higher values could trigger a bug Chromium-based browsers on servers with HTTP/3 enabled, causing asynchronous uploads to fail.

Hello @girish, hello everyone, Is there any hope that Jitsi Meet (https://forum.cloudron.io/topic/10900/updates-to-jitsi) will be offered on Cloudron again? It’s such a great tool! Thank you very much!

[2.4.1] Update joplin to 3.5.2 Full Changelog

[1.58.3] Update jupyterhub to 5.4.3 Full Changelog

[1.17.5] Update kanboard to 1.2.49 Full Changelog fix(ldap): ensure LDAP placeholders are escaped fix: restore Ctrl+Enter submission on the task creation form feat(locale): update translations feat: prevent protocol-relative URL redirects after login feat: block private network access for external web link (configurable) feat: add TRUSTED_PROXY_NETWORKS config option

[1.9.1] Add optional OpenID integration for new installations

[1.5.4] Update keycloak to 26.5.4 Full Changelog CVE-2026-1190 - Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData saml CVE-2026-0707: Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass CVE-2025-5416 keycloak-core: Keycloak Environment Information CVE-2026-2575 - Denial of Service due to excessive SAMLRequest decompression saml CVE-2026-2733 Missing Check on Disabled Client for Docker Registry Protocol New key affinity for session ids "Update email" AIA: "Back to Application" URL invokes OIDC callback with missing parameters oidc Client deletion timeout due to large number of client roles storage auth_mellon (SAML) authentication fails after upgrade to 26.5.1 (from 26.4.6) saml Information Disclosure of Client Secret on Unauthenticated Config Endpoint oidc

@james said in How to create Sender from outbound mail ?: Currently, there is an issue with the Keila shared mailer admin ui. I saw that error after I started this thread. My guess was that it wasn't implemented yet as the app is marked as unstable. @james said in How to create Sender from outbound mail ?: This will give you all the details. That works perfectly, thanks !

[2.41.0] Update kimai to 2.47.0 Full Changelog Further SecurityPolicy hardening for twig invoice and export templates (#5784) Fix: moved "print" export to self-contained template (#5784) Fix: synchronisation problem when editing user-preferences of the currently logged-in user (#5784) Fix: selected text highlight color in dark mode (#5784) Fix: remove backdrop from the "loading indicator" (#5784) Do not show report toolbars in a card, following the general Kimai UI principles (#5784) Removed most toast messages, replacing them by a tiny loading indicator. reason: an app should work as expected and not need to indicate that an action was successful, instead it should only warn if something fails. toasts were kept for ticktack / restarting of timesheets and error messages, as those might be started from any screen. (#5784)

[1.34.0] Update koel to 8.3.0 Full Changelog fix: hover status on context menu items by @phanan in #2184

Running TURN server on port 443 only matters for setups where a Client is unable to contact the server on non-port 443. This is only common in some ultra locked down intranet setups.

https://forum.cloudron.io/topic/15003/komf-on-cloudron-komga-and-kavita-metadata-fetcher

[2.4.1] Set supportsDisplayName to false in manifest

[5.0.4] Update php-src to 8.5.3

[1.31.0] Update languagetool to 0867b00

[1.12.0] Update leantime to 3.7.0 Full Changelog TinyMCE removed all rich text editing now uses Tiptap. Existing content renders without changes, but any custom TinyMCE plugins or editor extensions will need to be rewritten for the Tiptap API. Group by Parent Task new grouping option in To-Do views with root parent resolution for ticket hierarchy Comment Reactions HTMX-based emoji reactions on comments (like, love, celebrate, funny, etc.) Strategy module relabeled to mission-driven language Fixed idea board internationalization issues Fixed goal KPI progress calculation Fixed milestone collapse behavior Fixed calendar duplicate events Fixed editor toolbar and border-radius inconsistencies Fixed slash menu viewport positioning at screen edges

[1.1.1] Update LibreChat to 0.8.2 Full Changelog Cross-replica support for resumable streams in Redis mode, enabling seamless horizontal scaling for production deployments. Add, configure, and share MCP servers directly from the UI with full access control. Includes API key authentication support, domain restrictions for remote transports, and improved OAuth handling. Pin frequently used agents and models to the sidebar for quick access. Render Mermaid diagrams inline within chat messages with enhanced UX and focus rendering. Extensive improvements to meet WCAG standards with better screen reader support, keyboard navigation, focus management, and contrast ratios across the entire application. Moonshot Kimi K2 Bedrock support Anthropic Beta support for Bedrock Anthropic Vertex AI support Gemini Image Generation Tool (Nano Banana) Bedrock Guardrails support

[1.55.7] Update LimeSurvey to 6.16.9+260217

[1.26.1] oidc: add env template to optionally disable login form

[1.20.0] add dumb-init to collect zombies

[1.15.0] Update listmonk to 6.0.0 Full Changelog TOTP two-factor authentication. E-mail based Forgot password reset flow. Ability to archive lists. Subscriber activity in the Subscriber profile UI. Ability to send transactional mails to non-subscribers via the /api/tx API. Campaign-level JSON JSON {} attributes just like subscriber attributes. Granular override on subscriptions / subscriber profile in bulk import. In-built Postgres VACUUM cron in Maintenance settings for large databases. Add attribs to campaign docs. Upgrade altcha JS to latest version.

[1.17.9] Update loomio to 3.0.20 Full Changelog Convert HAML view templates to Phlex Replace SocketIO with ActionCable (remove loomio_channel_server) Move hocuspocus server into the main Loomio repository Handle Matrix bot notfications from Rails app Fix OAuth login finding orphan identities instead of linked ones. Change user avatar email/print partial to say user name rather than initials - So you can give the print view of a thread to an AI chatbot and it can understand who is talking Add LOOMIO_VERIFY_PARTICIPANTS_ADMIN_ONLY to restrict verify participants to admins only - Recently we introduced the "Verify participants" feature on polls. This means you can audit who was invited to an anonyous poll (to ensure that the admin did not invite, eg fake accounts), without revealing how voters voted. This flag makes this feature only available to admins, for member privacy. Show specific errors in flash messages - Now when there is an error submitting a form, it will say what the problem is, rather than a generic "Please check the form". Add remove logo and cover photo to group settings - You can now remove your group logo if you want to.

[2.41.2] Update Lychee to 7.3.3 Full Changelog Add 2 new smart albums: My rated pictures and My best rated pictures by @​ildyria in #​4041 Add setting to also hide GPS data by @​ildyria in #​4046 Fix settings not being set for default album protection policy by @​ildyria in #​4048 Fix delete warning in tags albums by @​ildyria in #​4049 Bump frankenphp by @​ildyria in #​4057 Fix migration failing when rerun. by @​ildyria in #​4070 Bump frankenphp by @​ildyria in #​4079 Adding Bulgarian translations by @​tkulev in #​4080 Copy built album-embed assets into Docker images by @​cdzombak in #​4084 Allow filtering embedded albums/streams by author using data-author attribute by @​cdzombak in #​4083

@girish That is a super handy feature!

[1.17.4] Update mastodon to 4.5.4 Full Changelog Fix custom emojis not being rendered in profile fields (#37365 by @ClearlyClaire) Fix serialization of context pages (#37376 by @ClearlyClaire) Fix quotes with CWs but no text not having fallback link (#37361 by @ClearlyClaire) Fix outdated link target for locked warning (#37366 by @ClearlyClaire) Fix local custom emojis sometimes being rendered in remote posts (#37284 by @ChaosExAnima) Fix some assets not being loaded from configured CDN (#37310 by @ChaosExAnima) Fix notifications page error in Tor browser (#37285 by @diondiondion) Fix custom emojis not being displayed in CWs and fav/boost notifications (#37272 and #37306 by @ChaosExAnima and @ClearlyClaire) Fix default Admin role not including view_feeds permission (#37301 by @ClearlyClaire) Fix hashtag autocomplete replacing suggestion's first characters with input (#37281 by @ClearlyClaire)

[1.54.1] Update matomo to 5.7.1

[1.127.1] Update synapse to 1.147.1 Full Changelog Block federation requests and events authenticated using a known insecure signing key. See CVE-2026-24044 / ELEMENTSEC-2025-1670. (#​19459)

[1.25.0] Update mattermost to 11.4.0 Full Changelog Mattermost Platform Release 11.4.0 contains multiple new quality of life improvements.

@jayonrails are you referring to the Mautic App or Cloudron? For Mautic - we have a monthly online meetup for DACH every first monday at 12:30 CET. Except for today - its moved to 12th of january. (https://meet.mauticamp.de/adm-suk-gfm-ath). Also we have a poll for a real world meetup running: https://forum.mautic.org/t/neues-jahr-neues-meetup-terminfindung-fur-das-d-a-ch-mauticamp-2026/36991

[1.34.0] Update mealie to 3.11.0 Full Changelog You can now use a relative date when filtering by "Last Made" in the recipe finder and meal planner! Existing rules using an absolute date will continue to work, but will be updated to a relative date when edited. Ingredients are pluralized more naturally depending on your language. In English, for instance, you will see "2 cups onion chopped" instead of "2 cups onions chopped". Languages where the latter is preferred will keep the old behavior, and some languages (such as Japanese) forego plurals entirely. Check out the MR for more details. Note that this is only applicable for parsed recipes with foods that have both singular and plural forms defined. We've improved the drop down search logic to better match what you type (no more typing "onion" and having to scroll down to the 5th or 6th item to find it). Drop down fields also check aliases now, too! feat: Dynamic Placeholders UI @​michael-genson (#​7034) feat: Add Docker metadata to published images @​michael-genson (#​7052) feat: Customize Ingredient Plural Handling @​michael-genson (#​7057) feat: Improve recipe filter search ordering @​michael-genson (#​7061) feat: Further improve recipe filter search and shopping list and recipe ingredient editor @​michael-genson (#​7063) fix: handle numeric recipeCategory from LLM/site to prevent import failure @​jknndy (#​7026) fix: Search bar width @​michael-genson (#​7060)

Hey @james and @joseph. Thank you for your quick replies! I'm going to try out this technique with LAMP first and report back, and if that doesn't work than I may try creating the SMW Cloudron App.

Closed due to inactivity

[1.5.1] pin package source by hash

[2.37.1] Update metabase to 0.58.7.1 Full Changelog

[2.37.1] Update bedrock to 1.26.1.1

Also @senthilkumaran If you are just now updating to @miniflux version 2.0.49 on Cloudron, which was packaged and published Oct 16, 2023, you are years behind with updates. This would also explain why you run into this issue, since this was also resolved with @miniflux version 2.2.13 which was packaged and published Sep 19, 2025, 9:18 AM

Time to poke RustFS too. No fear.

@pdurante1981 said in Mirotalk SFU remote room control: Awesome! Thanks for the quick reply and implementation! You're welcome! Just a quick reminder to please purchase a license if you plan to use this in a commercial production environment.

The app package runs the cron job as outlined in https://github.com/monicahq/monica/blob/4.x/docs/installation/providers/generic.md#4-configure-cron-job Can you open a webterminal into the app and run it manually via: sudo -E -u www-data php /app/code/artisan schedule:run and see if it shows an error or sends the mails then?

[4.0.3] Update moodle to 5.1.3 Full Changelog

[4.7.0] Update n8n to 2.8.3 Full Changelog core: Make health endpoint configurable to solve conflicts (#​25729) (d123c55) editor: Switch to using shift+P shortcut for publishing (#​25667) (d84e900) core: Revert the fix for execution history when flow includes wait node (#​25610) (61394f7) fix(ai-builder): Improve plan mode UX: naming, question skipping, thinking states (no-changelog) (#​25609) (c614663) Add source to credentials open menu on telemetry (#​25519) (2ba2404) Adjust gap behaviour of the execution buttons (#​25529) (d18ffe1) Adjust styling of credentials setup card (#​25163) (ce70395) Asana Node: Fix empty error output when using Continue (using error output) (#​24615) (0a47148) core: AI models don't explain images in ChatHub (#​25451) (6e7cbbf) core: Auto set pairedItem when N input items create 1 output item (#​25203) (1292b80)

[1.27.2] Update navidrome to 0.60.3 Full Changelog 34c6f12: feat(server): add explicit status support in smart playlists (#​5031) (@​kgarner7) 408aa78: fix(scanner): log warning when metadata extraction fails (@​deluan) ed79a88: fix(scanner): pass filename hint to gotaglib's OpenStream for format detection (#​5012) (@​deluan) fd09ca1: fix(scanner): resolve data race on conf.Server access in getScanner (@​deluan) 0a47228: fix(subsonic): validate JSONP callback parameter (@​deluan) eb9ebc3: fix(ui): add missing keys in Danish translation (#​5011) (@​denisarissa) 62f9c3a: fix: linux service should restart when upgrading (#​5001) (@​mintsoft) e05a7e2: fix: prevent data race on conf.Server during cleanup in e2e tests (@​deluan) bee0305: fix: split reflex -R flags to preserve directory exclusion optimization (@​deluan)

Here's how I've temporarily worked around the situation: Manually synced all auto upload folders to ensure I'm not missing any files Cleared the cache on the Nextcloud app Told it to ignore all pending uploads I think there is some sort of rate limit causing issues - once you get too many items pending re-upload, it just keeps hitting the server and Cloudron starts rejecting / ignoring requests from the client, which puts it into a weird state.

@o1lab it's understandable in this economy. I only have two real requests for your team: 2FA / MFA needs to be one of those enterprise features you give to the community. It is becoming trivial to use tools like Opus 4.6 to find vulnerabilities in open source code and exploit it. You need to come up with a plan for the small business self hosted users. I want to support your product development but I don't need you to host it. I hope you guys seriously consider unlocking a "Community Plus" option.

[2.24.1] Update NodeBB to 4.8.1 Full Changelog upgrade script to handle topics that were already pruned (03b7374) closes #​13899 (f98de3e) #​10682, fix all the other rss routes as well (385a4d0) protocol (da5605e) closes #​12986 (310e90c) #​13919 (b2c6fbe) use min (090b9f5) #​13918, make arrayLimit configurable increase default to 50 (d25e772) closes #​13258, dont mark digest as delivered if it fails (f29c9f0) wrap fields in quotes in user csv export (1b08aef)

[1.20.0] Update ntfy to 2.17.0 Full Changelog Server: Support templating in the priority field (#​1426, thanks to @​seantomburke for reporting) Server: Add admin-only GET /v1/version endpoint returning server version, build commit, and date (#​1599, thanks to @​crivchri for reporting) Server/Web: Support "copy" action button to copy a value to the clipboard (#​1364, thanks to @​SudoWatson for reporting) Web: Show red notification dot on favicon when there are unread messages (#​1017, thanks to @​ad-si for reporting) Server: Fix crash when commit string is shorter than 7 characters in non-GitHub-Action builds (#​1493, thanks to @​cyrinux for reporting) Server: Fix server crash (nil pointer panic) when subscriber disconnects during publish (#​1598) Server: Fix log spam from http: response.WriteHeader on hijacked connection for WebSocket errors (#​1362, thanks to @​bonfiresh for reporting) Server: Use slices.Contains from stdlib to simplify code (#​1406, thanks to @​tanhuaan) Web: Fix clear=true on action buttons not clearing the notification (#​1029, thanks to @​ElFishi for reporting) Web: Fix Markdown message line height to match plain text (1.5 instead of 1.2) (#​1139, thanks to @​etfz for reporting)

[1.4.2] Update ollama to 0.16.3 Full Changelog New ollama launch cline added for the Cline CLI ollama launch <integration> will now always show the model picker Added Gemma 3, Llama and Qwen 3 architectures to MLX runner

I looked into the logs and it was the outdated Commons module. Thanks for your help and keep up the great work with cloudron!

[1.24.1] Update DocumentServer to 9.2.1

@nebulon however you can easily emulate this to satisfy the need.

[1.8.3] Update openhab-distro to 5.1.3 Full Changelog Restore model validation not to fail on diagnostic errors for rules and scripts Fix community marketplace discourse parsing Align x-axis and query to daysOfMonth for aggregated series zwave: Fix zwave network map display in 5.1.x item-state-preview: Fix toggle switch not being fully re-rendered on Item change useStatesStore: Fix error in expression tester with =items formula

[3.46.1] Update openproject to 17.1.1 Full Changelog Bugfix: Documents: zooming in issue on iOS [#​71023] Bugfix: Seeding in zh-TW fails [#​71869] Bugfix: Default document types are recreated after every OpenProject update [#​71877] Bugfix: External links in notification emails not captured [#​71907] Bugfix: External links with encoded space in path lead to OpenProject home page [#​71931] Bugfix: Error in meeting PDF exports if cover image file storage is broken [#​71945] Bugfix: Last admin can delete themselves [#​71980]

Hi @girish so I learned something while setting up my Radicale and OWC. It seems like the calendar client publishing in to the ICS in Radicale (or wherever your ICS source lives) can matter. When I used the Calendar app on macOS I saw no descriptions. When I used Thunderbird I do. You can see it on my live page that has the OWC page in an iframe https://kb.filewave.com/books/community-engagement/page/customer-event-schedule and if you click on events in the agenda then the description shows. I think initially I was also hoping to show description on the Agenda page without clicking on an event but originally I was bothered that I just couldn't get description to show up. So now it does at least show up when you click an event. I haven't looked at why Calendar doesn't make a summary that shows and Thunderbird does but I'm fine using Thunderbird to put events in my calendar feed.

[3.2.4] Update open-webui to 0.8.4 Full Changelog Provider URL suggestions. The connection form now displays a dropdown with suggested URLs for popular AI providers, making it easier to configure connections. Commit Anthropic model fetching. The system now properly fetches available models from the Anthropic API, ensuring all Anthropic models are accessible. Commit No models prompt. When no models are available, a helpful prompt now guides users to manage their provider connections. Commit Connection enable/disable toggles. Individual provider connections can now be enabled or disabled from both admin and user settings. Commit Prompt enable/disable toggle. Users can now enable or disable prompts directly from the prompts list using a toggle switch, without needing to delete and recreate them. Inactive prompts display an "Inactive" badge and are still visible in the list. Commit Memory deletion. Agents can now delete specific memories that are no longer relevant, duplicated, or incorrect, giving better control over stored memory content. Commit Memory listing. Agents can now list all stored memories, enabling them to identify which memories to manage or delete based on the complete memory inventory. Commit Auto pip install toggle. Administrators can now disable automatic pip package installation from function frontmatter requirements using the ENABLE_PIP_INSTALL_FRONTMATTER_REQUIREMENTS environment variable, providing more control over function dependency management. Commit Anthropic Messages API proxy. A new API endpoint now supports the Anthropic Messages API format, allowing tools like Claude Code to authenticate through Open WebUI and access configured models. Tool calls are now properly supported in streaming responses with correct multi-block indexing, and error status from tools is propagated correctly. The endpoint converts requests to OpenAI format internally, routes them through the existing chat pipeline, and returns responses in Anthropic format. #​21390, Commit, Commit Multi-device OAuth sessions. Users can now stay logged in on multiple devices simultaneously with OAuth, as re-logging in no longer terminates existing sessions. The oldest sessions are automatically pruned when the session limit is exceeded. #​21647, Commit

[1.1.0] Update opodsync to 0.5.0 Full Changelog Add URL of instance on homepage, with copy button Add support for being used as an external app inside KaraDAV

The latest update seems to have fixed it. Patience is a virtue xD

[1.20.0] Update outline to 1.5.0 Full Changelog Added sorting options to the search screen in #​11242 Added diff language highlighting for code blocks in #​11301 Allow cmd+enter to toggle all checkboxes in a selection in #​11322 Added support for currency sorting in tables in #​11332 Added a custom color picker for text highlights in #​11337 Clicking on a group in the share dialog now shows it's members in #​11338 Table headers are now sticky in #​11353 Importing toggle blocks from Notion is now supported in #​11371 All tables in settings now have right-click context menu support in #​11378 Added a hide/show completed items control for checkbox lists in #​11379

[1.6.1] Update owncast to 0.2.4 Full Changelog Lots of localization changes, both in how they work across the web application, and adding more support for them. So more places should show more languages. The backend refactor continues with more splitting things off into standalone data repositories and services. Higher bitrates can now be selected in the video encoding settings. There's a new webhook that fires when you get a new Fediverse follower. Admin: add line divider in sidebar #4098 Display shortcut keys of hide/show chat in Dropdown menu #4096 Create a custom Translation component #4428 Add support for pluralization in the new Translation component #4440 Add support for translations in the web project #3950 Add server status as a default field in all webhooks #4384

[1.3.0] Update base image to 5.0.0

[1.48.0] Update gotenberg to 8.27.0

You can still install it like this https://my.<cloudron>/#/appstore/rocks.paperwork.cloudronapp . But note that it was last updated 3 years ago. I tried to build a new version with latest with PHP a year ago and the app was not even building anymore. They have been re-writing a new version for a couple of years now.

Has anything new been added to this issue? I came across this guide: https://github.com/Chocobozzz/PeerTube/issues/6522#issuecomment-3698599168 However, I was unable to implement it (I suppose I lack knowledge of CLI and skills).

[1.15.2] Update penpot to 2.13.2 Full Changelog Fix security issue (Path Traversal Vulnerability) on fonts related RPC method

App discontinued due to no upstream updates.

The upstream project has not released in almost 3 years now. We had to build from develop to get some PHP 8 support going, but there are bugs like https://github.com/phpservermon/phpservermon/issues/1196 , https://github.com/phpservermon/phpservermon/issues/1232 . There's also a bunch of basic issues: Normal user cannot login after admin user logs in. Some issue related to service worker. LDAP functionality is incomplete

[3.2.0] Update Piwigo to 16.2.0 Full Changelog

Oh well, I thought the email issue would be fixed by the latest update, but unfortunately the problem still persists.

[1.14.5] Update pocketbase to 0.36.4 Full Changelog Made the optional Bearer token prefix case-insensitive (#​7525; thanks @​benjamesfleming). Enabled $filesystem.s3(...) and $filesystem.local(...) JSVM bindings (#​7526).

Hello @andreasdueren See: https://forum.cloudron.io/topic/15047/plan-to-drop-postiz-package-from-cloudron

Thanks James. It seems that there is noch upload feature in the cloudron version.

[1.11.3] Update PrivateBin to 2.0.3 Full Changelog FIXED: Prevent arbitrary PHP file inclusion when enabling template switching FIXED: Malicious filename can be used for self-XSS / HTML injection locally for users FIXED: Unable to create a new paste from the cloned one when a JSON file attached (#1585)

[2.9.1] Update prometheus to 3.9.1 Full Changelog [BUGFIX] Agent: fix crash shortly after startup from invalid type of object. #​17802 [BUGFIX] Scraping: fix relabel keep/drop not working. #​17807

[2.25.3] Update VueTorrent to 2.31.3 Full Changelog lsio-mod: Fix invalid permissions on non-root users (#2597) (85a1fb3) RightClick: Prevent selecting text when opening menu on apple touch devices (#2598) (f1846ec) RSSArticles: Prevent unread status inconsistency (#2624) (6963f29) Wrong message for category delete confirmation (#2599) (5f9fc86) ActiveFilters: Click on chip disables only active filters (#2606) (bfca3d4) Content: Double click on a node to toggle selection (#2607) (2bcce0a) Improve URL detection (#2590) (26ea94d) Overview: Wrap comment to prevent text overflow (#2589) (c48c2e0) RSSArticles: Use vue-concurrency (#2624) (e28bfcd) TorrentDetail: Change title to use torrent name (#2608) (bbbe846)

[2.11.0] chore(deps): update dependency radicale to v3.6.0

[2.7.3] Update rallly to 4.7.4 Full Changelog Fix redirect to login when accessing poll admin by @​lukevella in #​2184

App discontinued due to no upstream updates.

Did the update (package v5.3.1) help?

[3.10.0] Update redmine_oauth to 4.0.1

Indeed, that app treats each user individually and since an app would have to actively sync up some deactivated (or even deleted) user state explicitly, which releasebell does not, it just keeps working for that user. Since the app uses OpenID, there is actually no real way for the app, to know if a user even still exists to then purge the user. A login of the user would of course not work, but since this works in releasebell without a login-session, not sure what to besides manually purging that user. Have to think more about how to better handle that, until that you may have to actually do what you proposed. I was trying to quickly come up with a mysql statement to purge, but that is more involved than I thought, due to all the constraints.

Cloudron 9.1 is currently in internal e2e testing, it depends a bit which issues pop up there, but it should happen within the next one or two weeks.

[2.9.3] Update roundcubemail to 1.6.13 Full Changelog Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075) Fix CSS injection vulnerability reported by CERT Polska. Fix remote image blocking bypass via SVG content reported by nullcathedral.

[1.15.0] Update rss-bridge to 2025-08-05 Full Changelog [FabBridge] Pull 100% discounted items via Fab API by @thefranke in https://github.com/RSS-Bridge/rss-bridge/pull/4584 [GoComicsBridge] Fix for JSON being removed by @TReKiE in https://github.com/RSS-Bridge/rss-bridge/pull/4585 [IdealoBridge] Bypass bot protection by @sysadminstory in https://github.com/RSS-Bridge/rss-bridge/pull/4588 [GoComicsBridge] Add fallback when link to current comic is missing by @TReKiE in https://github.com/RSS-Bridge/rss-bridge/pull/4589 [GolemBridge] Add tables to content by @Mynacol in https://github.com/RSS-Bridge/rss-bridge/pull/4613 [ZeitBridge] Improvements by @Mynacol in https://github.com/RSS-Bridge/rss-bridge/pull/4617 [NasestrechaBridge] Add bridge by @pprenghy in https://github.com/RSS-Bridge/rss-bridge/pull/4591 [WaggaCouncilBridge] Add bridge by @Scrub000 in https://github.com/RSS-Bridge/rss-bridge/pull/4593 [HeiseBridge] removes language-info-text, add archive.is link for people without subscription by @Tone866 in https://github.com/RSS-Bridge/rss-bridge/pull/4594 [CentreFranceBridge] Fix parser following website update by @quent1-fr in https://github.com/RSS-Bridge/rss-bridge/pull/4596

Given that the upstream project is not maintained anymore, we have hidden this in the appstore. I had also submitted a PR upstream for a basic issue which is ignored - https://github.com/aliasaria/scrumblr/pull/161

[2.81.0] Update searxng to 191818b

[1.2.0] checklist added to manifest

Guys, tyvm for your feedback. As a workaround I simply disallowed dav on a group level. Nevertheless I'll feature request this during Christmas time. ^^

[2.18.0] Update Shaarli to 0.16.0 Full Changelog v0.x branches and tags will no longer be maintained after v0.16. Always upgrade to the latest release to receive bugfixes and security patches. docs: update PHP version compatibility table fix stored XSS via suggested tags (GHSA-g3xq-mj52-f8pg) build(deps): update frontend build dependencies (js-yaml/glob)

@girish said in SickChill unlisted from app store: I hope they atleast bring back the issue tracker Out of interest, why does this matter for Cloudron? BTW, someone has replied to the thread I started on Discord informing me that the master releases are these https://pypi.org/project/sickchill/ Doesn't look like there has been a new one since March though.

[1.3.0] Update shiori to 1.8.0 Full Changelog feat(apiv1): refactor tags api (#1075) feat: add PWA support share functionality (#1060) feat: add apis to handle bookmark tags (#1081) feat: allow tag filtering and count retrieval via api v1 (#1079) feat: improve SQLite performance (#1024) feat: reverts message in json output and allows configuration (#1082) feat: support proxy forward headers authentication (#1105) fix: auth validation on existing sessions, rely on token only (#1069) fix: incorrectly set cookie's expires value in login.js (#1049) fix: parse pocket new CSV format (#1112

The upstream project is archived - https://github.com/boypt/simple-torrent/ . There has been no changes in 2 years and modules are not updated.

Hello @darrendavid and welcome to the Cloudron forum Could you please explain a little how this is connected to Cloudron? I am not sure if you are in the correct place here for this question.

[1.18.7] Update snipe-it to 8.3.7 Full Changelog Add new 'git remote' management to change Snipe-IT URLs by @uberbrady in #18245 Fixes [FD-52064] Avery L6009_A & L4736_A label field overflow with scaling by @Godmartinz in #18246 Optimize queries for Components listing by @uberbrady in #18251 Added endpoint & use_path_style_endpoint configs for public/private S3 by @Valinwolf in #18266 Experiment: simpler light/dark toggle by @snipe in #18249 Refactor assignee in Checkoutable to accept null by @Godmartinz in #18273 Check That Email Exists on Recipient in Checkout Acceptance by @spencerrlongg in #18274 Fixed #18160 - Multi-create validation fixes by @uberbrady in #18247 Fixes Manager View not displaying subordinates EULAs properly in View Assets page by @iryadifarhan in #18257 adds #17422 [FD-49345] --expired-licenses command parameter to snipeit:expiring-alerts by @Godmartinz in #18244

@james thank you so much! SOGoMailCustomFromEnabled worked prefectly!

Just checked on this again but it seems statping-ng is not going forward much . https://github.com/statping-ng/statping-ng/tags says the release was almost a year ago.

[3.5.2] Update Stirling-PDF to 2.5.2 Full Changelog Security improvements Ruler / Measure support in the viewer writing to forms not working on OSS (package now moved fully to OSS) Possible fix for mac desktop issues desktop not being detected as desktop all the time license checks not having a retry desktop having wrong publisher ID Add plist file for Mac permissions by @​jbrunton96 in Stirling-Tools#5756 ruler support by @​Frooodle in Stirling-Tools#5758 fix publishing for tauri author by @​Frooodle in Stirling-Tools#5757

[1.12.0] chore(deps): update dependency apache-superset to v6

Hello @rosano The GitHub action is for pushing code from a GitHub repo directly into an app. Like for surfer or LAMP.

[1.33.15] Update syncthing to 2.0.14 Full Changelog

We only published a fixed package now, based on the alternative LDAP plugin

[1.11.1] Update recipes to 2.5.1 Full Changelog improved ingredient parser handling of leading special characters (like ,.-_=+#*|/) changed start page link icon to "more" text for opening search fixed ical issues #​4429 fixed recipe view performance degradation (thansk to @​poikilotherm #​4426) fixed syntax error in template breaking recipe view and editor #​4421 fixed creating food trough shopping list entry failing #​4418 fixed admins could include arbitrary local files trough local storage provider https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6485-jr28-52xx fixed server side request forgery trough redirects/dns rebinding attacks https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-j6xg-85mh-qqf7 fixed issue with diameter scaling when base servings were not 1

[1.5.1] checklist added to manifest

@timconsidine said in Teddit Subscriptions no longer working: Just FYI - my LibReddit - selfhosted as Docker on another VPS = is still working. But now it is down. Maybe they have caught up with me.

[1.22.1] checklist added to manifest

@Sam_uk we have unlisted TLDraw by now. Please see https://forum.cloudron.io/topic/10806/no-more-updates-to-tldraw . The license and company direction has changed.

[1.23.1] Update traccar to 6.12.1 Full Changelog Added WhatsApp notification support. Added per-geofence notification settings. Added searchable select fields for report filtering. Reports now show all devices by default when none are selected. Added a geofences report. Added geofence, driver, and motion display options for the device list on the main screen. Implemented a device activity timeline. Added geofence floor and ceiling attributes. Removed web throttling. Multiple security fixes. Removed default TimescaleDB retention. Many smaller protocol fixes and general improvements.

[2.6.3] Update libretranslate to 1.8.4 Full Changelog Add --translation-cache by @pierotofy in #912 Update argos-translate, use MINISBD by @pierotofy in #928

[2.5.0] Update transmission to 4.1.0 Full Changelog Improved TP download performance. (#​6508) Added support for IPv6 and dual-stack UDP trackers. (#​6687) Support trackers that only support the old BEP-7 with &ipv4= and &ipv6=. (#​7481) New JSON-RPC 2.0-compliant RPC API. (#​7269) Added optional sequential downloading. (#​4795) Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#​7819, Qt Client) Fixed 4.0.6 bug where Transmission might spam HTTP tracker announces. (#​7086) Improved libtransmission code to use less CPU. (#​4876, #​5645, #​5715, #​5734, #​5740, #​5792, #​6103, #​6111, #​6325, #​6549, #​6589, #​6712, #​7027, #​7744, #​7800) Avoid unnecessary heap memory allocations. (#​5519, #​5520, #​5522, #​5527, #​5540, #​5649, #​5666, #​5672, #​5676, #​5720, #​5722, #​5725, #​5726, #​5768, #​5788, #​5830, #​6542) Slightly reduced latency when sending protocol messages to peers. (#​5394)

[1.27.2] Update Trilium to 0.101.3 Full Changelog SQL Console: cannot copy table data by @SiriusXT Title is not selected when creating a note via the launcher by @SiriusXT Popup editor closing after inserting a note link by @SiriusXT New Mermaid diagrams do not save content by @lzinga Can't scroll mermaid diagram code Max content width is not respected when switching between note types in the same tab Crash When a Note Includes Itself Severe Performance Degradation and Crash Issues Due to Recursive Inclusion in Included Notes is not a launcher even though it's in the launcher subtree Archived subnotes of direct children appear in grid view without #includeArchived

[2.78.0] Update tt-rss to ca31740

[1.23.2] Update typebot.io to 3.15.2 Full Changelog Fix app router automatically adding transfer-encoding: chunked header to backend requests 69efa2f

[3.23.0] Add optional redis

[2.0.7] Update cloudflared to 2026.2.0

Closed due to inactivity note: mods are working, asked @BrutalBirdie he tested it briefly

[1.82.2] Update vault to 1.21.2 Full Changelog auth/oci: bump plugin to v0.20.1 core: Bump Go version to 1.25.5 packaging: Container images are now exported using a compressed OCI image layout. packaging: UBI container images are now built on the UBI 10 minimal image. secrets/azure: Update plugin to v0.25.1+ent. Improves retry handling during Azure application and service principal creation to reduce transient failures. storage: Upgrade aerospike client library to v8. core/activitylog (enterprise): Resolve a stability issue where Vault Enterprise could encounter a panic during month-end billing activity rollover. http: skip JSON limit parsing on cluster listener. quotas: Vault now protects plugins with ResolveRole operations from panicking on quota creation. replication (enterprise): fix rare panic due to race when enabling a secondary with Consul storage.

thank you James !

[1.73.1] Update verdaccio to 6.2.7 Full Changelog fix(deps): update dependency lodash to v4.17.23 (6.x) by @​renovate[bot] in #​5577 fix(deps): update dependency cors to v2.8.6 (6.x) by @​renovate[bot] in #​5576 fix(deps): update dependency semver to v7.7.4 (6.x) by @​renovate[bot] in #​5578 fix(deps): update dependency @​cypress/request to v3.0.10 (6.x) by @​renovate[bot] in #​5580

Hello @bytepartner Please see: https://docs.cloudron.io/packages/vikunja With the config file you can control e.g.: self-registration (which is disabled by default when using the Cloudron user management). As far as I know, Vinkunja does not have Admin accounts, you will have to use the vinkunja cli => https://vikunja.io/docs/cli/ You can open the Web Terminal of your Vinkunja Cloudron app and just do e.g.: vikunja user create --help Create a new user. Usage: vikunja user create [flags] Flags: -a, --avatar-provider string The avatar provider of the new user. Optional. -e, --email string The email address of the new user. -h, --help help for create -p, --password string The password of the new user. You will be asked to enter it if not provided through the flag. -u, --username string The username of the new user.

@timconsidine said in Self-hosted VPN server made EASY!: Fine - live in your own world then. I tried but some people can't read the room

[2.5.6] Update wallabag to 2.6.14 Full Changelog Change version in wallabag.yml by @nicosomb in #8251 Fix deprecation by @j0k3r in #8267 Add annotations filter to entries API endpoint by @skn in #8346 Update dependencies by @yguedidi in #8435 Bump deps (mostly for siteconfig) by @j0k3r in #8489 Fix reading time computation for short entries by @andreadecorte in #8332 Fix urls parameter when sending many urls to be stored using the API by @j0k3r in #8488 Prepare 2.6.14 by @j0k3r in #8494

[1.19.1] Update Wallos to 4.6.1 Full Changelog vulnerabily on add subscription endpoint (#​991) (76a53df)

[1.20.1] Update whitebophir to 1.22.1 Full Changelog

[1.37.0] Update weblate to 5.16 Full Changelog

[4.101.0] Update wekan to 8.33 Full Changelog Admin Panel/Settings/Layout, for PWA: Custom head meta, link, icons, assetlinks.json, site.webmanifest. Migrate wekan-ldap to async API for Meteor 3.0. Updated dependencies.

[1.13.5] Update wiki to 2.5.312 Full Changelog 6ae53bf - map OIDC/OAuth2 avatar claims to user pictureUrl (MR #​7908 by @​mod242) 3ba58f7 - apply theme style to embedded diagram svg (MR #​7903 by @​tribut) 3dcf20a - diagram svg styling add !important qualifier for light scheme (MR #​7905 by @​tribut) 7ae6635 - validate loginRedirect cookie to prevent open redirect (MR #​7923 by @​kolega-ai-dev) d14b0a5 - authenticate GraphQL subscription WebSocket connections (MR #​7922 by @​kolega-ai-dev)

[2.14.0] Update woodpecker to 3.13.0 Full Changelog Update quic-go/qpack & quic-go/quic-go #5885 fix: updateRepoPermissions to cleanup old permissions #5790 Add cli contexts #5929 Use repo-user for api call of cron #5967 Close opened file on LogFind #5961 Delete/Deactivate repo ignores missing repo at forge #5953 Correctly update repo permissions #5928 Revert repos pagination for GH and BB #5924 fix: send correct argument to rpc call for name/url #5922 fix: secrets-file flag #5909

It seems manually restarting mysql allowed it to get unstuck and finish uninstalling. Perhaps if I'd have tried that before I'd have gotten it up update too.

Right, ubuntu will upgrade imagemagik to 7 in ubuntu 26.04 (April 23, 2026) . We actually make our own IM builds in discourse app, but in this specific case, let's just wait for ubuntu 26.04.

[1.4.1] checklist added to manifest