[1.9.0] Update 2FAuth to 6.1.1 Full Changelog issue #​532 Unable to create new entries via the Advanced Form MR #​526 Chinese Traditional translation, thanks to @​olivertzeng MR #​527 Allow pasting on upload page to add QR codes easily, thanks to @​moritzuehlingo BLOCK_OPTAUTH_IMAGELINK_FETCHING: Enable or disable fetching of resources linked in the imagelink parameter of OTPauth URIs encoded in QR codes (doc). THROTTLE_API_DURING_IMPORT: Specific rate limite for API calls made by the Import feature to prevent 429 error during large import (doc, #​522). Mitigate blind SSRF by adding URL validation before imagelink resources are fetched (thx @​DenizParlak). This comes with the new BLOCK_OPTAUTH_IMAGELINK_FETCHING env var, which is set to true by default. Installation fails due to CVE-2025-45769 in transitive dependency firebase/php-jwt < 7.0.0 (via laravel/passport) (thx @​MickLesk) [issue #​509] manifest.json cannot be accessed through a reverse proxy [issue #​516] Local iconsPack is greyout - cant be selected for item [issue #​517] Typo: "recommanded" instead of "recommended"

[1.7.1] Update Ackee to 3.5.1 Full Changelog Several dependencies have been updated to their latest versions to bring in security patches and improvements ackee-tracker has been updated to fix an issue where visits were not recorded when the website had an empty document.referrer. You might have seen lower visit counts since version 3.5.0 when your website had no referrer, e.g., when visiting it directly or via bookmarks.

[1.23.0] Update actual to 26.3.0 Full Changelog Compare Source View release notes

[1.14.12] Update AdGuardHome to 0.107.73 Full Changelog Authentication is now applied to requests that have been upgraded from HTTP/2 Cleartext (H2C) requests to public resources. Incorrect client IP logging in failed authentication attempts when using a proxy ([#​8198]). Incorrect logger behavior in case -v flag is added.

This look like a good replacement for Alltube (which we were using) https://github.com/alexta69/metube

[1.25.1] Update ampache to 7.9.1 Full Changelog Translations 2026-02-20 Config version 87 Add cli_no_color to disable colors for cli output Add user_create_apikey to add an API Key to the account when a new user is created admin:updateUser: Reset user API key, Stream token, RSS token and access level admin:listUsers: Add -a|--apikey parameter to print the user API key admin:listUsers: Only print user from username or user id. If both are set use username Return an error when all items in scrobble call are not found Custom CSS path folder MPD status incorrectly stopping processes

[1.7.0] Update answer to 2.0.0 Full Changelog New: AI Assistant feature (@​shuashuai @​LinkinStars #​1479) New: MCP server feature (@​LinkinStars @​shuashuai #​1480) New: API Keys feature (@​LinkinStars @​shuashuai #​1482) New: Editor plugin support (@​robinv8 #​1481) Fixed: Add user in the Admin, no result prompt after submission (@​bimakw #​1457) Fixed: Fix/external id notification (@​IfDougelseSa #​1465) Fixed: fix: expand avatar column length from 1024 to 2048 (@​csouls #​1463) Fixed: When the input type of SchemeForm is a number, the default value of 0 is not displayed.@​shuashuai

@girish I understand. Thanks!

Hello @andreasdueren Thanks for the report. Fixing it right now.

[1.97.1] Update audiobookshelf to 2.33.1 Full Changelog API Keys not respecting user enabled/disabled flag Podcast episode update endpoint sanitizes HTML for subtitle Playlist & collection create/update endpoints strip HTML tags from name More strings translated Belarusian by @​pavel-miniutka German by @​fabianjuelich Spanish by @​cyphra

Thanks for reporting here @gardinermichael . We have in fact hidden the app package because there were many issues with it and we couldn't manage to get it to be stable . Maybe we should revisit this.

[1.35.10] Update uv to 0.10.12 Full Changelog Add pypy 3.11.15 (#​18468) Add support for using Python 3.6 interpreters (#​18454) Include uv's target triple in version report (#​18520) Allow comma separated values in --no-emit-package (#​18565) Show uv audit in the CLI help (#​18540) Improve reporting of managed interpreter symlinks in uv python list (#​18459) Preserve end-of-line comments on previous entries when removing dependencies (#​18557) Treat abi3 wheel Python version as a lower bound (#​18536) Detect hard-float support on aarch64 kernels running armv7 userspace (#​18530)

[1.6.3] Update beszel to 0.18.4 Full Changelog Add outbound heartbeat monitoring to external services by @​amirhmoradi in #​1729 Add experimental GPU monitoring for Apple Silicon by @​raccettura. (#​1747, #​1746, docs) Add nvtop integration for GPU monitoring. (#​1508) Add GPU_COLLECTOR environment variable to manually specify the GPU collector(s). SMART: add eMMC health via sysfs by @​VACInc in #​1736 Add DISABLE_SSH environment variable to disable SSH agent functionality. (#​1061) Add fingerprint command to the agent. (#​1726) Include GTT memory in AMD GPU metrics and improve device name lookup. (#​1569) Improve multiplexed logs detection for Podman. (#​1755) Harden against Docker API path traversal.

[2.0.1] Update BookStack to 26.03.1 Full Changelog Updated queries used for pages in markdown exports. Updated handling of filenames for file serving. Updated PHP package versions. Update Instructions Update details on blog

[0.4.0] Fix env.sh

Hello @miednr @miednr said in Docker Remote Builder cannot push to private Cloudron Registry – no basic auth credentials due to read-only HOME / missing Docker config: Could you please provide some commands to check, where the problem's cause is? I have set up my docker registery under dr.cloudron.dev and the build service under cbs.cloudron.dev. I run the command from the build service once: cloudron build login --url 'https://cbs.cloudron.dev' --build-token 4d9e63406e98c078e296f6f273d5d9adb080643d50dd1d82b687af8c414cf915 When I now build a custom app I run: cloudron build --file ./Dockerfile --set-repository dr.cloudron.dev/org.cloudron.copyparty --tag 0.1.0

The fix for this has now been released in Cal.com 6.2.0

Thanks! @girish If this problem cannot be solved with a non deterministic solution (LLM) then maybe AI/LLM is not a fit (assuming it is used here?)

Hello @luckow This is not documented very well. Had to look into the Castopod code to find the URL path to the API. https://github.com/ad-aures/castopod/blob/bc041702dd8058ae8e1831b9609827c911a5a626/modules/Api/Rest/V1/Config/RestApi.php#L35 public string $gateway = 'api/rest/v1/'; So the full URL would be https://castopod.cloudron.dev/api/rest/v1/podcasts curl https://castopod.cloudron.dev/api/rest/v1/podcasts [] After creating one: curl https://castopod.cloudron.dev/api/rest/v1/podcasts [{"id":1,"guid":"2bdee7b8-8131-5888-b4da-713d7b3a124a","actor_id":1,"handle":"demopadcast","title":"Demo Podcast","description_markdown":"DESC","description_html":"<p>DESC</p>\n","cover_id":3,"banner_id":null,"language_code":"en","category_id":1,"parental_advisory":null,"owner_name":"james","owner_email":"james@cloudron.example","is_owner_email_removed_from_feed":true,"publisher":"","type":"episodic","medium":"podcast","copyright":"","episode_description_footer_markdown":null,"episode_description_footer_html":null,"is_blocked":false,"is_completed":false,"is_locked":true,"imported_feed_url":null,"new_feed_url":null,"payment_pointer":null,"location_name":null,"location_geo":null,"location_osm":null,"verify_txt":"","custom_rss":null,"is_published_on_hubs":false,"partner_id":null,"partner_link_url":null,"partner_image_url":null,"is_premium_by_default":false,"created_by":1,"updated_by":1,"published_at":null,"created_at":{"date":"2026-03-03 11:06:44.000000","timezone_type":3,"timezone":"UTC"},"updated_at":{"date":"2026-03-03 11:06:44.000000","timezone_type":3,"timezone":"UTC"},"feed_url":"https://castopod.cloudron.dev/@demopadcast/feed.xml","actor_display_name":"Demo Podcast","cover_url":"https://castopod.cloudron.dev/media/podcasts/demopadcast/cover.jpg","categories":[{"id":1,"parent_id":null,"code":"arts","apple_category":"Arts","google_category":"Arts","translated":"Arts"}]}]

[1.29.4] Update changedetection.io to 0.54.5 Full Changelog Restock - No need to extract the text because it's not used anyway by @​dgtlmoon in #​3951 Content fetching -Better detection of other encodings, Replace/upgrade broken UTF-8 , Ensure rest of retrieved content is UTF-8 for the app by @​dgtlmoon in #​3954 UI - Price amount is sometimes string or integer by @​dgtlmoon in #​3950 *CI - Bump the all group with 5 updates by @​dependabot[bot] in #​3955 Various memory and CPU improvements by @​dgtlmoon in #​3960 Add complete Spanish translation (es) by @​adriangc24 in #​3961 Create (POST) tag/group through API do not save processor_config_restock_diff values by @​dgtlmoon in #​3968 UI - Fixing Preview "GO" version button by @​dgtlmoon in #​3969 API - Invert changes_only flag for include_equal parameter by @​dgtlmoon in #​3976

[1.50.0] Update chatwoot to 4.12.0 Full Changelog Captain can now decide when to resolve conversations (Enterprise) Assignment V2 is now available on all installations Help Center improvements, including draft locales, category reordering, and search improvements Added refresh token support for the Linear integration Added outgoing attachments for TikTok in supported regions Added webhook health and registration for WhatsApp Cloud Added mobile WebView support for the widget Slack replies now show the correct agent name and avatar Agent bots can now toggle typing status Numerous bug fixes, UI fixes, and performance enhancements

[1.47.0] Update code to 25.04.9.3.1

[1.8.0] Update comentario to 3.17.0 Full Changelog Add custom moderator name feature (#​222) - 66d2bcc, 753451c, 61cc240, ff9e89f, 400f7e5, 8425ce6, 4bab9e2, c1a4ec3, 467bcc0 Add support for PostgreSQL 18 (#​224) - 84c93da Backend: fix resource leak in DecompressGzip() - 58cfbe7 Backend: fix Postgres restart loop with a non-public schema (#​225, !24) - 9137e53, 4476b1b I18n: add Portuguese messages (pt) by @​pt.cesar.monteiro - bbc7303 I18n: add Ukrainian translation (uk) by @​kleindberg - 3e7ca17 Go 1.26, update dependencies, modernise code - 33d3044, a4232a7, 4605e5c, cab77fb, 3b97e19, 58a1146, 53e905a, 8464344, 1e193e3, 0c1de70, 8c7cc53 Demo website: add predefined comments to Ukrainian page (also !30) - 724a0ad Demo website: fix comment and config statements - 2a3516d, 25e7a30

@gh0stface yup, they made a release yesterday it seems and it should have the PRs we made upstream. @vladimir-d is checking the package again.

@girish Yep, exactly that. AnyType and Appflowy are growing in popularity. Would be nice to see them

Not too sure what the feature here would be, but once connected, the app exposes address books individually already, so in davX or thunderbird or so, you can then select which address book should be synced. Or is this some other feature which is asked for?

@atridad Thanks for the heads up, the app is gone from our library as well.

@archos interesting it knows how to access the old doc to make a new copy. Nice find!

@jypelle this is possible if the package is adjusted to have the config file available in /app/data and a script to restart/reload the relevant service.

yeah forgot to mention that in the changelog, given the low feedback on the webdav integration, I didn't expect it to be used much at all. So the previous version had a longstanding bug essentially where only the user's home was exposed via webdav but not group folders nor shared items. This was the fix to introduce new toplevel items: [image: 1773397779254-517ea14b-e37d-4e61-8cbf-cc5bde739b4b-image.jpeg]

[1.8.4] Update dawarich to 1.3.4 Full Changelog Redesigned onboarding modal with two paths: "I have data" (inline file import) and "Start tracking" (app download + QR code). New users with existing location data can now start importing within 2 clicks of signing up. Onboarding completion is now persisted server-side (settings.onboarding_completed) instead of relying solely on localStorage, preventing the modal from reappearing after browser data clears. Route opacity data migration now runs as a background job instead of inline during migration, improving deployment reliability for large instances. Fix admin and supporter tooltip overflowing the page on narrow screens. #​1449 Fix date navigation arrow tooltips overlapping with the navbar on map pages. #​2229 #​2100 Fix infinite loading spinner when a trip has no points in its date range. #​2293 Fix Insights monthly digest panels disappearing when switching months. #​2305 Fix suggested visit confirm/decline not removing the visit from the list. #​2307 Fix Stats page reloading when clicking "countries, cities" link. #​2270 Fix map base layer selection not being restored after page reload (Maps v1). #​2093

[2.16.1] Update directus to 11.16.1 Full Changelog Updated latest models for Anthropic, Google, and OpenAI providers (#​26865 by @​bryantgillespie) Updated latest models for Anthropic, Google, and OpenAI providers (#​26865 by @​bryantgillespie) Fixed creation of related item with empty or default state (#​26844 by @​powerseed) Added field level MIME type restriction to file-image interface (#​26831 by @​AlexGaillard) Fixed AI tool approval flow hanging after approving provider-executed tools. (#​26839 by @​bryantgillespie) Fixed custom Vue operation options to persist edited values in Flow settings. (#​26832 by @​AbdelhamidKhald) Fixed an invalid filter for M2M interfaces when the item Id is null (#​26857 by @​ComfortablyCoding) Fixed folder navigation state being lost when reopening file selection drawer (#​26649 by @​costajohnt) Enforced MIME type allow list on remaining v-uploads missed in first round (#​26821 by @​robluton) Fixed client side validation breaking in drawer when dynamic variable is present. (#​26795 by @​powerseed)

Hello @2tonwaffle Cloudron is handling all updates for you. You can ignore the in-app update notices.

[2.4.1] disable telemetry

[1.19.0] Update documenso to 2.8.0 Full Changelog fix: upgrade @​libpdf/core by @​Mythie in #​2569 fix: upgrade @​libpdf/core by @​Mythie in #​2572 feat: add pdf image renderer by @​dguyen in #​2554 fix(i18n): mark dropdown and radio placeholder for translation by @​mKoonrad in #​2537 fix: show current month data and add caching by @​ephraimduncan in #​2573 feat: add embedded envelopes by @​dguyen in #​2564 fix: performance improvements by @​dguyen in #​2581 feat: implement template search functionality by @​catalinpit in #​2376 feat: auto-disable telemetry when license key is configured by @​ephraimduncan in #​2562 fix: make signing page left-hand sidebar collapsible by @​catalinpit in #​2541

[1.12.0] Update community to 5.14.0 Full Changelog Added Spanish language support

[1.14.0] Update docuseal to 2.4.0 Full Changelog Remove emails from the signature reason Dynamic documents - convert DOCX files to dynamic documents with dynamic content [[variables]] editable directly in the template builder

[1.26.0] Update dokuwiki-plugin-oauth to 2025-10-23

Fixed by setting my own cron job https://forum.cloudron.io/topic/14965/which-user-for-cron-task/4?_=1773687776018

[1.7.1] Update easyappointments to 1.5.2 Full Changelog Fix the GTag script URL html rendering (#​1666) Fix the "Load More" JS error in secretaries page (#​1677) Fix the PHP compatibility error of the appointments index API endpoint (#​1678) Catch individual email delivery exceptions (#​1670) Apply permission checks to the appointment and unavailability search (#​1753) Make sure the sync button is visible on provider log in (#​1749) Update unavailable dates after applying appointment data while rescheduling (#​1662) Make sure that any-provider does not include hidden providers while generating availability (#​1733) Provide "text" version of the emails in addition to HTML (#​1711) Trigger webhook requests when managing records via the API (#​1676)

[1.18.2] Update Emby.Releases to 4.9.3.0 Full Changelog Add user option to set user's auto remote quality Add library option to use legacy folder scanning method Music transcoding fixes Add landing tab option for book libraries Support volume control with youtube trailer player Update mixed content tabs to combine Movies & Shows Fix maintenance mode blocking some settings screens Fix embedded audio fields not getting rescanned on file changes Fix loss of genre and collection images after deleting a movie Fix latest section not showing items for some channel plugins

[2.20.3] Update espocrm to 9.3.3 Full Changelog Currency rates in database not updated until rebuild #​3605

Got it. Thank you.

[1.19.1] Update evcc to 0.303.1 Full Changelog 385296f HomeAssistant: fix changelog (#​28257) 706b637 Optimizer: fix invalid battery capacity d0a0dc5 SGready: fix panic

[2.0.0] Update fider to 0.33.0 Full Changelog Please note new license changes Open Core Licensing: Some features (content moderation, search indexing) are now gated as pro features, with a new commercial licensing system using separate private/public key environment variables. Content Moderation (Pro): Admins can now moderate posts and comments before they go public, trust or block individual users, and manage pending content from a dedicated admin page. Content moderation is available as a pro feature. Revamped UI: The home page and post detail view have been refreshed with a cleaner design, better dark mode support, improved mobile layouts, and post details now open in a modal without a full page reload. Security: Sign-in email links now use a strong 64-character key (manual entry still uses a 6-digit code for convenience). Fixed search with hyphenated words Option to keep failing webhooks enabled rather than auto-disabling them Fixed issue adding links via the toolbar button Fixed filter/sort state persisting when navigating back from a post Fixed vote listing issues Post tags now update live in the listing without a page reload

[1.15.0] Update filepizza to 60704b4

[1.1.1] Update fmd-server to 0.14.1 Full Changelog Initial translation support, by @​warioishere (#​64) Translate web interface in many languages (thank you translators!) Fix hosting in sub-directory (#​132) Graceful shutdown when SIGINT or SIGTERM is received (#​139)

[3.11.6] Update firefly-iii to 6.5.6 Full Changelog Add the ability for Fosstodon posts to read a summary of the changelog. Lots of code cleanup and small quality issues fixed. Issue 11803 (Monthly Left budget not correct) reported by @​fabienfitoussi Issue 11641 (Annual budget Remaining resets in subsequent months) reported by @​maxwell5555 Discussion 11879 (Searching for accounts should include inactive accounts?) started by @​b-ryan Issue 11916 (Balance is not recalculated when multiple transactions are selected and then deleted) reported by @​elp3dr0 Discussion 11936 (Links in emails don't link to correct domain) started by @​SamLMB Issue 11944 (Stale available_budgets rows prevent disabling a currency after switching default) reported by @​k-leveller Issue 11953 ("Actions" buttons no longer appears after selecting multiple transactions) reported by @​crtxcr Issue 11954 (Search results are not shown after loading) reported by @​fabienfitoussi

[2.8.2] Update formbricks to 4.8.2 Full Changelog fix: [Backport] backports sentry improvement and loading page fix by @​pandeymangg in #​7534 fix: [Backport] backports the sdk initialization issues by @​pandeymangg in #​7536

Is cloudron@ the admin or default user?

@girish apologies, I jumped the gun on that last post. You were right. I had a look at the box source code (src/scheduler.js, src/docker.js) and the manifest command IS respected by the scheduler. The php artisan schedule:run on my instance came from a custom crontab entry carried over when we migrated from a standalone install to Cloudron over 2 years ago. That entry must have slipped through unnoticed, but it explains everything. After removing it, the scheduler container (now suffixed -housekeeping instead of -crontab.0) correctly runs cron.sh: $ docker inspect --format '{{.Config.Cmd}}' 1af144bb-fbf4-434d-8edd-bb4b95c00ef5-housekeeping Cmd: [/bin/sh -c /app/pkg/cron.sh] Things are working correctly with cron.sh + gosu now I should have caught this sooner. In my defense (barely), the Cron tab of the app doesn't mention that commands run as root. I eventually found it in the documentation at the bottom of the Cron page. A small note in the Cron tab itself would probably help others avoid the same mistake. Cheers, JD

Hi all, Following this guide: https://freshrss.github.io/FreshRSS/en/users/09_refreshing_feeds.html#refreshing-feeds I added to Cloudron app Crontab this line: 30 18 * * * /usr/local/bin/gosu www-data:www-data php /app/code/app/actualize_script.php and then this: 30 18 * * * /app/code/app/actualize_script.php In both cases feeds are not updated... Any help?

@joseph As I understood it, not even that. MEDIA_ROOT is where all media uploaded gets stored. MUSIC_DIRECTORY_PATH is like an import folder where you can manually upload files that then get imported. But I am not 100 % certain, it is still confusing for me.

[4.155.0] Update ghost to 6.22.0 Full Changelog Added retention offers (#​26747) - Sag Added separate Server and Admin build versions to About dialog (#​26769) - Rob Lester Fixed N+1 queries and broken reply limit in comments API - Rob Lester Fixed bookmark filtering in Welcome Emails editor (#​26742) - Evan Hahn Fixed race condition in reply-to-reply comment form - Rob Lester

There is a discussion here, but I don't understand it - https://github.com/go-gitea/gitea/issues/22066

Yes, it's only jekyll. Not an expert on next.js but I think it also needs a backend right ? If so, you have to create a custom package - https://docs.cloudron.io/packaging/tutorial/

[1.114.0] Update gitlab-foss to 18.10.0 Add #find_by_id_through_partition to Ci::Pipeline (merge request) Prevent use of REST lifecycle terms in free text fields (merge request) Reduce GraphQL query complexity for security inventory query (merge request) GitLab Enterprise Edition Add separate queue for backfilling (merge request) GitLab Enterprise Edition Adds work_item_type_ids filter to GraphQL (merge request) Create offline transfer route and controller (merge request) Enable bso_minimal_access_fallback feature flag by default (merge request) GitLab Enterprise Edition Show custom WI types within Custom Fields config (merge request) GitLab Enterprise Edition Add Vulnerabilities Over Time chart to PDF export (merge request) GitLab Enterprise Edition Add override action display to policy drawer (merge request) GitLab Enterprise Edition

[1.0.1] Update glpi to 11.0.6 Full Changelog Security fixes

[1.23.1] Update gogs to 0.14.2 Full Changelog Security: Cross-repository LFS object overwrite via missing content hash verification. #​8166 - GHSA-gmf8-978x-2fg2 Security: Stored XSS via data URI in issue comments. #​8174 - GHSA-xrcr-gmf5-2r8j Security: Release tag option injection in release deletion. #​8175 - GHSA-v9vm-r24h-6rqm Security: Stored XSS in branch and wiki views through author and committer names. #​8176 - GHSA-vgvf-m4fw-938j Security: DOM-based XSS via issue meta selection on the issue page. #​8178 - GHSA-vgjm-2cpf-4g7c Unable to update files via web editor and API. #​8184

[2.4.1] Update grafana to 12.4.1 Full Changelog AccessControl: Invalidate scope resolver cache on datasource deletion #​118741, @​mihai-turdean Go: Update to 1.25.8 #​119693, @​macabu Rendering: Add support for custom CA certs in Image Renderer #​118859, @​mrevutskyi AccessControl: Fix test utility for datasource deletion permissions cleanup (Enterprise) Alerting: Change scope for testing new receivers to use supported resource type. #​118495, @​yuri-tceretian Alerting: Fix CollateAlertRuleGroup migration for MariaDB compatibility #​119028, @​alexander-akhmetov

IMPORTANT Packages starting 1.8.6 to 1.9.0 have been revoked. 1.8.6 - 1.8.13 - Upstream has removed all 1.7.50.x packages. See https://discourse.getgrav.org/t/upgrade-to-grav-v1-7-50-9-not-working/29222/4 1.9.0 - had incorrect beta version update

[1.10.0] Update greenlight to 3.8.0 Full Changelog Contains multiple security fixes that will not be be made public before April 3, 2026 Display protected recording formats only if a recording is protectable (#​6196) Multiple gem + package updates Add optional Accessibility Statement Link (#​6184) Allow Admins to send password reset emails for local users (#​6197) Add RTL support (#​6187) Add disableFormControls functionality to JoinCard (#​6217) Language Updates

[0.5.1] Update grist-core to 1.7.11 Full Changelog Optional authentication using getgrist.com accounts Import from Airtable New environment variables have been added to provide better control over which users are able to access your Grist instance. GRIST_PERSONAL_ORGS will disable personal organizations, while GRIST_ORG_CREATION_ANYONE will prevent any non-admins from creating new organizations. Configurable email notifications for suggestions Allow the maximum options limit on Forms to be configured (defaults to 30 options, configurable up to 1000) Limit GVisor to 8 process by default Display references and reference lists in a friendlier fashion Prevent conditional formatting changes from being displayed as suggestions Add a confirmation dialog when a resource is being shared publicly Hide the bell icon showing connection state when Grist is connected and functioning normally

Hello @albertbeaufrand and welcome to the Cloudron Forum This topic is a duplication of https://forum.cloudron.io/post/97415 and will be merged into it. Please read the responses above to get the full answer to your question.

[1.11.0] Update base image to 5.0.0

[1.21.4] Update hedgedoc to 1.10.7 Full Changelog Random colors for user's cursors and selections are now always in hex format to avoid conversion errors Correctly close realtime connections if they disconnect during connection creation manage_users CLI does not silently drop errors

Hello @garza I am not 100% sure why, but the field is set to disabled: [image: 1774000765556-b82cf75a-23ca-4a2c-814e-8478ba06303c-image-resized.jpeg] If you change that to enabled: [image: 1774000826402-0ba4ab92-81ee-4c69-9ca4-f6b886953662-image.jpeg] you will be able to set up a device: [image: 1774000953186-8b5f5502-d32e-45ab-b3c2-c3ab786d53e8-image-resized.jpeg]

[1.9.1] Update humhub to 1.18.1 Full Changelog Fix #​8003: Migration::foreignIndexExists() doesn't find tables in braces Fix #​8002: Comment dropdowns truncated (e.g. to select a title) Fix #​8007: Fix unsaved changes warning on Profile Edit page Fix #​8008: Space Tour Wrong Target for "Preferences" menu Fix #​8013: Fix error displaying on update a module Fix #​8009: Administration Group label misplaced Fix #​8012: Modal backdrop over the account deletion modal for new Users Enh #​8017: Exclude vendor from module i18n extract Fix #​8020: Some email notifications are missing auto-contrast for the button text color Fix #​8027: Cannot register if showRegistrationForm is disabled

[1.98.0] Update immich to 2.6.1 Full Changelog Fixed a failed migration issue on the mobile app when the URL Switching feature is used fix(server): fallback to email when name is empty by @​jrasm91 in #​27016 fix: ignore errors deleting untitled album by @​jrasm91 in #​27020 fix(web): wrap long album title by @​jrasm91 in #​27012 fix(web): stop in-progress uploads on logout by @​jrasm91 in #​27021 fix: writing empty exif tags by @​danieldietzler in #​27025 fix(web): disable send button by @​jrasm91 in #​27051 fix(mobile): server url migration by @​mertalev in #​27050

[1.19.0] Rename to Ip2location due to trademark collision

@jdaviescoates Thanks - Not the I have not though about this, but, at last, this could only be a temporary solution following our infrastructure setup. It also does not solve the underlying OIDC issue, which I very much find intriguing.

[1.12.2] Update companion

[1.22.3] Update invoiceninja to 5.13.3 Full Changelog Inject small delay into client webhooks to allow contacts to be returned. Fixes for e-invoice notifications Updates for PEPPOL SE sending Ensure GoCardless displays correct payment method type Updated Translations

[1.13.2] Update jellyfin to 10.11.6 Full Changelog Prioritize better matches on search [MR #15983], by @Shadowghost Fix artist display order [MR #15816], by @theguymadmax Restore weekly refresh for library folder images [MR #16046], by @theguymadmax Be more strict about PersonType assignment [MR #15872], by @Shadowghost Fix birthplace not saving correctly [MR #16020], by @theguymadmax Trim music artist names [MR #15808], by @theguymadmax Add mblink creation logic to library update endpoint. [MR #15965], by @Collin-Swish Fix watched state not kept on Media replace/rename [MR #15899], by @MarcoCoreDuo Skip hidden directories and .ignore paths in library monitoring [MR #16029], by @theguymadmax Revert "always sort season by index number" [MR #15950], by @theguymadmax

App discontinued due to no upstream updates.

[1.12.1] Update Jirafeau to 4.7.1 Full Changelog Fixed another possibility to bypass the checks for CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066 (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image". When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled. The default value of max_upload_chunk_size_bytes was set to 5000000. Higher values could trigger a bug Chromium-based browsers on servers with HTTP/3 enabled, causing asynchronous uploads to fail.

Hello everyone, Is there any hope that Jitsi Meet will return as an app for Cloudron? Many thanks!

Stupid question but when using this does a copy of a user's joplin nots remain on the server or do notes just pass through? My understanding is that webdav files can grow pretty big

[1.58.4] Fixup doc URL

[1.17.5] Update kanboard to 1.2.49 Full Changelog fix(ldap): ensure LDAP placeholders are escaped fix: restore Ctrl+Enter submission on the task creation form feat(locale): update translations feat: prevent protocol-relative URL redirects after login feat: block private network access for external web link (configurable) feat: add TRUSTED_PROXY_NETWORKS config option

[1.9.1] Add optional OpenID integration for new installations

[1.5.6] Update keycloak to 26.5.6 Full Changelog CVE-2026-1180 - Blind Server-Side Request Forgery (SSRF) in Keycloak OIDC Dynamic Client Registration via jwks_uri oidc CVE-2026-1035 - Keycloak Refresh Token Reuse Bypass via TOCTOU Race Condition oidc CVE-2025-14777 - Keycloak IDOR in realm client creating/deleting CVE-2025-14082 keycloak-server: Keycloak Admin REST API: Improper Access Control leads to sensitive role metadata information disclosure CVE-2026-3121 - Keycloak: Privilege escalation via manage-clients permission CVE-2026-3190 - Information Disclosure via improper role enforcement in UMA 2.0 Protection API core CVE-2026-3911 Keycloak: Information disclosure of disabled user attributes via administrative endpoint user-profile CVE-2026-2366 Authorization Bypass: Unprivileged tokens can enumerate user organization memberships organizations Federated user disabled when external DB unavailable, never re-enabled storage AUTH_SESSION_ID cookie reuse causes cross-user session contamination on re-authentication authentication

Hello @ikalou and @andreasdueren This is a known issue. I have merged your new topic into this existing one. Scroll up to find the solution and description of this issue.

[2.44.0] Update kimai to 2.50.0 Full Changelog Removed support for file:// urls in Markdown (new parsedown package) (#​5835) Fix missing macro in export print template (when rendering user preferences) (#​5835) Fix timesheets with breaks did not work in "weekly hours" screen (#​5835) Allow to customise statistic queries (#​5827)

[1.34.1] Update koel to 8.3.1 Full Changelog fix: artist deleted if album artist is provided (closes #​2183) by @​phanan in #​2193 fix: do not use model factories for doctor command by @​phanan in #​2195

Running TURN server on port 443 only matters for setups where a Client is unable to contact the server on non-port 443. This is only common in some ultra locked down intranet setups.

https://forum.cloudron.io/topic/15003/komf-on-cloudron-komga-and-kavita-metadata-fetcher

[2.4.1] Set supportsDisplayName to false in manifest

@girish Thank you so much for adding this.

[1.35.0] Update languagetool to b3f1334

[1.12.2] Update leantime to 3.7.3 Full Changelog fix: backend bug fixes from phase-0 modernization branch by @​marcelfolaron in #​3289 feat(tokens): add design system CSS custom property definitions by @​marcelfolaron in #​3290 fix: accessibility, view system, and composer improvements from phase-0 by @​marcelfolaron in #​3292 fix: ticket PATCH 500 errors, quick-add group context, and UI fixes by @​marcelfolaron in #​3313 fix: address 6 GitHub issues - session, calendar, postgres, todos, users, ldap by @​marcelfolaron in #​3315 fix: PostgreSQL ROUND(double precision, int) error on ticket queries (#​3301) by @​marcelfolaron in #​3317 fix: PostgreSQL ROUND error, missing zp_canvas.color migration, and 3.7.2 changelog by @​marcelfolaron in #​3318

[1.1.4] Update rag_api to 0.7.2 Full Changelog fix: Concurrent Upload Isolation, MongoDB Connection Leaks, and Validation Crashes by @​danny-avila in #​256 feat: Add lazy_load() support to document loaders by @​danny-avila in #​257 fix: Plug MongoDB client, SQLAlchemy engine, and CSV temp file leaks by @​danny-avila in #​258 fix: Migrate PGVector cmetadata Column to JSONB with GIN Index by @​danny-avila in #​259

[1.55.8] Update LimeSurvey to 6.16.10+260223

Thank you @necrevistonnezr ... it wasn't obvious to find, for me. I have one now.

[1.20.0] add dumb-init to collect zombies

[1.15.0] Update listmonk to 6.0.0 Full Changelog TOTP two-factor authentication. E-mail based Forgot password reset flow. Ability to archive lists. Subscriber activity in the Subscriber profile UI. Ability to send transactional mails to non-subscribers via the /api/tx API. Campaign-level JSON JSON {} attributes just like subscriber attributes. Granular override on subscriptions / subscriber profile in bulk import. In-built Postgres VACUUM cron in Maintenance settings for large databases. Add attribs to campaign docs. Upgrade altcha JS to latest version.

[1.17.10] Update loomio to 3.0.21 Full Changelog Changes to the Discussion and Poll templates UI. I've had people tell me they couldn't find how to create a template. Now there is a New template button, which opens the example templates page, you can use an example as the starting point for a new template. Fewer discussion templates in a group by default. Updates to the Sense Check poll options, so they're more helpful. Materialize default discussion templates as DB records by @​robguthrie in #​12182 Discussion template UI improvements by @​robguthrie in #​12181 Add opening_at to polls for scheduled voting by @​robguthrie in #​12174 Poll template updates by @​robguthrie in #​12184 This release also addresses a minor security issue, where a member of a group could see the names of secret subgroups they did not belong to, if they inspected the server responses of the reports controller.

[2.44.0] OIDC auth implemented, tests updated

@girish That is a super handy feature!

[1.17.7] Update mastodon to 4.5.7 Full Changelog Add --suspended-only option to tootctl emoji purge (#​37828 and #​37861 by @​ClearlyClaire and @​mjankowski) Fix emoji data not being properly cached (#​37858 by @​ChaosExAnima) Fix delete & redraft of pending posts (#​37839 by @​ClearlyClaire) Fix processing separate key documents without the ActivityStreams context (#​37826 by @​ClearlyClaire) Fix custom emojis not being purged on domain suspension (#​37808 by @​ClearlyClaire) Fix users without special permissions being able to stream disabled timelines (#​37791 by @​ClearlyClaire) Fix processing of object updates with duplicate hashtags (#​37756 by @​ClearlyClaire)

thanks, does this help reduce i/o in a meaningful way? I guess we should continue back in the other thread.

Hello @andreasdueren At some point MAS will be integrated into synapse. When this happens automatic migration will be handled.

[1.26.0] Update mattermost to 11.5.1 Full Changelog Mattermost Platform Release 11.5.1 contains multiple new quality of life improvements, including CJK Database Search, AI Channel Summarization, Agents Web Search, User Authoritative Source, and Channel Auto-Translation.

RabbitMQ is of use for supporting Plane on Cloudron. It has quite high resting RAM requirements. So, LavinMQ might be even better as lighter resting requirements. https://plane.so/ Plane requires RabbitMQ (AMQP) for all async job processing. The Worker and Beat Worker services consume from RabbitMQ queues. There is no way to substitute Redis for this purpose: Plane switched from Redis/Celery to RabbitMQ explicitly. Cloudron has addons for PostgreSQL, MySQL, MongoDB, and Redis, but nothing for AMQP/RabbitMQ.

[1.36.0] Update mealie to 3.13.1 Full Changelog fix: #​6802 prevent 500 internal server error when patching recipe tags @​SimeonSouttar (#​6803) fix: Updated workflows to checkout on commit of commit-version-bump @​Choromanski (#​7217) feat: Unit standardization / conversion @​michael-genson (#​7121) feat: Add social media video import (YouTube, TikTok, Instagram) @​AurelienPautet (#​6764) feat: Recipe import progress @​michael-genson (#​7252) feat: Switch to httpx-curl-cffi for better scraping @​michael-genson (#​7254) feat: Adjust linked recipe unit and seperate when adding to shopping list @​michael-genson (#​7260)

Hey @james and @joseph. Thank you for your quick replies! I'm going to try out this technique with LAMP first and report back, and if that doesn't work than I may try creating the SMW Cloudron App.

Closed due to inactivity

[1.5.1] pin package source by hash

[3.2.1] Update metabase to 0.59.3.2 Full Changelog

[2.37.2] Update bedrock to 1.26.2.1

[1.6.12] Update v2 to 2.2.18 Full Changelog To prevent potential SSRF, Miniflux now blocks access to services hosted on private networks by default. FETCHER_ALLOW_PRIVATE_NETWORKS=1 must now be enabled to access feeds hosted on a local network. INTEGRATION_ALLOW_PRIVATE_NETWORKS=1 must now be enabled to access third-party integration services hosted on a local network. Apply entry blocking rules both before and after scraping to avoid unnecessary requests and allow matching on fetched content. Add ignore_entry_updates feed option to skip updating existing entries during scheduled polling. Add Arabic (ar_SA) translation. Add Galician (gl_ES) translation. Update Polish translation. Various performance improvements across multiple components (fetcher, parser, sanitizer, readability, URL cleaner, feed discovery, and Google Reader API). Simplify parts of the Google Reader code and reduce allocations in several hot paths.

Hello @loudlemur Thanks for the report. The minio package has been fixed to use the correct URL.

[1.18.20] Update mirotalkp2p to 1.7.55

The app package runs the cron job as outlined in https://github.com/monicahq/monica/blob/4.x/docs/installation/providers/generic.md#4-configure-cron-job Can you open a webterminal into the app and run it manually via: sudo -E -u www-data php /app/code/artisan schedule:run and see if it shows an error or sends the mails then?

[4.0.3] Update moodle to 5.1.3 Full Changelog

[4.14.1] Update n8n to 2.12.3 Full Changelog core: Emit leader-takeover on leadership mismatch in checkLeader (#​27150) (d6e8212) editor: Command bar wasn't finding any workflows (#​27137) (38620d5)

[1.27.2] Update navidrome to 0.60.3 Full Changelog 34c6f12: feat(server): add explicit status support in smart playlists (#​5031) (@​kgarner7) 408aa78: fix(scanner): log warning when metadata extraction fails (@​deluan) ed79a88: fix(scanner): pass filename hint to gotaglib's OpenStream for format detection (#​5012) (@​deluan) fd09ca1: fix(scanner): resolve data race on conf.Server access in getScanner (@​deluan) 0a47228: fix(subsonic): validate JSONP callback parameter (@​deluan) eb9ebc3: fix(ui): add missing keys in Danish translation (#​5011) (@​denisarissa) 62f9c3a: fix: linux service should restart when upgrading (#​5001) (@​mintsoft) e05a7e2: fix: prevent data race on conf.Server during cleanup in e2e tests (@​deluan) bee0305: fix: split reflex -R flags to preserve directory exclusion optimization (@​deluan)

Cloudron 9.0.17 Nextcloud 32.0.6 / com.nextcloud.cloudronapp@5.6.7 App was created....4-5? years ago Hello all, I hope you're all doing well. My Nextcloud install cron isn't running. I only realised when my RSS feeds weren't updating. This has been the case for maybe a month, or longer. [image: 1774008858613-screenshot-2026-03-20-at-09.21.08-resized.png] If I reboot the app, cron runs successfully. I can run cron.sh manually: root@b9cb435f-94c7-497b-bedd-7eedf0a097e7:/app/code# /app/pkg/cron.sh => Run cron job root@b9cb435f-94c7-497b-bedd-7eedf0a097e7:/app/code# I can run /app/pkg/cron.sh manually from web-ui terminal root@b9cb435f-94c7-497b-bedd-7eedf0a097e7:/app/code# /app/pkg/cron.sh => Run cron job root@b9cb435f-94c7-497b-bedd-7eedf0a097e7:/app/code# I can run /app/pkg/preview-cleanup.sh manually from web-ui terminal root@b9cb435f-94c7-497b-bedd-7eedf0a097e7:/app/code# /app/pkg/preview-cleanup.sh => Run empty folder cleanup root@b9cb435f-94c7-497b-bedd-7eedf0a097e7:/app/code# cron.sh contents looks "normal" #!/bin/bash echo "=> Run cron job" exec /usr/local/bin/gosu www-data:www-data php -f /app/code/cron.php preview-cleanup.sh contents looks "normal" #!/bin/bash set -eu set -o pipefail echo "=> Run empty folder cleanup" cd /app/code/ readonly instanceId=$(sudo -u www-data php occ config:system:get instanceid) cd /app/data/data/appdata_${instanceId}/preview/ find . -type d -empty -delete When I run cron.sh or preview-cleanup.sh, nothing is logged in /run/nextcloud/nextcloud.log - tail -f /run/nextcloud/nextcloud.log | grep cron. I've read "cron job is automatically enabled in Cloudron. No need to do anything...". Looking in the Cloudron app UI, I don't see any entries in the Nextcloud app crontab: [image: 1774009998812-165cb608-b2c7-45fe-b131-cd02b0cfcf65-image-resized.jpeg] I can't find any other applicable forum posts. I'm not sure where to go with things now. Any help most appreciated! Update Reading more about an app's crontab being managed from the Cloudron UI - is it possible that that possibility was brought by a recent update, and it's not been configured? Just a thought.

[1.32.3] Update nocodb to 0.301.5 Full Changelog

[2.26.0] Update NodeBB to 4.10.0 Full Changelog add /world as a potential home page route (58d3aa7) add category selector to /world quick composer (2f5021e) ability to show only local posts in /world (44e65b8) #​14094, notification drawer UX improvements (6c01a5d) allow 3 profile pics (#​14092) (533ae69) category group actor outbox, #​14083 (b317cdd) improve idempotency of ap test (8ca34e7) call syncfollowcounts on unfollow as well (ebe709d) sync follow counts on local and remote follows, #​14105 (44e78e4) cold load redirect should only affect guests (cc60667)

[1.22.2] Update ntfy to 2.19.2 Full Changelog This is another small bugfix release for PostgreSQL, avoiding races between primary and read replica, as well as to further reduce primary load. Bug fixes + maintenance: Fix race condition in web push subscription causing FK constraint violation when concurrent requests hit the same endpoint Route authorization query to read-only database replica to reduce primary database load

[1.6.2] Update ollama to 0.18.2 Full Changelog Add extra check to ensure npm and git are installed before installing OpenClaw Claude Code will now be faster when run locally, due to preventing cache breakages Fix to correctly support ollama launch openclaw --model <model> Register Ollama's websearch package correctly for OpenClaw

I looked into the logs and it was the outdated Commons module. Thanks for your help and keep up the great work with cloudron!

[1.25.0] Update DocumentServer to 9.3.0 Full Changelog Implemented the ability to add hyperlinks to images, shapes, or groups Implemented all settings for texture fills for images Updated macro recording in documents, spreadsheets, and presentations Added Multiple pages view Added the Zoom to 100% and Multiple pages buttons to the View tab Changed the appearance of comments. Now a users color is used and the beginning and end of the comment are displayed Implemented the ability to select words/paragraphs by double/triple-clicking the mouse Added saving to the MD format Moved header and footer settings to a separate Header & Footer tab Added support for new functions: REGEXTEST, REGEXREPLACE, REGEXEXTRACT

[0.7.0] Update opencloud to 5.2.0 Full Changelog feat!: remove deprecations for v6.0.0 [#​2093] refactor!: floating UI [#​1998] refactor!: port vue-portal to teleport or extension system [#​2015] refactor!: mobile nav to web-pkg [#​2007] feat: use proper size-5 class for medium sized icons [#​2066] feat: increase topbar height [#​2070] Improve empty state icons [#​2094] feat: ease use of floating action button extension [#​2090] feat: add polished icons for no content message [#​2033] feat: add fab to admin settings and spaces overview [#​2025]

[1.8.3] Update openhab-distro to 5.1.3 Full Changelog Restore model validation not to fail on diagnostic errors for rules and scripts Fix community marketplace discourse parsing Align x-axis and query to daysOfMonth for aggregated series zwave: Fix zwave network map display in 5.1.x item-state-preview: Fix toggle switch not being fully re-rendered on Item change useStatesStore: Fix error in expression tester with =items formula

[3.46.2] Update openproject to 17.1.2 Full Changelog Bugfix: Error when creating a new work package after uploading an attachment to the previous one that was opened in details view [#​67980] Bugfix: Pasting rich text into CKEditor crashes it [#​69597] Bugfix: external_redirect URL always engaged, making copy&pasting links harder [#​71946] Bugfix: Parent project name visible in breadcrumb irrespective of parent access [#​71972] Bugfix: Trying to attach a calendar part when no mail is being generated fails [#​72244] Bugfix: Meetings appear duplicate in the ical subscription after an interim response [#​72259] Bugfix: Can't create automatically managed project folder when project name contains forbidden Nextcloud characters [#​72525]

Hi @girish so I learned something while setting up my Radicale and OWC. It seems like the calendar client publishing in to the ICS in Radicale (or wherever your ICS source lives) can matter. When I used the Calendar app on macOS I saw no descriptions. When I used Thunderbird I do. You can see it on my live page that has the OWC page in an iframe https://kb.filewave.com/books/community-engagement/page/customer-event-schedule and if you click on events in the agenda then the description shows. I think initially I was also hoping to show description on the Agenda page without clicking on an event but originally I was bothered that I just couldn't get description to show up. So now it does at least show up when you click an event. I haven't looked at why Calendar doesn't make a summary that shows and Thunderbird does but I'm fine using Thunderbird to put events in my calendar feed.

@charlesnw I am running open terminal but in another container, i think it's best to maintain Open WebUI with original package

[1.1.2] Update opodsync to 0.5.2 Full Changelog Fix: error when addin a new subscription (GH-86)

[2.4.2] Fixup doc URL

[1.21.1] Update outline to 1.6.1 Full Changelog A bug affecting file and image upload in the editor was fixed in #​11803 MCP: Now has tools to move documents within a collection in #​11799 MCP: Now supports API key header authentication in #​11798 Added Tahoe-compatible icon variants for PWA in #​11762 Fixed a race condition when editing title while doc is saving would reset the title in #​11764 Added support for the new GitLab work_items URL structure in #​11795 Print layout now respects full-width option by @​wmTJc9IK0Q in #​11768 Fixed a page hang with corrupted PNG upload in #​11783 Improved validation of SMTP_FROM_EMAIL and SMTP_REPLY_EMAIL in #​11784 Custom port is now preserved in OAuth metadata URLs when self-hosted behind a reverse proxy in #​11791

[1.6.1] Update owncast to 0.2.4 Full Changelog Lots of localization changes, both in how they work across the web application, and adding more support for them. So more places should show more languages. The backend refactor continues with more splitting things off into standalone data repositories and services. Higher bitrates can now be selected in the video encoding settings. There's a new webhook that fires when you get a new Fediverse follower. Admin: add line divider in sidebar #4098 Display shortcut keys of hide/show chat in Dropdown menu #4096 Create a custom Translation component #4428 Add support for pluralization in the new Translation component #4440 Add support for translations in the web project #3950 Add server status as a default field in all webhooks #4384

[1.3.0] Update base image to 5.0.0

[1.48.3] Update paperless-ngx to 2.20.11 Full Changelog Fix: correct dropdown list active color in dark mode @​shamoon (#​12328) Fixhancement: clear descendant selections in dropdown when parent toggled @​shamoon (#​12326) Fix: prevent wrapping with larger amounts of tags on small cards, reset moreTags setting to correct count @​shamoon (#​12302) Fix: prevent stale db filename during workflow actions @​shamoon (#​12289)

You can still install it like this https://my.<cloudron>/#/appstore/rocks.paperwork.cloudronapp . But note that it was last updated 3 years ago. I tried to build a new version with latest with PHP a year ago and the app was not even building anymore. They have been re-writing a new version for a couple of years now.

@stevespaw thanks for sharing!

Thank you @James for your support with this. I was looking at creating a bug report for Penpot but noticed that @brutalbirdie has already done it. Thanks all ! https://github.com/penpot/penpot/issues/8590

App discontinued due to no upstream updates.

The upstream project has not released in almost 3 years now. We had to build from develop to get some PHP 8 support going, but there are bugs like https://github.com/phpservermon/phpservermon/issues/1196 , https://github.com/phpservermon/phpservermon/issues/1232 . There's also a bunch of basic issues: Normal user cannot login after admin user logs in. Some issue related to service worker. LDAP functionality is incomplete

[3.3.0] Update Piwigo to 16.3.0 Full Changelog Release note

Oh well, I thought the email issue would be fixed by the latest update, but unfortunately the problem still persists.

[1.14.8] Update pocketbase to 0.36.7 Full Changelog Fixed high memory usage with large file uploads (#​7572). Updated the rate limiter reset rules to follow a more traditional fixed window strategy (aka. to be more close to how it is presented in the UI - allow max X user requests under Ys) since several users complained that the older algorithm was not intuitive and not suitable for large intervals. Approximated sliding window strategy was also suggested as a better compromise option to help minimize traffic spikes right after reset but the additional tracking could introduce some overhead and for now it is left aside until we have more tests. Updated modernc.org/sqlite to v1.46.2 and SQLite 3.51.3. SQLite 3.51.3 fixed a database corruption bug that is very unlikely to happen (with PocketBase even more so because we queue on app level all writes and explicit transactions through a single db connection), but still it is advised to upgrade.* Updated other minor Go and npm deps. The min Go version in the go.mod of the package was also bumped to Go 1.25.0 because some of the newer dep versions require it.*

Hi, It looks like the package is gone from the cloudron supported apps, has anyone tried self-hosting it by following the official method as presented in their doc, with success? (https://docs.postiz.com/quickstart)

[1.5.0] Update pretix to 2026.2.0 Full Changelog

[1.11.3] Update PrivateBin to 2.0.3 Full Changelog FIXED: Prevent arbitrary PHP file inclusion when enabling template switching FIXED: Malicious filename can be used for self-XSS / HTML injection locally for users FIXED: Unable to create a new paste from the cloned one when a JSON file attached (#1585)

[2.10.0] Update prometheus to 3.10.0 Full Changelog [CHANGE] Alerting: Add alertmanager dimension to following metrics: prometheus_notifications_dropped_total, prometheus_notifications_queue_capacity, prometheus_notifications_queue_length. #​16355 [CHANGE] UI: Hide expanded alert annotations by default, enabling more information density on the /alerts page. #​17611 [FEATURE] AWS SD: Add MSK Role. #​17600 [FEATURE] PromQL: Add fill() / fill_left() / fill_right() binop modifiers for specifying default values for missing series. #​17644 [FEATURE] Web: Add OpenAPI 3.2 specification for the HTTP API at /api/v1/openapi.yaml. #​17825 [FEATURE] Dockerfile: Add distroless image variant using UID/GID 65532 and no VOLUME declaration. Busybox image remains default. #​17876 [FEATURE] Web: Add on-demand wall time profiling under <URL>/debug/pprof/fgprof. #​18027 [ENHANCEMENT] PromQL: Add more detail to histogram quantile monotonicity info annotations. #​15578 [ENHANCEMENT] Alerting: Independent alertmanager sendloops. #​16355 [ENHANCEMENT] TSDB: Experimental support for early compaction of stale series in the memory with configurable threshold stale_series_compaction_threshold in the config file. #​16929

[2.26.0] Update VueTorrent to 2.32.0 Full Changelog download_path for categories (#​2633) (c975533) TorrentDetail: Add default tab selection in settings (#​2623) (144f552) CookiesManager: Allow import from empty menu (3f4f571) RSS: Improve performance (c6d9ddc)

[2.12.0] chore(deps): update dependency radicale to v3.6.1

[2.7.3] Update rallly to 4.7.4 Full Changelog Fix redirect to login when accessing poll admin by @​lukevella in #​2184

App discontinued due to no upstream updates.

[5.4.0] Update redash to 26.3.0 Full Changelog

[3.11.1] Update redmine to 6.1.2 Full Changelog Defect #43661: Unsafe eval usage in AttachmentsHelper Defect #43690: Directory Traversal via Backslash-Separated Paths in Filesystem SCM Defect #43691: DOM (Stored) XSS in @mention autocomplete via unescaped user name Defect #43692: LDAP Injection (Unescaped Input in LDAP Search Filter) Defect #43694: DOM XSS: HTML Injection via Custom Field Name in Query Filter Generation Defect #43830: User who is allowed to view only their own time entries can retrieve other users’ time entry details by directly specifying the TimeEntry ID via the REST API Defect #43864 / #43840: Update Nokogiri to 1.18.9 (5.1.12) or 1.19.1 (6.1.2 and 6.0.9).

Just installed ReleaseBell to monitor the apps I am packaging. But it's not accurate Shows https://github.com/windmill-labs/windmill as v1.457.0 but the actual GitHub page shows 1.645.0 Is there some config I should be changing ? Actually, just noticed it has 2 entries for windmill ( a starred project ), the other showing 1.573.0

[3.1.0] Update Rocket.Chat to 8.2.1 Full Changelog (#​39508 by @​dionisio-bot) Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates) (#​39517 by @​dionisio-bot) Fixes ssrf validation for oauth endpoints, which allows internal endpoints to be used during the auth flow. This release focuses on security, stability, and usability improvements. SSRF protection was strengthened by moving URL validation into the server-fetch package with built-in safeguards like internal IP blocking, DNS rebinding protection, stricter redirect handling, and optional safe overrides, plus a new workspace allowlist for specific domains, IPs, and ports. The minimum supported MongoDB version was raised to 8.0 to improve the support matrix's stability. Federation now includes an added validation layer that restricts usage to users with verified emails matching the configured domain. OpenAPI documentation generation was improved to correctly handle multiple HTTP methods under the same endpoint path. Apps-Engine now supports multiple file uploads, a new uploads.delete endpoint allows individual file deletion, and username formatting across the UI has been standardized to consistently include an @​ prefix. The release also delivers a broad set of reliability and security fixes. It resolves a persistent Enterprise plan active pop-up caused by a failing API request, ensures chat routing respects agent limits in microservices deployments, and adds a MongoDB TTL index to automatically expire statistics after one year to control storage growth. Several Apps-Engine issues were addressed, including lost logs in nested requests and broken dynamic route parameters.

Glad we got down to the issue in the end.

@girish said: @rmdes @odie I have updated the app to use symlinks under /app/data/bridges. You can add new bridges there or delete some symlink and add your own. Thank you! Works excellent!

Given that the upstream project is not maintained anymore, we have hidden this in the appstore. I had also submitted a PR upstream for a basic issue which is ignored - https://github.com/aliasaria/scrumblr/pull/161

[2.84.0] Update searxng to 3c1f68c Full Changelog

[1.3.0] Update serpbear to 3.0.0 Full Changelog adds dynamic scraping to tackle num=100 block. (b976aef), closes #​310 correct typo "avaialable" "available" in AddKeywords and searchConsole (ca1b6cb resolve broken Google Ads integration due to deprecated API (893598a), closes #​239 #​181 #​311 resolve Google Search Console Forbidden errors and silent cron failure (c075fc4), closes #​232 #​180 #​180 #​232 resolves "client-side exception has occurred" error. (dc67fcf), closes #​271 resolves broken city filter for serper.dev (8a61064), closes #​285 resolves failure to detect domain with www in search results (36ed25f), closes #​272 #​281 #​323 resolves google ads Not authorized error when integrating (09b025a), closes #​190 resolves Google adwords connection issue. (be4eb47) resolves hidden tooltips for inner tabs (ea6df20)

[1.4.1] Update sftpgo to 2.7.1 Full Changelog SFTPD: Added support for OpenPubkey SSH, enabling tighter integration between OpenID Connect and SFTP. Enforced password validation rules also when applied through a group. Fixed an issue where JSON dumps containing command actions failed to load correctly at startup when loaded as initial data. Data Provider: Fixed lock handling issues during migrations that could affect MySQL when migrations are executed concurrently by multiple instances. Fixed a potential path traversal and permission bypass involving specially crafted paths. CVE-2026-30914. Fixed placeholder sanitization in group home directories and key prefixes. CVE-2026-30915. Unified path handling: Prior to this release, the backslash character (\) was treated differently depending on the host operating system: on Linux, it was considered a standard character within a file or directory name, while on Windows, it acted as a path separator. We have now unified path handling across all platforms. Moving forward, both forward slashes (/) and backslashes (\) are strictly evaluated as path separators, independently of the underlying OS.

[2.18.0] Update Shaarli to 0.16.0 Full Changelog v0.x branches and tags will no longer be maintained after v0.16. Always upgrade to the latest release to receive bugfixes and security patches. docs: update PHP version compatibility table fix stored XSS via suggested tags (GHSA-g3xq-mj52-f8pg) build(deps): update frontend build dependencies (js-yaml/glob)

@girish said in SickChill unlisted from app store: I hope they atleast bring back the issue tracker Out of interest, why does this matter for Cloudron? BTW, someone has replied to the thread I started on Discord informing me that the master releases are these https://pypi.org/project/sickchill/ Doesn't look like there has been a new one since March though.

[1.3.0] Update shiori to 1.8.0 Full Changelog feat(apiv1): refactor tags api (#1075) feat: add PWA support share functionality (#1060) feat: add apis to handle bookmark tags (#1081) feat: allow tag filtering and count retrieval via api v1 (#1079) feat: improve SQLite performance (#1024) feat: reverts message in json output and allows configuration (#1082) feat: support proxy forward headers authentication (#1105) fix: auth validation on existing sessions, rely on token only (#1069) fix: incorrectly set cookie's expires value in login.js (#1049) fix: parse pocket new CSV format (#1112

The upstream project is archived - https://github.com/boypt/simple-torrent/ . There has been no changes in 2 years and modules are not updated.

Hello @darrendavid and welcome to the Cloudron forum Could you please explain a little how this is connected to Cloudron? I am not sure if you are in the correct place here for this question.

[1.19.0] Update snipe-it to 8.4.0 Full Changelog Added "reset to default" for theme, preview for effects in profile by @​snipe in #​18347 Add SCIM url to admin settings index view by @​snipe in #​18358 Fixed #​18325: Ensure existing permission group users are maintained when editing a group by @​dylang3 in #​18326 Replaced deprecated Symfony Request::get() usage by @​joelpittet in #​18363 Bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in #​18349 Bump actions/cache from 4 to 5 by @​dependabot[bot] in #​18348 Fixed #​18384: Remove backticks in bulk-actions.blade.php to avoid unintentional shell_exec() call by @​dylang3 in #​18388 Fixed #​18377 - make min for names consistent by @​snipe in #​18392 Fixed: paragonie/sodium_compat - Missing check that a point is on the prime subgroup for Edwards25519 by @​joelpittet in #​18391

[2.18.5] Update sogo to 5.12.5 Full Changelog vulnerability: prevent javascript injection with hint query (e821b20) vulnerability: prevent sogo to execute scripts in theme query (16ab99e) vulnerability: prevent xss with events, tasks and contacts categories (e9b3f2a) vulnerability: properly change the totp code after disabling it (83d4c52)

Just checked on this again but it seems statping-ng is not going forward much . https://github.com/statping-ng/statping-ng/tags says the release was almost a year ago.

[3.8.1] Update Stirling-PDF to 2.7.3 Full Changelog New PDF read aloud feature in viewer mode to "speak" the PDF to you, will be improved more going forwards! Improved annotation handling in annotation UI Mac printing is finally working on desktop app! Several general bug fixes such as Fix non-ASCII characters in headers being rejected Fix bug for HTTP2 support

[1.12.0] chore(deps): update dependency apache-superset to v6

[6.4.7] Update surfer to 6.4.1 Update frontend and backend dependencies

[1.33.16] Update syncthing to 2.0.15 Full Changelog Database backend switched from LevelDB to SQLite. There is a migration on first launch which can be lengthy for larger setups. The new database is easier to understand and maintain and, hopefully, less buggy. The logging format has changed to use structured log entries (a message plus several key-value pairs). Additionally, we can now control the log level per package, and a new log level WARNING has been inserted between INFO and ERROR (which was previously known as WARNING...). The INFO level has become more verbose, indicating the sync actions taken by Syncthing. A new command line flag --log-level sets the default log level for all packages, and the STTRACE environment variable and GUI has been updated to set log levels per package. The --verbose and --logflags command line options have been removed and will be ignored if given. packages, and the STTRACE environment variable and GUI has been updated

We only published a fixed package now, based on the alternative LDAP plugin

[1.11.1] Update recipes to 2.5.1 Full Changelog improved ingredient parser handling of leading special characters (like ,.-_=+#*|/) changed start page link icon to "more" text for opening search fixed ical issues #​4429 fixed recipe view performance degradation (thansk to @​poikilotherm #​4426) fixed syntax error in template breaking recipe view and editor #​4421 fixed creating food trough shopping list entry failing #​4418 fixed admins could include arbitrary local files trough local storage provider https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6485-jr28-52xx fixed server side request forgery trough redirects/dns rebinding attacks https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-j6xg-85mh-qqf7 fixed issue with diameter scaling when base servings were not 1

[1.5.2] Fixup doc URL

@timconsidine said in Teddit Subscriptions no longer working: Just FYI - my LibReddit - selfhosted as Docker on another VPS = is still working. But now it is down. Maybe they have caught up with me.

[1.22.1] checklist added to manifest

@Sam_uk we have unlisted TLDraw by now. Please see https://forum.cloudron.io/topic/10806/no-more-updates-to-tldraw . The license and company direction has changed.

The traccar team has created a fix for this issue. https://github.com/nagyist/traccar/commit/9c31a03b374483811263626590faa2224211d670 If a new traccar release is ready we will also update the Cloudron app.

[2.7.2] Update libretranslate to 1.9.5 Full Changelog Fix version display by @​pierotofy in #​951 Prefetch MiniSBD models by @​pierotofy in #​953

[2.5.0] Update transmission to 4.1.0 Full Changelog Improved TP download performance. (#​6508) Added support for IPv6 and dual-stack UDP trackers. (#​6687) Support trackers that only support the old BEP-7 with &ipv4= and &ipv6=. (#​7481) New JSON-RPC 2.0-compliant RPC API. (#​7269) Added optional sequential downloading. (#​4795) Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#​7819, Qt Client) Fixed 4.0.6 bug where Transmission might spam HTTP tracker announces. (#​7086) Improved libtransmission code to use less CPU. (#​4876, #​5645, #​5715, #​5734, #​5740, #​5792, #​6103, #​6111, #​6325, #​6549, #​6589, #​6712, #​7027, #​7744, #​7800) Avoid unnecessary heap memory allocations. (#​5519, #​5520, #​5522, #​5527, #​5540, #​5649, #​5666, #​5672, #​5676, #​5720, #​5722, #​5725, #​5726, #​5768, #​5788, #​5830, #​6542) Slightly reduced latency when sending protocol messages to peers. (#​5394)

[1.27.2] Update Trilium to 0.101.3 Full Changelog SQL Console: cannot copy table data by @SiriusXT Title is not selected when creating a note via the launcher by @SiriusXT Popup editor closing after inserting a note link by @SiriusXT New Mermaid diagrams do not save content by @lzinga Can't scroll mermaid diagram code Max content width is not respected when switching between note types in the same tab Crash When a Note Includes Itself Severe Performance Degradation and Crash Issues Due to Recursive Inclusion in Included Notes is not a launcher even though it's in the launcher subtree Archived subnotes of direct children appear in grid view without #includeArchived

[2.80.0] Update tt-rss to 4755adc

Always good to check the logs for progress

[1.23.2] Update typebot.io to 3.15.2 Full Changelog Fix app router automatically adding transfer-encoding: chunked header to backend requests 69efa2f

[3.23.0] Add optional redis

[2.3.0] Update cloudflared to 2026.3.0

Closed due to inactivity note: mods are working, asked @BrutalBirdie he tested it briefly

[1.82.5] Fixup doc URL

[1.24.3] Update vaultwarden to 1.35.4 Full Changelog GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user (fully encrypted) if they already know its internal UUID. GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an organization to modify collections they can access, even if they do not have management permissions for them. GHSA-r32r-j5jq-3w4m. This vulnerability allows an attacker with manager-level access within an organization to modify collections they are not assigned. Update Rust and Crates and GHA by @​BlackDex in #​6843 hide remember 2fa token by @​stefan0xC in #​6852 fix(send_invite): invite links by @​proofofcopilot in #​6824 Misc organization fixes by @​BlackDex in #​6867

[1.74.0] Update verdaccio to 6.3.1 Full Changelog fix(deps): update core verdaccio dependencies (6.x) by @​renovate[bot] in #​5587 fix(deps): update dependency envinfo to v7.21.0 (6.x) by @​renovate[bot] in #​5590 fix(deps): update core verdaccio dependencies (6.x) by @​renovate[bot] in #​5613 fix: error checking storage directory #​5447 fix(api): remove unnecessary allow check #​5599

@james Thanks for the quick fix. I can confirm it's working now on Windows desktop v.2.1.0.

Thank you, robi, I've seen /app/code/start.sh and it'd be a great place to put the needed changes, but this file is not in the /app/data/ folder and -- as such -- isn't writeable. It seems to me I have to somehow sneak something into /app/data/ as that's the only place I have influence over. One thought: Could I simply patch /app/data/wg/wg0.conf and chmod -r it to prevent it being rewritten on app restart?

[2.5.6] Update wallabag to 2.6.14 Full Changelog Change version in wallabag.yml by @nicosomb in #8251 Fix deprecation by @j0k3r in #8267 Add annotations filter to entries API endpoint by @skn in #8346 Update dependencies by @yguedidi in #8435 Bump deps (mostly for siteconfig) by @j0k3r in #8489 Fix reading time computation for short entries by @andreadecorte in #8332 Fix urls parameter when sending many urls to be stored using the API by @j0k3r in #8488 Prepare 2.6.14 by @j0k3r in #8494

[1.20.1] Update Wallos to 4.7.2 Full Changelog password reset tokens now expire after 60 minutes (90bb618) vulnerability would allow to bypass 2fa (#​1021) (90bb618)

[1.20.1] Update whitebophir to 1.22.1 Full Changelog

[1.38.1] Update weblate to 5.16.2 Full Changelog New setting <a href="https://docs.weblate.org/en/weblate-5.16.2/admin/config.html#std-setting-PUBLIC_ENGAGE" class="reference internal"><span class="pre"><code class="xref std std-setting docutils literal notranslate">PUBLIC_ENGAGE</code></span></a> to make the engage page public even with <a href="https://docs.weblate.org/en/weblate-5.16.2/admin/config.html#std-setting-REQUIRE_LOGIN" class="reference internal"><span class="pre"><code class="xref std std-setting docutils literal notranslate">REQUIRE_LOGIN</code></span></a>. Improved matching in <a href="https://docs.weblate.org/en/weblate-5.16.2/admin/memory.html" class="reference internal"><span class="doc">Translation Memory</span></a>. Show the number of strings waiting for review in listings. Avoid displaying confusing status icons for ghost languages on project or category level. Fixed missing plural source strings when creating new bilingual plural units. Crash on certain pages with nested categories. Improved API validation when adding strings. Disabled throttling for incoming webhooks. Avoid displaying non-actionable ghost languages. Fixed highlighting in the translation editor.

[4.101.0] Update wekan to 8.33 Full Changelog Admin Panel/Settings/Layout, for PWA: Custom head meta, link, icons, assetlinks.json, site.webmanifest. Migrate wekan-ldap to async API for Meteor 3.0. Updated dependencies.