Apps

2FAuth

9 70

9 Topics

70 Posts

[1.9.2] Update 2FAuth to 6.1.3 Full Changelog issue #533 Try my luck feature is currently grayed out Some minor UI glitches

Ackee

10 83

10 Topics

83 Posts

[1.8.0] Update Ackee to 3.6.0 Full Changelog Ackee now requires Node.js 24 or newer Vercel deployments and serverless functions (#401, #385)

[1.25.0] Update actual to 26.5.0 Full Changelog View release notes #6685 Added Age of Money report. — thanks sztomi #7220 Add Sankey diagram report with two view modes (spent and budgeted) to visualize money flow through categories — thanks emiltb & andrewhumble

AdGuard Home

41 431

41 Topics

431 Posts

Hi @james now switched to Hetzner Cloud DNS, and the renewal worked. Thanks! Having used the manual wildcard config forever, I however still don't understand, how the first set of certs had been issued, that expired back in February.

Alltube

12 115

12 Topics

115 Posts

This look like a good replacement for Alltube (which we were using) https://github.com/alexta69/metube

Ampache

16 182

16 Topics

182 Posts

[1.25.3] Update ampache to 7.9.3 Full Changelog run:updateCatalogFile: Add -m|--move parameter to move file in the database to a new location run:updateCatalogFolder: Add -m|--move parameter to move all music in a folder to a new location Catch any Garbage Collection error for Albums Garbage collection for Albums missing from the album table License checks on upload not considering int ID's Star ratings scale Advanced Random actions missing joins for Artist and Album Don't limit Album track display by page size Extended orphan_album check in Song search Correct structuredLyrics array

Apache Answer

7 66

7 Topics

66 Posts

[1.7.0] Update answer to 2.0.0 Full Changelog New: AI Assistant feature (@shuashuai @LinkinStars #1479) New: MCP server feature (@LinkinStars @shuashuai #1480) New: API Keys feature (@LinkinStars @shuashuai #1482) New: Editor plugin support (@robinv8 #1481) Fixed: Add user in the Admin, no result prompt after submission (@bimakw #1457) Fixed: Fix/external id notification (@IfDougelseSa #1465) Fixed: fix: expand avatar column length from 1024 to 2048 (@csouls #1463) Fixed: When the input type of SchemeForm is a number, the default value of 0 is not displayed.@shuashuai

ArchiveBox

6 28

6 Topics

28 Posts

@girish I understand. Thanks!

Astral

4 25

4 Topics

25 Posts

Hello @andreasdueren Thanks for the report. Fixing it right now.

Audiobookshelf

8 118

8 Topics

118 Posts

[1.98.0] Update audiobookshelf to 2.34.0 Full Changelog Japanese language and Japan as podcast search region by @na3shkw in #5211 Autocomplete attributes on login and setup fields for password manager support by @meek2100 in #5089 Recent episodes not updating from cache when media progress changes in #5159 Error logging when a podcast's auto-download schedule has an invalid cron expression Public media item shares: use start time passed in query parameter for existing sessions by @pjkottke in #5163 Podcast episode downloads use SSRF filtering on the HTTP request (matches other external requests) Podcast create and update validate the auto-download schedule cron expression and sanitizes the HTML description Playlists, collections, and library item batch API routes enforce library and per-item access

AzuraCast

10 35

10 Topics

35 Posts

Thanks for reporting here @gardinermichael . We have in fact hidden the app package because there were many issues with it and we couldn't manage to get it to be stable . Maybe we should revisit this.

Baserow

39 378

39 Topics

378 Posts

[1.37.4] Update baserow to 2.2.2 Full Changelog [Automation] Send notification when a workflow is disabled #5186 [Core] Allow self-hosted operators to inject custom client-side scripts via environment variables. [Builder] Resolved a bug which prevented users from creating data sources from the data source dropdown's footer. #5118 [Core] Give Kuma the current license tier in its context and steer uncertain feature or plan questions to docs search. #5210 [Core] Hardened user uploaded media serving and neutralized active-content file uploads by default. [Builder] stop infinite /dispatch-data-sources/ refetch loop in page editor

Beszel

5 64

5 Topics

64 Posts

[1.6.6] Update beszel to 0.18.7 Full Changelog Add more disk I/O metrics (utilization, read/write time, await, queue depth) (#1866) Add ability to copy alerts between systems by @svenvg93 (#1853) Add SENSORS_TIMEOUT environment variable (#1871) Replace distatus/battery with an internal implementation by @svenvg93 (#1872) Restrict universal token API to non-superuser accounts (#1870) Fix macOS ARM64 crashes by upgrading gopsutil to v4.26.3 (#1881, #796) Fix text size for system names in grid view by @Malith-Rukshan (#1860) Fix NVMe capacity reporting for Apple SSDs by @svenvg93 (#1873) Fix Windows root disk detection when the executable is not on the root disk (#1863) Fix nested virtual filesystem inclusion in Docker when mounting host root by @svenvg93 (#1859)

BookStack

13 253

13 Topics

253 Posts

[2.0.4] Update BookStack to 26.03.4 Full Changelog Updated PHP package versions. Updated attachment actions to align page access check. Updated URL validation in webhooks to help prevent escaping workarounds. Fixed issue where exact search term negation would lead to no results. (#6121)

Bugsink

1 5

1 Topics

5 Posts

[0.4.0] Fix env.sh

Build Service

11 129

11 Topics

129 Posts

[2.10.2] Fix cli usage

Cal.com

54 686

54 Topics

686 Posts

@girish I would be surprised if they were to backtrack that move. The developers were always one step towards that direction, they simply used AI scanners as an excuse to close the code earlier (which was arguably pretty much already closed). It's only a matter of time before the "new" https://github.com/calcom/cal.diy repo gets archived.

Calendar

9 35

9 Topics

35 Posts

Sorry, this could be a result in anonymizing it. I edited all entries manually in the end... -.- There is a version 6 actually. I think I'll try the update now. ^^

Calibre Web

35 327

35 Topics

327 Posts

[1.35.0] Update calibre to 9.8.0 Full Changelog

Castopod

18 157

18 Topics

157 Posts

Hello @luckow This is not documented very well. Had to look into the Castopod code to find the URL path to the API. https://github.com/ad-aures/castopod/blob/bc041702dd8058ae8e1831b9609827c911a5a626/modules/Api/Rest/V1/Config/RestApi.php#L35 public string $gateway = 'api/rest/v1/'; So the full URL would be https://castopod.cloudron.dev/api/rest/v1/podcasts curl https://castopod.cloudron.dev/api/rest/v1/podcasts [] After creating one: curl https://castopod.cloudron.dev/api/rest/v1/podcasts [{"id":1,"guid":"2bdee7b8-8131-5888-b4da-713d7b3a124a","actor_id":1,"handle":"demopadcast","title":"Demo Podcast","description_markdown":"DESC","description_html":"<p>DESC</p>\n","cover_id":3,"banner_id":null,"language_code":"en","category_id":1,"parental_advisory":null,"owner_name":"james","owner_email":"james@cloudron.example","is_owner_email_removed_from_feed":true,"publisher":"","type":"episodic","medium":"podcast","copyright":"","episode_description_footer_markdown":null,"episode_description_footer_html":null,"is_blocked":false,"is_completed":false,"is_locked":true,"imported_feed_url":null,"new_feed_url":null,"payment_pointer":null,"location_name":null,"location_geo":null,"location_osm":null,"verify_txt":"","custom_rss":null,"is_published_on_hubs":false,"partner_id":null,"partner_link_url":null,"partner_image_url":null,"is_premium_by_default":false,"created_by":1,"updated_by":1,"published_at":null,"created_at":{"date":"2026-03-03 11:06:44.000000","timezone_type":3,"timezone":"UTC"},"updated_at":{"date":"2026-03-03 11:06:44.000000","timezone_type":3,"timezone":"UTC"},"feed_url":"https://castopod.cloudron.dev/@demopadcast/feed.xml","actor_display_name":"Demo Podcast","cover_url":"https://castopod.cloudron.dev/media/podcasts/demopadcast/cover.jpg","categories":[{"id":1,"parent_id":null,"code":"arts","apple_category":"Arts","google_category":"Arts","translated":"Arts"}]}]

Change Detection

28 375

28 Topics

375 Posts

[1.30.1] Update changedetection.io to 0.55.3 Full Changelog

Chatwoot

61 437

61 Topics

437 Posts

[1.51.0] Update chatwoot to 4.13.0 Full Changelog Better Help Center editing with tables, slash commands, and GuideJar embeds Participating tab for conversations Smarter automations and macros for assignment and private notes Assignment v2 enabled by default for new accounts Captain Custom Tools, bulk document deletion, and AI workflow improvements Signed webhooks for API Channel and Agent Bot webhooks Reliability fixes across WhatsApp, LINE, Email, Widget, and webhooks Numerous bug fixes and enhancements Note: If you use API Channel or Agent Bot webhooks, Chatwoot now generates dedicated signing secrets and sends signed webhook headers. Update your webhook verification flow to use the new signing secrets.

Collabora Online (CODE)

38 496

38 Topics

496 Posts

[1.47.0] Update code to 25.04.9.3.1

Comentario

3 30

3 Topics

30 Posts

[1.8.0] Update comentario to 3.17.0 Full Changelog Add custom moderator name feature (#222) - 66d2bcc, 753451c, 61cc240, ff9e89f, 400f7e5, 8425ce6, 4bab9e2, c1a4ec3, 467bcc0 Add support for PostgreSQL 18 (#224) - 84c93da Backend: fix resource leak in DecompressGzip() - 58cfbe7 Backend: fix Postgres restart loop with a non-public schema (#225, !24) - 9137e53, 4476b1b I18n: add Portuguese messages (pt) by @pt.cesar.monteiro - bbc7303 I18n: add Ukrainian translation (uk) by @kleindberg - 3e7ca17 Go 1.26, update dependencies, modernise code - 33d3044, a4232a7, 4605e5c, cab77fb, 3b97e19, 58a1146, 53e905a, 8464344, 1e193e3, 0c1de70, 8c7cc53 Demo website: add predefined comments to Ukrainian page (also !30) - 724a0ad Demo website: fix comment and config statements - 2a3516d, 25e7a30

Commento++

12 81

12 Topics

81 Posts

@gh0stface yup, they made a release yesterday it seems and it should have the PRs we made upstream. @vladimir-d is checking the package again.

Confluence

20 127

20 Topics

127 Posts

@girish Yep, exactly that. AnyType and Appflowy are growing in popularity. Would be nice to see them

Contacts

5 25

5 Topics

25 Posts

[0.6.0] Update contacts to 0.6.0 Change UI to sentence case Improve duplicate contacts resolving

CouchPotato

4 25

4 Topics

25 Posts

@atridad Thanks for the heads up, the app is gone from our library as well.

CryptPad

16 105

16 Topics

105 Posts

[1.13.5] Add optional OpenID integration

Ctfreak

6 95

6 Topics

95 Posts

[1.28.1] Update ctfreak to 1.38.1 Full Changelog

Cubby

48 380

48 Topics

380 Posts

Fixed by: https://forum.cloudron.io/post/121664

Dawarich

12 86

12 Topics

86 Posts

[1.12.4] Update dawarich to 1.7.5 Full Changelog Manual transportation-mode correction per segment in the map view, with a one-click reset to auto-detection. Manually-corrected segments are preserved across re-classification. #2405 Per-user transportation-mode allowlist in the map settings panel. Disabled modes are excluded from auto-detection going forward; existing tracks stay as they are until you press "Re-classify my history". #2405 Track duration and average speed are now refreshed whenever a track's path is rebuilt (e.g. after a merge), instead of keeping their pre-merge values. To heal tracks already affected, click Map v2 Settings Recalculate tracks & stats once after upgrading. Visited-country statistics no longer count countries that were merely flown over. Points moving faster than 500 km/h are now excluded from the country and city aggregation. Trains and high-altitude cities (Denver, Mexico City, La Paz, Lhasa, ) continue to count as visited. Previously-saved monthly stats are not recomputed automatically re-run stats calculation to refresh historic months. #1917 Server-rendered timestamps (Points, Places, Imports, Exports, account settings, trial banner) now display in the user's profile timezone, matching the Maps tab. Previously, the time and tooltip could fall back to the server's default zone, drifting by hours. Invalid stored timezones no longer raise. #1824 "Start Reverse Geocoding" now actually re-runs for every point in your database previously it silently skipped any point that had already been geocoded, even though the button promised a full re-run. #2141 Map v2 date-navigation arrows (< / >) now shift the time window by exactly one day, matching Map v1. Previously they shifted by the current window width, so a 00:0023:59 selection paged back by 23h59m instead of 24h. #2548 Visit suggestions are now generated from live tracking (Dawarich iOS app, OwnTracks, Overland, Traccar), not just from imports. Previously, only imported data triggered visit detection. Visit suggestion still requires a configured reverse geocoder (Photon, Geoapify, Nominatim, or LocationIQ). #1749, #1966 "Start Reverse Geocoding" and "Continue Reverse Geocoding" now enqueue Sidekiq jobs in bulk batches of 1,000 instead of one round-trip per point. For large databases (millions of points) this drops the enqueue phase from minutes to seconds. Per-point geocoder rate-limit behavior is unchanged. #2141 Trips that cross midnight in the user's timezone now contribute distance and time to both calendar days, instead of being attributed entirely to the day they started. The timeline day summary, the calendar heat grid, and adjacent-day km totals all reflect the trip on each day it actually spans. #2544, #2546

Directus

63 639

63 Topics

639 Posts

[2.17.4] Update directus to 11.17.4 Full Changelog Updated the token field on the user detail page to require confirmation before regenerating or removing a token, and saved those changes immediately without requiring a page-level save. (#27108 by @LZylstra) Added opt-in must-revalidate and ETag headers for assets via ASSETS_CACHE_REVALIDATE env var (#27027 by @gaetansenn) Added a force option to schema apply to bypass hash check (#27136 by @Nitwel) Fixed UI freeze when navigating items with WYSIWYG translations for non-admin users (#27154 by @gaetansenn) Fixed selection not being cleared after running a manual flow from the collection list view sidebar (#27330 by @kropsi) Fixed "Save as copy" in the file library throwing a 403 Forbidden error (#27181 by @sanskar-soni-9) Fixed user token not being displayed after generation when collaboration is enabled (#27319 by @LZylstra) Fixed flows not awaiting reload (#27137 by @Nitwel) Fixed VERSION_SAVE activity/revisions not respecting collection tracking settings (#27096 by @yogeshwaran-c) Denied creating collections with / in name (#27114 by @costajohnt)

Discourse

88 758

88 Topics

758 Posts

[2.14.0] Update discourse to 2026.4.0 Full Changelog

Docker Registry

24 265

24 Topics

265 Posts

[2.7.1] Update distribution to 3.1.1 Full Changelog Fixes CVE-2026-41888 Bounds-check the file basename in PurgeUploads Walk callback Add S3 Express One Zone support to the S3 storage driver (#4858) Fix tag list endpoint in proxy mode (#4846) Clamp oversized n query parameter in proxy mode instead of returning 400 (#4856)

Docmost

4 38

4 Topics

38 Posts

Hi @joseph Thanks for this. I can confirm that vector is now enabled. Docmost is still complaining when I activate the option, but I see no "page_embeddings" tables at the moment so I will wait for a potential background creation and report. Thanks again,

Documenso

13 111

13 Topics

111 Posts

@james Thanks for the quick response! I started out with the SSO option because I prefer it, but user invites were failing to go through the create account flow. They received an e-mail, but when clicking the link to create the account it took them straight to the sign-in page.

Documize

12 63

12 Topics

63 Posts

[1.12.0] Update community to 5.14.0 Full Changelog Added Spanish language support

DocuSeal

17 257

17 Topics

257 Posts

[1.15.2] Update docuseal to 2.5.2 Full Changelog Fixed expired submissions filter. Bug fixes, security hardening, and performance improvements.

Dokuwiki

17 130

17 Topics

130 Posts

[1.26.0] Update dokuwiki-plugin-oauth to 2025-10-23

Dolibarr

38 322

38 Topics

322 Posts

This can happen in this step: => PREV_DOLIBARR_VERSION=`php /app/code/htdocs/install/get-version.php` Log: 2026-02-07T13:35:00Z ==> Starting Dolibarr 2026-02-07T13:35:03Z #0 /app/code/htdocs/core/class/conf.class.php(561): DoliDBMysqli->query() 2026-02-07T13:35:03Z #1 /app/code/htdocs/install/get-version.php(28): Conf->setValues() 2026-02-07T13:35:03Z #2 {main} 2026-02-07T13:35:03Z PHP Fatal error: Uncaught Error: Call to a member function query() on false in /app/code/htdocs/core/db/mysqli.class.php:355 A shell script with set -e stops when If an error occurs. The script does not have an error handling in such cases, therefore the lock file is still in /tmp. With error handling trap 'echo "Houston we have problem"; [[ -f /tmp/install.lock ]] && mv /tmp/install.lock /app/data/dolibarr/install.lock; exit 1' ERR

Easy!Appointments

13 88

13 Topics

88 Posts

[1.7.2] symlink HTMLPurifier cache path

Emby

12 98

12 Topics

98 Posts

[1.18.2] Update Emby.Releases to 4.9.3.0 Full Changelog Add user option to set user's auto remote quality Add library option to use legacy folder scanning method Music transcoding fixes Add landing tab option for book libraries Support volume control with youtube trailer player Update mixed content tabs to combine Movies & Shows Fix maintenance mode blocking some settings screens Fix embedded audio fields not getting rescanned on file changes Fix loss of genre and collection images after deleting a movie Fix latest section not showing items for some channel plugins

EspoCRM

51 504

51 Topics

504 Posts

Resolved by restoring com.espocrm.cloudronapp@2.20.4 Then updating to Cloudron 2.20.5 Then updating to Cloudron 2.20.6 (EspoCRM 9.3.6) I had a lot of apps going into error when 9.1.6 got installed on a reboot. Upgrading to 9.1.7 (out of beta) fixed most of them, but EspoCRM needed this intervention. Just FWIW if others are encountering the same.

Etherpad Lite

31 278

31 Topics

278 Posts

[4.6.2] Update etherpad-lite to 2.7.2 Full Changelog Accessibility pass: corrected dialog semantics, improved focus management, added missing icon labels, and set the html lang attribute correctly. Chat: clicking the chat icon works again, disabled toggles render properly, and the username layout no longer overflows. /export/etherpad now honors the :rev URL segment, so revision-specific exports return the requested revision instead of the latest. Undo / redo now scrolls the viewport to follow the caret, so reverted edits stay in view. Page Down / Page Up now scrolls by viewport height instead of a fixed line count, matching standard editor behavior on tall and short windows alike. Editbar: caret is restored to the pad after changing a toolbar select, so typing continues in the document instead of falling through to the toolbar. Admin: i18n is restored on /admin so the admin UI is translated again.

evcc

2 103

2 Topics

103 Posts

[1.22.2] Update evcc to 0.306.2 Full Changelog Fritz!: optional unit parameter for multi-unit smarthome devices (BC) (#29570) MCP: make configurable via UI services card (BC) (#29535) OpenWB 2.0: manually configure rfid (BC) (#29352) sma-hybrid: separate max charge/discharge power (BC) (#29551) Add Anker SOLIX X1 (#29548) Add Solinteg meter (#29543) Custom charger: add optional finish timer (#29600) HomeAssistant Charger: add heating, integrateddevice (#29632) EVBox Elvi: fix template (#29652) Solis Hybrid S: fix power decoding (#29547)

Fider

6 37

6 Topics

37 Posts

[2.0.0] Update fider to 0.33.0 Full Changelog Please note new license changes Open Core Licensing: Some features (content moderation, search indexing) are now gated as pro features, with a new commercial licensing system using separate private/public key environment variables. Content Moderation (Pro): Admins can now moderate posts and comments before they go public, trust or block individual users, and manage pending content from a dedicated admin page. Content moderation is available as a pro feature. Revamped UI: The home page and post detail view have been refreshed with a cleaner design, better dark mode support, improved mobile layouts, and post details now open in a modal without a full page reload. Security: Sign-in email links now use a strong 64-character key (manual entry still uses a 6-digit code for convenience). Fixed search with hyphenated words Option to keep failing webhooks enabled rather than auto-disabling them Fixed issue adding links via the toolbar button Fixed filter/sort state persisting when navigating back from a post Fixed vote listing issues Post tags now update live in the listing without a page reload

FilePizza

4 34

4 Topics

34 Posts

[1.15.0] Update filepizza to 60704b4

FindMyDevice

2 13

2 Topics

13 Posts

[1.1.1] Update fmd-server to 0.14.1 Full Changelog Initial translation support, by @warioishere (#64) Translate web interface in many languages (thank you translators!) Fix hosting in sub-directory (#132) Graceful shutdown when SIGINT or SIGTERM is received (#139)

Firefly III

22 273

22 Topics

273 Posts

[3.12.1] Update firefly-iii to 6.6.2 Full Changelog MR 12179 (implement password validation JS script) reported by @tasnim0tantawi MR 12182 (fix shrinked sidebar expanding when navigating by clicking on icons) reported by @tasnim0tantawi Issue 12169 (The 'Running balance' column is not showing the respective calculation instantly for new records that use 'Rules') reported by @jgmm81 Issue 12186 (Set a year validator accepted by the system when saving or editing a transaction) reported by @jgmm81 Fixed an issue where oAuth tokens could be generated before you confirmed your 2FA state. This would allow access to your data when your password was stolen, despite you having MFA enabled.

Formbricks

6 107

6 Topics

107 Posts

[2.9.5] Update formbricks to 4.9.5 Full Changelog fix: backport account deletion authorization (#7901) by @xernobyl in #7903

Forgejo

5 19

5 Topics

19 Posts

[1.1.1] Update forgejo to 15.0.1 Full Changelog See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/15.0.1.md

FreeScout

70 784

70 Topics

784 Posts

[1.16.9] Update freescout to 1.8.218 Full Changelog Added indexes to several tables (#5328) Fixed decoding ISO-2022-JP emails (#5356) Require DB Password and check PHP Path direcotory in tools.php (Security: GHSA-jx2w-fhmw-rg39) Patched PHPUnit (Security: GHSA-qrr6-mg7r-m243) Fixed Helper::linkify() for emails (#5362) Do not allow to merge convesation with itself. Fixed linking messages into conversations (#5372) Fixed fetching emails into multiple mailboxes (#5368) Do not log "Untrusted host" error (#5361) Allow to use CIDR in APP_REMOTE_HOST_WHITE_LIST (#5363)

FreshRSS

19 152

19 Topics

152 Posts

@joseph Ok, I’ll take a better look of system because it seems strange

Funkwhale

2 14

2 Topics

14 Posts

@joseph As I understood it, not even that. MEDIA_ROOT is where all media uploaded gets stored. MUSIC_DIRECTORY_PATH is like an import folder where you can manually upload files that then get imported. But I am not 100 % certain, it is still confusing for me.

Ghost

83 1k

83 Topics

1k Posts

[4.167.0] Update ghost to 6.36.0 Full Changelog Added direct access-code entry for private sites - Jonatan Svennberg Moved private site controls into Access settings (#27390) - John O'Nolan Fixed RTL languages rendering left-to-right in newsletter emails (#27357) - Jannis Fedoruk-Betschki Declared lodash as a phantom dep in apps/admin - Rob Lester Preserved trailing slashes inside admin redirect query values - Rob Lester Fixed admin deep-link redirect when URL has a trailing slash - Rob Lester Fixed What's New banner breaking on null changelog fields - Rob Lester Fixed missing favicon and apple-touch-icon in React admin (#27528) - leafwind Added missing empty state for members (#27463) - Weyland Swart Fixed member import tier mapping (#27612) - Jonatan Svennberg

Gitea

50 437

50 Topics

437 Posts

I've just encountered the exact same issue. Not sure if upgrades are breaking things or what's going on. I resolved 500 internal server error upon login by resetting password via webui, clicking the link, using the same password + topt in the reset page, logging out and logging back in.

GitHub Pages

20 149

20 Topics

149 Posts

Yes, it's only jekyll. Not an expert on next.js but I think it also needs a backend right ? If so, you have to create a custom package - https://docs.cloudron.io/packaging/tutorial/

GitLab

62 640

62 Topics

640 Posts

[1.115.1] Update gitlab-foss to 18.11.2 Full Changelog Expose X-Streaming-Format header for api requests (merge request) Fix JSON tables with non-string values Enforce pagination in issuable discussions endpoint (merge request) Unwrap nested a no matter how they're produced (merge request) Fix OAuth token not rejected (merge request) Owner of a project (Developer in the top-level group) can create a fork inside... (merge request) Add configurable Markdown length limit (merge request) Fix CSRF bypass via parser-differential in GraphQL API (merge request) Fix TOCTOU vulnerability in Web IDE asset authorization (merge request) Validate JSON-like responses regardless of Content-Type header (merge request)

GLPI

2 11

2 Topics

11 Posts

[1.1.3] Update glpi to 11.0.7 Full Changelog Dashboards can now be reset to the state it would have after a clean install. This is only available for dashboards added by GLPI itself. CLI command security:change_oauth_key to (re)generate the OAuth keys. This can be used to change keys or to create them in the case they fail to be created during the installation/update process. The Planning widget on the homepage now only shows events +/- 1 year from the current date instead of 5 to improve performance. The planning widget on the homepage no longer shows completed events to improve performance and relevance. "Associate to an appliance" and "Remove from a rack" actions removed for templates.

Gogs

7 59

7 Topics

59 Posts

[1.23.1] Update gogs to 0.14.2 Full Changelog Security: Cross-repository LFS object overwrite via missing content hash verification. #8166 - GHSA-gmf8-978x-2fg2 Security: Stored XSS via data URI in issue comments. #8174 - GHSA-xrcr-gmf5-2r8j Security: Release tag option injection in release deletion. #8175 - GHSA-v9vm-r24h-6rqm Security: Stored XSS in branch and wiki views through author and committer names. #8176 - GHSA-vgvf-m4fw-938j Security: DOM-based XSS via issue meta selection on the issue page. #8178 - GHSA-vgjm-2cpf-4g7c Unable to update files via web editor and API. #8184

Grafana

22 248

22 Topics

248 Posts

[2.5.1] Update grafana to 13.0.1 Full Changelog Dashboard: Preserve timezone user-preference when converting V1 V2 #122673, @ivanortegaalba Provisioning: Include dashboard validation errors in pull request comments #122433, @gttrigger Unified storage: Skip migrations if dualwrite state shows they were already migrated #122880, @stephaniehingtgen

Grav CMS

12 131

12 Topics

131 Posts

[1.9.1] Update grav to 1.7.52 Full Changelog GPM client now sends the running PHP version with index requests so the server can substitute PHP-aware compat fallbacks when a plugin's latest release requires a newer PHP than the client can run. [security] Extended default uploads_dangerous_extensions to include md, yaml, yml, json, twig, ini page-content extensions that can be weaponised via permissive form-upload accept policies (GHSA-w4rc-p66m-x6qq, defense-in-depth alongside the Form 9.1.0 plugin fix). Added foundation for migrating to Grav 2.0: cross-major auto-upgrades are blocked in GPM, and core now surfaces a next_major hint so admin can point users at the new migrate-grav plugin Added compatibility: blueprint support so plugins/themes can declare which Grav versions they support Added self-upgrade preflight that flags incompatible plugins/themes and psr/log / Monolog conflicts before proceeding Added upgrade resilience with automatic maintenance mode and opcache reset during self-upgrade Added new cache-cleanup CLI command to prune obsolete cache entries Added new onFlexDirectoryConfigBeforeSave event for Flex More readable time output in bin/grav logviewer #4009 Fixed selectize field losing values when keyed options were used

Greenlight

19 165

19 Topics

165 Posts

[1.11.1] Update greenlight to 3.8.2.2 Full Changelog Allow html tags in maintenance banner

Grist

4 24

4 Topics

24 Posts

Fix landed in the latest package now.

Guacamole

55 318

55 Topics

318 Posts

Hello @albertbeaufrand and welcome to the Cloudron Forum This topic is a duplication of https://forum.cloudron.io/post/97415 and will be merged into it. Please read the responses above to get the full answer to your question.

Hastebin

4 23

4 Topics

23 Posts

App discontinued due to no upstream updates.

HedgeDoc

18 144

18 Topics

144 Posts

[1.21.5] Update hedgedoc to 1.10.8 Full Changelog Fix data loss when 5+ users edit a document concurrently, caused by the OT client discarding operations during revision gap recovery (#6342) Add defensive null checks to hex2rgb to prevent crashes from non-hex color values

Home Assistant

10 133

10 Topics

133 Posts

[1.18.4] Update core to 2026.4.4 Full Changelog Fixed Kodi Media Browsing (@albaintor - #165819) (kodi docs) Fix Victron BLE false reauth on unrecognised advertisement mode bytes (@rajlaud - #168209) (victron_ble docs) Fix case-sensitive MIME type check in Google Generative AI TTS (@MohamedBarrak3 - #168458) (google_generative_ai_conversation docs) Fix MQTT JSON light restoring None color_mode on startup (@noerstad - #168608) (mqtt docs) Add Roborock fan speed validation and error handling (@allenporter - #168623) (roborock docs) Correct state/device class for water in gardena (@elupus - #168637) (gardena_bluetooth docs) Cancel and await idle_start future if the task was canceled after an IMAP connection was lost (@jbouwh - #168662) (imap docs) Validate local_only user property during ws auth phase (@edenhaus - #168812) (http docs) (websocket_api docs) Slow down Tractive API polling to avoid 429 too many requests (@bieniu - #169057) (tractive docs) Validate local_only user for signed requests (@edenhaus - #169066) (http docs)

Humhub

27 250

27 Topics

250 Posts

[1.9.1] Update humhub to 1.18.1 Full Changelog Fix #8003: Migration::foreignIndexExists() doesn't find tables in braces Fix #8002: Comment dropdowns truncated (e.g. to select a title) Fix #8007: Fix unsaved changes warning on Profile Edit page Fix #8008: Space Tour Wrong Target for "Preferences" menu Fix #8013: Fix error displaying on update a module Fix #8009: Administration Group label misplaced Fix #8012: Modal backdrop over the account deletion modal for new Users Enh #8017: Exclude vendor from module i18n extract Fix #8020: Some email notifications are missing auto-contrast for the button text color Fix #8027: Cannot register if showRegistrationForm is disabled

Immich

72 675

72 Topics

675 Posts

[1.99.4] Remove cleanup of legacy vecto.rs extension

IP2Location

6 45

6 Topics

45 Posts

[1.0.1] Add pagination to query log

IT-Tools

5 65

5 Topics

65 Posts

Hello @nichu42 Sorry for the delay. We had a misconfiguration for the CI where the updates were not picked up correctly. App updates should be available now.

Invidious

17 187

17 Topics

187 Posts

[1.12.3] Update companion to 11cc6ac3575ae4ccf39abce672eee8b9dcd4778f

Invoice Ninja

69 1k

69 Topics

1k Posts

[1.22.17] Update invoiceninja to 5.13.21 Full Changelog Fixes for QB push by @turbo124 in #11928

Jellyfin

43 342

43 Topics

342 Posts

Given that this also uses CUDA just like AI acceleration, I guess one also needs the nvidia patched docker container runtime then? But I don't have nvidia cards to test this. If this is the case though and jellyfin does not just work by exposing /dev/dri to the container, then this is not supported and likely hard to support for Cloudron itself, as using a patched container runtime, which does not work on non nvidia systems is very hard for us to test properly.

Jingo

4 18

4 Topics

18 Posts

App discontinued due to no upstream updates.

Jirafeau

13 105

13 Topics

105 Posts

[1.12.1] Update Jirafeau to 4.7.1 Full Changelog Fixed another possibility to bypass the checks for CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066 (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image". When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled. The default value of max_upload_chunk_size_bytes was set to 5000000. Higher values could trigger a bug Chromium-based browsers on servers with HTTP/3 enabled, causing asynchronous uploads to fail.

Jitsi

33 373

33 Topics

373 Posts

Hello @matthiaskurz That is good to read. If you find anything odd with MiroTalk, the maintainer is very active in the forum and is always happy to help. So if you have an issue, just create a topic in the @mirotalk-57bab571 category and the maintainer @mirotalk should see it.

Joplin Server

12 115

12 Topics

115 Posts

Stupid question but when using this does a copy of a user's joplin nots remain on the server or do notes just pass through? My understanding is that webdav files can grow pretty big

JupyterHub

12 138

12 Topics

138 Posts

[1.59.1] Update jupyterhub to 5.4.5 Full Changelog

Kanboard

8 73

8 Topics

73 Posts

[1.17.8] Update kanboard to 1.2.52 Full Changelog fix: revoke public tokens for inactive users fix: use timing-safe comparison for token validation fix: validate task ownership before applying property changes fix: enforce visibility controls for public and unprivileged access fix: use parameterized queries in task finder and iCal

Kavita

7 51

7 Topics

51 Posts

[1.11.0] Update Kavita to 0.9.0 Full Changelog Added: Kavita now has a dedicated queue for downloads with auto-processing, series will now deconstruct to individual items, and it's persistent between reloads. Added: Added the ability to export a reading list to CBL v1 or v2 support Added: You can now craft and save Smart Filters for Reading lists and bind them to your Side Nav/Dashboard as you would Series-based. Changed: Version update checking has been drastically streamlined and made less annoying. Backoff support is implemented, after 5 prompts, Kavita will stop pestering you to update. Changed: Fixed how Kavita creates transactions with SQLite to reduce the 'database is locked' issue. From my testing, database is locked which was happening during reading (webtoon) and from some concurrent scans were eliminated. Changed: Removed all Deprecated APIs (this was communicated last release, I reached out to the big app providers) Fixed: Fixed a lot of endpoints missing access checks Fixed: Fixed the scanner merging several series into one under specific circumstances Fixed: Fixed panels not properly working with the new reading sessions Fixed: Fixed Volume progress tracking not working on Mihon (Thanks @Nedra1998 )

Keycloak

8 104

8 Topics

104 Posts

use this, it worked instantly for me (unlike the quick-theme plugin currently in preview). just drop the exported .jar in the providers folder. github repo: https://github.com/kathari00/keycloak-theme-editor found it here: https://github.com/keycloak/keycloak/discussions/40275#discussioncomment-15935355

Keila

4 26

4 Topics

26 Posts

[1.0.1] Update keila to v0.19.1 Full Changelog Added Italian translation (thanks @energywave) Support for SMTP without password auth. Implements #491 (thanks @ghost1ndshell) Added DISABLE_TZDATA_UPDATES option to disable tzdata updates (thanks @sachabertschibfs) Image resizing in Block Editor & Markdown Editor Significantly improved performance in Markdown editor. (thanks @roadriverrail for reporting) Campaign preview now updates when changing template in campaign settings Public archive pages are now rendered with campaign template Fixed some layout issues with column padding and font styles in Block Editor Fixed flickering images in Block Editor Fixed regression: Restored level 3 headings in Block Editor

Kimai

16 251

16 Topics

251 Posts

[2.50.0] Update kimai to 2.56.0 Full Changelog Added Catalan translation (#5921) New API endpoint to download invoices (#5926) New API endpoint to save invoice meta-fields (#5916) Re-usable ACL checks on teams, xxx_other_timesheet permissions respect teams (#5925) Whitelist PDF context options (#5924) Twig config improvements (#5923) Improved management script ./kimai.sh - please test and leave your feedback (#5909) Translations update from Hosted Weblate (#5911)

Koel

12 190

12 Topics

190 Posts

[1.37.1] Update koel to 9.2.1 Full Changelog fix: properly move playlist between folders / out to root on update by @phanan in #2436 fix: restart radio playback when the on-air station's URL is edited by @phanan in #2438 fix: don't blank-page the app when GitHub is unreachable by @phanan in #2440 fix: arrowleft hotkey now seeks backward, not forward by @phanan in #2442

Kopano Meet

11 132

11 Topics

132 Posts

Running TURN server on port 443 only matters for setups where a Client is unable to contact the server on non-port 443. This is only common in some ultra locked down intranet setups.

Komga

5 62

5 Topics

62 Posts

[1.6.4] Update komga to 1.24.4 Full Changelog omit UserDto.ageRestriction instead of returning null (e3a8cc6) some TOC may not be parsed correctly (5fc0b7e) proxy raw request body to kobo store (4a7d9a6), closes #2289 also accept application/json on Accept header (ddfe65d) incorrect latest series navigation links (717ef82), closes #2285 auth logo issue when using base url (7c00661), closes #2285

Kutt

23 174

23 Topics

174 Posts

[2.4.1] Set supportsDisplayName to false in manifest

LAMP

144 1k

144 Topics

1k Posts

[5.1.2] Update php-src to 8.5.5

LanguageTool

18 171

18 Topics

171 Posts

[1.42.0] Update languagetool to e7b240e

Leantime

22 228

22 Topics

228 Posts

[1.12.2] Update leantime to 3.7.3 Full Changelog fix: backend bug fixes from phase-0 modernization branch by @marcelfolaron in #3289 feat(tokens): add design system CSS custom property definitions by @marcelfolaron in #3290 fix: accessibility, view system, and composer improvements from phase-0 by @marcelfolaron in #3292 fix: ticket PATCH 500 errors, quick-add group context, and UI fixes by @marcelfolaron in #3313 fix: address 6 GitHub issues - session, calendar, postgres, todos, users, ldap by @marcelfolaron in #3315 fix: PostgreSQL ROUND(double precision, int) error on ticket queries (#3301) by @marcelfolaron in #3317 fix: PostgreSQL ROUND error, missing zp_canvas.color migration, and 3.7.2 changelog by @marcelfolaron in #3318

LibreChat

19 160

19 Topics

160 Posts

[1.2.1] Update LibreChat to 0.8.5 Full Changelog Optimized Entra ID Group Sync with Auto-Creation by @Airamhh in #12606 Sidebar Icon Toggle & New Chat History Switch by @danny-avila in #12642 Claude Opus 4.7 Model Support by @danny-avila in #12698 Claude Opus 4.7 Reasoning Visibility by @danny-avila in #12701 Support text/calendar (iCalendar) in Code Outputs by @upman in #12758 Alias Mimetype text/x-markdown to text/markdown by @dlew in #12608 Scope Web Search Results to Own Turn by @danny-avila in #12631 Resolve Action Tools by Exact Name to Prevent Multi-Action Domain Collision by @lrreverence in #12594 Clear Stale Client Registration on invalid_client During OAuth Token Refresh by @danny-avila in #12643 Preserve Selected Artifact When Clicking Artifact Button by @starchow in #12601

LimeSurvey

15 386

15 Topics

386 Posts

Hello @milian.hackradt We have published an app update for @limesurvey. Now you can manage the full configuration in /app/data/, see https://docs.cloudron.io/packages/limesurvey#custom-configuration.

Linkding

15 134

15 Topics

134 Posts

Thank you @necrevistonnezr ... it wasn't obvious to find, for me. I have one now.

Linkwarden

15 160

15 Topics

160 Posts

@girish happy to help, thanks for picking this up!

Listmonk

31 232

31 Topics

232 Posts

@filter i have submitted a PR here - https://github.com/knadh/listmonk/pull/3012

Loomio

7 125

7 Topics

125 Posts

[1.17.11] Update loomio to 3.0.22 Full Changelog STV (Single Transferable Vote) poll type beta. Anonymous by default, results hidden until the poll closes. The form shows a warning asking users to report bugs and feedback on GitHub. Cloudflare Turnstile challenge on password sign-in, login-token requests, signup, and trial creation. Admin login-link sign-in bypasses the challenge; sign-in with a login code also bypasses it. Fixed SQL injection in HasTimeframe via timeframe_for. Blocked SSRF in the link preview service; link previews now require auth and are throttled to 20/hour per user. Direct upload size limit (25 MB trial, 1 GB paid); blocked dangerous uploads. Bumped vue-i18n to 9.14.5 (XSS + prototype pollution). Refresh a user's groups after joining or being added to a group. Return a token error on session failure when a login token is pending; translate sessions errors server-side; surface server errors on login code entry. Fix demo poll cloning (missing opening_at/opened_at). Translation fixes: needs_a_rethink_meaning, "vote in" "vote on", German typo in discard.

Lychee

19 222

19 Topics

222 Posts

[2.44.4] Update Lychee to 7.5.4 Full Changelog Add disabling preloading check in FixTree console by @ildyria in #4226 Fixing discussion #4230 SyntaxError: [sprintf] unexpected placeholder by @TheBullRing in #4231 Fix MySQL error 1390 (too many placeholders) in album/photo deletion path by @Copilot in #4225 Enhance German translation by @hyazinthh in #4239 Finalize German translation by @hyazinthh in #4241 Fix vite 8 building a broken frontend by @ildyria in #4242 Trivy ignore update by @ildyria in #4251 Add turkish template by @ildyria in #4253 Fix notifications by @hyazinthh in #4255 Fix 'rename' string and make ellipses consistent for German by @hyazinthh in #4256

Mailtrain

10 61

10 Topics

61 Posts

@girish That is a super handy feature!

Mastodon

146 1k

146 Topics

1k Posts

[1.17.9] Update mastodon to 4.5.9 Full Changelog Insufficient verification of email addresses (GHSA-5r37-qpwq-2jhh) Updated dependencies Add trademark warning to mastodon:setup task (#38548 by @ClearlyClaire) Fix definition for quote in JSON-LD context (#38686 by @ClearlyClaire) Fix being unable to disable sound for quote update notification (#38537 by @ClearlyClaire) Fix being able to quote someone you blocked (#38608 by @ClearlyClaire)

Matomo

52 436

52 Topics

436 Posts

Hi Cloudron team, I tested the official Matomo MCP Server plugin with the Cloudron Matomo app and ran into what looks like an Apache/PHP auth header issue. Environment Cloudron: 9.1.7 App: Matomo App package: org.piwik.cloudronapp@1.57.0 Matomo: 5.10.0 MCP plugin: McpServer 5.0.3 Plugin source: https://github.com/matomo-org/plugin-McpServer Plugin requirement: Matomo >=5.8.0-rc1,<6.0.0-b1, PHP >=8.1.0 What I did I installed the plugin into: /app/data/plugins/McpServer Then ran: php /app/code/console plugin:install-or-update McpServer --no-interaction php /app/code/console plugin:activate McpServer --no-interaction php /app/code/console core:clear-caches Matomo now sees the plugin: McpServer | Optional | Activated MCP is enabled in the plugin settings: enable_mcp=1 maximum_mcp_access_level=view raw_api_access_scope=none Expected behavior According to the Matomo plugin documentation, MCP clients authenticate by sending: Authorization: Bearer <token_auth> to: /index.php?module=API&method=McpServer.mcp&format=mcp A valid Matomo token_auth should therefore not be rejected with 401 by the MCP endpoint. Actual behavior Unauthenticated request: 401 Authentication required This is expected and confirms that the MCP endpoint exists. Authenticated request with a valid Matomo token_auth as Bearer token: 401 Authentication required The same token works with the normal Matomo Reporting API, so the token itself is valid. Likely cause It looks like Apache/PHP inside the Cloudron Matomo app does not pass: Authorization: Bearer ... through as: $_SERVER["HTTP_AUTHORIZATION"] Matomo core supports Bearer token extraction from HTTP_AUTHORIZATION, and the MCP plugin seems to depend on that. A common Apache fix would be something like: SetEnvIf Authorization "^(.*)$" HTTP_AUTHORIZATION=$1 CGIPassAuth On But in the Cloudron app container, /app/code and /etc/apache2/conf-enabled are read-only, so this cannot be patched persistently from inside the running app. Request Could the Cloudron Matomo package include the required Apache/PHP configuration so Authorization is passed through to PHP as HTTP_AUTHORIZATION? That would make the official Matomo MCP Server plugin usable on Cloudron with Bearer token authentication. Thanks!

Matrix (Synapse/Element)

129 1k

129 Topics

1k Posts

Looks like this can be selfhosted directly using surfer

Mattermost

60 643

60 Topics

643 Posts

The original mattermost is not being maintained. MySQL support was completely dropped form mattermost a while ago. Please see https://forum.cloudron.io/topic/14416/mattermost-11-drops-mysql-support

Mautic

63 501

63 Topics

501 Posts

I know you posted this years ago, but if someone comes by this topic. You select the product (e.g. MaxMind GeoLite City), enter your API Key and hit "Fetch IP Lookup Data Store". [image: 1774617868420-screenshot-2026-03-27-092349.png]

Mealie

8 95

8 Topics

95 Posts

[1.39.0] Update mealie to 3.16.0 Full Changelog feat: Migrate PWA manifest to backend @Choromanski (#7331) fix: Blank query filter builder fields @michael-genson (#7480) fix: preserve ingredient section titles when parsing recipe ingredients @zdenek-stursa (#7483) fix: Misc frontend layout fixes @michael-genson (#7487) fix(deps): update dependency authlib to v1.6.11 [security] @renovate[bot] (#7481) fix(deps): update dependency lxml to v6.0.4 @renovate[bot] (#7485)

MediaWiki

8 88

8 Topics

88 Posts

[3.6.3] Update mediawiki to 1.45.3

Meemo

13 88

13 Topics

88 Posts

[1.20.0] Update meemo to 1.20.0 Full rewrite of the user interface, mostly keeping it behave and look the same Ported the app to vue 3 and vite Remove public note stream

Memos

6 47

6 Topics

47 Posts

[2.0.0] Update memos to 0.28.0 Full Changelog Breaking change: Existing SSO users must link their identity again - If you previously signed in through SSO, sign in once with your username and password after upgrading, then go to Account Settings to link your SSO identity. After the identity is linked, future SSO sign-ins will resolve to your existing Memos account. feat: auth: add SSO user identity linkage (#5883) (d688914) feat: memos: choose created or updated time for memos (#5894) (c268551) feat: redesign account and SSO management (#5886) (ee17998) fix: auth: harden authorization and username validation (#5890) (0fb83a7) fix: disable modal prop on DropdownMenu to prevent scroll disappearing (#5861) (d98f665) fix: fix legacy username auth flows (#5885) (30c0611) fix: markdown: split mixed task and bullet lists (e2c6084) fix: reduce list memo query overhead (#5880) (5063804) fix: web: preserve task checkbox state (#5867) (b5863d7)

Metabase

18 636

18 Topics

636 Posts

[3.8.5] Update metabase to 0.60.3.8 Full Changelog

MicroBin

2 7

2 Topics

7 Posts

@jendrik the ui is a bit confusing. You have to switch the mode to Private . Ideally, that password field should be disabled or hidden when 'Public'. [image: 1777903757310-67cd6c39-a43e-4446-9f92-fe1d26f59591-image.jpeg]

Minecraft

50 494

50 Topics

494 Posts

[2.37.8] Update bedrock to 1.26.14.1

Miniflux

11 96

11 Topics

96 Posts

[1.6.13] Update v2 to 2.2.19 Full Changelog Remove sensitive values (CSRF tokens, OAuth state, session cookies) from log messages. Verify OIDC ID token signatures and claims. Prevent OAuth identity overwrite when already linked. Clear PKCE verifier and CSRF state after use. Validate HTTP status from Google userinfo endpoint. Use HMAC-SHA256 instead of SHA1 for Google Reader API authentication. Use constant-time comparison for token validation. Fix potential DoS when truncating large untrusted input in templates. Reject oversized favicons.

Minio

54 699

54 Topics

699 Posts

@uroni Nicely done!

MiroTalk

48 1k

48 Topics

1k Posts

[2.7.12] Update mirotalksfu to 2.2.44

Monica

16 103

16 Topics

103 Posts

The app package runs the cron job as outlined in https://github.com/monicahq/monica/blob/4.x/docs/installation/providers/generic.md#4-configure-cron-job Can you open a webterminal into the app and run it manually via: sudo -E -u www-data php /app/code/artisan schedule:run and see if it shows an error or sends the mails then?

Moodle

42 342

42 Topics

342 Posts

[4.1.0] Update moodle to 5.2.0 Full Changelog

N8N

152 1k

152 Topics

1k Posts

[4.20.2] Update n8n to 2.18.7 Full Changelog core: Pass userId through webhook test execution path for redaction (#29322) (2300441) core: Restore peer project discovery in share dropdowns (#29565) (bf133fd)

Navidrome

18 163

18 Topics

163 Posts

[1.28.2] Update navidrome to 0.61.2 Full Changelog Another round of bugfixes. Transcoding now properly clamps target channels to codec limits, WAV files play directly in browsers without unnecessary transcoding, and the scanner picks up ORIGYEAR tags for VorbisComment and MP4 formats. Cover art handling got a few fixes too, including configurable max upload size. Plugin developers now get the file path in TrackInfo for Scrobbler and Lyrics plugins. Prevent theme CSS filters from affecting disc cover art. (c91721363 by @deluan) Refine image filters for playing and paused states in SquiddiesGlass theme. (4570dec67 by @deluan) Update Chinese (Simplified) translation. (#5323 by @fxj368) Update Russian translations. (#5329 by @amakeenk) Map ORIGYEAR tag for VorbisComment and MP4 formats, bringing them in line with ID3. (#5303 by @obskyr) Fix issue with empty ID3v2 frames in go-taglib. (1de4e43d2 by @deluan) Always emit required created field on AlbumID3 responses. (#5340 by @deluan) Make max image upload size configurable. (#5335 by @m8tec) Allow shared disc art from unnumbered filenames in single-folder albums. (#5344 by @deluan)

Nextcloud

404 3k

404 Topics

3k Posts

Hello @ntnsndr Best to use the occ to uninstall the app and then try to install it again. If this does not resolve the issue you might have to report this in the nextcloud forum or the GitHub of the polls app directly.

NocoDB

29 291

29 Topics

291 Posts

[1.37.0] Update nocodb | stage to 2026.04.5 Full Changelog

NodeBB

64 532

64 Topics

532 Posts

[2.27.1] Update NodeBB to 4.11.2 Full Changelog test manual dispatcher (3d969f0)

ntfy

13 102

13 Topics

102 Posts

[1.25.0] Update ntfy to 2.22.0 Full Changelog Tighten web push endpoint allow-list regex to prevent SSRF via unanchored pattern matching (GHSA-w9hq-5jg7-q4j7, thanks to @MightyNawaf for reporting) Fix web app not allowing access tokens to be changed to never expire (#1693/#1694, thanks to @lastsamurai26 for reporting and to @ShipItAndPray for fixing) Fix web app crashing on account page for tokens without a last access time (#1651, #1684, thanks to @Pulsar7 and @rzhli for reporting)

Ollama

5 66

5 Topics

66 Posts

Updating ollama from the host system is outside the scope of Cloudron, tbh not sure how that curl+sh even installs, usually such packages are managed by the linux distribution's package manager.

OmekaS

5 45

5 Topics

45 Posts

[1.5.0] Update omeka-s-module-Ldap to 0.7.0 Full Changelog Add update hook on existing ldap user Improve attributes retrieval by asking all ldap attributes and using it potentially in another module

OnlyOffice

51 422

51 Topics

422 Posts

Hello @jdaviescoates Ah! Good to know!

OpenCloud

6 42

6 Topics

42 Posts

[0.9.0] Update opencloud to 6.1.0 Full Changelog Add a flag to the reindex command to force a full reindex [#2606] proxy: Allow mapping from an external tenant id to the internal id [#2569] feat: enable EnableInsertRemoteFile WOPI flag for Collabora [#2555] feat(multi-tenancy): verify tenant via OIDC claim [#2559] Fix race conditions in the hybrid metadata backend [#594] fix: error handling in upload session cleanup [#582] experimental: add darwin watchfs support [#471] Tracing [#596] fix: favorites list, undo delte doesn't return item to the favorites [#2382] feat: handle UI_InsertFile postMessage from Collabora [#2270]

OpenHAB

4 50

4 Topics

50 Posts

[1.8.4] Update openhab-distro to 5.1.4 Full Changelog

OpenProject

24 285

24 Topics

285 Posts

[3.48.1] Update openproject to 17.3.1 Full Changelog Bugfix: Some macros cannot be used (displayed behind modal) while creating a new child via relations tab [#62585] Bugfix: The 'Reload' action in the banner about the meeting being updated in the background no longer auto-scrolls to the previous position [#70559] Bugfix: Items multiplying on page and page becoming unresponsive when macros and code snippet are used [#73117] Bugfix: Remove a 2FA device from a user as admin does not work [#73218] Bugfix: Error when changing wp type from the wp list [#73224] Bugfix: Internal error on custom actions form [#74131]

Open Web Calendar

4 34

4 Topics

34 Posts

Hi @girish so I learned something while setting up my Radicale and OWC. It seems like the calendar client publishing in to the ICS in Radicale (or wherever your ICS source lives) can matter. When I used the Calendar app on macOS I saw no descriptions. When I used Thunderbird I do. You can see it on my live page that has the OWC page in an iframe https://kb.filewave.com/books/community-engagement/page/customer-event-schedule and if you click on events in the agenda then the description shows. I think initially I was also hoping to show description on the Agenda page without clicking on an event but originally I was bothered that I just couldn't get description to show up. So now it does at least show up when you click an event. I haven't looked at why Calendar doesn't make a summary that shows and Thunderbird does but I'm fine using Thunderbird to put events in my calendar feed.

OpenWebUI

78 714

78 Topics

714 Posts

new package is out

oPodSync

3 14

3 Topics

14 Posts

[1.1.4] Fixup docs link

osTicket

15 93

15 Topics

93 Posts

osTicket has finally officially announced osTicket 2.0, with an RC1 being released "shortly". They launched a new site https://next.osticket.com/ to showcase the work that has been done and a video demo.

Outline

29 191

29 Topics

191 Posts

[1.22.1] Update outline to 1.7.1 Full Changelog MCP responses now include breadcrumbs (#12203), summaries (#12241), and title guidance (#12242) MCP now has delete_document and delete_collection tools (#12245) Per-share branding lets you override the title and logo on individual public shares (#12003) Self-hosted instances can now tune rate limiting with the new RATE_LIMITER_MULTIPLIER configuration option (#12226) Shift-Tab on a list item inside a toggle block no longer outdents the entire block (#12162) Code blocks now expand correctly when printing (#12193) API keys created with global read/write scope are now saved correctly (#12225) Post-login redirects with invalid paths are now handled correctly in Firefox (#12218) Autofocus now works inside lazy-loaded modals and popovers (#12146) Resolved a parseXML error originating from the AWS SDK (#12231)

Owncast

17 104

17 Topics

104 Posts

[1.6.2] Update owncast to 0.2.5 Full Changelog fedi_spin.gif as a new emoji. #4721 Add support for federation shared inboxes #4212 Add require chat authentication to take part in chat #4732 Favicon customization #868 Explicitly mention shortcut keys in video player #3785 Remove special characters from auto-generated stream keys as not all broadcast software support them #4690 Sanitize actor displaynames #4864 Fediverse followers contact name / profile picture now get updated and invalid users get removed #2923 Fediverse action titles can overflow in chat #4773 Path Prefix for S3 Not Working On file cleanups #4784

PairDrop

3 16

3 Topics

16 Posts

[1.3.0] Update base image to 5.0.0

Paperless-ngx

65 550

65 Topics

550 Posts

[1.52.0] Update gotenberg to 8.32.0 Full Changelog Reverted SSRF defaults (breaking vs 8.31.0). 8.31.0 blocked private-IP destinations by default, which broke deployments running Gotenberg inside a private network. 8.32.0 restores the 8.30.x permissive defaults. Operators with internet-facing APIs opt into the strict posture via the new flags below. Rejected file:// at /forms/chromium/convert/url. Submitting url=file:///tmp/... used to let an unauthenticated caller enumerate the request working directory and read other in-flight uploads as rendered PDFs. The route now returns HTTP 400 for any file:// URL. Required uploaded file for image / pdf stamp and watermark sources. Twelve callsites accepted stampSource=pdf or watermarkSource=pdf with an expression pointing at any path the Gotenberg process could open, even when no file was uploaded. Handlers now return HTTP 400 unless the caller uploaded a matching file. Scoped file:// sub-resources to the request working directory. Crafted HTML could reference another request's file:///tmp/<reqdir>/.... The CDP request handler now restricts file:// sub-resources to the current request's directory. /convert/url and /screenshot/url reject every file:// sub-resource outright. Hardened Chromium against DNS rebinding. A short-TTL DNS authority could return a public IP at validation and a private IP at connect. A loopback HTTP / CONNECT proxy now sits between Chromium and the network, resolves DNS once, and pins the dial to the resolved IP. Skipped when --chromium-proxy-server or --chromium-host-resolver-rules is set. Filtered LibreOffice outbound fetches through a proxy. Uploaded OOXML, RTF, and ODF files can embed external URLs that LibreOffice's libcurl resolves below every Go-side SSRF filter. LibreOffice now routes every outbound fetch through an in-process forward proxy on the same gotenberg.DecideOutbound path Chromium and webhook delivery use. See the four new flags below. Recovered webhook async panics. High-concurrency webhooks could panic the async goroutine and crash the whole process. The goroutine now snapshots the request context and recovers any future panic through the existing error path. LibreOffice outbound URL filtering. Four flags mirror the Chromium and webhook layout: --libreoffice-allow-list, --libreoffice-deny-list, --libreoffice-deny-private-ips, --libreoffice-deny-public-ips. All default permissive. IP-class filtering on four modules. chromium, webhook, api-download-from, and libreoffice each accept matching deny-private-ips and deny-public-ips flags. All default to false. Charts print as blank rectangles (#1531, #1532, #1534, #1535 chromedp v0.15.0 suspended the BeginFrame-driven callback dispatch loop under emulatedMediaType=print. requestAnimationFrame, ResizeObserver, IntersectionObserver, CSS transitionend, and CSS animationend all stopped firing. Pinning chromedp back to v0.14.2 restores native dispatch.

Paperwork

2 11

2 Topics

11 Posts

You can still install it like this https://my.<cloudron>/#/appstore/rocks.paperwork.cloudronapp . But note that it was last updated 3 years ago. I tried to build a new version with latest with PHP a year ago and the app was not even building anymore. They have been re-writing a new version for a couple of years now.

PeerTube

101 890

101 Topics

890 Posts

[4.6.6] Update peertube-plugin-auth-openid-connect to 1.1.0

Penpot

20 161

20 Topics

161 Posts

[1.16.4] Update penpot to 2.14.4 Full Changelog

Phabricator

6 24

6 Topics

24 Posts

App discontinued due to no upstream updates.

PHP Server Monitor

4 12

4 Topics

12 Posts

The upstream project has not released in almost 3 years now. We had to build from develop to get some PHP 8 support going, but there are bugs like https://github.com/phpservermon/phpservermon/issues/1196 , https://github.com/phpservermon/phpservermon/issues/1232 . There's also a bunch of basic issues: Normal user cannot login after admin user logs in. Some issue related to service worker. LDAP functionality is incomplete

Piwigo

5 63

5 Topics

63 Posts

[3.4.0] Update Piwigo to 16.4.0 Full Changelog Release note

Pixelfed

80 670

80 Topics

670 Posts

Seems like for some unknown reason putting the app in debug mode and back out of debug mode fixed it.

Planka

2 10

2 Topics

10 Posts

It's a bit convoluted, but setting OIDC_IGNORE_ROLES=true in the /app/data/env at least lets you persist role changes across restarts/re-auths when using SSO. Otherwise each SSO-login will reset the roles based on their OIDC groups based role assignment. That way you could: a) login via SSO b) logout and re-login with the default admin c) make your SSO logged in user an admin d) deactivate the default admin And have a usable system through Cloudron SSO.

PocketBase

9 136

9 Topics

136 Posts

[1.15.4] Update pocketbase to 0.37.5 Full Changelog Fixed password fields not being detected as changed (#7670). Added the local time zone name next to the date field label. Reload trusted proxy info UI after settings save. Other minor improvements (skips the duplicated record ids from the IN expand list, reordered confirm-email-change error checks to minimize enumeration attacks, etc.).

Postiz

22 216

22 Topics

216 Posts

Hi, It looks like the package is gone from the cloudron supported apps, has anyone tried self-hosting it by following the official method as presented in their doc, with success? (https://docs.postiz.com/quickstart)

Pretix

9 74

9 Topics

74 Posts

[1.7.1] Update pretix to 2026.4.1 Full Changelog

PrivateBin

8 58

8 Topics

58 Posts

[1.11.4] Update PrivateBin to 2.0.4 Full Changelog ADDED: Translations for Swedish & Persian CHANGED: Deduplicate JSON error message translations CHANGED: Refactored translation of exception messages CHANGED: Upgrading libraries to: DOMpurify 3.4.1, ip-lib 1.22.0, polyfill-php80 1.34.0 & zlib 1.3.2 CHANGED: Remove obsolete X-XSS-Protection header (#1825) FIXED: Some exceptions not getting translated FIXED: Attachment disappears after a "paste" in the message area (#1731) FIXED: The content format is not reset when creating a new document (#1707)

Prometheus

19 223

19 Topics

223 Posts

[1.15.1] Update alertmanager to 0.32.1 Full Changelog [BUGFIX] dispatcher: Fix issue with dispatching to a contended route. #5179 [BUGFIX] ui: Provide prebuilt ui assets in release. #5191 [ENHANCEMENT] ui: Support building artifacts in containers with Docker or Podman. #5102

qBittorrent

6 103

6 Topics

103 Posts

[2.26.0] Update VueTorrent to 2.32.0 Full Changelog download_path for categories (#2633) (c975533) TorrentDetail: Add default tab selection in settings (#2623) (144f552) CookiesManager: Allow import from empty menu (3f4f571) RSS: Improve performance (c6d9ddc)

Radicale

15 157

15 Topics

157 Posts

[2.14.1] chore(deps): update dependency radicale to v3.7.2

Rallly

16 192

16 Topics

192 Posts

[2.10.0] Update rallly to 4.10.0 Full Changelog Version tile in the control panel showing the running version and whether an update is available (#2355, #2351, #2348) Send poll response confirmation email in the respondent's locale (#2356) Optimize invite page queries (#2350)

Rainloop

9 75

9 Topics

75 Posts

App discontinued due to no upstream updates.

Redash

14 106

14 Topics

106 Posts

[5.4.0] Update redash to 26.3.0 Full Changelog

Redmine

18 165

18 Topics

165 Posts

[3.11.2] Update redmine_oauth to 4.0.6 Bug: #120 - Undefined method 'url_parameters' for an instance of OauthProvider Domain based self-registration New: #112 - Add DataFlattener for nested data Bug: #115 - Fix redirect loop when OAuth-only login is enabled New: #116 - Add domain-based OAuth self-registration (auto-activate allowlist) Bug: #118 - Cannot save "Alterative name" and "URL parameters"

Release Bell

16 108

16 Topics

108 Posts

Just installed ReleaseBell to monitor the apps I am packaging. But it's not accurate Shows https://github.com/windmill-labs/windmill as v1.457.0 but the actual GitHub page shows 1.645.0 Is there some config I should be changing ? Actually, just noticed it has 2 entries for windmill ( a starred project ), the other showing 1.573.0

Rocket.Chat

70 761

70 Topics

761 Posts

[3.3.0] Update Rocket.Chat to 8.4.0 Full Changelog Adds file thumbnails with image preview to the message composer attachments Adds a new REST endpoint to accept or reject media calls without an active media session Adds externalIds field to livechat visitors for external platform identification. Adds a skipTranspile flag (default false) to webhook integrations. When set to true, the integration script is stored as-is without Babel transpilation matching the 9.0.0 default where Babel is removed entirely. Admins can flip the flag per-integration to validate strict-mode compatibility before upgrading. The field is deprecated and will be removed in 9.0.0. Updates omnichannel routing so agents with offline status are always excluded from assignment. The Livechat_enabled_when_agent_idle setting now only affects agents with away status. Introduces Cold Storage Archiving for Read Receipts to improve performance and scalability in large deployments. Fixed UI becoming unresponsive after clicking "See on Engagement Dashboard" from the workspace info card, which required a manual page refresh to recover. Fixes a bug that could remove all of a user's subscriptions when the user was re-added to a room while still banned. Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates) Fixes an issue where the Omnichannel routing system ignored the Livechat_accept_chats_with_no_agents setting. Now, offline agents are correctly considered for assignment when the setting allows it.

Roundcube

53 362

53 Topics

362 Posts

[2.9.5] Update roundcubemail to 1.6.15 Full Changelog SVG Animate FUNCIRI Attribute Bypass Remote Image Loading via fill/filter/stroke, reported by class_nzm. Fix regression where mail search would fail on non-ascii search criteria (#10121) Fix regression where some data url images could get ignored/lost (#10128) Fix SVG Animate FUNCIRI Attribute Bypass Remote Image Loading via fill/filter/stroke

RSS-Bridge

9 62

9 Topics

62 Posts

@girish said: @rmdes @odie I have updated the app to use symlinks under /app/data/bridges. You can add new bridges there or delete some symlink and add your own. Thank you! Works excellent!

RustFS

1 16

1 Topics

16 Posts

[0.12.0] Update rustfs to 1.0.0-beta.1 Full Changelog

Scrumblr

4 15

4 Topics

15 Posts

Given that the upstream project is not maintained anymore, we have hidden this in the appstore. I had also submitted a PR upstream for a basic issue which is ignored - https://github.com/aliasaria/scrumblr/pull/161

SearXNG

17 237

17 Topics

237 Posts

[2.91.0] Update searxng to aefc3c3

SeaweedFS

1 6

1 Topics

6 Posts

[1.0.0] Update seaweedfs to 4.23 Full Changelog fix(shell): correct volume.list -writable filter unit and comparison by @qzhello in #9231 fix(s3api): return 503 + Retry-After when remote object not cached yet by @chrislusf in #9233 fix(filer): return 503 + Retry-After when remote object not cached yet by @chrislusf in #9236 feat(filer.sync): add -verifySync mode to filer.sync for cross-cluster file comparison by @kisow in #9284 Export file_read_invalid_needles metric for REST read requests on invalid file IDs. by @plisandro in #9241 Export Prometheus metrics for scrubbing operations. by @plisandro in #9264 fix(nfs): reject NFSv4 calls with PROG_MISMATCH so clients fall back to v3 by @chrislusf in #9262 feat(nfs): UDP MOUNT v3 responder + real-Linux e2e mount harness by @chrislusf in #9267 feat(mini): add -bucket flag to pre-create an S3 bucket on startup by @chrislusf in #9302 fix(admin): use protocol-relative URLs for component links so HTTPS clusters don't break clicks by @pmiriyev in #9256

SerpBear

5 35

5 Topics

35 Posts

[1.4.0] Update serpbear to 3.1.0 Full Changelog add subdomain matching functionality (4533737), closes #324 enhance error handling and response structure in scraper functions (4f394c2) minor ui issue (eecf88a) prevent corrupt failed queue file to reset the app settings (c306fa0), closes #328 resolves broken google ads oauth of instances behind reverse proxy (a988b13), closes #326 resolves cron issue with certain port mapping config (d86616a) resolves issue that prevents refreshing all keywords when one fails (77cfa2f)

SFTPGo

13 80

13 Topics

80 Posts

[1.4.1] Update sftpgo to 2.7.1 Full Changelog SFTPD: Added support for OpenPubkey SSH, enabling tighter integration between OpenID Connect and SFTP. Enforced password validation rules also when applied through a group. Fixed an issue where JSON dumps containing command actions failed to load correctly at startup when loaded as initial data. Data Provider: Fixed lock handling issues during migrations that could affect MySQL when migrations are executed concurrently by multiple instances. Fixed a potential path traversal and permission bypass involving specially crafted paths. CVE-2026-30914. Fixed placeholder sanitization in group home directories and key prefixes. CVE-2026-30915. Unified path handling: Prior to this release, the backslash character (\) was treated differently depending on the host operating system: on Linux, it was considered a standard character within a file or directory name, while on Windows, it acted as a path separator. We have now unified path handling across all platforms. Moving forward, both forward slashes (/) and backslashes (\) are strictly evaluated as path separators, independently of the underlying OS.

Shaarli

5 45

5 Topics

45 Posts

[2.18.0] Update Shaarli to 0.16.0 Full Changelog v0.x branches and tags will no longer be maintained after v0.16. Always upgrade to the latest release to receive bugfixes and security patches. docs: update PHP version compatibility table fix stored XSS via suggested tags (GHSA-g3xq-mj52-f8pg) build(deps): update frontend build dependencies (js-yaml/glob)

SickChill

7 50

7 Topics

50 Posts

@girish said in SickChill unlisted from app store: I hope they atleast bring back the issue tracker Out of interest, why does this matter for Cloudron? BTW, someone has replied to the thread I started on Discord informing me that the master releases are these https://pypi.org/project/sickchill/ Doesn't look like there has been a new one since March though.

Shiori

2 15

2 Topics

15 Posts

[1.3.0] Update shiori to 1.8.0 Full Changelog feat(apiv1): refactor tags api (#1075) feat: add PWA support share functionality (#1060) feat: add apis to handle bookmark tags (#1081) feat: allow tag filtering and count retrieval via api v1 (#1079) feat: improve SQLite performance (#1024) feat: reverts message in json output and allows configuration (#1082) feat: support proxy forward headers authentication (#1105) fix: auth validation on existing sessions, rely on token only (#1069) fix: incorrectly set cookie's expires value in login.js (#1049) fix: parse pocket new CSV format (#1112

Simple Torrent

4 41

4 Topics

41 Posts

The upstream project is archived - https://github.com/boypt/simple-torrent/ . There has been no changes in 2 years and modules are not updated.

SnappyMail

33 346

33 Topics

346 Posts

@robi Technically true. And yet the only door you need to overcome to access all your mails.

Snipe-IT

22 216

22 Topics

216 Posts

[1.19.1] Update snipe-it to 8.4.1 Full Changelog Fixed RB-20713: Improved validation of license seat update api endpoint by @marcusmoore in #18576 Fixed #18600 - add filesystem check on health checker by @snipe in #18606 Added maintenances seeder by @snipe in #18612 Added model number as a separate field, added sorting by @snipe in #18613 Fix deprecated string interpolation in controllers by @joelpittet in #18609 Bumped Debugbar to v4 by @marcusmoore in #18485 Adds #11741 currently assigned license table to license checkout by @Godmartinz in #17964 #5947 - roll up bulk asset checkout email by @marcusmoore in #18095 Fixes (hopefully) RB #19772 Unexpected EOF by @spencerrlongg in #18614 Fixed #18797: Fix link to components in asset view by @marcusmoore in #18799

SOGo

60 426

60 Topics

426 Posts

[2.18.7] Update sogo to 5.12.7 Full Changelog

Statping

13 104

13 Topics

104 Posts

Just checked on this again but it seems statping-ng is not going forward much . https://github.com/statping-ng/statping-ng/tags says the release was almost a year ago.

Stirling-PDF

44 460

44 Topics

460 Posts

[3.11.0] Update Stirling-PDF to 2.10.0 Full Changelog Users can now set a default startup view and reader zoom preferences for desktop new pixel compare mode in PDF Compare tool to compare formatting and other changes Improved memory efficiency of API calls Improved thumbnail speed and rendering and fixed thumbnail bugs Support AppImage files for desktop release (This is new so please report any bugs you have!) Support RPM Builds for desktop release (This is new so please report any bugs you have!) Support Homebrew, AUR, Scoop and winget for desktop release! More to come soon, as well as for server releases File sharing bugs for SSO users Thumbnail rendering issues Encrypted PDF modal not working

Superset

15 144

15 Topics

144 Posts

[1.12.0] chore(deps): update dependency apache-superset to v6

Surfer

102 774

102 Topics

774 Posts

[6.5.1] Update surfer to 6.5.1 Improved preview behavior Various mobile fixes

Syncthing

32 238

32 Topics

238 Posts

[1.33.17] Update syncthing to 2.0.16 Full Changelog Database backend switched from LevelDB to SQLite. There is a migration on first launch which can be lengthy for larger setups. The new database is easier to understand and maintain and, hopefully, less buggy. The logging format has changed to use structured log entries (a message plus several key-value pairs). Additionally, we can now control the log level per package, and a new log level WARNING has been inserted between INFO and ERROR (which was previously known as WARNING...). The INFO level has become more verbose, indicating the sync actions taken by Syncthing. A new command line flag --log-level sets the default log level for all packages, and the STTRACE environment variable and GUI has been updated to set log levels per package. The --verbose and --logflags command line options have been removed and will be ignored if given. Deleted items are no longer kept forever in the database, instead they are forgotten after fifteen months. If your use case require deletes to take effect after more than a fifteen month delay, set the --db-delete-retention-interval command line option or corresponding environment variable to zero, or a longer time interval of your choosing. Modernised command line options parsing. Old single-dash long options are no longer supported, e.g. -home must be given as --home. Some options have been renamed, others have become subcommands. All serve options are now also accepted as environment variables. See syncthing --help and syncthing serve --help for details. Rolling hash detection of shifted data is no longer supported as this effectively never helped. Instead, scanning and syncing is faster and more efficient without it. A "default folder" is no longer created on first startup. Multiple connections are now used by default between v2 devices. The new default value is to use three connections: one for index metadata and two for data exchange. The following platforms unfortunately no longer get prebuilt binaries for download at syncthing.net and on GitHub, due to complexities related to cross compilation with SQLite: The handling of conflict resolution involving deleted files has changed. A delete can now be the winning outcome of conflict resolution, resulting in the deleted file being moved to a conflict copy. fix(protocol): verify compressed message length before decompression by @calmh in #10595

Taiga

21 199

21 Topics

199 Posts

[2.19.0] Update taiga-front-dist to 6.10.0

Tandoor

6 96

6 Topics

96 Posts

[1.12.9] Update recipes to 2.6.9 Full Changelog fixed another stored XSS in recipe instructions GHSA-89pw-5qxc-7v86 updated pillow library security update

TeamSpeak

10 69

10 Topics

69 Posts

[1.5.2] Fixup doc URL

Teddit

9 79

9 Topics

79 Posts

@timconsidine said in Teddit Subscriptions no longer working: Just FYI - my LibReddit - selfhosted as Docker on another VPS = is still working. But now it is down. Maybe they have caught up with me.

The Lounge

5 48

5 Topics

48 Posts

[1.22.1] checklist added to manifest

TLDraw

10 67

10 Topics

67 Posts

@Sam_uk we have unlisted TLDraw by now. Please see https://forum.cloudron.io/topic/10806/no-more-updates-to-tldraw . The license and company direction has changed.

Traccar

21 218

21 Topics

218 Posts

Works great! Thanks a lot for the quick help!

Translate

10 101

10 Topics

101 Posts

[2.7.2] Update libretranslate to 1.9.5 Full Changelog Fix version display by @pierotofy in #951 Prefetch MiniSBD models by @pierotofy in #953

Transmission

11 77

11 Topics

77 Posts

[2.5.0] Update transmission to 4.1.0 Full Changelog Improved TP download performance. (#6508) Added support for IPv6 and dual-stack UDP trackers. (#6687) Support trackers that only support the old BEP-7 with &ipv4= and &ipv6=. (#7481) New JSON-RPC 2.0-compliant RPC API. (#7269) Added optional sequential downloading. (#4795) Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#7819, Qt Client) Fixed 4.0.6 bug where Transmission might spam HTTP tracker announces. (#7086) Improved libtransmission code to use less CPU. (#4876, #5645, #5715, #5734, #5740, #5792, #6103, #6111, #6325, #6549, #6589, #6712, #7027, #7744, #7800) Avoid unnecessary heap memory allocations. (#5519, #5520, #5522, #5527, #5540, #5649, #5666, #5672, #5676, #5720, #5722, #5725, #5726, #5768, #5788, #5830, #6542) Slightly reduced latency when sending protocol messages to peers. (#5394)

TriliumNext

13 158

13 Topics

158 Posts

[1.28.2] Update Trilium to 0.102.2 Full Changelog Improved request handling for SVG content in share routes Improved request handling for SVG content in the main API Enhanced content rendering in the Mermaid diagram editor Fixed toast notifications to properly escape content Added validation for the docName attribute in the document renderer Marked docName as a sensitive attribute in the commons module Added Electron fuses to harden the desktop application against external abuse Improved application integrity checks Added MIME type validation for image uploads via ETAPI Aligned attachment upload validation with note upload validation

Tiny Tiny RSS

37 406

37 Topics

406 Posts

[2.86.0] Update tt-rss to f88091c

Twenty

7 51

7 Topics

51 Posts

[0.10.0] Update twenty to 2.2.0 Full Changelog Bump twenty-sdk, twenty-client-sdk, create-twenty-app to 2.1.0 by @charlesBochet in #20041 feat(front-component-renderer): forward offset/movement coordinates on serialised events by @charlesBochet in #20046 feat(github-connector): exclude self-reviews from review counts by @charlesBochet in #20050 fix(logic-function): serialize LocalDriver layer builds with cache lock by @charlesBochet in #20054 fix(logic-function): forward raw request body for HMAC signature verification by @charlesBochet in #20061 fix(messaging): refactor SentMessagePersistenceService by @neo773 in #20077 fix(server): match IMAP \Noselect attribute case-insensitively by @rrrodzilla in #20043 feat(sentry): propagate workspace context to all spans by @FelixMalfait in #20064 fix(ai-billing): bill thread title generation and tool-call repair by @FelixMalfait in #20067 fix(security): reject ?token= URL query parameter for authentication by @FelixMalfait in #20154

Typebot

42 296

42 Topics

296 Posts

[1.24.1] Update typebot.io to 3.16.1 Full Changelog baptisteArno/typebot.io (baptisteArno/typebot.io) Compare Source

Umami

33 276

33 Topics

276 Posts

@James fair point .... but still stupid IMHO. Especially as it worked perfectly well in 3Gb until recent updates. Not much time to research an alternative just now so will live with it. Simply because I'm lucky enough to have 128Gb RAM on my Cloudron VPS .... but I didn't spec it that way to be wasted on Umami.

Uptime Kuma

39 342

39 Topics

342 Posts

[2.4.1] Update uptime-kuma to 2.3.2 Full Changelog #7346 fix: Revert back to single SQLite connection by default #7307 fix: Add busy_timeout to sqlite to avoid error SQLITE_BUSY: database is locked (Thanks @wagnerand) #7344 fix(push): use multi-arch Node base in push image Dockerfile (Thanks @herwinz)

Valheim

19 123

19 Topics

123 Posts

Closed due to inactivity note: mods are working, asked @BrutalBirdie he tested it briefly

Vault

4 114

4 Topics

114 Posts

[1.83.0] Update vault to 2.0.0 Full Changelog PKI External CA (Enterprise): A new plugin that provides the ability to acquire PKI certificates from Public CA providers through the ACME protocol IBM PAO License Integration: Added IBM PAO license support, allowing usage of Vault Enterprise with an IBM PAO license key. A new configuration stanza license_entitlement is required in the Vault config to use an IBM license. For more details, see the License documentation. KMIP Bring Your Own CA: Add new API to manage multiple CAs for client verification and make it possible to import external CAs. LDAP Secrets Engine Enterprise Plugin: Add the new LDAP Secrets Engine Enterprise plugin. This enterprise version adds support for self-managed static roles and Rotation Manager support for automatic static role rotation. New plugin configurations can be set as "self managed", skipping the requirement for a bindpass field and allowing static roles to use their own password to rotate their credential. Automated static role credential rotation supports fine-grained scheduled rotations and retry policies through Vault Enterprise. Login MFA TOTP Self-Enrollment (Enterprise): Simplify creation of login MFA TOTP credentials for users, allowing them to self-enroll MFA TOTP using a QR code (TOTP secret) generated during login. The new functionality is configurable on the TOTP login MFA method configuration screen and via the enable_self_enrollment parameter in the API. Plugins (Enterprise): Allow overriding pinned version when creating and updating database engines Plugins (Enterprise): Allow overriding pinned version when enabling and tuning auth and secrets backends Template Integration for PublicPKICA: Vault Agent templates are now automatically re-rendered when a PKI external CA certificate is issued or renewed.

Vaultwarden

93 790

93 Topics

790 Posts

[1.25.0] Update vaultwarden to 1.36.0 Full Changelog SSO Login CSRF GHSA-pfp2-jhgq-6hg5 GHSA-w6h6-8r66-hcv7 User/Organization Enumeration GHSA-hxqh-ff5p-wfr3 SSO existing-user binding GHSA-j4j8-gpvj-7fqr GHSA-6x5c-84vm-5j56 SSRF via Icon Endpoint GHSA-72vh-x5jq-m82g Archiving of items is available https://bitwarden.com/blog/keep-your-vault-tidy-with-item-archiving/ https://bitwarden.com/nl-nl/help/managing-items/#archive Web Vault updated to v2026.4.1 SSO fallback to UserInfo preferred_username by @Timshel in #7128 Add support for archiving items by @matt-aaron in #6916 Fix favicon fetching to check all icon links instead of just the first one by @Shocker in #6880 fix: return Err instead of panic on unknown cipher atype in to_json() by @mango766 in #7068

Verdaccio

9 159

9 Topics

159 Posts

[1.77.0] Update verdaccio to 6.5.2 Full Changelog update ui to major (#5794) (b957c6f) @juanpicado Big UI refactoring #5563 package-filter: fix O(n) complexity in cleanupDistFiles (b15f622) #5797 by @plottodev ui search returns no output #5798 (3edd3ee) @juanpicado

Vikunja

37 259

37 Topics

259 Posts

[1.23.0] Update vikunja to 2.3.0 Full Changelog (auth) Normalize API base URL to prevent refresh cookie path mismatch (auth) Add retry and logging for token refresh failures (auth) Enforce TOTP on OIDC callback for users with 2FA enabled (background) Use targeted column update when removing background (caldav) Add tags and sync token to collections (#2482) (caldav) Resolve lint issues in caldavtests package (caldav) Skip tests for known CalDAV bugs and fix timing issues (caldav) Escape user-controlled strings per RFC 5545 in VCALENDAR output (caldav) Enforce task read authorization on GetTasksByUIDs (caldav) Reject GetResource when URL project mismatches task project

VPN

64 490

64 Topics

490 Posts

Hello @nottheend @nottheend said: Is there a complexity or a legal issue to not continuing the implementation? Simply put, demand is not enough for this feature to be put up higher in the prioritisation queue and other tasks and feature requests are higher in demand.

Wallabag

20 169

20 Topics

169 Posts

[2.5.6] Update wallabag to 2.6.14 Full Changelog Change version in wallabag.yml by @nicosomb in #8251 Fix deprecation by @j0k3r in #8267 Add annotations filter to entries API endpoint by @skn in #8346 Update dependencies by @yguedidi in #8435 Bump deps (mostly for siteconfig) by @j0k3r in #8489 Fix reading time computation for short entries by @andreadecorte in #8332 Fix urls parameter when sending many urls to be stored using the API by @j0k3r in #8488 Prepare 2.6.14 by @j0k3r in #8494

Wallos

5 79

5 Topics

79 Posts

[1.21.3] Update Wallos to 4.8.4 Full Changelog improve date formatting with IntlDateFormatter fallback (b2c565f) (#1048) (8d43623) missing year for subscription next payment display (ca5823d) (8d43623)

WBO

5 68

5 Topics

68 Posts

[1.34.0] Update whitebophir to 2.8.0 Full Changelog

Weblate

8 151

8 Topics

151 Posts

[1.41.1] Do not re-create admin, if admin was deleted

Wekan

25 505

25 Topics

505 Posts

[4.109.0] Update wekan to 9.07 Full Changelog This release fixes the following CRITICAL SECURITY ISSUES of AvatarBleed: Fix avatars rce. Thanks to Trung Nguyen from CyStack Security and xet7. Fix CleanDark theme. Thanks to stegoh. Thanks to above GitHub users for their contributions and translators for their translations.

Wiki.js

16 139

16 Topics

139 Posts

[1.13.7] Update wiki to 2.5.314 Full Changelog ec36eb2 - update arm docker base to node 24 (commit by @NGPixel) da64dcd - fix windows build missing migration file during tarball creation (commit by @NGPixel)

Woodpecker

4 65

4 Topics

65 Posts

[2.15.0] Update woodpecker to 3.14.0 Full Changelog docs: bump follow-redirects [#6441] Sanitize agent introduced pipeline/workflow/step state changes and log streaming [#6308] Send 404 if logs are not allowed to access [#6349] Prevent registering as arbitrary agents with system token [#6283] Support one-shot agent execution mode [#6150] Add external secret extension implementation [#6252] Add Container Registry credential extension [#5993] fix(web): escape HTML in commit messages to prevent XSS [#6523] Add WOODPECKER_FORCE_IGNORE_SERVICE_FAILURE config to preserve non-breaking behavior by default [#6448] Fix when.status filter evaluation and add workflow-level support [#6183]

WordPress (Managed)

113 867

113 Topics

867 Posts

[3.16.3] Update WordPress to 6.9.4

WordPress (Developer)

224 2k

224 Topics

2k Posts

[3.14.0] Update redis-cache to 2.8.0

XBackBone

13 66

13 Topics

66 Posts

Problems with Flameshot, GNU+Linux, Wayland, keyboard short-cuts? Check out this blog for solutions and save time, especially if you use Bazzite as your operating system. https://wanderingmonster.dev/blog/flameshot-xbackbone-linux/

YOURLS

20 135

20 Topics

135 Posts

Could be. Cloudron uses the default URL size - https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers If you want to experiment, edit the file in /etc/nginx/applications/*conf and then systemctl restart nginx .

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Cloudron Forum

Subcategories