Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content

Apps

5.8k Topics 55.9k Posts

Questions about apps in the App Store

Subcategories


  • 9 74
    9 Topics
    74 Posts
    Package UpdatesP
    [1.20.1] Update 2FAuth to 8.0.1 Full Changelog issue #558 docker container crashes while startup issue #561 Container fails to start when fixing Passport key permissions in rootless Docker
  • 10 85
    10 Topics
    85 Posts
    J
    @oneinterweb you have to change the credentials in /app/data/env ACKEE_USERNAME=admin ACKEE_PASSWORD=supersecret This works fine.
  • 7 59
    7 Topics
    59 Posts
    Package UpdatesP
    [1.27.0] Update actual to 26.7.0 Full Changelog View release notes
  • 41 435
    41 Topics
    435 Posts
    Package UpdatesP
    [1.14.17] Update AdGuardHome to 0.107.77 Full Changelog Authorization in GLiNET mode is no longer vulnerable to path traversal attacks. NOTE: This is CVE-2026-41448. We thank @djnnvx for reporting this security issue. New reason query parameter in GET /control/querylog. See openapi/openapi.yaml for the full description. Query parameter response_status in GET /control/querylog is now deprecated. Use new reason query parameter instead.
  • 12 115
    12 Topics
    115 Posts
    S
    This look like a good replacement for Alltube (which we were using) https://github.com/alexta69/metube
  • 16 187
    16 Topics
    187 Posts
    Package UpdatesP
    [1.25.8] Update ampache to 7.9.8 Full Changelog
  • 7 Topics
    67 Posts
    Package UpdatesP
    [1.7.1] Update answer to 2.0.1 Full Changelog New: Support semantic search in AI chat and embedding ability (@hgaol #1510) New: Add vector search plugin and vector sync service for question and answer embeddings (@hgaol) Improve: Enhance local plugin path resolution and module replacement handling for local plugins (@hgaol #1520) Fixed: Attachment upload broken after upgrading to v2.0.0 (@robinv8 #1527) Fixed: Keep Helm install port aligned with service port (@Herrtian #1522) Fixed: Change avatar column type to TEXT to support long URLs (@maishivamhoo123 #1499) Fixed: Update bubble user background color for dark mode (@MakiWinster72 #1505) Fixed: Implement HTML rendering for AI chat display content (@LinkinStars) Fixed: Add admin moderator visibility checks for timeline objects, answers, and comments (@LinkinStars) Fixed: Escape HTML characters in dynamic email template content (@LinkinStars)
  • 6 28
    6 Topics
    28 Posts
    K
    @girish I understand. Thanks!
  • 4 25
    4 Topics
    25 Posts
    jamesJ
    Hello @andreasdueren Thanks for the report. Fixing it right now.
  • 8 Topics
    120 Posts
    Package UpdatesP
    [1.99.1] Update audiobookshelf to 2.35.1 Full Changelog Duplicate refresh tokens across sessions can cause unexpected logout #5253 by @nichwall in #5255 Server crash when renaming an author to another author when they are both on the same book #5247 by @nichwall in #5256 Server crash when invalid metadata.json is scanned in #5268 Sequelize user queries to use direct case-insensitive username/email matching
  • 10 35
    10 Topics
    35 Posts
    girishG
    Thanks for reporting here @gardinermichael . We have in fact hidden the app package because there were many issues with it and we couldn't manage to get it to be stable . Maybe we should revisit this.
  • 39 395
    39 Topics
    395 Posts
    Package UpdatesP
    [1.37.21] Update uv to 0.11.26
  • 5 64
    5 Topics
    64 Posts
    Package UpdatesP
    [1.6.6] Update beszel to 0.18.7 Full Changelog Add more disk I/O metrics (utilization, read/write time, await, queue depth) (#​1866) Add ability to copy alerts between systems by @​svenvg93 (#​1853) Add SENSORS_TIMEOUT environment variable (#​1871) Replace distatus/battery with an internal implementation by @​svenvg93 (#​1872) Restrict universal token API to non-superuser accounts (#​1870) Fix macOS ARM64 crashes by upgrading gopsutil to v4.26.3 (#​1881, #​796) Fix text size for system names in grid view by @​Malith-Rukshan (#​1860) Fix NVMe capacity reporting for Apple SSDs by @​svenvg93 (#​1873) Fix Windows root disk detection when the executable is not on the root disk (#​1863) Fix nested virtual filesystem inclusion in Docker when mounting host root by @​svenvg93 (#​1859)
  • 13 257
    13 Topics
    257 Posts
    Package UpdatesP
    [2.1.2] Update BookStack to 26.05.2 Full Changelog Added Serbian language to language_select array. Thanks to @PolarniMeda. (#6153) Updated PHP package versions. Updated translations with the latest crowdin changes. Updated content allow-filtering to consider protocols used in srcset attributes. Updated URL filtering with a more thorough centralized utility class. Updated comment delete action to also check comment visibility permissions. Updated referring URL use with stronger source validation. Updated translations with latest crowdin changes. (#6166)
  • 1 6
    1 Topics
    6 Posts
    Package UpdatesP
    [0.5.0] Fix documentation link
  • 11 130
    11 Topics
    130 Posts
    Package UpdatesP
    [2.10.3] fix: update doc links from /apps/ to /packages/
  • 56 712
    56 Topics
    712 Posts
    jdaviescoatesJ
    @Mathieu I don't think going to an old version would be wise - very likely to have security flaws (it was AI based attacks which led them to close their code). I've not tried it at all yet (I'm just using the free hosted version of Cal.com as I don't need teams etc), but perhaps see if @ekevu123 could (or already has) add team functions to Tymeslot?
  • 11 51
    11 Topics
    51 Posts
    nebulonN
    This is a bit out of scope the moment to add a settings via admins or so to disable this. The main issue is that the app itself has no admin panel or such, in fact not even a concept of admins, so this will have to be done at a later stage. For the moment we try to get closer to what google calendar has as a baseline, and that has pretty much exactly that in the UI without a way to disable this as far as I can tell. But not to discourage feedback here, keep this coming, we will revisit those either way!
  • 35 330
    35 Topics
    330 Posts
    Package UpdatesP
    [1.38.0] Update calibre to 9.11.0 Full Changelog
  • 18 157
    18 Topics
    157 Posts
    jamesJ
    Hello @luckow This is not documented very well. Had to look into the Castopod code to find the URL path to the API. https://github.com/ad-aures/castopod/blob/bc041702dd8058ae8e1831b9609827c911a5a626/modules/Api/Rest/V1/Config/RestApi.php#L35 public string $gateway = 'api/rest/v1/'; So the full URL would be https://castopod.cloudron.dev/api/rest/v1/podcasts curl https://castopod.cloudron.dev/api/rest/v1/podcasts [] After creating one: curl https://castopod.cloudron.dev/api/rest/v1/podcasts [{"id":1,"guid":"2bdee7b8-8131-5888-b4da-713d7b3a124a","actor_id":1,"handle":"demopadcast","title":"Demo Podcast","description_markdown":"DESC","description_html":"<p>DESC</p>\n","cover_id":3,"banner_id":null,"language_code":"en","category_id":1,"parental_advisory":null,"owner_name":"james","owner_email":"james@cloudron.example","is_owner_email_removed_from_feed":true,"publisher":"","type":"episodic","medium":"podcast","copyright":"","episode_description_footer_markdown":null,"episode_description_footer_html":null,"is_blocked":false,"is_completed":false,"is_locked":true,"imported_feed_url":null,"new_feed_url":null,"payment_pointer":null,"location_name":null,"location_geo":null,"location_osm":null,"verify_txt":"","custom_rss":null,"is_published_on_hubs":false,"partner_id":null,"partner_link_url":null,"partner_image_url":null,"is_premium_by_default":false,"created_by":1,"updated_by":1,"published_at":null,"created_at":{"date":"2026-03-03 11:06:44.000000","timezone_type":3,"timezone":"UTC"},"updated_at":{"date":"2026-03-03 11:06:44.000000","timezone_type":3,"timezone":"UTC"},"feed_url":"https://castopod.cloudron.dev/@demopadcast/feed.xml","actor_display_name":"Demo Podcast","cover_url":"https://castopod.cloudron.dev/media/podcasts/demopadcast/cover.jpg","categories":[{"id":1,"parent_id":null,"code":"arts","apple_category":"Arts","google_category":"Arts","translated":"Arts"}]}]
  • 28 Topics
    378 Posts
    Package UpdatesP
    [1.30.4] Update changedetection.io to 0.55.7 Full Changelog Security - SSRF in ChangeDetection.io via urlparse/urllib3 Parser Differential UI - LLM - Fix for settings (wtforms vs pydantic) by @dgtlmoon in #4184 UI - Preview problem fix for extract_text/ignore_text #4138 by @dgtlmoon in #4169 UI - LLM - Flag LLM_FEATURES_DISABLED to disable all LLM from the UI/system by @dgtlmoon in #4171 Notifications - raw_diff token was missing by @dgtlmoon in #4177 LLM UI - Blueprint/code also disabled when env flag LLM_FEATURES_DISABLED is enabled by @dgtlmoon in #4180 Llm settings pydantic refactor by @dgtlmoon in #4181
  • 61 442
    61 Topics
    442 Posts
    Package UpdatesP
    [1.53.1] Update chatwoot to 4.15.1 Full Changelog Reverted a the unread counts for mentions, participating and folders due to performance relates issues.
  • 40 Topics
    513 Posts
    Package UpdatesP
    [1.53.0] Update code to 26.04.2.1.1
  • 3 30
    3 Topics
    30 Posts
    Package UpdatesP
    [1.8.0] Update comentario to 3.17.0 Full Changelog Add custom moderator name feature (#​222) - 66d2bcc, 753451c, 61cc240, ff9e89f, 400f7e5, 8425ce6, 4bab9e2, c1a4ec3, 467bcc0 Add support for PostgreSQL 18 (#​224) - 84c93da Backend: fix resource leak in DecompressGzip() - 58cfbe7 Backend: fix Postgres restart loop with a non-public schema (#​225, !24) - 9137e53, 4476b1b I18n: add Portuguese messages (pt) by @​pt.cesar.monteiro - bbc7303 I18n: add Ukrainian translation (uk) by @​kleindberg - 3e7ca17 Go 1.26, update dependencies, modernise code - 33d3044, a4232a7, 4605e5c, cab77fb, 3b97e19, 58a1146, 53e905a, 8464344, 1e193e3, 0c1de70, 8c7cc53 Demo website: add predefined comments to Ukrainian page (also !30) - 724a0ad Demo website: fix comment and config statements - 2a3516d, 25e7a30
  • 12 81
    12 Topics
    81 Posts
    girishG
    @gh0stface yup, they made a release yesterday it seems and it should have the PRs we made upstream. @vladimir-d is checking the package again.
  • 20 127
    20 Topics
    127 Posts
    U
    @girish Yep, exactly that. AnyType and Appflowy are growing in popularity. Would be nice to see them
  • 5 29
    5 Topics
    29 Posts
    Package UpdatesP
    [1.0.1] Update contacts to 1.0.1 Fix description
  • 1 Topics
    2 Posts
    Package UpdatesP
    [0.1.1] Initial version
  • 4 Topics
    25 Posts
    girishG
    @atridad Thanks for the heads up, the app is gone from our library as well.
  • 16 108
    16 Topics
    108 Posts
    Package UpdatesP
    [1.16.0] Update sso to 0.6.0 Full Changelog This release requires CryptPad 2026.5.1 SSO default config changed (only affects new installs)
  • 6 96
    6 Topics
    96 Posts
    Package UpdatesP
    [1.29.0] Update ctfreak to 1.39.0 Full Changelog
  • 48 389
    48 Topics
    389 Posts
    Package UpdatesP
    [2.15.1] Update cubby to 2.15.1 Implement user deletion feature group folders: use multi-select for user selection Unify empty view layouts Do not show group folder folderPath
  • 12 96
    12 Topics
    96 Posts
    Package UpdatesP
    [1.14.2] Update dawarich to 1.9.2 Full Changelog A Flights toggle on the Map v2 trip view shows your AirTrail flights alongside the route and photo overlays, and hides the day-route segments that fall inside a flight so the two don't overlap. The button only appears when an AirTrail URL is configured. Photoprism photo imports with an end date no longer fail with an HTTP 400: the before filter is now sent as a full ISO8601 timestamp instead of a bare date (#1608). Re-running visit detection no longer raises ActiveModel::MissingAttributeError when a cluster contains points already attached to a confirmed visit.
  • 65 644
    65 Topics
    644 Posts
    Package UpdatesP
    [3.1.0] Update directus to 12.1.1 Full Changelog Updated vite dependency to 8.1.2 (#27826 by @ComfortablyCoding) Limited sensitive system mutations defined by GRAPHQL_SINGLE_USE_MUTATIONS to single use (#27801 by @br41nslug) Removed /utils/hash/generate and /utils/hash/verify endpoints (#27774 by @br41nslug) Fixed failed TUS file replacements leaving orphaned file records. Hardened upload path validation to prevent writes to extension and temporary storage directories (#27803 by @br41nslug) Added CORS_ORIGIN checks for websocket connections (#27812 by @br41nslug) Added PROJECT_OWNER_ENABLED env var to allow disabling owner info collection and sync (#27802 by @ComfortablyCoding) Restored pre-v12 back button behavior: returns to the previously visited item/page when navigating via a relation, and to the collection listing when landing on an item directly (#27799 by @robluton) Fixed a stored XSS vulnerability where the project color could break out of the generated favicon's SVG markup and inject arbitrary HTML (#27810 by @br41nslug) Fixed a Local File Inclusion vulnerability in MailService.renderTemplate (#27811 by @br41nslug) Fixed array indexing (e.g. field[0] or field.0) in display and preview URL templates, so a template like {{ categories[0].name }} now resolves to the indexed value instead of rendering empty (#27773 by @dstockton)
  • 91 775
    91 Topics
    775 Posts
    M
    Came across the topic Self-Hosting an OpenSource LLM for DiscourseAI and will maybe give it a try with an Ollama instance if possible.
  • 24 Topics
    266 Posts
    Package UpdatesP
    [2.7.2] Add timestamp argumens to registry-client script
  • 5 45
    5 Topics
    45 Posts
    J
    @teiluj yeah often there is a lag between the company publishing the source and the images and the release notes etc. But usually they all settle down in 1-2 weeks.
  • 13 117
    13 Topics
    117 Posts
    Package UpdatesP
    [1.24.0] Update documenso to 2.14.0 Full Changelog fix: improve team member removal ux by @dguyen in #3001 fix: only send S3 checksums when required to support S3-compatible storage by @yashs33244 in #2984 fix: render unicode characters in typed signatures by @AbdelrhmanAbdelhamed in #2728 fix: signing request email renders blank when organisation/team branding is enabled by @NandiniDhanrale in #2968 feat: add custom brand colours to emails by @Mythie in #3005 feat: allow additional envelope duplicate settings by @dguyen in #3008 feat: add API endpoint to reject documents on behalf of recipients by @Mythie in #3007 feat: cap automated reminders before resend by @Mythie in #3016 feat: add API endpoints for downloading certificate and audit log PDFs by @Mythie in #3025 fix: resolve permission issues by @dguyen in #3029
  • 12 63
    12 Topics
    63 Posts
    Package UpdatesP
    [1.12.0] Update community to 5.14.0 Full Changelog Added Spanish language support
  • 17 265
    17 Topics
    265 Posts
    Package UpdatesP
    [1.17.2] Update docuseal to 3.1.2 Full Changelog It is now possible to redact and crop pages on touchscreen devices. Shared templates in test mode now appear in a separate folder and are not loaded by the GET /templates index API. Various performance optimizations. Embedded builder input mode now works on touchscreen devices.
  • 17 131
    17 Topics
    131 Posts
    Package UpdatesP
    [1.26.1] Update dokuwiki-plugin-smtp to 2026-06-28
  • 40 344
    40 Topics
    344 Posts
    jamesJ
    Hello @matth33 We can help you recover your original account. If you send me your mail address that you also use for your Cloudron.io account, I can set that mail in your old account. Then you can use Log in with Cloudron.io to access your account.
  • 13 Topics
    89 Posts
    Package UpdatesP
    [1.8.0] Update easyappointments to 1.6.0 Full Changelog Added request method check on each request so that only allowed methods are accepted Add Jitsi integration and link generation for appointments made via the public page ALTCHA integration added as an alternative CAPTCHA step (#1155) When someone clicks on password reset, implement a link delivery and not just change the password directly Implementation of additional GDPR features in Easy!Appointments (#535) Add CAPTCHA support for all the public forms in order to block abusive requests (#1754) Replace the availabilities type with the new slot interval field Fixed a security issue where an administrator could inject scripts into the "booking disabled" message that would then run for every visitor of the public booking page Fixed a security issue where a provider could create or modify appointments under another provider's account Webhooks are now triggered only for the exact actions they are subscribed to, instead of matching similarly named actions by substring
  • 12 99
    12 Topics
    99 Posts
    Package UpdatesP
    [1.18.3] Update Emby.Releases to 4.9.5.0 Full Changelog Fix sporadic cases of wrong subtitle encoding Fix sporadic cases of subtitles not showing Fix strm files containing youtbue urls Add additional Estonian language codes Fix realtime monitor ignoring folders with a dot in the name Add new spotlight home screen section option (requires Emby Server 4.10+)
  • 52 511
    52 Topics
    511 Posts
    Package UpdatesP
    [3.0.0] Update espocrm to 10.0.0 Full Changelog Multiple pipelines #3623 Cascading links #3594 Cascade removal and restore #3603 Record locking #3592 SelectManager support removed #3628 Backend deprecations removal #3630 Frontend deprecations removal #3631 Record service changes #3627 ORM: Entity::get does not support deprecated link access anymore #3629 Removed deprecated Espo.ui, Espo.utils #3652
  • 31 286
    31 Topics
    286 Posts
    Package UpdatesP
    [4.10.2] Update etherpad-lite to 3.3.2 Full Changelog Force @opentelemetry/core 2.8.0 (GHSA-8988-4f7v-96qf / CVE-2026-54285, #7975). The transitive dep (pulled in via @elastic/elasticsearch @elastic/transport) had a W3CBaggagePropagator.extract() that did not enforce W3C size limits on inbound baggage headers, allowing unbounded memory allocation. Pinned via a pnpm-workspace.yaml override; satisfies the existing 2.x range with no parent bump. Resolve open Dependabot security alerts (#7967). Refreshes stale override floors and adds new ones via pnpm-workspace overrides: form-data 4.0.6, ws 8.21.0, esbuild 0.28.1, basic-ftp 5.3.1 (capped <6.0.0 to avoid a surprise major on the plugin-install path), tar 7.5.16, js-yaml 4.2.0, qs 6.15.2, ip-address 10.1.1, and @babel/core 7.29.6. Reject read-only deletion via token-less paths (part of #7959 / #7960). Under allowPadDeletionByAllUsers a read-only viewer was granted canDeletePad=true, and the server's flagOk/creatorOk branches never checked session.readonly so a read-only link holder could delete a pad without a token. Read-only sessions are now excluded from both the client var and the server's token-less authorization paths; a valid recovery token stays sufficient regardless of session mode. Pad deletion suppress the recovery token for durable identities and relabel the action (#7926 / #7930). Building on the allowPadDeletionByAllUsers suppression, a creator's deletion token is now also withheld when they have a durable identity authenticated (req.session.user with a username) and the deployment pins that identity to a stable authorID via a getAuthorId hook since only then does the creator survive a cookie clear or a different device, making the token redundant. Offline/air-gapped installs env-var overrides for the update check, plugin catalog, and updater (#7917, addresses #7911). Firewalled deployments could not disable Etherpad's outbound calls without editing settings.json inside the image. Pad keep the token-less Delete button reachable without pad-wide settings (#7959 / #7960). The token-less #delete-pad button was nested inside the enablePadWideSettings-gated section, so disabling pad-wide settings removed the only no-token deletion path. History mode restore the saved-revision markers (#7946 / #7948). When #7659 moved the timeslider into the pad as an embedded iframe, the user-facing control became the outer #history-slider-input, but the saved-revision stars were still drawn into the now-hidden iframe #ui-slider-bar, so "Save Revision" appeared to do nothing in in-pad history mode (a 3.3.x regression). Import dialog correct the outdated "no converter" help message (#7988 / #7989). The notice claimed only plain text and HTML could be imported and linked to the legacy AbiWord wiki, prompting LibreOffice installs for formats that already work natively. PadManager reject unreachable . and .. pad ids (#7962). isValidPadId accepted ids consisting only of URL dot-segments, but per the WHATWG URL standard a browser normalises /p/. to /p/ and /p/.. to /, so such a pad could be created in the database yet never opened or exported. CLI fix the database migration/import scripts against the ueberdb2 promise API (#7982 / #7983). migrateDB.ts opened source and target databases, copied all keys, then resolved without closing either so under ueberdb2 6.1.x the keep-alive timer kept the process hanging after "Done syncing dbs", and buffered target writes were only guaranteed flushed on close().
  • 2 113
    2 Topics
    113 Posts
    Package UpdatesP
    [1.26.0] Update evcc to 0.310.1 Full Changelog Metrics: add soc and temp (#30926) vehicle: mark climaterdisabled parameter as deprecated in iso15118 and offline templates (#31297) Meter: fix spurious energy spikes (grid nonZeroEnergy + SolarEdge uint64snans) (#31295) GoodWe Hybrid: read battery max charge/discharge power from device (BC) (#31086) Kostal Plenticore: replace older plenticore template (BC) (#30854) Add Eltako DSZ15DZMOD/DSZ16 meters (#31197) Heating: add temperature range, add heating colors (#30995) Vehicle: add Octopus Energy Germany (#31105) Auth: fix OAuth online-status send deadlocking the control loop (#31036) Mercedes: fix NORAM 418 (#31272)
  • 6 42
    6 Topics
    42 Posts
    Package UpdatesP
    [3.2.1] Update fider to 0.36.1 Full Changelog feat(webhooks): ALLOW_PRIVATE_NETWORK_TARGETS env to allow internal targets by @hodyhq in #1579 Fix missing email strings by @mattwoberts in #1598 Respond copy by @mattwoberts in #1601
  • 5 36
    5 Topics
    36 Posts
    robiR
    Yes please, who is doing the community app?
  • 2 Topics
    15 Posts
    Package UpdatesP
    [1.3.0] Update fmd-server to 0.16.0 Full Changelog Ability to listen on a specific IP address, instead of 0.0.0.0 (#153) Collapsible groups in web UI sidebar (!235) New languages: cs, hu, it, pt. Thank you translators! Bug fixes
  • 22 276
    22 Topics
    276 Posts
    Package UpdatesP
    [3.12.4] Update firefly-iii to 6.6.6 Full Changelog Issue 12426 (Important: The latest version removed all references to foreign currency in income) reported by @jgmm81
  • 6 118
    6 Topics
    118 Posts
    Package UpdatesP
    [2.9.13] Update formbricks to 5.1.4 Full Changelog
  • 6 27
    6 Topics
    27 Posts
    jamesJ
    Hello @jk Thanks for reporting and we have included this change in version 1.2.3
  • 72 815
    72 Topics
    815 Posts
    Package UpdatesP
    [1.16.18] Update freescout to 1.8.229 Full Changelog Fixed "Undefined variable $addressString" (#5487) Fixed "Undefined array key 10004" on outbound Guzzle request without a proxy (#5486) Fixed "Undefined variable $ensureAddressesAreSafe" (#5487) Fixed permissions check when merging conversations (Security: GHSA-v8vc-cmf9-gg2c) Patched security issues in dependency libraries: GHSA-vm85-hxw5-5432, GHSA-hq7v-mx3g-29hw, GHSA-34xg-wgjx-8xph, GHSA-cwxw-98qj-8qjx, GHSA-wpwq-4j6v-78m3, GHSA-h5x3-xfc9-m39h, GHSA-5vg9-5847-vvmq
  • 20 158
    20 Topics
    158 Posts
    nebulonN
    ah good! glad it worked out in the end then
  • 2 15
    2 Topics
    15 Posts
    Package UpdatesP
    [1.0.1] The app package is now stable
  • 83 1k
    83 Topics
    1k Posts
    Package UpdatesP
    [4.181.0] Update ghost to 6.51.0 Full Changelog Added Social Web handle preferences (#29042) - Vitrix Fixed complimentary subscription created when editing comped members (#28954) - Aubaid Fixed security action history entries (#29012) - Steve Larson Fixed email preview always showing the paywall on tier-restricted posts (#29059) - Steve Larson Fixed & refactored social link validators (#29051) - Steve Larson Fixed complimentary members being unable to upgrade on non-USD sites (#29055) - Peter Schulz Fixed orphaned Stripe prices when importing members by tier (#28955) - Aubaid Fixed posts/pages loading when analytics data was unavailable (#29048) - Steve Larson Fixed staff profile URL not updating after changing a user's slug (#29041) - Sag
  • 50 440
    50 Topics
    440 Posts
    Package UpdatesP
    [1.38.4] Update gitea to 1.26.4 Full Changelog fix(auth): do not auto-reactivate disabled users on OAuth2 callback (#38009) (#38183) fix: walk git log context error handling (#38182) (#38185)
  • 20 149
    20 Topics
    149 Posts
    J
    Yes, it's only jekyll. Not an expert on next.js but I think it also needs a backend right ? If so, you have to create a custom package - https://docs.cloudron.io/packaging/tutorial/
  • 63 651
    63 Topics
    651 Posts
    Package UpdatesP
    [1.117.2] scale puma worker count to the processor count increase queue concurrency
  • 2 13
    2 Topics
    13 Posts
    Package UpdatesP
    [1.1.5] Update glpi to 11.0.8 Full Changelog
  • 7 60
    7 Topics
    60 Posts
    Package UpdatesP
    [1.23.2] Update gogs to 0.14.3 Full Changelog Security: Reverse proxy authentication header was honored from any remote address, allowing user impersonation when Gogs was reachable directly. The header is now only trusted from addresses listed in [auth] TRUSTED_PROXY_IPS. #8264 - GHSA-w6j9-vw59-27wv Security: Server-side request forgery in webhook deliveries via HTTP redirects to local network addresses. #8263 - GHSA-c4v7-xg93-qf8g Security: Denial of service when rendering issue references against a malformed external issue tracker URL format. #8312 - GHSA-4j89-2c4f-44c6 Security: Stored XSS in Jupyter notebook (.ipynb) preview through Markdown links with javascript: URLs. #8319 - GHSA-jq8v-rmf6-65jw Security: Missing authorization check on the attachment download endpoint allowed anyone who knew (or guessed) an attachment UUID to download files belonging to private repositories. #8320 - GHSA-p9f5-h3rx-j5qw Security: Remote command execution via pull request rebase merges with crafted branch names. #8301 - GHSA-qf6p-p7ww-cwr9 Security: Arbitrary file write outside the repository working tree via crafted upload filename routed through a committed directory symlink. #8332 - GHSA-89mr-xqfv-758m Security: Remote code execution via path traversal in organization names accepted through the API. #8334 - GHSA-c39w-43gm-34h5 Security: Stalled SSH handshakes pinned a file descriptor and goroutine indefinitely. The built-in SSH server now drops connections that do not complete the handshake within 15 seconds. #8335 - GHSA-xp79-5mx3-jx52 Security: Organization metadata and team list endpoints were reachable without authentication. #8336 - GHSA-744x-3838-5r56
  • 22 251
    22 Topics
    251 Posts
    Package UpdatesP
    [2.6.0] Update grafana to 13.1.0 Full Changelog
  • 14 148
    14 Topics
    148 Posts
    Package UpdatesP
    [1.10.7] Update grav to 2.0.7 Full Changelog [security] A page editor can no longer run commands on the server by hiding a callable directive in a form field's settings; dynamic field data now refuses dangerous functions and cannot be tricked into reaching one through a helper (GHSA-fj2p-qj2f-74v5). A page's translatedLanguages() now localizes ancestor slugs too, so a nested translation whose parent folder has a localized slug: produces the fully translated cross-language link instead of leaving parent segments in the current language. Fixes getgrav/grav#4186. Pointing the log stream at environment:// (for example log: environment://logs) no longer crashes the site or bin/grav clear with a "stream must either be a resource or a string" error when the per-environment folder does not exist; logging now falls back to the default logs/ folder instead. Fixes getgrav/grav#4172. The media:// stream now checks the per-environment user/env/<host>/media/ folder before the shared user/media/, so site media stored per environment resolves to the correct URL in the admin and in page content instead of a broken user/media/ link. Fixes getgrav/grav#4188. Large file downloads such as site backups are now streamed to the browser in chunks instead of being loaded into memory all at once, so a download bigger than PHP's memory limit no longer fails with a blank server error. Fixes getgrav/grav-plugin-api#12. Pages accessed with URL parameters such as pagination or taxonomy filters no longer recompile every Twig template on each request, restoring full template caching on exactly the pages that get the most traffic. A modular page that outputs trusted theme or plugin markup, such as a form with a reCAPTCHA field, is no longer wrongly blanked by the content security scan, which now checks the editor's own content instead of the finished template output. Fixes getgrav/grav-plugin-form#636. The setting that scans page content for XSS moved to security.content.xss_scan_output, since it applies to all page content rather than only Twig in content; the previous security.twig_content.xss_scan_output location keeps working and is moved to the new one automatically on upgrade. Frontend requests are noticeably faster across the board: the scheduler, backups machinery, error page renderer and logger now initialize only when actually used instead of on every page view, cutting over 50 PHP files from a typical request. New experimental opt-in page index (pages.lazy_index: true pages, routes, children lists, sort orders and the taxonomy map load on demand from a per-page index instead of one large cache blob that has to be fully unserialized on every request, making per-request cost flat as sites grow: a 2,000 page test site renders as fast as a 2 page one and uses a quarter of the memory; SQLite powers the index when available with a pure PHP fallback, and the default behavior is completely unchanged until the flag is enabled.
  • 19 166
    19 Topics
    166 Posts
    Package UpdatesP
    [1.11.2] Update greenlight to 3.8.2.3 Full Changelog Multiple gem updates Language Updates
  • 7 43
    7 Topics
    43 Posts
    jamesJ
    Hello @superhua I have noticed that as well. In the previous version this worked without issues. The grist team even asked us to implement enterprise features again, what we did. To have exactly that now breaking again is not nice.
  • 55 318
    55 Topics
    318 Posts
    jamesJ
    Hello @albertbeaufrand and welcome to the Cloudron Forum This topic is a duplication of https://forum.cloudron.io/post/97415 and will be merged into it. Please read the responses above to get the full answer to your question.
  • 4 23
    4 Topics
    23 Posts
    girishG
    App discontinued due to no upstream updates.
  • 18 145
    18 Topics
    145 Posts
    Package UpdatesP
    [1.22.0] Update hedgedoc to 1.11.0 Full Changelog GHSA-6c2w-8w96-3pcv reports a possible HTML injection via the localpart of an email address. GHSA-qj78-mjch-wwrv reports a possible Denial-of-Service attack using the YAML frontmatter parsing. GHSA-8v9p-5j95-826j reports a possible CSRF attack vector in the GitHub Gist export. GHSA-2f9f-w8xq-276v reports a rate-limiting bypass by abusing the CF-Connecting-IP header. When using Cloudflare in front of HedgeDoc, you should set rateLimitUsingCloudflare in the config.json or CMD_RATE_LIMIT_USING_CLOUDFLARE as environment variable to true. Added a warning page when clicking external links Improve the config.json.example file, which is used by bin/setup Allow configuration of login / signup rate-limits Allow configuration of Cloudflare usage in regards of rate-limits Several improvements in the documentation at https://docs.hedgedoc.org
  • 11 Topics
    150 Posts
    Package UpdatesP
    [1.21.1] Update core to 2026.7.1 Full Changelog Proximity: Fix/improve matching against trackers with in_zones attributes (@kbuck1 - #172602) (proximity docs) Fix HomeKit Controller doorbell event entity to use ring event type (@frenck - #173621) (homekit_controller docs) Retry ecobee setup on transient refresh failure (@frenck - #173720) (ecobee docs) Handle cname records in dnsip (@gjohansson-ST - #175313) (dnsip docs) Fix airOS advanced settings migration (@CoMPaTech - #175319) (airos docs) Fix SolarEdge energy sensors losing unit of measurement (@frenck - #175335) (solaredge docs) Homee: fix unavailable entities (@Taraman17 - #175367) (homee docs) catch SMTPException and TimeoutError in SMTP config flow (@tr4nt0r - #175369) (smtp docs) Fix KNX telegram history migration for data of 2026.3 and earlier (@martinhoefling - #175396) (knx docs) Fix Overkiz Rexel gateway setup failing with Local API (@iMicknl - #175409) (overkiz docs)
  • 27 251
    27 Topics
    251 Posts
    Package UpdatesP
    [1.9.3] Update humhub to 1.18.3 Full Changelog Fix #8079: Hide wall entry topics container when no topics Fix #8075: Filtering by Global Topic in Dashboard Fix #8086: Fix Daylight Saving Time issue in DbDateValidator Fix #8090: Show only visible groups on the profile field "Group memberships" Enh #8095: Improve authorization checks Enh #8088: Improve people/space filters Fix #8133: Rebuild search index after file updating Fix #8144: Restrict file view action Enh #8156: Enhance behavior for vertical videos and multiple video attachments Fix #8164: Fix space members list visibility
  • 76 699
    76 Topics
    699 Posts
    nebulonN
    do you see the same error messages or something else, also have you adjust the config manually somehow?
  • 6 Topics
    47 Posts
    Package UpdatesP
    [1.3.1] Update ip2location to 1.4.0 Fix width and height of the map
  • 5 68
    5 Topics
    68 Posts
    T
    @joseph Thanks - This is only a problem with the IT-tools app and this user. Essentially this is reproducible in the sense that the user is pulled/synced from a master Cloudron directory (on server A) and the behavior is the same whether the application is running on server A B or C. To which extend it can be reproduce on a different server with a different user directory/directory setup, I am not sure. I will contact support as suggested.
  • 2 4
    2 Topics
    4 Posts
    E
    Is someone here using Infisical? I am looking into it now as a potential secrets manager and was wondering if things are going well with it. I was also wondering whether it provides any additional benefits over using Cloudron environment variables.
  • 18 195
    18 Topics
    195 Posts
    nebulonN
    Oh that slipped through, we made yet another package release which at least has fixed this on my test instance. Sadly it is hard to test the app in an automated way since one needs residential IPs to do any useful testing.
  • 70 Topics
    1k Posts
    A
    Update: I restarted the updates as I had noted there were some more, and after catching up the app works fine.
  • 43 346
    43 Topics
    346 Posts
    Package UpdatesP
    [1.13.8] Update jellyfin to 10.11.11 Full Changelog Add lockhelper for UserManager MR #16944, by @JPVenson
  • 4 18
    4 Topics
    18 Posts
    girishG
    App discontinued due to no upstream updates.
  • 13 107
    13 Topics
    107 Posts
    Package UpdatesP
    [1.12.3] Update Jirafeau to 4.7.2 Full Changelog Added a button for showing the download password before uploading the file Favicon was missing in the modern theme Download passwords are now stored as SHA256 hashes Downloading encrypted files uploaded using "classic upload" (using just plain HTTP POST without the HTML5 file API) could not be downloaded. This was caused by not correctly marking the files as encrypted. Few more little fixes
  • 34 375
    34 Topics
    375 Posts
    jamesJ
    Hello @stoccafisso Not by default, no. You could build the jitsi app yourself and install it or maybe someone will make it a community app.
  • 12 116
    12 Topics
    116 Posts
    Package UpdatesP
    [2.6.0] Update joplin to 3.7.1 Full Changelog New: Add support for post-quantum cryptography (PQS) TLS (#15055 by Alex Martens) New: Add support for whiteboards (#15305) (#15193) Improved: Add settings search to config screen (#14820) (#14763 by @slimuCS) Improved: Add table editing commands (add/delete rows and columns) (#14519) (#12372 by @kanishka0411) Improved: Do not load plugin if it is disabled (#15083) Improved: Speed up app startup by skipping unnecessary plugin file processing (#15085) (#15081) Fixed: Add the ability to delete the default profile (#15153) (#14506 by @mrjo118) Fixed: Avoid OOM when printing notes with large attachment links (#15026) (#13903 by @Rygaa) Fixed: Fix silent sync failure which prevents new changes being synced, when a single server object has an updated_time in the future (#15262 by @mrjo118) Fixed: Preserve timestamps when converting HTML notes (#15275) (#15263 by @izumedonabe)
  • 12 140
    12 Topics
    140 Posts
    Package UpdatesP
    [1.60.0] Update jupyterhub to 5.5.0 Full Changelog
  • 8 73
    8 Topics
    73 Posts
    Package UpdatesP
    [1.17.8] Update kanboard to 1.2.52 Full Changelog fix: revoke public tokens for inactive users fix: use timing-safe comparison for token validation fix: validate task ownership before applying property changes fix: enforce visibility controls for public and unprivileged access fix: use parameterized queries in task finder and iCal
  • 8 56
    8 Topics
    56 Posts
    nebulonN
    Since this is likely an upstream issue, it is maybe worth if you create an issue at https://github.com/Kareadita/Kavita/issues I wasn't able to find an existing issue after a quick search.
  • 8 107
    8 Topics
    107 Posts
    Package UpdatesP
    [1.6.4] Update keycloak to 26.6.4 Full Changelog #50344 CVE-2026-9099 Keycloak: group-admin escalation to realm-admin #50345 CVE-2026-9083 Keycloak: keycloak: information disclosure through arbitrary filesystem path probing #50347 CVE-2026-9086 Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass #50349 CVE-2026-9705 Keycloak: keycloak: attacker can re-enable and take over disabled clients via registration access token #50350 CVE-2026-9795 Keycloak: keycloak: privilege escalation via improper scope mapping enforcement #50351 CVE-2026-9799 Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass #50352 CVE-2026-9800 Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison #50357 CVE-2026-11800 Keycloak: Authentication bypass via JWT algorithm confusion #50100 Upgrade to Quarkus 3.33.2.1 #49700 Incorrect migration guide reference docs
  • 4 31
    4 Topics
    31 Posts
    Package UpdatesP
    [1.2.2] Update keila to v0.30.2 Full Changelog Added line-height setting for body text in Classic template style editor The status of a contact (active, unsubscribed, or unreachable) can now be changed manually on the contact edit page Contacts created via the API now trigger a created event the contact activity log (implements #429, thanks @lukoerfer for reporting) Added dedicated parser for extracting/filling content slots in MJML content slots, this fixes issues with MJML-specific elements that were being mangled by the HTML parser
  • 16 256
    16 Topics
    256 Posts
    Package UpdatesP
    [2.55.0] Update kimai to 2.61.0 Full Changelog Add working contract preferences to user when setting for the first time from API (#5894) SAML: allow to configure the attribute name for the user identifier (#5996) Translations update from Hosted Weblate (#5987) Fix broken redirect for expired login links (#5990) Added fallback redirects for /login and /logout (#5990)
  • 16 226
    16 Topics
    226 Posts
    Package UpdatesP
    [1.45.1] Update koel to 9.10.1 Full Changelog fix: populate starred and played dates in Subsonic responses by @phanan in #2607 fix: honor offset in Subsonic getAlbumList/getAlbumList2 for newest, frequent and recent types by @phanan in #2606 fix: read DATE vorbis tag for year when scanning FLAC/OGG files by @theianspence in #2602
  • 11 132
    11 Topics
    132 Posts
    girishG
    Running TURN server on port 443 only matters for setups where a Client is unable to contact the server on non-port 443. This is only common in some ultra locked down intranet setups.
  • 5 63
    5 Topics
    63 Posts
    Package UpdatesP
    [1.7.0] Update komga to 1.25.0 Full Changelog add support for solid rar4 archives (5682a37) enfore content restriction (bd8b773) flatten hierchical schemas (275cb92)
  • 23 182
    23 Topics
    182 Posts
    Package UpdatesP
    [2.5.1] Update kutt to 3.2.6 Full Changelog Add OIDC_PROMPT. Fixes OIDC forced re-authentication by making the prompt configurable. (MR #967 by @Jignesh4611) Add OIDC_BUTTON_TEXT to change OIDC login button text Use a new useragent library (express-useragent) to parse user agent. Fixes vulnerabilities found in the useragent package Update nodemailer package to fix vulnerabilities Set SameSite: Lax for signed-in cookies Use 404 HTTP status code for the 404 page Fix typo in the report page
  • 144 1k
    144 Topics
    1k Posts
    Package UpdatesP
    [5.2.3] Update php-src to 8.5.8
  • 18 182
    18 Topics
    182 Posts
    Package UpdatesP
    [1.52.0] Update languagetool to b08c7f8
  • 23 239
    23 Topics
    239 Posts
    Package UpdatesP
    [1.14.5] Update leantime to 3.9.7 Full Changelog Personal Access Tokens - Completed the move of personal access token management into core with a dedicated token controller and language keys (#3597) MCP Domain Tools - Reorganized MCP tool classes into their respective domain modules (#3581) Program Board - Fixed milestones, kanban rendering, and status rollup clarity on the program board (#3592) MCP Runtime - Repaired runtime bugs in domain tools uncovered during live end-to-end testing (#3586) System Update - System updates now properly clear cached bootstrap manifests. General Fixes - Resolved a batch of recently reported bugs (#3540, #3331, #3310, #3589, #3330, #3546, #3593) API Rate Limit - Raised the default API rate limit from 10 to 120 requests per minute (#3591)
  • 19 162
    19 Topics
    162 Posts
    Package UpdatesP
    [1.2.3] Update LibreChat to 0.8.7 Full Changelog feat: Add Bottom Terminus Node to Message Minimap Navigation by @danny-avila in #13853 feat: Add Pinned Conversations by @dlew in #13492 feat: Keyboard Shortcuts by @berry-13 in #12425 feat: Google URL Context Param with Native YouTube Video Understanding by @danny-avila in #13924 fix: Restrict MCP Server URL Disclosure to Admins, Owners, and Editors by @dustinhealy in #13784 fix: Narrow Public Share 401 Bypass to the Share Endpoint Only by @danny-avila in #12905 fix: Gate Shared Startup Config By Link Access by @danny-avila in #13897 fix: Withhold Custom Endpoint Headers for User URLs by @danny-avila in #13917 fix: Harden Historical File Authorization by @danny-avila in #13918 fix: Harden User Provided Endpoint URL Protection by @danny-avila in #13919
  • 18 420
    18 Topics
    420 Posts
    T
    @girish I can confirm that your fix solved the issue, at least on our side. Many thanks - Much appreciated! After a brief look, the new editor looks much better than previous one.
  • 16 135
    16 Topics
    135 Posts
    S
    I like the linkding package. I realized the extension is provided only for Chrome and Firefox. There is there unofficial Safari extension in AppStore. Here is a way build the extension locally and use with Safari browser. This is fork of the author's repo, fixed for latest xcode and build script to build the extension. https://github.com/orsenthil/safari-linkding-extension
  • 15 169
    15 Topics
    169 Posts
    perelinP
    @girish said: @perelin it seems you already have an account with the same username and email as in this forum on our GitLab . Can you try resetting password mabye if you have forgotten it at git.cloudron.io ? I have "Trust user" and 2FA is disabled there already as well. You are also in the packages GitLab group . oh... Cant remember a thing Currently im getting 429 Too Many Requests from git.cloudron.io - will try later.
  • 31 233
    31 Topics
    233 Posts
    Package UpdatesP
    [1.17.0] Update listmonk to 6.2.0 Full Changelog feat(i18n): add Arabic (ar) translation by @imohad in #2977 Fixs #2987 - Prevent confirmed subscriber becoming unconfirmed when re-subscribing. by @blu3id in #2996 fix(analytics): correct per-campaign unique view counting by @wucm667 in #3024 fix: prevent nil pointer crash in BounceWebhook when bounce processing disabled by @Koushik-1729 in #2993 Add per-domain SMTP routing by @jaymzh in #2953 Fix: ZIP Slip path traversal in CSV import by @Yunkaiwjs in #3065 fix: protect SES cert cache map with sync.RWMutex to prevent concurrent map writes crash by @Abzaek in #3050 Add Azure ACS bounce webhooks and settings support by @oskari in #3001 Add support for embedding images (inline attachments) via CID in campaign bodies by @knadh in #3034 Fix api tokens hashing by @knadh in #3114
  • 7 126
    7 Topics
    126 Posts
    Package UpdatesP
    [1.17.12] Update loomio to 3.0.24 Full Changelog Fixed: Prevent comment authors from editing or restoring comments that an admin has discarded. Fixed: Preserve group ownership when creating discussions from templates in grouped contexts. Improved: Hardened deployment/runtime behavior with trusted ingress IP allowlisting and exec-based Docker startup processes. Improved: Removed obsolete hocuspocus SQLite persistence and legacy document-list template calls. Improved: Background jobs now avoid retrying forever for records that have already been deleted. Maintenance: Updated dependencies including Devise, Vite, Bootsnap, Rollup, Sentry, Nokogiri, Puma, and tzinfo-data.
  • 19 226
    19 Topics
    226 Posts
    Package UpdatesP
    [2.45.3] Update Lychee to 7.6.4 Full Changelog Add missing tile for bulk album edit by @ildyria in #4464 Add configurable sharable preview by @ildyria in #4463 Please don't tell anyone about this commit. It's a secret. by @ildyria in #4465
  • 10 61
    10 Topics
    61 Posts
    marcusquinnM
    @girish That is a super handy feature!
  • 149 1k
    149 Topics
    1k Posts
    K
    Addressed with update 1.18.4.
  • 53 444
    53 Topics
    444 Posts
    Package UpdatesP
    [1.58.2] Update matomo to 5.11.2 Full Changelog
  • 129 Topics
    1k Posts
    Package UpdatesP
    [1.11.24] Update element-web to 1.12.22 Full Changelog User status in user menu (#33797). Contributed by @dbkr. Room list: add notifications to section headers (#33826). Contributed by @florianduros. Add mechanism to locally enforce MSC1763 retention rules (#33772). Contributed by @Half-Shot. Disable URL previews per-message when the message provides a hint (#33775). Contributed by @Half-Shot. [Labs] Sign in with QR on new EW using generated QR for MSC4108 v2024 (#33184). Contributed by @t3chguy. [Backport staging] Fix broken scrollbar introduced by separator redesign (#33947). Contributed by @RiotRobot. Apply html utils sanitiser to embedded page (#33842). Contributed by @t3chguy. Room list: fix keyboard navigation on sections (#33809). Contributed by @florianduros. Make presence icons & colours consistent throughout the app (#33764). Contributed by @dbkr. Room list: display compose menu when sections are enabled (#33725). Contributed by @florianduros.
  • 60 651
    60 Topics
    651 Posts
    Package UpdatesP
    [1.29.2] Update mattermost to 11.8.2 Full Changelog Mattermost Platform Release 11.8.2 contains Medium severity level security fixes.
  • 66 509
    66 Topics
    509 Posts
    milian.hackradtM
    HTMLPurifier appears to be trying to write into a directory that isn't writable on Cloudron's read-only fs: PHP Warning - Directory /app/code/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer not writable. - in file /app/code/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php - at line 295 [] It's only a warning so I'm not sure it actually breaks anything, but this does not look like an upstream bug. Writing into that directory seems to be standard HTMLPurifier behavior and their documentation covers it. There's also a report of the same issue in another Cloudron app: https://forum.cloudron.io/topic/15476/repeated-htmlprurifier-warnings Steps to reproduce: Install Mautic 7.1.2 (Package version 6.1.1) Log in Create a form In the "Fields" tab, add a new "Number" field, keeping default settings by immediately clicking "Add" in the modal Save the form Open the terminal for the Cloudron app Run cat /var/run/mautic/var/logs/mautic_prod-*.php The error shows up in Mautic's error log a couple of times.
  • 9 108
    9 Topics
    108 Posts
    Package UpdatesP
    [1.43.1] Update mealie to 3.20.1 Full Changelog fix: Invisible quantities @michael-genson (#7811) fix(deps): update dependency pydantic-settings to v2.14.2 [security] @renovate[bot] (#7782) fix(deps): update dependency fastapi to v0.138.0 @renovate[bot] (#7806)
  • 9 95
    9 Topics
    95 Posts
    Package UpdatesP
    [3.7.0] Update mediawiki to 1.46.0 Full Changelog
  • 14 99
    14 Topics
    99 Posts
    Package UpdatesP
    [1.23.2] Update meemo to 1.23.2 Mitigate path traversal exploit - thanks to Dickson Godwin Massawe for finding and reporting the problem
  • 6 49
    6 Topics
    49 Posts
    Package UpdatesP
    [2.1.1] Update memos to 0.29.1 Full Changelog markdown: keep task item content in one grid column (7c3bff4) support <meta name=description> in link previews (#6000) (e8d32e8) web: render video attachment posters on mobile (0e2a9a9)
  • 18 680
    18 Topics
    680 Posts
    Package UpdatesP
    [3.17.4] Update metabase to 0.62.3.6
  • 2 7
    2 Topics
    7 Posts
    J
    @jendrik the ui is a bit confusing. You have to switch the mode to Private . Ideally, that password field should be disabled or hidden when 'Public'. [image: 1777903757310-67cd6c39-a43e-4446-9f92-fe1d26f59591-image.jpeg]
  • 50 503
    50 Topics
    503 Posts
    Package UpdatesP
    [2.38.2] Update bedrock to 1.26.32.2
  • 11 99
    11 Topics
    99 Posts
    Package UpdatesP
    [1.7.2] Update v2 to 2.3.2 Full Changelog Search queries now use PostgreSQL's websearch_to_tsquery, allowing quoted phrases, OR operators, and negation (-term) in search expressions. Added GET /v1/entries/ids to efficiently retrieve paginated entry IDs. Added support for updating the starred status of multiple entries through PUT /v1/entries. API clients can now filter entries by tags. Prevent username enumeration through login timing differences. PostgreSQL installations running in FIPS mode are now fully supported by replacing MD5 with SHA-256 for enclosure uniqueness. This change raises the minimum supported PostgreSQL version to 11. Fixed validation of per-feed entry filter rules in the web interface. SOCKS proxy URLs can once again be configured for individual feeds. Fixed enclosure URL proxying consistency across API endpoints. Fixed several API handlers that incorrectly returned 404 Not Found or 400 Bad Request instead of proper server errors.
  • 54 699
    54 Topics
    699 Posts
    doodlemania2D
    @uroni Nicely done!
  • 48 1k
    48 Topics
    1k Posts
    Package UpdatesP
    [1.19.22] Update mirotalkp2p to 1.8.64
  • 16 103
    16 Topics
    103 Posts
    nebulonN
    The app package runs the cron job as outlined in https://github.com/monicahq/monica/blob/4.x/docs/installation/providers/generic.md#4-configure-cron-job Can you open a webterminal into the app and run it manually via: sudo -E -u www-data php /app/code/artisan schedule:run and see if it shows an error or sends the mails then?
  • 42 343
    42 Topics
    343 Posts
    Package UpdatesP
    [4.1.1] Update moodle to 5.2.1 Full Changelog
  • 155 1k
    155 Topics
    1k Posts
    J
    @alwynispat n8n is configured to use postgres as it's application database. AFAIK, n8n data tables uses the same database configuration .
  • 19 168
    19 Topics
    168 Posts
    jamesJ
    Hello @teiluj Fixed with https://forum.cloudron.io/post/125766
  • 408 3k
    408 Topics
    3k Posts
    G
    Thanks a lot for your support we will discuss in our team how to proceed but with your help, the way look promising.
  • 31 304
    31 Topics
    304 Posts
    Package UpdatesP
    [1.44.0] Update nocodb | stage to 2026.06.2 Full Changelog
  • 64 538
    64 Topics
    538 Posts
    Package UpdatesP
    [2.30.0] Enable scaling by allowing to spin up more nodebb processes to utilize multiple CPU cores See https://docs.cloudron.io/packages/nodebb/#scaling
  • 13 106
    13 Topics
    106 Posts
    Package UpdatesP
    [1.28.0] Update ntfy to 2.25.0 Full Changelog Generate access tokens, IDs, and magic-link tokens with a cryptographically secure RNG (crypto/rand) instead of a clock-seeded PRNG Add password reset via emailed magic link, with a "Forgot password" link on the login page and a ntfy user reset-pass CLI command for admins Rework email verification to use durable, single-use, expiring magic links instead of in-memory 6-digit codes, and add a "primary" email (used for account recovery and as the X-Email: yes target) with verified/unverified state in the account UI You can now clear/read messages and delete messages with a GET request (#1771, thanks to @lemmi for reporting and to @wunter8 for implementing) Add a reload button to the web app's action bar when running as an installed PWA, which clears the service worker caches and hard-refreshes the app X-Email: yes (also true/1) now sends to your primary verified email regardless of the smtp-sender-verify setting (previously it was rejected unless verification was enabled); it requires being logged in with a verified address Grant users full access to their own sync topic (st_...) so cross-device subscription sync works under auth-default-access: deny-all (#733, #1795, thanks to @lmorchard for the contribution) Support HTTP (non-TLS) S3-compatible endpoints by preserving the endpoint scheme, e.g. for a local MinIO instance (#1794, #1734, thanks to @sskender for the contribution, and @Kernald for reporting) Stop silently stripping spaces from passwords while typing in the web app's login, signup, and password-reset forms (#1246, thanks to @aldem for reporting) Stop escaping <, >, and & as \u003c/\u003e/\u0026 in JSON responses (#1511, #1512, thanks to @wunter8 for the contribution)
  • 6 97
    6 Topics
    97 Posts
    Package UpdatesP
    [1.14.0] Update ollama to 0.31.1 Full Changelog Tightened Gemma 4 MoE model loading in the MLX engine Updated the MLX engine to the latest version, including a new small-batch matmul kernel Updated the underlying llama.cpp engine to build 9840 Improved Gemma 4 multi-token prediction (MTP) performance
  • 5 46
    5 Topics
    46 Posts
    Package UpdatesP
    [1.5.1] Update omeka-s to 4.2.1 Full Changelog Block titles for the IIIF page blocks were not properly escaped The IIIF presentation page block did not respect the site's configured IIIF viewer setting for the Mirador theme Some fields were not aligned properly on the admin advanced search Themes could not use the Ckeditor form elements to allow HTML input for theme settings Unnecessary spacing when listing data types in resource template browse Modules using older code for database queries could encounter errors related to core events like those used for processing fulltext search The Asset add form only allowed a fixed list of file types regardless of what types were specified in config The confirm password check did not properly run when the confirm box was left blank
  • 52 431
    52 Topics
    431 Posts
    jamesJ
    Hello Upstream reported that the issue will be resolved with the next release. https://github.com/ONLYOFFICE/DocumentServer/issues/3686#issuecomment-4631461296
  • 6 42
    6 Topics
    42 Posts
    Package UpdatesP
    [0.9.0] Update opencloud to 6.1.0 Full Changelog Add a flag to the reindex command to force a full reindex [#2606] proxy: Allow mapping from an external tenant id to the internal id [#2569] feat: enable EnableInsertRemoteFile WOPI flag for Collabora [#2555] feat(multi-tenancy): verify tenant via OIDC claim [#2559] Fix race conditions in the hybrid metadata backend [#594] fix: error handling in upload session cleanup [#582] experimental: add darwin watchfs support [#471] Tracing [#596] fix: favorites list, undo delte doesn't return item to the favorites [#2382] feat: handle UI_InsertFile postMessage from Collabora [#2270]
  • 4 50
    4 Topics
    50 Posts
    Package UpdatesP
    [1.8.4] Update openhab-distro to 5.1.4 Full Changelog
  • 24 290
    24 Topics
    290 Posts
    Package UpdatesP
    [3.50.1] Update openproject to 17.5.1 Full Changelog Bugfix: Capital letters in user email or login break import with error. [#75924] Bugfix: Page scrolls down to the bottom if user clicks on WP description when top of description is out of screen [#74186] Bugfix: Creation of new work packages and status transitions not possible aber upgrade to 17.5 [#75961] Bugfix: Renaming of projects causes AMPF sync to fail [#76022] Bugfix: Direct upload failing on SaaS since new prefix key is added [#75811]
  • 4 Topics
    34 Posts
    J
    Hi @girish so I learned something while setting up my Radicale and OWC. It seems like the calendar client publishing in to the ICS in Radicale (or wherever your ICS source lives) can matter. When I used the Calendar app on macOS I saw no descriptions. When I used Thunderbird I do. You can see it on my live page that has the OWC page in an iframe https://kb.filewave.com/books/community-engagement/page/customer-event-schedule and if you click on events in the agenda then the description shows. I think initially I was also hoping to show description on the Agenda page without clicking on an event but originally I was bothered that I just couldn't get description to show up. So now it does at least show up when you click an event. I haven't looked at why Calendar doesn't make a summary that shows and Thunderbird does but I'm fine using Thunderbird to put events in my calendar feed.
  • 80 734
    80 Topics
    734 Posts
    L
    Hello all. We have been doing a deep recce on what GPU support would take in 2026, and we think the landscape has shifted enough since it was last assessed to be worth a fresh summary. Posting the salient parts with links, in case it helps the team and anyone experimenting. The "patched docker" requirement appears to be gone. The last assessment (here) noted that NVIDIA seemed to need a patched Docker while Cloudron relies on the official Ubuntu packages. That was true for years, the old nvidia-docker stack did require a custom runtime, but the Container Device Interface (CDI) has since removed the requirement: Docker Engine supports CDI natively since 25.0 and enables it by default in the 28.x series (the CNCF CDI docs say from 28.2.0, the Docker docs say 28.3.0). The official Ubuntu 24.04 docker.io package now carries 28.2.2 in noble-updates and 27.5.1 in the security pocket (Launchpad). So the stock Ubuntu packages already have CDI: default-on at 28.2.2, or a one-line daemon.json feature flag on 27.5.1. With CDI there is no custom runtime and no default-runtime change. The host needs the NVIDIA driver plus nvidia-container-toolkit, which provides nvidia-ctk cdi generate and now ships an nvidia-cdi-refresh service that regenerates the spec automatically when the driver changes (NVIDIA docs, releases, currently 1.19.1). Containers then receive GPUs via --device nvidia.com/gpu=all, which maps to an ordinary device request in the Engine API. Quick check on any host: docker version --format '{{.Server.Version}}' docker info | grep -iA2 cdi # on a GPU host with a generated spec: docker run --rm --device nvidia.com/gpu=all ubuntu:24.04 nvidia-smi -L The platform change may be smaller than expected. The manifest already has the vaapi capability passing /dev/dri. An equivalent capability, or a per-app admin toggle, that appends a CDI device request at container create looks like most of the change, and it can no-op silently when no CDI spec exists, so GPU-less servers are unaffected. AMD compute (ROCm) would only additionally need /dev/kfd; Intel and AMD media is arguably covered by vaapi already. Two caveats from the research: The reliability risk has moved from Docker to the driver lifecycle. The recent report of a server left unbootable after a driver update is the failure class to design against: the -server LTS driver branch, apt holds, and a deliberate upgrade procedure rather than unattended driver updates. The container toolkit had several critical escape CVEs through 2024 and 2025, mostly in the legacy hook path. CDI mode plus a current toolkit is the safer default, and GPU servers are best treated as trusted-workload machines. On the testing-hardware constraint mentioned previously: hardware offers have been made in this thread before, and we are happy to run validation on real NVIDIA hardware and share results.
  • 3 14
    3 Topics
    14 Posts
    Package UpdatesP
    [1.1.4] Fixup docs link
  • 15 94
    15 Topics
    94 Posts
    Package UpdatesP
    [2.4.3] Update osTicket to 1.18.4 Full Changelog security: Latest Patches 06/2026 (52c366f, 5afdf54, c54a6ac, 1e39bf1, feccb6a, 6eb6b98, 078516e, 98abb05, e52e010, fd96bba, 7bbd8ab, ba6217a, 580e1c8, b535782, 5963797, d590a97, eaebe01, b4cc092, d457c14, 5600f94, 5ff9795, 119cefe, b4ede88, 2a0c388, 6558b33)
  • 30 196
    30 Topics
    196 Posts
    N
    This ended up being a caching issue. I uninstalled/reinstalled numerous times and it still didn't work. Once I cleared the cache it started working.
  • 17 104
    17 Topics
    104 Posts
    Package UpdatesP
    [1.6.2] Update owncast to 0.2.5 Full Changelog fedi_spin.gif as a new emoji. #​4721 Add support for federation shared inboxes #​4212 Add require chat authentication to take part in chat #​4732 Favicon customization #​868 Explicitly mention shortcut keys in video player #​3785 Remove special characters from auto-generated stream keys as not all broadcast software support them #​4690 Sanitize actor displaynames #​4864 Fediverse followers contact name / profile picture now get updated and invalid users get removed #​2923 Fediverse action titles can overflow in chat #​4773 Path Prefix for S3 Not Working On file cleanups #​4784
  • 3 16
    3 Topics
    16 Posts
    Package UpdatesP
    [1.3.0] Update base image to 5.0.0
  • 67 558
    67 Topics
    558 Posts
    J
    Most (all?) of it is related to quality of life changes (env var renames). Should be easily fixable in the Cloudron package.
  • 2 11
    2 Topics
    11 Posts
    girishG
    You can still install it like this https://my.<cloudron>/#/appstore/rocks.paperwork.cloudronapp . But note that it was last updated 3 years ago. I tried to build a new version with latest with PHP a year ago and the app was not even building anymore. They have been re-writing a new version for a couple of years now.
  • 106 918
    106 Topics
    918 Posts
    Package UpdatesP
    [4.7.3] Update PeerTube to 8.2.2 Full Changelog We strongly recommend all administrators upgrade immediately. This release addresses vulnerabilities ranging from medium to high severity affecting PeerTube <= 8.2.1. Security hardening is also included. Accept short UUIDs for loadByIdOrUUID and loadByIdOrUUIDWithFiles plugin helpers Allow restricted embed to be displayed on the origin instance Fix invalid state error on failed move job Fix missing mutex lock when managing video captions Fix broken embed when the tab is loaded in the background on Firefox Fix menu collapse/extend icon on RTL layout
  • 21 181
    21 Topics
    181 Posts
    Package UpdatesP
    [1.18.3] Update penpot to 2.16.2 Full Changelog Fix error 500 when submitting the contact form #10178 (MR: #10419) Fix text editor modifying content and detaching applied typography tokens #10389 (MR: #10402)
  • 6 Topics
    24 Posts
    girishG
    App discontinued due to no upstream updates.
  • 4 Topics
    12 Posts
    girishG
    The upstream project has not released in almost 3 years now. We had to build from develop to get some PHP 8 support going, but there are bugs like https://github.com/phpservermon/phpservermon/issues/1196 , https://github.com/phpservermon/phpservermon/issues/1232 . There's also a bunch of basic issues: Normal user cannot login after admin user logs in. Some issue related to service worker. LDAP functionality is incomplete
  • 5 63
    5 Topics
    63 Posts
    Package UpdatesP
    [3.4.0] Update Piwigo to 16.4.0 Full Changelog Release note
  • 80 670
    80 Topics
    670 Posts
    nebulonN
    Seems like for some unknown reason putting the app in debug mode and back out of debug mode fixed it.
  • 3 16
    3 Topics
    16 Posts
    sponchS
    new update helped. working now
  • 9 149
    9 Topics
    149 Posts
    Package UpdatesP
    [1.17.5] Update pocketbase to 0.39.5 Full Changelog Limit with ellipsis long url field values. Readded the "fullscreen" editor field option and preloaded the TinyMCE component for slightly faster initial rendering (#7746). Updated goja (TypedArray fixes).
  • 22 222
    22 Topics
    222 Posts
    robiR
    Here's the video:
  • 9 80
    9 Topics
    80 Posts
    Package UpdatesP
    [1.9.0] Update pretix to 2026.6.0 Full Changelog
  • 8 58
    8 Topics
    58 Posts
    Package UpdatesP
    [1.11.4] Update PrivateBin to 2.0.4 Full Changelog ADDED: Translations for Swedish & Persian CHANGED: Deduplicate JSON error message translations CHANGED: Refactored translation of exception messages CHANGED: Upgrading libraries to: DOMpurify 3.4.1, ip-lib 1.22.0, polyfill-php80 1.34.0 & zlib 1.3.2 CHANGED: Remove obsolete X-XSS-Protection header (#1825) FIXED: Some exceptions not getting translated FIXED: Attachment disappears after a "paste" in the message area (#1731) FIXED: The content format is not reset when creating a new document (#1707)
  • 19 227
    19 Topics
    227 Posts
    Package UpdatesP
    [1.16.1] Update alertmanager to 0.33.1 Full Changelog [BUGFIX] doc: fix missing notification_reason field in webhook documentation (#5329) [BUGFIX] silences: fix silences snapshot missing legacy matchers field. This caused a bug that prevented older alertmanager versions from reading newer snapshots unnecessarily. (#5330) [BUGFIX] silence with no matchers should populate an empty array in API response (#5331)
  • 6 105
    6 Topics
    105 Posts
    Package UpdatesP
    [2.28.0] Update VueTorrent to 2.34.0 Full Changelog Settings/WebUI: Add API key support for qBit 5.2.0+ (#2784) (71ff0ec) Sidebar: Add DHT node and peer connection count (#2774) (4a5c857) login: restore vertical centering after Vuetify v4 migration (#2775) (ce05f81) support shareLimitAction in per-torrent view editing (qBit 5.2.0+) (#2780) (7bb3d16)
  • 15 160
    15 Topics
    160 Posts
    Package UpdatesP
    [2.14.4] chore(deps): update dependency radicale to v3.7.5
  • 16 195
    16 Topics
    195 Posts
    Package UpdatesP
    [2.11.0] Update rallly to 4.11.1 Full Changelog Keep environment validation out of the client bundle (#2476, fixes #2474) Polls now default to time-based options with a duration picker (#2466) Hidden participants are anonymized instead of dropped, so the grid stays readable (#2422) Redesigned poll settings form (#2423) Faster first load: browser-cached manifest and icons, fewer round trips (#2438) All-day polls stay on the same date across timezones (#2470) Voters can edit responses from the confirmation email when participants are hidden (#2399) OTP codes are reused on resend, so the latest email always works (#2439) Gravatar is disabled on self-hosted instances; avatars fall back to initials (#2462)
  • 9 75
    9 Topics
    75 Posts
    girishG
    App discontinued due to no upstream updates.
  • 14 106
    14 Topics
    106 Posts
    Package UpdatesP
    [5.4.0] Update redash to 26.3.0 Full Changelog
  • 18 171
    18 Topics
    171 Posts
    jamesJ
    Redmine update 7.0.0 blocked due to regression in redmine_oauth. Waiting for new release of redmine_oauth to fix the issue.
  • 16 108
    16 Topics
    108 Posts
    timconsidineT
    Just installed ReleaseBell to monitor the apps I am packaging. But it's not accurate Shows https://github.com/windmill-labs/windmill as v1.457.0 but the actual GitHub page shows 1.645.0 Is there some config I should be changing ? Actually, just noticed it has 2 entries for windmill ( a starred project ), the other showing 1.573.0
  • 71 785
    71 Topics
    785 Posts
    Package UpdatesP
    [3.5.0] Update Rocket.Chat to 8.6.0 Full Changelog Adds Virtru as an external attribute store option for attribute-based access control, selectable under Administration > Settings > ABAC, and deactivates users locked out in LDAP or Active Directory during sync. Added LibreTranslate as a message auto-translation provider, alongside Google, DeepL and Microsoft. LibreTranslate can be self-hosted, enabling fully on-premise / offline message auto-translation. Configure the instance URL (and optional API key) under Admin Settings Message Auto-Translate LibreTranslate and select it as the Service Provider. Added a new rooms.join REST endpoint that lets a user join any room type, replicating the behavior of the deprecated joinRoom DDP method. Introduces popout functionality for voice calls Fixes S3 file upload failing when the region setting is empty or the endpoint is configured without a URL scheme Fixes auto-translate not activating for users who set their language preference after joining rooms Fixes an issue that allowed users to create a DM and send messages to a deactivated account Fixes an issue where updating an app in quick succession could crash the server. Fixes an issue where editing or deleting a message in a federated room caused subsequent messages to stop syncing between servers Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)
  • 54 369
    54 Topics
    369 Posts
    Package UpdatesP
    [2.10.2] Update roundcubemail to 1.7.2 Full Changelog Add HEAD request handler to the static.php Fix so the oauth_password_claim claim is retrieved via token or userinfo request (#9631) Fix bug where static.php would return a 416 error on a specific Range request (#10194) Fix bug where configured skin logo wasn't loaded via static.php resulting in 404 error (#10191) Fix bug where installto.sh would fail if public_html folder does not exist in the target directory (#10202) Revert "Prefer 8bit over quoted-printable for HTML parts, when force_7bit is disabled (#8477)" (#10198) Fix incorrect unfolding of folded lines when importing vCard 2.1 contacts (#9647) Fix bug where Imagick could leave large temporary files on failure (#10230) Fix bug where redis/memcache session could have been updated more often than needed Fix support for untyped tokens in OIDC backchannel logout, require unset nonce (#10097)
  • 9 62
    9 Topics
    62 Posts
    O
    @girish said: @rmdes @odie I have updated the app to use symlinks under /app/data/bridges. You can add new bridges there or delete some symlink and add your own. Thank you! Works excellent!
  • 1 23
    1 Topics
    23 Posts
    Package UpdatesP
    [0.18.0] Update rustfs to 1.0.0-beta.8 Full Changelog feat(table-catalog): add object-backed catalog store by @marshawcoco in #3206 feat(scanner): add partial scan resume hints by @marshawcoco in #3207 perf(erasure): remove UUID from clone + increase encode inflight budget by @overtrue in #3212 fix(signer): address post-merge review comments by @overtrue in #3216 fix(server): normalize empty request content length by @GatewayJ in #3215 fix(bucket-encryption): populate default KMS key for SSE-KMS without key ID by @overtrue in #3225 fix(replication): normalize local site endpoint port by @cxymds in #3249 fix: return 503 on lock contention instead of 500 by @overtrue in #3274 feat(rio): rio_v2 is compatible with minio for storing data. by @reatang in #3115 feat(kms): migrate KMS handlers to dedicated actions by @overtrue in #3298
  • 4 15
    4 Topics
    15 Posts
    girishG
    Given that the upstream project is not maintained anymore, we have hidden this in the appstore. I had also submitted a PR upstream for a basic issue which is ignored - https://github.com/aliasaria/scrumblr/pull/161
  • 17 247
    17 Topics
    247 Posts
    Package UpdatesP
    [2.101.0] Update searxng to a643858
  • 1 21
    1 Topics
    21 Posts
    Package UpdatesP
    [1.15.0] Update seaweedfs to 4.38 Full Changelog #10130 Fix scrubbing of deleted needles on EC volumes #10186 return IncompleteBody instead of 500 for truncated PUT bodies #10192 embedded IAM inline policy honors prefix-scoped resources #10203 stream offloaded metadata-log entries to fix concurrent-write OOM #10185 drop stale volume-location cache on under-replication #10229 bound intra-cluster HTTP so an unresponsive peer can't hang reads/writes #10214 paginate ListBuckets and serve from a bucket owner index #10224 enforce bucket quota on logical size + read-only state in Admin UI #10204 add ec.shard.unmount command #10236 FULL_OBJECT checksumming for CRC
  • 5 35
    5 Topics
    35 Posts
    Package UpdatesP
    [1.4.0] Update serpbear to 3.1.0 Full Changelog add subdomain matching functionality (4533737), closes #​324 enhance error handling and response structure in scraper functions (4f394c2) minor ui issue (eecf88a) prevent corrupt failed queue file to reset the app settings (c306fa0), closes #​328 resolves broken google ads oauth of instances behind reverse proxy (a988b13), closes #​326 resolves cron issue with certain port mapping config (d86616a) resolves issue that prevents refreshing all keywords when one fails (77cfa2f)
  • 14 85
    14 Topics
    85 Posts
    Package UpdatesP
    [1.4.3] Update sftpgo to 2.7.4 Full Changelog Symbolic links: the new symlink_mode setting selects, per backend, whether clients holding the create_symlinks permission may create symbolic links on the local filesystem, the SFTP backend, or both. It is disabled by default. Creating a link requires create_symlinks on both the link's directory and the directory it points into, so per-directory permissions are enforced consistently on the path the client requests. OIDC redirect: the WebClient OIDC login now preserves a next redirect target across the IdP round-trip. httpd: return after a CSRF failure in the web client login. The login POST handler rendered the CSRF error page but did not return, so execution fell through into the post-connect hook and the credential verification pipeline. Added the missing return to match the admin login, password reset, and setup handlers. Improve symbolic links handling and add more test cases. httpd: clean and unify the WebClient post-login redirect target validation.
  • 5 47
    5 Topics
    47 Posts
    Package UpdatesP
    [2.18.3] Update Shaarli to 0.16.3 Full Changelog fix(xss): escape bookmark title in permalink pagetitle build/release: no longer build .tar.gz full release archives, only provide .zip build: fix inconsistent file permissions in release archives (Fixes #2214) doc: fix issues in the release procedure
  • 7 50
    7 Topics
    50 Posts
    jdaviescoatesJ
    @girish said in SickChill unlisted from app store: I hope they atleast bring back the issue tracker Out of interest, why does this matter for Cloudron? BTW, someone has replied to the thread I started on Discord informing me that the master releases are these https://pypi.org/project/sickchill/ Doesn't look like there has been a new one since March though.
  • 2 15
    2 Topics
    15 Posts
    Package UpdatesP
    [1.3.0] Update shiori to 1.8.0 Full Changelog feat(apiv1): refactor tags api (#1075) feat: add PWA support share functionality (#1060) feat: add apis to handle bookmark tags (#1081) feat: allow tag filtering and count retrieval via api v1 (#1079) feat: improve SQLite performance (#1024) feat: reverts message in json output and allows configuration (#1082) feat: support proxy forward headers authentication (#1105) fix: auth validation on existing sessions, rely on token only (#1069) fix: incorrectly set cookie's expires value in login.js (#1049) fix: parse pocket new CSV format (#1112
  • 4 Topics
    41 Posts
    girishG
    The upstream project is archived - https://github.com/boypt/simple-torrent/ . There has been no changes in 2 years and modules are not updated.
  • 33 346
    33 Topics
    346 Posts
    necrevistonnezrN
    @robi Technically true. And yet the only door you need to overcome to access all your mails.
  • 22 221
    22 Topics
    221 Posts
    Package UpdatesP
    [1.21.3] Update snipe-it to 8.6.3 Full Changelog Authentication/LDAP - Fixed [FD-56031] - throw Exception if STARTTLS fails by @uberbrady in #19190
  • 60 428
    60 Topics
    428 Posts
    Package UpdatesP
    [2.18.9] Update sogo to 5.12.9 Full Changelog Some users couldn't save their preferences anymore Email with event invitation had some display errors Email were wrongly displayed when searching for words Some emails where shown wrongly.
  • 13 104
    13 Topics
    104 Posts
    girishG
    Just checked on this again but it seems statping-ng is not going forward much . https://github.com/statping-ng/statping-ng/tags says the release was almost a year ago.
  • 44 467
    44 Topics
    467 Posts
    Package UpdatesP
    [3.15.0] Update Stirling-PDF to 2.14.0 Full Changelog Add login agreement disclaimer feature by @Frooodle in #6766 Add bulk comment and annotation clearing to editor by @MattSaito in #6792 Brand MSI installer and rename display name to Stirling PDF by @Frooodle in #6764 Align settings.yml defaults and fix dead/mismapped settings by @Frooodle in #6816 UX improvement for side menu bookmark, comments and attachments by @Frooodle in #6552 feat(policies): enforce run-on-export policies on all PDF exit paths by @reecebrowne in #6788 Fix missing refresh token on desktop by @jbrunton96 in #6838 add file share to the top workbench bar and add shared signing by @EthanHealy01 in #6715 Signing UI edge-case cleanup by @EthanHealy01 in #6849
  • 15 145
    15 Topics
    145 Posts
    Package UpdatesP
    [1.12.1] update apache-superset to v6.1.0
  • 105 786
    105 Topics
    786 Posts
    nottheendN
    Thanks for the quick reaction!!
  • 32 240
    32 Topics
    240 Posts
    Package UpdatesP
    [1.34.1] Update syncthing to 2.1.1 Full Changelog fix(syncthing): properly upgrade via REST when Syncthing is running (fixes #10697) by @calmh in #10699 fix(versioner): ensure user read/write/execute on archived dirs (fixes #10532) by @calmh in #10696 fix(discover): only announce wildcard for TCP punching when listening on wildcard address (fixes #10503) by @calmh in #10691 fix(stcrashreceiver): close source loader responses on errors by @mattn in #10704 fix(protocol): handle zero-size requests (fixes #10709) by @calmh in #10710
  • 21 204
    21 Topics
    204 Posts
    Package UpdatesP
    [2.19.5] Update taiga-back to 6.10.2 Full Changelog fix: enforce permission check on create_default due date endpoints
  • 6 99
    6 Topics
    99 Posts
    Package UpdatesP
    [1.12.12] Update recipes to 2.6.13 Full Changelog updated translations
  • 10 69
    10 Topics
    69 Posts
    Package UpdatesP
    [1.5.2] Fixup doc URL
  • 9 79
    9 Topics
    79 Posts
    timconsidineT
    @timconsidine said in Teddit Subscriptions no longer working: Just FYI - my LibReddit - selfhosted as Docker on another VPS = is still working. But now it is down. Maybe they have caught up with me.
  • 5 51
    5 Topics
    51 Posts
    Package UpdatesP
    [1.23.1] Update thelounge to 4.5.1 Full Changelog Replace is-utf8, read-chunk dependencies with Node replacements (#5077) (d21c6fb by @MaxLeiter) sqlite: add message history index (#5107) (dc7f79f by @MaxLeiter) ident: normalize ipv4-mapped addresses when comparing (#5102) (283b6f4 by @MaxLeiter) readme: fix image (#5109) (6172ab2 by @MaxLeiter)
  • 10 67
    10 Topics
    67 Posts
    girishG
    @Sam_uk we have unlisted TLDraw by now. Please see https://forum.cloudron.io/topic/10806/no-more-updates-to-tldraw . The license and company direction has changed.
  • 21 222
    21 Topics
    222 Posts
    Package UpdatesP
    [1.27.2] Update traccar to 6.14.5 Full Changelog
  • 10 103
    10 Topics
    103 Posts
    Package UpdatesP
    [2.7.4] Update libretranslate to 1.9.6 Full Changelog Turkish UI
  • 12 81
    12 Topics
    81 Posts
    Package UpdatesP
    [2.5.3] Update transmission to 4.1.3 Full Changelog Fixed a CORS bug that leaked the anti-CSRF nonce. (#8938) Fixed a use-after-free bug in peer code. (#8921) Fixed build error when compiling with fmt 12.2.0. (#8942) Fixed a 4.1.2 build error in tests. (#8881)
  • 13 159
    13 Topics
    159 Posts
    Package UpdatesP
    [1.29.0] Update Trilium to 0.103.0 Full Changelog api.axios has been removed. It has already been marked as deprecated for more than two years now and given the recent security compromise and the fact that it's not actually used in the Trilium code base we took the decision to remove it completely. Please update your scripts to use the built-in fetch() instead. api.cheerio has been marked as deprecated, but not removed. As an alternative we provide node-html-parser which has a more DOM-oriented syntax. A long-awaited note type is now supported: Spreadsheets, allowing for a familiar (Excel-like) editing experience with formulas, powered by Univer Sheets. Basic Markdown support with preview and sync scrolling. Built-in OCR support for images, but also PDF and Office (Word, PowerPoint, Spreadsheet) text extraction which integrates with the search function. See the Media page in Options for configuration. Custom dictionary is now synchronized across instances New deployment for Linux under test: AppImage We are reintroducing an LLM chat functionality with full-size chats as well as a sidebar with tools that allow it to alter your notes or even create scripts. Save indicator not showing in quick edit popup. Grid of child notes does not clear floats.
  • 37 416
    37 Topics
    416 Posts
    Package UpdatesP
    [2.94.0] Update tt-rss to 8edf462
  • 12 86
    12 Topics
    86 Posts
    jamesJ
    Hello @icegorilla and other @twenty users We just published @twenty 2.17.0. If there are any issues after the update, please let me know since we removed the --force migration since upstream fixed the issue. But, getting some feedback would be appreciated.
  • 42 298
    42 Topics
    298 Posts
    Package UpdatesP
    [1.25.1] Update typebot.io to 3.17.2 Full Changelog Configure WhatsApp forwarded events (#2528) [c5516cd] Configure WhatsApp webhook forwarding URL (#2529) [3db24c4] Fix landing page Discord URL (#2512) [b4a7aab] Fix missing result columns in CSV export (#2513) [08cb6ea] Fix OpenAI audio transcription uploads (#2521) [2fd5510] Fix OpenAI chat completions endpoint (#2522) [b252a9c] Fix embedded audio uploads (#2523) [c82ac43] Ignore expected WhatsApp webhook errors (#2527) [3b321f4] Block IPv6 unspecified SSRF targets (#2511) [f56c3c3]
  • 33 278
    33 Topics
    278 Posts
    S
    Had the same issue — Umami stuck on "Not responding" with build-app exiting with code 137 during next build --turbo. Fix: temporarily bump RAM to 8 GB for the first start, let the build complete, then reduce. In my case 3 GB is the minimum stable amount for ongoing operation — 2.5 GB still crashes. Hope this saves someone some time. Would be great if the package could ship with a pre-compiled build to avoid this entirely.
  • 39 348
    39 Topics
    348 Posts
    Package UpdatesP
    [2.6.2] Update cloudflared to 2026.6.1
  • 19 126
    19 Topics
    126 Posts
    Package UpdatesP
    [1.6.1] fix: Mod support
  • 4 118
    4 Topics
    118 Posts
    Package UpdatesP
    [1.83.4] Update vault to 2.0.3 Full Changelog auth/radius: Added case_insensitive_names toggle to prevent username collisions and enable case-insensitive user handling. core/acl: Fix LIST ACL bypass where a trailing-slash request could skip a more-specific deny rule. core: Use constant-time recovery token comparison core/acl: LIST requests with a trailing slash now correctly respect more-specific deny policies. Previously, a deny on path "kv/*" { deny } could be bypassed for LIST kv/private/ if a broader allow path "kv/*" also existed. Policies relying on the previous (incorrect) behavior may now be denied. core: Vault will now redirect non-canonicalized paths (containing /./, /../, or //) to a cleaned path, instead of rejecting these requests AI Agent Support (Beta/Enterprise): Adds beta support for first-class AI agents. Adds an Agent Registry to register agents, and adds support for using Vault as an OAuth resource server for registered agent entities. When configured, allows OAuth 2.0 JWTs to be used to directly authorize requests to Vault, without needing a Vault token. core/rotationMgr: Fix storage routing for local mounts in namespaces to prevent metadata replication and ensure GDPR compliance. secrets/pki: Fix PKI certificate issuance not_after time to respect max TTL. secrets/transit: Add managed key support to Transit rewrap endpoint. storage/raft: reject performance_multiplier values less than or equal to zero
  • 95 812
    95 Topics
    812 Posts
    jdaviescoatesJ
    @james said: Please follow these steps if you have this issue: Can this script be run on the working version I reverted to, or do I need to update to the broken version and then run it? Edit: yes, it seems fixing the db and then updating also works fine.
  • 9 164
    9 Topics
    164 Posts
    Package UpdatesP
    [1.79.2] Update verdaccio to 6.7.4 Full Changelog fix: run jwt middleware before middleware plugins fix: enforce generated npm token metadata fix: allow npm token create without readonly/cidr_whitelist Update verdaccio dependencies to the latest npm dist-tag (@verdaccio/ui-theme tracks next-9
  • 37 260
    37 Topics
    260 Posts
    P
    Hi all, another iOs client for Vikunja, also supports off-line mode: https://marco308.github.io/mdone/ https://community.vikunja.io/t/mdone-a-native-ios-and-macos-app-for-vikunja/4548
  • 66 514
    66 Topics
    514 Posts
    L
    @girish Running a VPN on port 443 helps circumvent censorship for two main reasons: it bypasses simple port-based blocking (extremely common) and makes the traffic much harder for Deep Packet Inspection (DPI) to flag without causing massive collateral damage. 1. It defeats basic port-based firewalls (the most common form of blocking) Many networks: corporate firewalls, hotel/airport Wi-Fi, university networks, and even some national censors, don't allow arbitrary outbound ports. They only permit port 80 (HTTP) and port 443 (HTTPS) because those are required for normal web browsing. Standard VPN ports get blocked instantly: OpenVPN UDP: 1194 WireGuard: 51820 IKEv2: 500/4500 Port 443 is untouchable for practical purposes. Blocking it would break online banking, shopping, video calls, government services, etc. Censors and network admins almost never do this. This alone explains why "just change the port to 443" works in many restrictive environments (hotels, offices, schools, etc.). 2. It helps against Deep Packet Inspection (DPI) but not magically by itself DPI goes beyond ports and looks inside the packets for protocol signatures, handshake patterns, traffic shapes, entropy, etc. Why port 443 still helps here: Legitimate HTTPS traffic on port 443 is encrypted and highly variable. DPI systems have to be very careful when analyzing it, because false positives would break real websites. Blanket-blocking or aggressively throttling port 443 is politically and technically expensive for censors. When your VPN runs on 443 and starts with a TLS handshake, it at least looks like normal web traffic at first glance. This forces the DPI system to do deeper (more expensive) analysis on a huge volume of traffic. However, plain OpenVPN or WireGuard on TCP/UDP 443 is often still detectable by modern DPI. The TLS handshake and subsequent traffic patterns differ from real browser HTTPS traffic (missing ALPN extensions, different JA3 fingerprints, packet timing/size distributions, etc.). 3. Real stealth comes from combining port 443 + proper obfuscation This is where modern censorship circumvention shines: Technique How it works on port 443 DPI resistance Notes Plain OpenVPN TCP 443 TLS handshake on 443 Weak–Medium Better than other ports but detectable OpenVPN + obfsproxy/stunnel Wraps traffic to look more like HTTPS Medium Classic but dated Trojan Real TLS + behaves like a real web server Very High Excellent — returns fake website on probe VLESS + REALITY / XTLS Borrows real domain TLS fingerprint Very High Current state-of-the-art Shadowsocks + obfs Simple + obfuscation layer High Lightweight and effective Hysteria2 / TUIC (QUIC) UDP 443 mimicking HTTP/3 High Fast + good obfuscation SSTP or proprietary Stealth Built-in TLS wrapping Medium–High Easy for commercial VPNs Trojan is particularly elegant: it performs a real TLS handshake on port 443. If the client doesn't present the correct password hash, the server just serves a normal web page (or 404). To DPI and active probing, it looks like a legitimate HTTPS website. Summary: Why 443 is special Port blocking → Defeated almost completely. Basic/moderate DPI → Significantly harder (especially with obfuscation). Advanced DPI (e.g. China's GFW with ML) → Not sufficient alone, but still the best starting port. You need good obfuscation/protocol on top of it. This is why almost every serious censorship-circumvention tool (commercial "Stealth"/"Obfuscated" servers, Outline, V2Ray/Xray configs, Trojan setups, etc.) defaults to or strongly recommends port 443. Bottom line: Port 443 doesn't "beat" advanced DPI by magic — but it is one of the most important ingredients in any stealth strategy because it avoids easy blocks and forces censors into expensive, imperfect analysis of traffic that looks like normal web browsing. For real-world reliability against strong DPI, combine it with a proper obfuscated protocol (Trojan, REALITY, etc.). If you're building or evaluating a specific VPN app, the winning pattern in 2026 is usually: TLS-based stealth protocol on port 443 (or QUIC on 443) with good fingerprint resistance.
  • 20 169
    20 Topics
    169 Posts
    Package UpdatesP
    [2.5.6] Update wallabag to 2.6.14 Full Changelog Change version in wallabag.yml by @nicosomb in #8251 Fix deprecation by @j0k3r in #8267 Add annotations filter to entries API endpoint by @skn in #8346 Update dependencies by @yguedidi in #8435 Bump deps (mostly for siteconfig) by @j0k3r in #8489 Fix reading time computation for short entries by @andreadecorte in #8332 Fix urls parameter when sending many urls to be stored using the API by @j0k3r in #8488 Prepare 2.6.14 by @j0k3r in #8494
  • 5 83
    5 Topics
    83 Posts
    Package UpdatesP
    [1.22.3] Update Wallos to 4.9.6 Full Changelog account takeover via email-based account linking (b75f13d) harden oidc state validation and session rotation (#1071) (b75f13d) missing fields when cloning a subscription (b75f13d) ssrf via oidc token/userInfo url configuration (b75f13d) ssrf via test email notification (b75f13d) zip slip path traversal in database restore writes files to webroot (b75f13d)
  • 5 78
    5 Topics
    78 Posts
    Package UpdatesP
    [1.41.0] Update whitebophir to 2.15.0 Full Changelog
  • 8 155
    8 Topics
    155 Posts
    Package UpdatesP
    [1.45.0] Update weblate to 2026.7 Full Changelog Added Safe MDX, Source string length, and Accelerator key quality checks for MDX files JSX expressions, source length limits, and accelerator key consistency. Added Mistral machinery integration for Mistral LLM automatic suggestions. Project level backups backups can now be created and downloaded via the Weblate's REST API. Added an option to capitalize the text in status badge widgets. Regular expression and Placeholders now enforce regular expression timeouts when evaluating source-string flags (GHSA-r52j-4vjp-q949). Restricted component changes are no longer exposed through nested project, component, or translation API change endpoints (GHSA-92m8-wv36-prmx). ZIP downloads, including App store metadata files translation bundles, no longer follow child symbolic links outside the downloaded tree (GHSA-xwj4-fp82-r2rj). Teams enforcing two-factor authentication now also withhold site-wide permissions from human members without 2FA configured (GHSA-x86c-ff69-cr2m). DeepL now handles DeepL API versions internally, uses v3 for glossary management and language discovery, and no longer supports DeepL API v1. Fedora Messaging topics now include category path segments, and broker settings are stored as an AMQP URL with existing host and SSL settings migrated automatically.
  • 25 514
    25 Topics
    514 Posts
    Package UpdatesP
    [4.115.0] Update wekan to 9.77 Full Changelog ScannerBleed: shell injection (RCE) via a malicious upload filename in the external antivirus scanner command path (GHSA-x3xm-pxrv-jg7p, CWE-78 OS Command Injection). DnsBleed SSRF filter bypass via DNS-resolving hostname in outgoing webhooks (GHSA-66m2-4wfr-c45p, CWE-918). ExcelBleed broken access control in the Excel-export REST route lets any authenticated user export any private board (GHSA-mwq8-ccpm-r533, CWE-862 / CWE-639). Fix notification emails linked to /b/undefined/board/<cardId> instead of the real board Fix thousands of unsolicited empty "Default" swimlanes created on some boards Reduce card flicker on drag by only writing changed fields on a card move Fix DEFAULT_AUTHENTICATION_METHOD env var ignored, and Admin Panel Layout save hanging Fix #5808: linking a card to another linked card made both cards inaccessible Fix the "Board not found" flicker (stale-while-revalidate for the client board cache) Update to Meteor 3.5.
  • 16 139
    16 Topics
    139 Posts
    Package UpdatesP
    [1.13.7] Update wiki to 2.5.314 Full Changelog ec36eb2 - update arm docker base to node 24 (commit by @NGPixel) da64dcd - fix windows build missing migration file during tarball creation (commit by @NGPixel)
  • 4 69
    4 Topics
    69 Posts
    Package UpdatesP
    [2.17.0] Update woodpecker to 3.16.0 Full Changelog Gate Kubernetes serviceAccountName backend step config behind agent config [#6792] Harden agent rpc to check agentID on workflow [#6759] Add workflow concurrency limit option [#6671] Support Unix Sockets [#6721] Allow images for secrets to contain SHA256 for image pinning [#6784] server should drop stale queue tasks already missing in database [#6765] server queue api should ignore missing agent [#6763] local backend: on windows use process tree-walk as workaround to kill [#6718] Fix issue with deeply nested k8s backend_options [#6730] github dont fail on force push [#6697]
  • 113 Topics
    869 Posts
    Package UpdatesP
    [3.18.0] always activate daggerhart-openid-connect-generic before cloudron-sso
  • 226 Topics
    2k Posts
    jdaviescoatesJ
    @james said: Maybe we can also treat this topic as a feature request. Add the option to select apps to perform actions for the selected apps e.g.: update, disable/enable auto updates, stop/start etc. I've been meaning to add such a feature request.
  • 13 67
    13 Topics
    67 Posts
    Package UpdatesP
    [1.4.2] Update XBackBone to 3.8.2 Full Changelog allow pasting images/videos in Web UI via clipboard by @Sloth-on-meth in sergix44/xbackbone#650 Provide oembed endpoint by @matias49 in sergix44/xbackbone#632 Improve docs for large file upload limits and timeouts by @nandhan262006 in sergix44/xbackbone#651
  • 20 136
    20 Topics
    136 Posts
    Package UpdatesP
    [1.12.1] Update YOURLS to 1.10.4 Full Changelog fixed: Prevent XSS in stat pages through referrers (#4107) added: Localization support for date and time display (#4054) improved: Improve shunt filters (#4058) fixed: Notice overlapping logo in admin panel (#4069) fixed: Flag password file as user auth from environment variables (#4066) added: Filter SQL queries (#4064) improved: Improve debug functions and logic (#4089) improved: Make tests debugging easier (#4104)
  • 2 Topics
    11 Posts
    Package UpdatesP
    [0.5.1] Update urlaubsverwaltung to 6.1.1 Full Changelog both "absences" are highlighted in the menu #6327 Datepicker Tage haben unterschiedliche Breite #2447 Datepicker Visualisierung wird nicht aktualisiert bei Tastaturbedienung #2151 Datumsauswahl in "berstunden eintragen" funktioniert nicht immer #6314 Informationen beim Beantragen einerAbwesenheit der Kollegen bricht falsch um #6320 iOS zeigt den Datepicker bei Auswahl des Zeitraums oben statt unten an #5748 Krankmeldungsbersicht Filter Zeitraum nach Browser-Back nicht mehr nutzbar #5733 Men: Einklappen Button soll in Mobiler Ansicht nicht angezeigt werden #6330 Zwei Feiertage an einem Tag, nur der letzte wird in der Kalenderbersicht angezeigt #4174