Update to 1.5.8
Don't send auto reply for spam emails (#628)
Vertical scroll for large assignees list (#620)
Add 1 second delay when sending notifications to users to avoid blocking by sending email service provider.
Perform second mail send attempt after 5 min, others with 1 hour interval.
Converted menu.append filter into action.
Updated NL translations.
Updated German translations.
@nebulon This plugin requires a file to be placed as part of the core files. We have to rework packaging of the /p/api directory to make it work. Not sure if it's worth it. Maybe we should provide a constructive error report to the upstream project on how they can help us by making the plugin installation only write to modifiable directories.
Update Kanboard to 1.2.15
Added PUT method using CURLOPT_CUSTOMREQUEST
Open large modal when clicking on edit category link
Set margin-bottom at 0 only for the last child of a tooltip element
Prevent last swimlane to be hidden if there is only one
Make tooltip events bubble
Keep newlines in markdown
Show the color dropdown when creating a new automatic action
Add action to assign a user when the swimlane change
The devs of Vanilla provided me with this solution
*If you create a file /conf/bootstrap.after.php and put that into this file, it will be executed on each request:
Gdn::database()->query("SET sql_mode = '';");*
@girish The screenshot was within mailtrain.
I have the email partially working now: it can receive email and I can read it on thunderbird, but I haven't been able to successfully send one yet. Some of the logs say something about the domain being too new.
I'll try the wordpress built-in email for now and see how far I get
Update Mastodon to 3.1.5
Security: Fix media attachment enumeration (ThibG)
Security: Change rate limits for various paths (Gargron)
Security: Fix other sessions not being logged out on password change (Gargron)
@girish A fresh install already has it set to "No"? Interesting, I don't recall ever setting mine to "Yes", but I guess I did. Thank you for confirming, seems it's okay then if it's set to "No" by default and the cronjob is doing it automatically.
Update Synapse to 1.16.0
Add an option to enable encryption by default for new rooms. (#7639)
Add support for running multiple media repository workers. See docs/workers.md for instructions. (#7706)
Media can now be marked as safe from quarantined. (#7718)
Expand the configuration options for auto-join rooms. (#7763)
We have had many requests for Mautic 3 update over the last month(s). I thought I will put a progress report here.
Mautic 3 is not entirely stable and if you go through their forum their is a lot of migration issues and installation issues. Still, we are working though them slowly in the Cloudron package.
The LDAP package is not working in Mautic 3. I have made a PR at https://github.com/Monogramm/MauticLdapAuthBundle/issues/12
CLI install has some issues, That is being worked on at https://github.com/mautic/mautic/pull/7395. I have been testing that patch and left a note there.
You can also follow https://git.cloudron.io/cloudron/mautic-app/-/issues/2 for more info.
Update metabase to 0.35.4
Security fix for BigQuery and SparkSQL
Turkish translation is now available again (#12557)
Better site URL detection when Metabase is run behind a proxy (#12528)
Changed map tile server URL to HTTPS (#12431)
Drastically reduced memory usage for streaming large XLSX files — thanks to @sunui for the PR. (#12521)
Update minio to 2020-07-02T00-15-09Z
fix: readiness needs to be like liveness. See (#9941) for more details.
Allow optionally to disable range caching. See (#9908) for more details.
Simplify background heal and trigger heal items early. See (#9928) for more details.
update gorilla deps for query parsing performance improvements. See (#9929) for more details.
Improvements to online status. See (#9858, #9808) for more details.
pop entries from each drives in parallel. See (#9918) for more details.
@yusf said in Images on NodeBB:
@jdaviescoates said in Images on NodeBB:
you can't upload images here
Sure you can!
@vjvanjungg said in Images on NodeBB:
the vertical image icon next to the smiley face is good for uploading img, i saw it yesterday maybe there is a way to disable it @jdaviescoates
Heh, thanks, not sure how I'd missed that!
Have edited my post above to add a D'Oh!
To support Radicale v3 we had to develop the LDAP plugin, since the plugin structure changed. We are now trying to upstream this to the well known radicale ldap plugin at https://github.com/marcoh00/radicale-auth-ldap/pull/13
If you are a python developer, you are welcome to join us to fixup the things left to make it whole
I did look into integrating with gogs when I did the GitLab integration. IIRC, the issue was that the gogs APIs for release tracking required a token (unlike GitHub and GitLab). This means that you have to create an account in another gogs/gitea instance (registration is frequently disabled) making it impossible to track. I think we might have to investigate a bit more and report the issue upstream first.
Update Roundcube to 1.4.7
Prevent cross-site scripting (XSS) via HTML messages with malicious svg/namespace
Fix bug where subfolders of special folders could have been duplicated on folder list
Increase maximum size of contact jobtitle and department fields to 128 characters
Fix missing newline after the logged line when writing to stdout (#7418)
With package version 0.1.0 we have just released the app as unstable for now. Please test and report issues back.
The initial packaging effort was done by @fbartels thanks a lot for this!
The package code repo is at https://git.cloudron.io/cloudron/statping-app
@nebulon files are between 64B and 1.5MB each, so not big. I can try with a different browser, of course.
@girish said in How to disable user signup?:
Bbut if you click register and try to register, one cannot login without an invite code.
Ah, I see. I just tested this and you are correct. That is good enough!
I do still have these two extra "blank" users (one admin and one not) that I cannot figure out how to get rid of and cannot edit (I tried to set them to Inactive, but the Save button doesn't appear to do anything), but I also cannot login as them, so I think it's okay. (These users are only in wekan, not in cloudron. My cloudron users are just the ones I expect to see.)
Thanks for the help, and for the update to the docs. You are doing wonderful work trying to make self-hosting feasible for folks willing to try.
Update WordPress to 5.4.2
Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.
@jdaviescoates @girish - I think one way may be to add a flag to each application on the appropriate tab where it shows the SFTP credentials, and have it list all users with access to it with a spot to add users too (and to clarify, I mean specifically for SFTP access, not just the users who have app access).
So it'd be say only "admin" role by default for SFTP access, for example, plus any Cloudron users which are added by an admin as having SFTP access. That way I can have one freelance developer have access to the one project they need, without giving them access to anything else.
Would the above be doable perhaps?
@nebulon thanks. Perhaps make https://cloudron.io/documentation/apps/yourls/ even clearer by saying something like "if you're using Cloudron user integration you do not need to change the admin password, just login using your Cloudron credentials".