Apps

2FAuth

9 70

9 Topics

70 Posts

[1.9.2] Update 2FAuth to 6.1.3 Full Changelog issue #533 Try my luck feature is currently grayed out Some minor UI glitches

Ackee

10 83

10 Topics

83 Posts

[1.8.0] Update Ackee to 3.6.0 Full Changelog Ackee now requires Node.js 24 or newer Vercel deployments and serverless functions (#401, #385)

Actual

7 55

7 Topics

55 Posts

[1.23.0] Update actual to 26.3.0 Full Changelog Compare Source View release notes

Hi @james now switched to Hetzner Cloud DNS, and the renewal worked. Thanks! Having used the manual wildcard config forever, I however still don't understand, how the first set of certs had been issued, that expired back in February.

Alltube

12 115

12 Topics

115 Posts

This look like a good replacement for Alltube (which we were using) https://github.com/alexta69/metube

Ampache

16 182

16 Topics

182 Posts

[1.25.3] Update ampache to 7.9.3 Full Changelog run:updateCatalogFile: Add -m|--move parameter to move file in the database to a new location run:updateCatalogFolder: Add -m|--move parameter to move all music in a folder to a new location Catch any Garbage Collection error for Albums Garbage collection for Albums missing from the album table License checks on upload not considering int ID's Star ratings scale Advanced Random actions missing joins for Artist and Album Don't limit Album track display by page size Extended orphan_album check in Song search Correct structuredLyrics array

Apache Answer

7 66

7 Topics

66 Posts

[1.7.0] Update answer to 2.0.0 Full Changelog New: AI Assistant feature (@shuashuai @LinkinStars #1479) New: MCP server feature (@LinkinStars @shuashuai #1480) New: API Keys feature (@LinkinStars @shuashuai #1482) New: Editor plugin support (@robinv8 #1481) Fixed: Add user in the Admin, no result prompt after submission (@bimakw #1457) Fixed: Fix/external id notification (@IfDougelseSa #1465) Fixed: fix: expand avatar column length from 1024 to 2048 (@csouls #1463) Fixed: When the input type of SchemeForm is a number, the default value of 0 is not displayed.@shuashuai

ArchiveBox

6 28

6 Topics

28 Posts

@girish I understand. Thanks!

Astral

4 25

4 Topics

25 Posts

Hello @andreasdueren Thanks for the report. Fixing it right now.

Audiobookshelf

8 118

8 Topics

118 Posts

[1.98.0] Update audiobookshelf to 2.34.0 Full Changelog Japanese language and Japan as podcast search region by @na3shkw in #5211 Autocomplete attributes on login and setup fields for password manager support by @meek2100 in #5089 Recent episodes not updating from cache when media progress changes in #5159 Error logging when a podcast's auto-download schedule has an invalid cron expression Public media item shares: use start time passed in query parameter for existing sessions by @pjkottke in #5163 Podcast episode downloads use SSRF filtering on the HTTP request (matches other external requests) Podcast create and update validate the auto-download schedule cron expression and sanitizes the HTML description Playlists, collections, and library item batch API routes enforce library and per-item access

AzuraCast

10 35

10 Topics

35 Posts

Thanks for reporting here @gardinermichael . We have in fact hidden the app package because there were many issues with it and we couldn't manage to get it to be stable . Maybe we should revisit this.

Baserow

39 378

39 Topics

378 Posts

[1.37.4] Update baserow to 2.2.2 Full Changelog [Automation] Send notification when a workflow is disabled #5186 [Core] Allow self-hosted operators to inject custom client-side scripts via environment variables. [Builder] Resolved a bug which prevented users from creating data sources from the data source dropdown's footer. #5118 [Core] Give Kuma the current license tier in its context and steer uncertain feature or plan questions to docs search. #5210 [Core] Hardened user uploaded media serving and neutralized active-content file uploads by default. [Builder] stop infinite /dispatch-data-sources/ refetch loop in page editor

Beszel

5 64

5 Topics

64 Posts

[1.6.6] Update beszel to 0.18.7 Full Changelog Add more disk I/O metrics (utilization, read/write time, await, queue depth) (#1866) Add ability to copy alerts between systems by @svenvg93 (#1853) Add SENSORS_TIMEOUT environment variable (#1871) Replace distatus/battery with an internal implementation by @svenvg93 (#1872) Restrict universal token API to non-superuser accounts (#1870) Fix macOS ARM64 crashes by upgrading gopsutil to v4.26.3 (#1881, #796) Fix text size for system names in grid view by @Malith-Rukshan (#1860) Fix NVMe capacity reporting for Apple SSDs by @svenvg93 (#1873) Fix Windows root disk detection when the executable is not on the root disk (#1863) Fix nested virtual filesystem inclusion in Docker when mounting host root by @svenvg93 (#1859)

BookStack

13 253

13 Topics

253 Posts

[2.0.4] Update BookStack to 26.03.4 Full Changelog Updated PHP package versions. Updated attachment actions to align page access check. Updated URL validation in webhooks to help prevent escaping workarounds. Fixed issue where exact search term negation would lead to no results. (#6121)

Bugsink

1 5

1 Topics

5 Posts

[0.4.0] Fix env.sh

Build Service

11 129

11 Topics

129 Posts

[2.10.2] Fix cli usage

Cal.com

54 686

54 Topics

686 Posts

@girish I would be surprised if they were to backtrack that move. The developers were always one step towards that direction, they simply used AI scanners as an excuse to close the code earlier (which was arguably pretty much already closed). It's only a matter of time before the "new" https://github.com/calcom/cal.diy repo gets archived.

Calendar

9 35

9 Topics

35 Posts

Sorry, this could be a result in anonymizing it. I edited all entries manually in the end... -.- There is a version 6 actually. I think I'll try the update now. ^^

Calibre Web

35 327

35 Topics

327 Posts

[1.35.0] Update calibre to 9.8.0 Full Changelog

Castopod

18 157

18 Topics

157 Posts

Hello @luckow This is not documented very well. Had to look into the Castopod code to find the URL path to the API. https://github.com/ad-aures/castopod/blob/bc041702dd8058ae8e1831b9609827c911a5a626/modules/Api/Rest/V1/Config/RestApi.php#L35 public string $gateway = 'api/rest/v1/'; So the full URL would be https://castopod.cloudron.dev/api/rest/v1/podcasts curl https://castopod.cloudron.dev/api/rest/v1/podcasts [] After creating one: curl https://castopod.cloudron.dev/api/rest/v1/podcasts [{"id":1,"guid":"2bdee7b8-8131-5888-b4da-713d7b3a124a","actor_id":1,"handle":"demopadcast","title":"Demo Podcast","description_markdown":"DESC","description_html":"<p>DESC</p>\n","cover_id":3,"banner_id":null,"language_code":"en","category_id":1,"parental_advisory":null,"owner_name":"james","owner_email":"james@cloudron.example","is_owner_email_removed_from_feed":true,"publisher":"","type":"episodic","medium":"podcast","copyright":"","episode_description_footer_markdown":null,"episode_description_footer_html":null,"is_blocked":false,"is_completed":false,"is_locked":true,"imported_feed_url":null,"new_feed_url":null,"payment_pointer":null,"location_name":null,"location_geo":null,"location_osm":null,"verify_txt":"","custom_rss":null,"is_published_on_hubs":false,"partner_id":null,"partner_link_url":null,"partner_image_url":null,"is_premium_by_default":false,"created_by":1,"updated_by":1,"published_at":null,"created_at":{"date":"2026-03-03 11:06:44.000000","timezone_type":3,"timezone":"UTC"},"updated_at":{"date":"2026-03-03 11:06:44.000000","timezone_type":3,"timezone":"UTC"},"feed_url":"https://castopod.cloudron.dev/@demopadcast/feed.xml","actor_display_name":"Demo Podcast","cover_url":"https://castopod.cloudron.dev/media/podcasts/demopadcast/cover.jpg","categories":[{"id":1,"parent_id":null,"code":"arts","apple_category":"Arts","google_category":"Arts","translated":"Arts"}]}]

Change Detection

28 375

28 Topics

375 Posts

[1.30.1] Update changedetection.io to 0.55.3 Full Changelog

Chatwoot

61 437

61 Topics

437 Posts

[1.51.0] Update chatwoot to 4.13.0 Full Changelog Better Help Center editing with tables, slash commands, and GuideJar embeds Participating tab for conversations Smarter automations and macros for assignment and private notes Assignment v2 enabled by default for new accounts Captain Custom Tools, bulk document deletion, and AI workflow improvements Signed webhooks for API Channel and Agent Bot webhooks Reliability fixes across WhatsApp, LINE, Email, Widget, and webhooks Numerous bug fixes and enhancements Note: If you use API Channel or Agent Bot webhooks, Chatwoot now generates dedicated signing secrets and sends signed webhook headers. Update your webhook verification flow to use the new signing secrets.

Collabora Online (CODE)

38 496

38 Topics

496 Posts

[1.47.0] Update code to 25.04.9.3.1

Comentario

3 30

3 Topics

30 Posts

[1.8.0] Update comentario to 3.17.0 Full Changelog Add custom moderator name feature (#222) - 66d2bcc, 753451c, 61cc240, ff9e89f, 400f7e5, 8425ce6, 4bab9e2, c1a4ec3, 467bcc0 Add support for PostgreSQL 18 (#224) - 84c93da Backend: fix resource leak in DecompressGzip() - 58cfbe7 Backend: fix Postgres restart loop with a non-public schema (#225, !24) - 9137e53, 4476b1b I18n: add Portuguese messages (pt) by @pt.cesar.monteiro - bbc7303 I18n: add Ukrainian translation (uk) by @kleindberg - 3e7ca17 Go 1.26, update dependencies, modernise code - 33d3044, a4232a7, 4605e5c, cab77fb, 3b97e19, 58a1146, 53e905a, 8464344, 1e193e3, 0c1de70, 8c7cc53 Demo website: add predefined comments to Ukrainian page (also !30) - 724a0ad Demo website: fix comment and config statements - 2a3516d, 25e7a30

Commento++

12 81

12 Topics

81 Posts

@gh0stface yup, they made a release yesterday it seems and it should have the PRs we made upstream. @vladimir-d is checking the package again.

Confluence

20 127

20 Topics

127 Posts

@girish Yep, exactly that. AnyType and Appflowy are growing in popularity. Would be nice to see them

Contacts

5 25

5 Topics

25 Posts

[0.6.0] Update contacts to 0.6.0 Change UI to sentence case Improve duplicate contacts resolving

CouchPotato

4 25

4 Topics

25 Posts

@atridad Thanks for the heads up, the app is gone from our library as well.

CryptPad

16 105

16 Topics

105 Posts

[1.13.5] Add optional OpenID integration

Ctfreak

6 95

6 Topics

95 Posts

[1.28.1] Update ctfreak to 1.38.1 Full Changelog

Cubby

48 380

48 Topics

380 Posts

Fixed by: https://forum.cloudron.io/post/121664

Dawarich

12 84

12 Topics

84 Posts

[1.12.2] Update dawarich to 1.7.2 Full Changelog rails_pulse performance monitoring has been removed entirely. The gem, its initializer (config/initializers/rails_pulse.rb), the /rails_pulse route mount, the scheduled RailsPulse::SummaryJob and RailsPulse::CleanupJob cron entries, and all rails_pulse_* tables are gone. A new migration DropRailsPulseTables cleans up existing installations on upgrade. This resolves a class of upgrade failures where the rails_pulse_* tables ended up missing/half-applied on production. (#2549) Swagger docs for all the recent API additions and changes, improving API discoverability and client generation. The full OpenAPI spec is available at /api-docs. Map v2: Delete button on the point info card. Selecting a point now offers an immediate Delete action (with confirm dialog), matching the long-standing Map v1 behavior. The deleted point is removed from the points layer in place without a full reload. Monthly and yearly digest emails now convert distance from stored meters to the user's preferred unit (km/mi). Previously the raw meter value was shown next to the unit label (e.g. 500000 km instead of 500 km). Map (Leaflet): route lines no longer revert to their pre-move shape when an unrelated point is deleted after dragging another point. The dragend handler was failing to update the marker array because it looked for the controller in the wrong place. (#1797) Track creation now caps a single track's distance at 100,000 km (with a logged warning) instead of silently truncating at the legacy 999,999 m limit. Long-haul journeys are no longer collapsed to ~1000 km. (#1693) Dev container: bind-mount the project root into the container so bundle install can locate the Gemfile. Previously only sub-paths were mounted, leaving /var/app/Gemfile missing. (#1804) Map v2: photos without GPS metadata (latitude/longitude null) no longer render as markers at Null Island (0, 0) they are now correctly excluded from the photos layer. (#2464, #2465)

Directus

63 638

63 Topics

638 Posts

[2.17.3] Update directus to 11.17.3 Full Changelog Replaced "All Users" tab with Active, Suspended, and Invited status tabs (#27036 by @robluton) Added Save as New File option to image editor (#27084 by @JamesW1) Added a new /ai/object endpoint to generate structured objects for autocomplete and other inline experiences (#26862 by @bryantgillespie) Eliminated redundant count requests in the useItems composable (#26906 by @okxint) Fixed export failing on collections with virtual fields like $thumbnail by excluding them from export defaults and the field picker (#27073 by @om-singh-D) Added customizing of cache keys for flow endpoints. (#26935 by @costajohnt) Fixed VBadge intercepting pointer events on slotted elements (#27087 by @HZooly) Fixed schema introspection for MSSQL text fields with max length of -1 to be normalized to null (#26934 by @begsaquib) Trimmed leading and trailing spaces from search queries (#27089 by @robluton) Replaced INTERNAL_SERVER_ERROR with SERVICE_UNAVAILABLE for marketplace registry errors and improved error messages. (#26937 by @eric-pennecot)

Discourse

88 757

88 Topics

757 Posts

[2.13.0] Update discourse to 2026.3.0 Full Changelog

Docker Registry

24 265

24 Topics

265 Posts

[2.7.1] Update distribution to 3.1.1 Full Changelog Fixes CVE-2026-41888 Bounds-check the file basename in PurgeUploads Walk callback Add S3 Express One Zone support to the S3 storage driver (#4858) Fix tag list endpoint in proxy mode (#4846) Clamp oversized n query parameter in proxy mode instead of returning 400 (#4856)

Docmost

4 34

4 Topics

34 Posts

Makes sense - thanks a lot!

Documenso

13 111

13 Topics

111 Posts

@james Thanks for the quick response! I started out with the SSO option because I prefer it, but user invites were failing to go through the create account flow. They received an e-mail, but when clicking the link to create the account it took them straight to the sign-in page.

Documize

12 63

12 Topics

63 Posts

[1.12.0] Update community to 5.14.0 Full Changelog Added Spanish language support

DocuSeal

17 256

17 Topics

256 Posts

[1.15.1] Update docuseal to 2.5.1 Full Changelog Added a "month, year" date field format AI field detection now also uses custom fields to place them on the document

Dokuwiki

17 130

17 Topics

130 Posts

[1.26.0] Update dokuwiki-plugin-oauth to 2025-10-23

Dolibarr

38 322

38 Topics

322 Posts

This can happen in this step: => PREV_DOLIBARR_VERSION=`php /app/code/htdocs/install/get-version.php` Log: 2026-02-07T13:35:00Z ==> Starting Dolibarr 2026-02-07T13:35:03Z #0 /app/code/htdocs/core/class/conf.class.php(561): DoliDBMysqli->query() 2026-02-07T13:35:03Z #1 /app/code/htdocs/install/get-version.php(28): Conf->setValues() 2026-02-07T13:35:03Z #2 {main} 2026-02-07T13:35:03Z PHP Fatal error: Uncaught Error: Call to a member function query() on false in /app/code/htdocs/core/db/mysqli.class.php:355 A shell script with set -e stops when If an error occurs. The script does not have an error handling in such cases, therefore the lock file is still in /tmp. With error handling trap 'echo "Houston we have problem"; [[ -f /tmp/install.lock ]] && mv /tmp/install.lock /app/data/dolibarr/install.lock; exit 1' ERR

Easy!Appointments

13 86

13 Topics

86 Posts

EasyAppointments on Cloudron is logging repeated HTMLPurifier warnings: Directory /app/code/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer not writable. The app appears to use HTMLPurifier_Config::createDefault() in: /app/code/application/helpers/html_helper.php The package should set Cache.SerializerPath to a writable path such as: /run/easyappointments/cache/htmlpurifier or /app/data/... Logs grew up to 21 GB because of the warning below that kept repeating. /run/easyappointments# tail logs/log-2026-05-01.php 'function' => '_error_handler', 'args' => array ( 0 => 512, 1 => 'Directory /app/code/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer not writable. Please chmod to 755', 2 => '/app/code/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php', 3 => 295, ), ), )

Emby

12 98

12 Topics

98 Posts

[1.18.2] Update Emby.Releases to 4.9.3.0 Full Changelog Add user option to set user's auto remote quality Add library option to use legacy folder scanning method Music transcoding fixes Add landing tab option for book libraries Support volume control with youtube trailer player Update mixed content tabs to combine Movies & Shows Fix maintenance mode blocking some settings screens Fix embedded audio fields not getting rescanned on file changes Fix loss of genre and collection images after deleting a movie Fix latest section not showing items for some channel plugins

EspoCRM

51 504

51 Topics

504 Posts

Resolved by restoring com.espocrm.cloudronapp@2.20.4 Then updating to Cloudron 2.20.5 Then updating to Cloudron 2.20.6 (EspoCRM 9.3.6) I had a lot of apps going into error when 9.1.6 got installed on a reboot. Upgrading to 9.1.7 (out of beta) fixed most of them, but EspoCRM needed this intervention. Just FWIW if others are encountering the same.

Etherpad Lite

31 278

31 Topics

278 Posts

[4.6.2] Update etherpad-lite to 2.7.2 Full Changelog Accessibility pass: corrected dialog semantics, improved focus management, added missing icon labels, and set the html lang attribute correctly. Chat: clicking the chat icon works again, disabled toggles render properly, and the username layout no longer overflows. /export/etherpad now honors the :rev URL segment, so revision-specific exports return the requested revision instead of the latest. Undo / redo now scrolls the viewport to follow the caret, so reverted edits stay in view. Page Down / Page Up now scrolls by viewport height instead of a fixed line count, matching standard editor behavior on tall and short windows alike. Editbar: caret is restored to the pad after changing a toolbar select, so typing continues in the document instead of falling through to the toolbar. Admin: i18n is restored on /admin so the admin UI is translated again.

evcc

2 102

2 Topics

102 Posts

[1.22.1] Update evcc to 0.306.1 Full Changelog Drop unused eebus and mqtt requirement values (#29537) PSA: update base url Sponsor: fix machine id panic on startup with plant config (#29542) fix: add testid for app menu button (#29539)

Fider

6 37

6 Topics

37 Posts

[2.0.0] Update fider to 0.33.0 Full Changelog Please note new license changes Open Core Licensing: Some features (content moderation, search indexing) are now gated as pro features, with a new commercial licensing system using separate private/public key environment variables. Content Moderation (Pro): Admins can now moderate posts and comments before they go public, trust or block individual users, and manage pending content from a dedicated admin page. Content moderation is available as a pro feature. Revamped UI: The home page and post detail view have been refreshed with a cleaner design, better dark mode support, improved mobile layouts, and post details now open in a modal without a full page reload. Security: Sign-in email links now use a strong 64-character key (manual entry still uses a 6-digit code for convenience). Fixed search with hyphenated words Option to keep failing webhooks enabled rather than auto-disabling them Fixed issue adding links via the toolbar button Fixed filter/sort state persisting when navigating back from a post Fixed vote listing issues Post tags now update live in the listing without a page reload

FilePizza

4 34

4 Topics

34 Posts

[1.15.0] Update filepizza to 60704b4

FindMyDevice

2 13

2 Topics

13 Posts

[1.1.1] Update fmd-server to 0.14.1 Full Changelog Initial translation support, by @warioishere (#64) Translate web interface in many languages (thank you translators!) Fix hosting in sub-directory (#132) Graceful shutdown when SIGINT or SIGTERM is received (#139)

Firefly III

22 273

22 Topics

273 Posts

[3.12.1] Update firefly-iii to 6.6.2 Full Changelog MR 12179 (implement password validation JS script) reported by @tasnim0tantawi MR 12182 (fix shrinked sidebar expanding when navigating by clicking on icons) reported by @tasnim0tantawi Issue 12169 (The 'Running balance' column is not showing the respective calculation instantly for new records that use 'Rules') reported by @jgmm81 Issue 12186 (Set a year validator accepted by the system when saving or editing a transaction) reported by @jgmm81 Fixed an issue where oAuth tokens could be generated before you confirmed your 2FA state. This would allow access to your data when your password was stolen, despite you having MFA enabled.

Formbricks

6 107

6 Topics

107 Posts

[2.9.5] Update formbricks to 4.9.5 Full Changelog fix: backport account deletion authorization (#7901) by @xernobyl in #7903

Forgejo

5 19

5 Topics

19 Posts

[1.1.1] Update forgejo to 15.0.1 Full Changelog See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/15.0.1.md

FreeScout

70 784

70 Topics

784 Posts

[1.16.9] Update freescout to 1.8.218 Full Changelog Added indexes to several tables (#5328) Fixed decoding ISO-2022-JP emails (#5356) Require DB Password and check PHP Path direcotory in tools.php (Security: GHSA-jx2w-fhmw-rg39) Patched PHPUnit (Security: GHSA-qrr6-mg7r-m243) Fixed Helper::linkify() for emails (#5362) Do not allow to merge convesation with itself. Fixed linking messages into conversations (#5372) Fixed fetching emails into multiple mailboxes (#5368) Do not log "Untrusted host" error (#5361) Allow to use CIDR in APP_REMOTE_HOST_WHITE_LIST (#5363)

FreshRSS

19 152

19 Topics

152 Posts

@joseph Ok, I’ll take a better look of system because it seems strange

Funkwhale

2 14

2 Topics

14 Posts

@joseph As I understood it, not even that. MEDIA_ROOT is where all media uploaded gets stored. MUSIC_DIRECTORY_PATH is like an import folder where you can manually upload files that then get imported. But I am not 100 % certain, it is still confusing for me.

Ghost

83 1k

83 Topics

1k Posts

[4.167.0] Update ghost to 6.36.0 Full Changelog Added direct access-code entry for private sites - Jonatan Svennberg Moved private site controls into Access settings (#27390) - John O'Nolan Fixed RTL languages rendering left-to-right in newsletter emails (#27357) - Jannis Fedoruk-Betschki Declared lodash as a phantom dep in apps/admin - Rob Lester Preserved trailing slashes inside admin redirect query values - Rob Lester Fixed admin deep-link redirect when URL has a trailing slash - Rob Lester Fixed What's New banner breaking on null changelog fields - Rob Lester Fixed missing favicon and apple-touch-icon in React admin (#27528) - leafwind Added missing empty state for members (#27463) - Weyland Swart Fixed member import tier mapping (#27612) - Jonatan Svennberg

Gitea

50 437

50 Topics

437 Posts

I've just encountered the exact same issue. Not sure if upgrades are breaking things or what's going on. I resolved 500 internal server error upon login by resetting password via webui, clicking the link, using the same password + topt in the reset page, logging out and logging back in.

GitHub Pages

20 149

20 Topics

149 Posts

Yes, it's only jekyll. Not an expert on next.js but I think it also needs a backend right ? If so, you have to create a custom package - https://docs.cloudron.io/packaging/tutorial/

GitLab

62 638

62 Topics

638 Posts

[1.114.4] Update gitlab-foss to 18.10.3 Full Changelog

GLPI

2 11

2 Topics

11 Posts

[1.1.3] Update glpi to 11.0.7 Full Changelog Dashboards can now be reset to the state it would have after a clean install. This is only available for dashboards added by GLPI itself. CLI command security:change_oauth_key to (re)generate the OAuth keys. This can be used to change keys or to create them in the case they fail to be created during the installation/update process. The Planning widget on the homepage now only shows events +/- 1 year from the current date instead of 5 to improve performance. The planning widget on the homepage no longer shows completed events to improve performance and relevance. "Associate to an appliance" and "Remove from a rack" actions removed for templates.

Gogs

7 59

7 Topics

59 Posts

[1.23.1] Update gogs to 0.14.2 Full Changelog Security: Cross-repository LFS object overwrite via missing content hash verification. #8166 - GHSA-gmf8-978x-2fg2 Security: Stored XSS via data URI in issue comments. #8174 - GHSA-xrcr-gmf5-2r8j Security: Release tag option injection in release deletion. #8175 - GHSA-v9vm-r24h-6rqm Security: Stored XSS in branch and wiki views through author and committer names. #8176 - GHSA-vgvf-m4fw-938j Security: DOM-based XSS via issue meta selection on the issue page. #8178 - GHSA-vgjm-2cpf-4g7c Unable to update files via web editor and API. #8184

Grafana

22 248

22 Topics

248 Posts

[2.5.1] Update grafana to 13.0.1 Full Changelog Dashboard: Preserve timezone user-preference when converting V1 V2 #122673, @ivanortegaalba Provisioning: Include dashboard validation errors in pull request comments #122433, @gttrigger Unified storage: Skip migrations if dualwrite state shows they were already migrated #122880, @stephaniehingtgen

Grav CMS

12 131

12 Topics

131 Posts

[1.9.1] Update grav to 1.7.52 Full Changelog GPM client now sends the running PHP version with index requests so the server can substitute PHP-aware compat fallbacks when a plugin's latest release requires a newer PHP than the client can run. [security] Extended default uploads_dangerous_extensions to include md, yaml, yml, json, twig, ini page-content extensions that can be weaponised via permissive form-upload accept policies (GHSA-w4rc-p66m-x6qq, defense-in-depth alongside the Form 9.1.0 plugin fix). Added foundation for migrating to Grav 2.0: cross-major auto-upgrades are blocked in GPM, and core now surfaces a next_major hint so admin can point users at the new migrate-grav plugin Added compatibility: blueprint support so plugins/themes can declare which Grav versions they support Added self-upgrade preflight that flags incompatible plugins/themes and psr/log / Monolog conflicts before proceeding Added upgrade resilience with automatic maintenance mode and opcache reset during self-upgrade Added new cache-cleanup CLI command to prune obsolete cache entries Added new onFlexDirectoryConfigBeforeSave event for Flex More readable time output in bin/grav logviewer #4009 Fixed selectize field losing values when keyed options were used

Greenlight

19 165

19 Topics

165 Posts

[1.11.1] Update greenlight to 3.8.2.2 Full Changelog Allow html tags in maintenance banner

Grist

3 20

3 Topics

20 Posts

[1.1.1] Update grist-core to 1.7.13 Full Changelog Boot key login: New installations generate a GRIST_BOOT_KEY and print it at startup. Visit /boot, paste the key, and you're logged in as the install admin and ready to set the admin email. No pre-existing account needed, and no window where the server is open to the world before authentication is configured. The key (and the related GRIST_IN_SERVICE flag) can also be set via env vars or managed from the Admin Panel. Existing installations are unaffected. (commit) Restart in place: Grist can now apply config changes by restarting itself without dropping the listening socket. During the brief gap, /status keeps answering for liveness checks while readiness flips to 503. On by default for Linux under Node, off for Windows and Electron. Toggle with GRIST_RESTART_SHELL=true/false (#2265). Site Settings page: Team site owners on self-managed installations can edit team name, domain, and logo from a new /site-settings page (commit). WebSocket auth for API keys, boot keys, and access tokens: The WebSocket side now goes through the same identity-resolving code path as the REST API, so any auth method that works on one works on the other. Opens the door to console clients and out-of-page custom widgets. Also tidies up auth priority and unifies API rate-limiting between the two. (commit) (Bulk)AddOrUpdateRecord now returns id / recordIds / createdRecordIds / updatedRecordIds, and BulkAddOrUpdateRecord accepts a record-shaped payload that can match different columns per row (#2193) Fix wrong active section in the creator panel after duplicating a page with collapsed widgets (#2298) Fix CORS handling for opaque ("null") origins, eliminating spurious 500s for https:// widgets on http:// hosted sites (#2299) Fix padded checkboxes so the border and tick line up inside padded wrappers (#2300) Fix SELF_HYPERLINK() returning a share-key URL when a doc was first opened via a share link (commit) Bump handlebars from 4.7.7 to 4.7.9 (#2208)

Guacamole

55 318

55 Topics

318 Posts

Hello @albertbeaufrand and welcome to the Cloudron Forum This topic is a duplication of https://forum.cloudron.io/post/97415 and will be merged into it. Please read the responses above to get the full answer to your question.

Hastebin

4 23

4 Topics

23 Posts

App discontinued due to no upstream updates.

HedgeDoc

18 144

18 Topics

144 Posts

[1.21.5] Update hedgedoc to 1.10.8 Full Changelog Fix data loss when 5+ users edit a document concurrently, caused by the OT client discarding operations during revision gap recovery (#6342) Add defensive null checks to hex2rgb to prevent crashes from non-hex color values

Home Assistant

10 133

10 Topics

133 Posts

[1.18.4] Update core to 2026.4.4 Full Changelog Fixed Kodi Media Browsing (@albaintor - #165819) (kodi docs) Fix Victron BLE false reauth on unrecognised advertisement mode bytes (@rajlaud - #168209) (victron_ble docs) Fix case-sensitive MIME type check in Google Generative AI TTS (@MohamedBarrak3 - #168458) (google_generative_ai_conversation docs) Fix MQTT JSON light restoring None color_mode on startup (@noerstad - #168608) (mqtt docs) Add Roborock fan speed validation and error handling (@allenporter - #168623) (roborock docs) Correct state/device class for water in gardena (@elupus - #168637) (gardena_bluetooth docs) Cancel and await idle_start future if the task was canceled after an IMAP connection was lost (@jbouwh - #168662) (imap docs) Validate local_only user property during ws auth phase (@edenhaus - #168812) (http docs) (websocket_api docs) Slow down Tractive API polling to avoid 429 too many requests (@bieniu - #169057) (tractive docs) Validate local_only user for signed requests (@edenhaus - #169066) (http docs)

Humhub

27 250

27 Topics

250 Posts

[1.9.1] Update humhub to 1.18.1 Full Changelog Fix #8003: Migration::foreignIndexExists() doesn't find tables in braces Fix #8002: Comment dropdowns truncated (e.g. to select a title) Fix #8007: Fix unsaved changes warning on Profile Edit page Fix #8008: Space Tour Wrong Target for "Preferences" menu Fix #8013: Fix error displaying on update a module Fix #8009: Administration Group label misplaced Fix #8012: Modal backdrop over the account deletion modal for new Users Enh #8017: Exclude vendor from module i18n extract Fix #8020: Some email notifications are missing auto-contrast for the button text color Fix #8027: Cannot register if showRegistrationForm is disabled

Immich

72 674

72 Topics

674 Posts

[1.99.3] Update immich to 2.7.5 Full Changelog fix(server): add rate limit and deduplication to version check by @zackpollard in #27747

IP2Location

6 45

6 Topics

45 Posts

[1.0.1] Add pagination to query log

IT-Tools

5 65

5 Topics

65 Posts

Hello @nichu42 Sorry for the delay. We had a misconfiguration for the CI where the updates were not picked up correctly. App updates should be available now.

Invidious

17 187

17 Topics

187 Posts

[1.12.3] Update companion to 11cc6ac3575ae4ccf39abce672eee8b9dcd4778f

Invoice Ninja

69 1k

69 Topics

1k Posts

[1.22.16] Update invoiceninja to 5.13.20 Full Changelog Updates for payment failure mailer Fixes for design bulk actions Update merge client actions to use transactions for client balance Fixes for openapi spec + e-invoicing schemeId resolution Fixes for peppol multi tax invoices + quickbooks AST product creation Allow signatures at client/group levels Fixes for cancel/delete invoice balance adjustment sequence Fixes for invoice tax summary reporting date ranges across timezones feat(bank-rules): add participant fields to transaction rule matching by @eelco2k in #11905 Add expireAfter to WithoutOverlapping middleware on five webhook jobs by @JoshSalway in #11896

Jellyfin

43 340

43 Topics

340 Posts

[1.13.5] Update jellyfin to 10.11.8 Full Changelog Handle folders without associated library in FixLibrarySubtitleDownloadLanguages [MR #16540], by @Shadowghost Fix subtitle saving [MR #16539], by @MBR-0001 Fix querying media with language filters [MR #16538], by @MBR-0001

Jingo

4 18

4 Topics

18 Posts

App discontinued due to no upstream updates.

Jirafeau

13 105

13 Topics

105 Posts

[1.12.1] Update Jirafeau to 4.7.1 Full Changelog Fixed another possibility to bypass the checks for CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066 (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image". When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled. The default value of max_upload_chunk_size_bytes was set to 5000000. Higher values could trigger a bug Chromium-based browsers on servers with HTTP/3 enabled, causing asynchronous uploads to fail.

Jitsi

33 373

33 Topics

373 Posts

Hello @matthiaskurz That is good to read. If you find anything odd with MiroTalk, the maintainer is very active in the forum and is always happy to help. So if you have an issue, just create a topic in the @mirotalk-57bab571 category and the maintainer @mirotalk should see it.

Joplin Server

12 115

12 Topics

115 Posts

Stupid question but when using this does a copy of a user's joplin nots remain on the server or do notes just pass through? My understanding is that webdav files can grow pretty big

JupyterHub

12 138

12 Topics

138 Posts

[1.59.1] Update jupyterhub to 5.4.5 Full Changelog

Kanboard

8 73

8 Topics

73 Posts

[1.17.8] Update kanboard to 1.2.52 Full Changelog fix: revoke public tokens for inactive users fix: use timing-safe comparison for token validation fix: validate task ownership before applying property changes fix: enforce visibility controls for public and unprivileged access fix: use parameterized queries in task finder and iCal

Kavita

7 51

7 Topics

51 Posts

[1.11.0] Update Kavita to 0.9.0 Full Changelog Added: Kavita now has a dedicated queue for downloads with auto-processing, series will now deconstruct to individual items, and it's persistent between reloads. Added: Added the ability to export a reading list to CBL v1 or v2 support Added: You can now craft and save Smart Filters for Reading lists and bind them to your Side Nav/Dashboard as you would Series-based. Changed: Version update checking has been drastically streamlined and made less annoying. Backoff support is implemented, after 5 prompts, Kavita will stop pestering you to update. Changed: Fixed how Kavita creates transactions with SQLite to reduce the 'database is locked' issue. From my testing, database is locked which was happening during reading (webtoon) and from some concurrent scans were eliminated. Changed: Removed all Deprecated APIs (this was communicated last release, I reached out to the big app providers) Fixed: Fixed a lot of endpoints missing access checks Fixed: Fixed the scanner merging several series into one under specific circumstances Fixed: Fixed panels not properly working with the new reading sessions Fixed: Fixed Volume progress tracking not working on Mihon (Thanks @Nedra1998 )

Keycloak

8 104

8 Topics

104 Posts

use this, it worked instantly for me (unlike the quick-theme plugin currently in preview). just drop the exported .jar in the providers folder. github repo: https://github.com/kathari00/keycloak-theme-editor found it here: https://github.com/keycloak/keycloak/discussions/40275#discussioncomment-15935355

Keila

4 26

4 Topics

26 Posts

[1.0.1] Update keila to v0.19.1 Full Changelog Added Italian translation (thanks @energywave) Support for SMTP without password auth. Implements #491 (thanks @ghost1ndshell) Added DISABLE_TZDATA_UPDATES option to disable tzdata updates (thanks @sachabertschibfs) Image resizing in Block Editor & Markdown Editor Significantly improved performance in Markdown editor. (thanks @roadriverrail for reporting) Campaign preview now updates when changing template in campaign settings Public archive pages are now rendered with campaign template Fixed some layout issues with column padding and font styles in Block Editor Fixed flickering images in Block Editor Fixed regression: Restored level 3 headings in Block Editor

Kimai

16 251

16 Topics

251 Posts

[2.50.0] Update kimai to 2.56.0 Full Changelog Added Catalan translation (#5921) New API endpoint to download invoices (#5926) New API endpoint to save invoice meta-fields (#5916) Re-usable ACL checks on teams, xxx_other_timesheet permissions respect teams (#5925) Whitelist PDF context options (#5924) Twig config improvements (#5923) Improved management script ./kimai.sh - please test and leave your feedback (#5909) Translations update from Hosted Weblate (#5911)

Koel

12 189

12 Topics

189 Posts

[1.37.0] Update koel to 9.2.0 Full Changelog fix: use default cursor on context menu items instead of text cursor by @phanan in #2408 feat: include user's edit permission in album resource by @phanan in #2409 feat: include user's edit permission in artist resource by @phanan in #2410 feat: include user's edit and delete permissions on playlist resource by @phanan in #2411 feat: include user's edit and delete permissions on radio station resource by @phanan in #2412 feat: include viewer's edit and delete permissions on user resource by @phanan in #2413 fix: align user card with album/artist card affordances by @phanan in #2417 fix: add hover state to BasicListSorter menu items by @phanan in #2420 fix: increase album/artist thumbnail corner radius by @phanan in #2423 fix: shift tabindex from list/panel wrappers to media list items by @phanan in #2431

Kopano Meet

11 132

11 Topics

132 Posts

Running TURN server on port 443 only matters for setups where a Client is unable to contact the server on non-port 443. This is only common in some ultra locked down intranet setups.

Komga

5 62

5 Topics

62 Posts

[1.6.4] Update komga to 1.24.4 Full Changelog omit UserDto.ageRestriction instead of returning null (e3a8cc6) some TOC may not be parsed correctly (5fc0b7e) proxy raw request body to kobo store (4a7d9a6), closes #2289 also accept application/json on Accept header (ddfe65d) incorrect latest series navigation links (717ef82), closes #2285 auth logo issue when using base url (7c00661), closes #2285

Kutt

23 174

23 Topics

174 Posts

[2.4.1] Set supportsDisplayName to false in manifest

LAMP

144 1k

144 Topics

1k Posts

[5.1.2] Update php-src to 8.5.5

LanguageTool

18 170

18 Topics

170 Posts

[1.41.0] Update languagetool to ca899d9

Leantime

22 228

22 Topics

228 Posts

[1.12.2] Update leantime to 3.7.3 Full Changelog fix: backend bug fixes from phase-0 modernization branch by @marcelfolaron in #3289 feat(tokens): add design system CSS custom property definitions by @marcelfolaron in #3290 fix: accessibility, view system, and composer improvements from phase-0 by @marcelfolaron in #3292 fix: ticket PATCH 500 errors, quick-add group context, and UI fixes by @marcelfolaron in #3313 fix: address 6 GitHub issues - session, calendar, postgres, todos, users, ldap by @marcelfolaron in #3315 fix: PostgreSQL ROUND(double precision, int) error on ticket queries (#3301) by @marcelfolaron in #3317 fix: PostgreSQL ROUND error, missing zp_canvas.color migration, and 3.7.2 changelog by @marcelfolaron in #3318

LibreChat

19 160

19 Topics

160 Posts

[1.2.1] Update LibreChat to 0.8.5 Full Changelog Optimized Entra ID Group Sync with Auto-Creation by @Airamhh in #12606 Sidebar Icon Toggle & New Chat History Switch by @danny-avila in #12642 Claude Opus 4.7 Model Support by @danny-avila in #12698 Claude Opus 4.7 Reasoning Visibility by @danny-avila in #12701 Support text/calendar (iCalendar) in Code Outputs by @upman in #12758 Alias Mimetype text/x-markdown to text/markdown by @dlew in #12608 Scope Web Search Results to Own Turn by @danny-avila in #12631 Resolve Action Tools by Exact Name to Prevent Multi-Action Domain Collision by @lrreverence in #12594 Clear Stale Client Registration on invalid_client During OAuth Token Refresh by @danny-avila in #12643 Preserve Selected Artifact When Clicking Artifact Button by @starchow in #12601

LimeSurvey

15 386

15 Topics

386 Posts

Hello @milian.hackradt We have published an app update for @limesurvey. Now you can manage the full configuration in /app/data/, see https://docs.cloudron.io/packages/limesurvey#custom-configuration.

Linkding

15 134

15 Topics

134 Posts

Thank you @necrevistonnezr ... it wasn't obvious to find, for me. I have one now.

Linkwarden

15 155

15 Topics

155 Posts

Hey, another thing that I stumbled upon: the full-text search is not working on Cloudron. The search engine/db Meilisearch is missing. Here is a write up about it done together with AI (Claude Opus4.7): Symptom Linkwarden's main selling point — beyond bookmarking — is that it preserves the full text of every saved page (textContent, extracted via Mozilla Readability and stored in PostgreSQL). On Cloudron's app.linkwarden.cloudronapp@1.21.1 this content is correctly archived and shows up on link records. But the search box does not actually search it. Easy way to reproduce on any 1.21.1 instance: Save a link whose article body contains a distinctive word that does not appear in the title, URL, description or any tag. Wait for preservation to finish; confirm via GET /api/v1/links/<id> that textContent is populated and contains the word. Search for that word in the UI (or GET /api/v1/links?searchQueryString=<word>). Result: zero hits. So the bookmarks are preserved, but the preserved content is functionally invisible to the search UI. That's surprising — and (as far as I can tell) not mentioned anywhere in the Cloudron app docs or in the forum. Root cause apps/web/lib/api/controllers/search/searchLinks.ts has two code paths: if (meiliClient && query.searchQueryString) { // → Meilisearch path: indexed search across all fields incl. textContent } else { // Fallback: No Meilisearch searchConditions.push({ name: { contains: q } }); searchConditions.push({ url: { contains: q } }); searchConditions.push({ description: { contains: q } }); searchConditions.push({ tags: { some: { name: { contains: q } } } }); // ← textContent is intentionally not in the WHERE clause } The switch is MEILI_MASTER_KEY. Linkwarden's own env-vars docs state it plainly: "Linkwarden only initializes the MeiliSearch client when this value is set." The Cloudron package ships with no MEILI_* env vars, so the client is null → fallback path → archived body text is never queried. The indexing worker (apps/worker/workers/linkIndexing.ts) is present in the image and ready to push records to a Meilisearch instance — it just has no instance to talk to. Upstream's position Linkwarden's reference docker-compose.yml treats Meilisearch as a first-class sidecar, not an optional add-on: linkwarden: depends_on: - postgres - meilisearch meilisearch: image: getmeili/meilisearch:v1.12.8 The docs describe content-level search ("Advanced Search") as the default expectation for self-hosters running ≥ 2.10. Cloudron's single-container packaging model legitimately makes that hard, but the resulting feature gap isn't currently visible to users. Suggestion Three options, in increasing order of effort: Doc-only fix. Add a "Limitations" / "Optional: full-text search" section to the Cloudron Linkwarden app docs explaining that the bundled image runs in the no-Meilisearch fallback mode, what that costs (no body-text search, no advanced operators), and pointing users at MEILI_HOST / MEILI_MASTER_KEY if they want to bring their own instance. This already works today — the Linkwarden code reads those env vars unchanged, so a self-hoster can spin up getmeili/meilisearch next to Cloudron and point Linkwarden at it via cloudron env set. Make the integration discoverable. Document MEILI_HOST / MEILI_MASTER_KEY as recognised env vars on the app page (they already work via cloudron env set — they're just not advertised). A startup log line on the worker — "Meilisearch disabled — full-text search on archived content will not be available" — would also turn the silent degradation into a visible one. Bundled sidecar. Ship Meilisearch alongside the Linkwarden container in the package. I understand from topic #2518 that a standalone Meilisearch app was deemed out of scope ("like a database … not really like a web app"), so I'm not asking for that — but bundling it as an internal dependency of the Linkwarden package would side-step that objection while bringing the package in line with upstream's expected architecture. (1) seems strictly better than the current state regardless of whether (2) or (3) ever happen — right now users only learn the limitation by reading the source. Verification offer Happy to test any of the above on the 1.21.1 instance and report back. From reading the code I'd expect that pointing Linkwarden at an external Meilisearch via cloudron env set MEILI_HOST=… MEILI_MASTER_KEY=… works without any package changes — the fallback should flip to the Meilisearch path on next restart and the indexing worker should backfill existing links — but I haven't tried it yet, and confirming this is exactly the kind of thing I'm offering to do. Possibly related docs.linkwarden.app/self-hosting/installation — upstream install guide listing Meilisearch as part of the standard setup. The Cloudron app currently runs apps/worker/workers/linkIndexing.ts as a no-op every cycle; might be worth gating it (or at least the log lines) on MEILI_MASTER_KEY being set, to avoid future user confusion.

Listmonk

31 232

31 Topics

232 Posts

@filter i have submitted a PR here - https://github.com/knadh/listmonk/pull/3012

Loomio

7 125

7 Topics

125 Posts

[1.17.11] Update loomio to 3.0.22 Full Changelog STV (Single Transferable Vote) poll type beta. Anonymous by default, results hidden until the poll closes. The form shows a warning asking users to report bugs and feedback on GitHub. Cloudflare Turnstile challenge on password sign-in, login-token requests, signup, and trial creation. Admin login-link sign-in bypasses the challenge; sign-in with a login code also bypasses it. Fixed SQL injection in HasTimeframe via timeframe_for. Blocked SSRF in the link preview service; link previews now require auth and are throttled to 20/hour per user. Direct upload size limit (25 MB trial, 1 GB paid); blocked dangerous uploads. Bumped vue-i18n to 9.14.5 (XSS + prototype pollution). Refresh a user's groups after joining or being added to a group. Return a token error on session failure when a login token is pending; translate sessions errors server-side; surface server errors on login code entry. Fix demo poll cloning (missing opening_at/opened_at). Translation fixes: needs_a_rethink_meaning, "vote in" "vote on", German typo in discard.

Lychee

19 222

19 Topics

222 Posts

[2.44.4] Update Lychee to 7.5.4 Full Changelog Add disabling preloading check in FixTree console by @ildyria in #4226 Fixing discussion #4230 SyntaxError: [sprintf] unexpected placeholder by @TheBullRing in #4231 Fix MySQL error 1390 (too many placeholders) in album/photo deletion path by @Copilot in #4225 Enhance German translation by @hyazinthh in #4239 Finalize German translation by @hyazinthh in #4241 Fix vite 8 building a broken frontend by @ildyria in #4242 Trivy ignore update by @ildyria in #4251 Add turkish template by @ildyria in #4253 Fix notifications by @hyazinthh in #4255 Fix 'rename' string and make ellipses consistent for German by @hyazinthh in #4256

Mailtrain

10 61

10 Topics

61 Posts

@girish That is a super handy feature!

Mastodon

146 1k

146 Topics

1k Posts

[1.17.9] Update mastodon to 4.5.9 Full Changelog Insufficient verification of email addresses (GHSA-5r37-qpwq-2jhh) Updated dependencies Add trademark warning to mastodon:setup task (#38548 by @ClearlyClaire) Fix definition for quote in JSON-LD context (#38686 by @ClearlyClaire) Fix being unable to disable sound for quote update notification (#38537 by @ClearlyClaire) Fix being able to quote someone you blocked (#38608 by @ClearlyClaire)

Matomo

51 432

51 Topics

432 Posts

Running ./console core:update in the Matomo app's terminal updated the DB for us.

Matrix (Synapse/Element)

128 1k

128 Topics

1k Posts

[1.11.18] Update element-web to 1.12.17 Full Changelog Fix OIDC login callback handling on Element Desktop (#33337). Contributed by @t3chguy.

Mattermost

59 641

59 Topics

641 Posts

[1.27.1] Update mattermost to 11.6.1 Full Changelog Mattermost Platform Release 11.6.1 contains medium to high severity level security fixes.

Mautic

63 501

63 Topics

501 Posts

I know you posted this years ago, but if someone comes by this topic. You select the product (e.g. MaxMind GeoLite City), enter your API Key and hit "Fetch IP Lookup Data Store". [image: 1774617868420-screenshot-2026-03-27-092349.png]

Mealie

8 95

8 Topics

95 Posts

[1.39.0] Update mealie to 3.16.0 Full Changelog feat: Migrate PWA manifest to backend @Choromanski (#7331) fix: Blank query filter builder fields @michael-genson (#7480) fix: preserve ingredient section titles when parsing recipe ingredients @zdenek-stursa (#7483) fix: Misc frontend layout fixes @michael-genson (#7487) fix(deps): update dependency authlib to v1.6.11 [security] @renovate[bot] (#7481) fix(deps): update dependency lxml to v6.0.4 @renovate[bot] (#7485)

MediaWiki

8 88

8 Topics

88 Posts

[3.6.3] Update mediawiki to 1.45.3

Meemo

13 87

13 Topics

87 Posts

Closed due to inactivity

Memos

6 47

6 Topics

47 Posts

[2.0.0] Update memos to 0.28.0 Full Changelog Breaking change: Existing SSO users must link their identity again - If you previously signed in through SSO, sign in once with your username and password after upgrading, then go to Account Settings to link your SSO identity. After the identity is linked, future SSO sign-ins will resolve to your existing Memos account. feat: auth: add SSO user identity linkage (#5883) (d688914) feat: memos: choose created or updated time for memos (#5894) (c268551) feat: redesign account and SSO management (#5886) (ee17998) fix: auth: harden authorization and username validation (#5890) (0fb83a7) fix: disable modal prop on DropdownMenu to prevent scroll disappearing (#5861) (d98f665) fix: fix legacy username auth flows (#5885) (30c0611) fix: markdown: split mixed task and bullet lists (e2c6084) fix: reduce list memo query overhead (#5880) (5063804) fix: web: preserve task checkbox state (#5867) (b5863d7)

Metabase

18 633

18 Topics

633 Posts

[3.8.2] Update metabase to 0.60.3.4 Full Changelog

MicroBin

1 5

1 Topics

5 Posts

[0.5.0] Update microbin to 2.1.4 Full Changelog Patch #326, change env defaults, bump to 2.1.4 by @szabodanika in #327 Change content handling to use byte buffer instead of parsing chunks directly by @ybalbert in #299 derive version from binary by @nastyagrifon in #306 Add missing public_path to some Location redirects by @farfalleflickan in #307 fix vertical layout on smartphones by @underoll in #308 Add multi-attachment support by @szabodanika in #309 improve logging with real ip by @Sofyan-SU in #311 Fix threading issue by deferring lock acquisition during file uploads by @szabodanika in #313 Support default privacy setting by @szabodanika in #314 Add MICROBIN_MAX_EXPIRY arg by @szabodanika in #321

Minecraft

50 494

50 Topics

494 Posts

[2.37.8] Update bedrock to 1.26.14.1

Miniflux

11 96

11 Topics

96 Posts

[1.6.13] Update v2 to 2.2.19 Full Changelog Remove sensitive values (CSRF tokens, OAuth state, session cookies) from log messages. Verify OIDC ID token signatures and claims. Prevent OAuth identity overwrite when already linked. Clear PKCE verifier and CSRF state after use. Validate HTTP status from Google userinfo endpoint. Use HMAC-SHA256 instead of SHA1 for Google Reader API authentication. Use constant-time comparison for token validation. Fix potential DoS when truncating large untrusted input in templates. Reject oversized favicons.

Minio

54 699

54 Topics

699 Posts

@uroni Nicely done!

MiroTalk

48 1k

48 Topics

1k Posts

[2.7.11] Update mirotalksfu to 2.2.33

Monica

16 103

16 Topics

103 Posts

The app package runs the cron job as outlined in https://github.com/monicahq/monica/blob/4.x/docs/installation/providers/generic.md#4-configure-cron-job Can you open a webterminal into the app and run it manually via: sudo -E -u www-data php /app/code/artisan schedule:run and see if it shows an error or sends the mails then?

Moodle

42 342

42 Topics

342 Posts

[4.1.0] Update moodle to 5.2.0 Full Changelog

N8N

152 1k

152 Topics

1k Posts

Hello @bedrijfstak14 Great to read that the Cloudron update 9.1.7 resolved this issue.

Navidrome

18 163

18 Topics

163 Posts

[1.28.2] Update navidrome to 0.61.2 Full Changelog Another round of bugfixes. Transcoding now properly clamps target channels to codec limits, WAV files play directly in browsers without unnecessary transcoding, and the scanner picks up ORIGYEAR tags for VorbisComment and MP4 formats. Cover art handling got a few fixes too, including configurable max upload size. Plugin developers now get the file path in TrackInfo for Scrobbler and Lyrics plugins. Prevent theme CSS filters from affecting disc cover art. (c91721363 by @deluan) Refine image filters for playing and paused states in SquiddiesGlass theme. (4570dec67 by @deluan) Update Chinese (Simplified) translation. (#5323 by @fxj368) Update Russian translations. (#5329 by @amakeenk) Map ORIGYEAR tag for VorbisComment and MP4 formats, bringing them in line with ID3. (#5303 by @obskyr) Fix issue with empty ID3v2 frames in go-taglib. (1de4e43d2 by @deluan) Always emit required created field on AlbumID3 responses. (#5340 by @deluan) Make max image upload size configurable. (#5335 by @m8tec) Allow shared disc art from unnumbered filenames in single-folder albums. (#5344 by @deluan)

Nextcloud

404 3k

404 Topics

3k Posts

I woke up to a crashed NextCloud because of the polls app. getting an error that ends with this: ...was already defined on table "oc_polls_options". I was able to defeat this by removing the app/code/apps/polls/ directory, but when I try to reinstall Polls, the error comes again, so there must be a database issue. Do we have a way to clear the polls database?

NocoDB

29 291

29 Topics

291 Posts

[1.37.0] Update nocodb | stage to 2026.04.5 Full Changelog

NodeBB

64 532

64 Topics

532 Posts

[2.27.1] Update NodeBB to 4.11.2 Full Changelog test manual dispatcher (3d969f0)

ntfy

13 102

13 Topics

102 Posts

[1.25.0] Update ntfy to 2.22.0 Full Changelog Tighten web push endpoint allow-list regex to prevent SSRF via unanchored pattern matching (GHSA-w9hq-5jg7-q4j7, thanks to @MightyNawaf for reporting) Fix web app not allowing access tokens to be changed to never expire (#1693/#1694, thanks to @lastsamurai26 for reporting and to @ShipItAndPray for fixing) Fix web app crashing on account page for tokens without a last access time (#1651, #1684, thanks to @Pulsar7 and @rzhli for reporting)

Ollama

5 62

5 Topics

62 Posts

[1.10.1] Update ollama to 0.22.1 Full Changelog Updated the Gemma 4 renderer for thinking and tool calling improvements Model recommendations are now updated without updating Ollama Aligned the desktop app's launch page with ollama launch integrations Fixed the Poolside integration title in ollama launch Full Changelog: https://github.com/ollama/ollama/compare/v0.22.0...v0.22.1

OmekaS

5 45

5 Topics

45 Posts

[1.5.0] Update omeka-s-module-Ldap to 0.7.0 Full Changelog Add update hook on existing ldap user Improve attributes retrieval by asking all ldap attributes and using it potentially in another module

OnlyOffice

51 422

51 Topics

422 Posts

Hello @jdaviescoates Ah! Good to know!

OpenCloud

6 42

6 Topics

42 Posts

[0.9.0] Update opencloud to 6.1.0 Full Changelog Add a flag to the reindex command to force a full reindex [#2606] proxy: Allow mapping from an external tenant id to the internal id [#2569] feat: enable EnableInsertRemoteFile WOPI flag for Collabora [#2555] feat(multi-tenancy): verify tenant via OIDC claim [#2559] Fix race conditions in the hybrid metadata backend [#594] fix: error handling in upload session cleanup [#582] experimental: add darwin watchfs support [#471] Tracing [#596] fix: favorites list, undo delte doesn't return item to the favorites [#2382] feat: handle UI_InsertFile postMessage from Collabora [#2270]

OpenHAB

4 50

4 Topics

50 Posts

[1.8.4] Update openhab-distro to 5.1.4 Full Changelog

OpenProject

24 285

24 Topics

285 Posts

[3.48.1] Update openproject to 17.3.1 Full Changelog Bugfix: Some macros cannot be used (displayed behind modal) while creating a new child via relations tab [#62585] Bugfix: The 'Reload' action in the banner about the meeting being updated in the background no longer auto-scrolls to the previous position [#70559] Bugfix: Items multiplying on page and page becoming unresponsive when macros and code snippet are used [#73117] Bugfix: Remove a 2FA device from a user as admin does not work [#73218] Bugfix: Error when changing wp type from the wp list [#73224] Bugfix: Internal error on custom actions form [#74131]

Open Web Calendar

4 34

4 Topics

34 Posts

Hi @girish so I learned something while setting up my Radicale and OWC. It seems like the calendar client publishing in to the ICS in Radicale (or wherever your ICS source lives) can matter. When I used the Calendar app on macOS I saw no descriptions. When I used Thunderbird I do. You can see it on my live page that has the OWC page in an iframe https://kb.filewave.com/books/community-engagement/page/customer-event-schedule and if you click on events in the agenda then the description shows. I think initially I was also hoping to show description on the Agenda page without clicking on an event but originally I was bothered that I just couldn't get description to show up. So now it does at least show up when you click an event. I haven't looked at why Calendar doesn't make a summary that shows and Thunderbird does but I'm fine using Thunderbird to put events in my calendar feed.

OpenWebUI

78 714

78 Topics

714 Posts

new package is out

oPodSync

3 14

3 Topics

14 Posts

[1.1.4] Fixup docs link

osTicket

15 93

15 Topics

93 Posts

osTicket has finally officially announced osTicket 2.0, with an RC1 being released "shortly". They launched a new site https://next.osticket.com/ to showcase the work that has been done and a video demo.

Outline

29 190

29 Topics

190 Posts

[1.22.0] Update outline to 1.7.0 Full Changelog Expanded MCP capabilities with patch support, improved tree hierarchy reading, configurable workspace guidance, a create_attachment tool, simplified mention syntax, and richer comment tool responses (#11822, #11839, #11823, #11851, #11886, #11987, #12102, #12097) Added email subscriptions to public documents so readers can follow along with updates, including diffs in notifications (#11911, #12084) Introduced a redesigned document history with the ability to compare any two revisions side-by-side (#12112, #12001) Added full right-to-left (RTL) layout support for languages such as Hebrew and Arabic (#12107) Removed auto creation of share links; shares must now be created explicitly (#11950) Fixed passkey login 400 error when authenticatorAttachment is undefined, and prevented registering duplicate passkeys on the same device (#11856, #11870) Fixed read-only scoped API keys being unable to access MCP (#11875) Fixed @mention trigger not firing after CJK characters and improved mention search during IME composition (#11919, #11944) Sanitized mention href to prevent unsafe URLs (#11993) Fixed new shares not including children, and validated that shares contain only a documentId or collectionId (#12009, #12098)

Owncast

17 104

17 Topics

104 Posts

[1.6.2] Update owncast to 0.2.5 Full Changelog fedi_spin.gif as a new emoji. #4721 Add support for federation shared inboxes #4212 Add require chat authentication to take part in chat #4732 Favicon customization #868 Explicitly mention shortcut keys in video player #3785 Remove special characters from auto-generated stream keys as not all broadcast software support them #4690 Sanitize actor displaynames #4864 Fediverse followers contact name / profile picture now get updated and invalid users get removed #2923 Fediverse action titles can overflow in chat #4773 Path Prefix for S3 Not Working On file cleanups #4784

PairDrop

3 16

3 Topics

16 Posts

[1.3.0] Update base image to 5.0.0

Paperless-ngx

65 550

65 Topics

550 Posts

[1.52.0] Update gotenberg to 8.32.0 Full Changelog Reverted SSRF defaults (breaking vs 8.31.0). 8.31.0 blocked private-IP destinations by default, which broke deployments running Gotenberg inside a private network. 8.32.0 restores the 8.30.x permissive defaults. Operators with internet-facing APIs opt into the strict posture via the new flags below. Rejected file:// at /forms/chromium/convert/url. Submitting url=file:///tmp/... used to let an unauthenticated caller enumerate the request working directory and read other in-flight uploads as rendered PDFs. The route now returns HTTP 400 for any file:// URL. Required uploaded file for image / pdf stamp and watermark sources. Twelve callsites accepted stampSource=pdf or watermarkSource=pdf with an expression pointing at any path the Gotenberg process could open, even when no file was uploaded. Handlers now return HTTP 400 unless the caller uploaded a matching file. Scoped file:// sub-resources to the request working directory. Crafted HTML could reference another request's file:///tmp/<reqdir>/.... The CDP request handler now restricts file:// sub-resources to the current request's directory. /convert/url and /screenshot/url reject every file:// sub-resource outright. Hardened Chromium against DNS rebinding. A short-TTL DNS authority could return a public IP at validation and a private IP at connect. A loopback HTTP / CONNECT proxy now sits between Chromium and the network, resolves DNS once, and pins the dial to the resolved IP. Skipped when --chromium-proxy-server or --chromium-host-resolver-rules is set. Filtered LibreOffice outbound fetches through a proxy. Uploaded OOXML, RTF, and ODF files can embed external URLs that LibreOffice's libcurl resolves below every Go-side SSRF filter. LibreOffice now routes every outbound fetch through an in-process forward proxy on the same gotenberg.DecideOutbound path Chromium and webhook delivery use. See the four new flags below. Recovered webhook async panics. High-concurrency webhooks could panic the async goroutine and crash the whole process. The goroutine now snapshots the request context and recovers any future panic through the existing error path. LibreOffice outbound URL filtering. Four flags mirror the Chromium and webhook layout: --libreoffice-allow-list, --libreoffice-deny-list, --libreoffice-deny-private-ips, --libreoffice-deny-public-ips. All default permissive. IP-class filtering on four modules. chromium, webhook, api-download-from, and libreoffice each accept matching deny-private-ips and deny-public-ips flags. All default to false. Charts print as blank rectangles (#1531, #1532, #1534, #1535 chromedp v0.15.0 suspended the BeginFrame-driven callback dispatch loop under emulatedMediaType=print. requestAnimationFrame, ResizeObserver, IntersectionObserver, CSS transitionend, and CSS animationend all stopped firing. Pinning chromedp back to v0.14.2 restores native dispatch.

Paperwork

2 11

2 Topics

11 Posts

You can still install it like this https://my.<cloudron>/#/appstore/rocks.paperwork.cloudronapp . But note that it was last updated 3 years ago. I tried to build a new version with latest with PHP a year ago and the app was not even building anymore. They have been re-writing a new version for a couple of years now.

PeerTube

101 890

101 Topics

890 Posts

[4.6.6] Update peertube-plugin-auth-openid-connect to 1.1.0

Penpot

20 161

20 Topics

161 Posts

[1.16.4] Update penpot to 2.14.4 Full Changelog

Phabricator

6 24

6 Topics

24 Posts

App discontinued due to no upstream updates.

PHP Server Monitor

4 12

4 Topics

12 Posts

The upstream project has not released in almost 3 years now. We had to build from develop to get some PHP 8 support going, but there are bugs like https://github.com/phpservermon/phpservermon/issues/1196 , https://github.com/phpservermon/phpservermon/issues/1232 . There's also a bunch of basic issues: Normal user cannot login after admin user logs in. Some issue related to service worker. LDAP functionality is incomplete

Piwigo

5 62

5 Topics

62 Posts

[3.3.0] Update Piwigo to 16.3.0 Full Changelog Release note

Pixelfed

80 670

80 Topics

670 Posts

Seems like for some unknown reason putting the app in debug mode and back out of debug mode fixed it.

Planka

2 10

2 Topics

10 Posts

It's a bit convoluted, but setting OIDC_IGNORE_ROLES=true in the /app/data/env at least lets you persist role changes across restarts/re-auths when using SSO. Otherwise each SSO-login will reset the roles based on their OIDC groups based role assignment. That way you could: a) login via SSO b) logout and re-login with the default admin c) make your SSO logged in user an admin d) deactivate the default admin And have a usable system through Cloudron SSO.

PocketBase

9 136

9 Topics

136 Posts

[1.15.4] Update pocketbase to 0.37.5 Full Changelog Fixed password fields not being detected as changed (#7670). Added the local time zone name next to the date field label. Reload trusted proxy info UI after settings save. Other minor improvements (skips the duplicated record ids from the IN expand list, reordered confirm-email-change error checks to minimize enumeration attacks, etc.).

Postiz

22 216

22 Topics

216 Posts

Hi, It looks like the package is gone from the cloudron supported apps, has anyone tried self-hosting it by following the official method as presented in their doc, with success? (https://docs.postiz.com/quickstart)

Pretix

9 73

9 Topics

73 Posts

[1.7.0] Update pretix to 2026.4.0 Full Changelog

PrivateBin

8 57

8 Topics

57 Posts

[1.11.3] Update PrivateBin to 2.0.3 Full Changelog FIXED: Prevent arbitrary PHP file inclusion when enabling template switching FIXED: Malicious filename can be used for self-XSS / HTML injection locally for users FIXED: Unable to create a new paste from the cloned one when a JSON file attached (#1585)

Prometheus

19 223

19 Topics

223 Posts

[1.15.1] Update alertmanager to 0.32.1 Full Changelog [BUGFIX] dispatcher: Fix issue with dispatching to a contended route. #5179 [BUGFIX] ui: Provide prebuilt ui assets in release. #5191 [ENHANCEMENT] ui: Support building artifacts in containers with Docker or Podman. #5102

qBittorrent

6 103

6 Topics

103 Posts

[2.26.0] Update VueTorrent to 2.32.0 Full Changelog download_path for categories (#2633) (c975533) TorrentDetail: Add default tab selection in settings (#2623) (144f552) CookiesManager: Allow import from empty menu (3f4f571) RSS: Improve performance (c6d9ddc)

Radicale

15 157

15 Topics

157 Posts

[2.14.1] chore(deps): update dependency radicale to v3.7.2

Rallly

16 192

16 Topics

192 Posts

[2.10.0] Update rallly to 4.10.0 Full Changelog Version tile in the control panel showing the running version and whether an update is available (#2355, #2351, #2348) Send poll response confirmation email in the respondent's locale (#2356) Optimize invite page queries (#2350)

Rainloop

9 75

9 Topics

75 Posts

App discontinued due to no upstream updates.

Redash

14 106

14 Topics

106 Posts

[5.4.0] Update redash to 26.3.0 Full Changelog

Redmine

18 165

18 Topics

165 Posts

[3.11.2] Update redmine_oauth to 4.0.6 Bug: #120 - Undefined method 'url_parameters' for an instance of OauthProvider Domain based self-registration New: #112 - Add DataFlattener for nested data Bug: #115 - Fix redirect loop when OAuth-only login is enabled New: #116 - Add domain-based OAuth self-registration (auto-activate allowlist) Bug: #118 - Cannot save "Alterative name" and "URL parameters"

Release Bell

16 108

16 Topics

108 Posts

Just installed ReleaseBell to monitor the apps I am packaging. But it's not accurate Shows https://github.com/windmill-labs/windmill as v1.457.0 but the actual GitHub page shows 1.645.0 Is there some config I should be changing ? Actually, just noticed it has 2 entries for windmill ( a starred project ), the other showing 1.573.0

Rocket.Chat

70 761

70 Topics

761 Posts

[3.3.0] Update Rocket.Chat to 8.4.0 Full Changelog Adds file thumbnails with image preview to the message composer attachments Adds a new REST endpoint to accept or reject media calls without an active media session Adds externalIds field to livechat visitors for external platform identification. Adds a skipTranspile flag (default false) to webhook integrations. When set to true, the integration script is stored as-is without Babel transpilation matching the 9.0.0 default where Babel is removed entirely. Admins can flip the flag per-integration to validate strict-mode compatibility before upgrading. The field is deprecated and will be removed in 9.0.0. Updates omnichannel routing so agents with offline status are always excluded from assignment. The Livechat_enabled_when_agent_idle setting now only affects agents with away status. Introduces Cold Storage Archiving for Read Receipts to improve performance and scalability in large deployments. Fixed UI becoming unresponsive after clicking "See on Engagement Dashboard" from the workspace info card, which required a manual page refresh to recover. Fixes a bug that could remove all of a user's subscriptions when the user was re-added to a room while still banned. Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates) Fixes an issue where the Omnichannel routing system ignored the Livechat_accept_chats_with_no_agents setting. Now, offline agents are correctly considered for assignment when the setting allows it.

Roundcube

53 362

53 Topics

362 Posts

[2.9.5] Update roundcubemail to 1.6.15 Full Changelog SVG Animate FUNCIRI Attribute Bypass Remote Image Loading via fill/filter/stroke, reported by class_nzm. Fix regression where mail search would fail on non-ascii search criteria (#10121) Fix regression where some data url images could get ignored/lost (#10128) Fix SVG Animate FUNCIRI Attribute Bypass Remote Image Loading via fill/filter/stroke

RSS-Bridge

9 62

9 Topics

62 Posts

@girish said: @rmdes @odie I have updated the app to use symlinks under /app/data/bridges. You can add new bridges there or delete some symlink and add your own. Thank you! Works excellent!

RustFS

1 16

1 Topics

16 Posts

[0.12.0] Update rustfs to 1.0.0-beta.1 Full Changelog

Scrumblr

4 15

4 Topics

15 Posts

Given that the upstream project is not maintained anymore, we have hidden this in the appstore. I had also submitted a PR upstream for a basic issue which is ignored - https://github.com/aliasaria/scrumblr/pull/161

SearXNG

17 236

17 Topics

236 Posts

[2.90.0] Update searxng to a7ac696

SeaweedFS

1 5

1 Topics

5 Posts

[0.5.0] Update seaweedfs to 4.22 Full Changelog fix(shell): volume.fsck keeps going past a single broken chunk manifest by @chrislusf in #9140 feat(shell): fs.mergeVolumes deletes source needles after filer update by @chrislusf in #9160 feat(security): hot-reload HTTPS certs without restart (k8s cert-manager) by @chrislusf in #9181 fix(master): register EC shards per physical disk on full heartbeat sync (#9212) by @chrislusf in #9219 feat(iam): allow caller-supplied AccessKeyId and SecretAccessKey in CreateAccessKey by @JonNesvold in #9172 fix(s3api): correct SSE-S3 decryption key handling in multipart uploads by @os-pradipbabar in #9211 fix(s3api): stream multipart-SSE chunks lazily to avoid truncated GETs (#8908) by @chrislusf in #9228 feat(credential/postgres): inline policies, mTLS and pgbouncer connection support by @JonNesvold in #9226 fix(nfs): make Linux mount -t nfs work without client workaround (#9199) by @chrislusf in #9201 fix(mount): sanitize non-UTF-8 filenames; keep marshal errors per-request by @chrislusf in #9207

SerpBear

5 35

5 Topics

35 Posts

[1.4.0] Update serpbear to 3.1.0 Full Changelog add subdomain matching functionality (4533737), closes #324 enhance error handling and response structure in scraper functions (4f394c2) minor ui issue (eecf88a) prevent corrupt failed queue file to reset the app settings (c306fa0), closes #328 resolves broken google ads oauth of instances behind reverse proxy (a988b13), closes #326 resolves cron issue with certain port mapping config (d86616a) resolves issue that prevents refreshing all keywords when one fails (77cfa2f)

SFTPGo

13 80

13 Topics

80 Posts

[1.4.1] Update sftpgo to 2.7.1 Full Changelog SFTPD: Added support for OpenPubkey SSH, enabling tighter integration between OpenID Connect and SFTP. Enforced password validation rules also when applied through a group. Fixed an issue where JSON dumps containing command actions failed to load correctly at startup when loaded as initial data. Data Provider: Fixed lock handling issues during migrations that could affect MySQL when migrations are executed concurrently by multiple instances. Fixed a potential path traversal and permission bypass involving specially crafted paths. CVE-2026-30914. Fixed placeholder sanitization in group home directories and key prefixes. CVE-2026-30915. Unified path handling: Prior to this release, the backslash character (\) was treated differently depending on the host operating system: on Linux, it was considered a standard character within a file or directory name, while on Windows, it acted as a path separator. We have now unified path handling across all platforms. Moving forward, both forward slashes (/) and backslashes (\) are strictly evaluated as path separators, independently of the underlying OS.

Shaarli

5 45

5 Topics

45 Posts

[2.18.0] Update Shaarli to 0.16.0 Full Changelog v0.x branches and tags will no longer be maintained after v0.16. Always upgrade to the latest release to receive bugfixes and security patches. docs: update PHP version compatibility table fix stored XSS via suggested tags (GHSA-g3xq-mj52-f8pg) build(deps): update frontend build dependencies (js-yaml/glob)

SickChill

7 50

7 Topics

50 Posts

@girish said in SickChill unlisted from app store: I hope they atleast bring back the issue tracker Out of interest, why does this matter for Cloudron? BTW, someone has replied to the thread I started on Discord informing me that the master releases are these https://pypi.org/project/sickchill/ Doesn't look like there has been a new one since March though.

Shiori

2 15

2 Topics

15 Posts

[1.3.0] Update shiori to 1.8.0 Full Changelog feat(apiv1): refactor tags api (#1075) feat: add PWA support share functionality (#1060) feat: add apis to handle bookmark tags (#1081) feat: allow tag filtering and count retrieval via api v1 (#1079) feat: improve SQLite performance (#1024) feat: reverts message in json output and allows configuration (#1082) feat: support proxy forward headers authentication (#1105) fix: auth validation on existing sessions, rely on token only (#1069) fix: incorrectly set cookie's expires value in login.js (#1049) fix: parse pocket new CSV format (#1112

Simple Torrent

4 41

4 Topics

41 Posts

The upstream project is archived - https://github.com/boypt/simple-torrent/ . There has been no changes in 2 years and modules are not updated.

SnappyMail

33 346

33 Topics

346 Posts

@robi Technically true. And yet the only door you need to overcome to access all your mails.

Snipe-IT

22 216

22 Topics

216 Posts

[1.19.1] Update snipe-it to 8.4.1 Full Changelog Fixed RB-20713: Improved validation of license seat update api endpoint by @marcusmoore in #18576 Fixed #18600 - add filesystem check on health checker by @snipe in #18606 Added maintenances seeder by @snipe in #18612 Added model number as a separate field, added sorting by @snipe in #18613 Fix deprecated string interpolation in controllers by @joelpittet in #18609 Bumped Debugbar to v4 by @marcusmoore in #18485 Adds #11741 currently assigned license table to license checkout by @Godmartinz in #17964 #5947 - roll up bulk asset checkout email by @marcusmoore in #18095 Fixes (hopefully) RB #19772 Unexpected EOF by @spencerrlongg in #18614 Fixed #18797: Fix link to components in asset view by @marcusmoore in #18799

SOGo

60 426

60 Topics

426 Posts

[2.18.7] Update sogo to 5.12.7 Full Changelog

Statping

13 104

13 Topics

104 Posts

Just checked on this again but it seems statping-ng is not going forward much . https://github.com/statping-ng/statping-ng/tags says the release was almost a year ago.

Stirling-PDF

44 460

44 Topics

460 Posts

[3.11.0] Update Stirling-PDF to 2.10.0 Full Changelog Users can now set a default startup view and reader zoom preferences for desktop new pixel compare mode in PDF Compare tool to compare formatting and other changes Improved memory efficiency of API calls Improved thumbnail speed and rendering and fixed thumbnail bugs Support AppImage files for desktop release (This is new so please report any bugs you have!) Support RPM Builds for desktop release (This is new so please report any bugs you have!) Support Homebrew, AUR, Scoop and winget for desktop release! More to come soon, as well as for server releases File sharing bugs for SSO users Thumbnail rendering issues Encrypted PDF modal not working

Superset

15 144

15 Topics

144 Posts

[1.12.0] chore(deps): update dependency apache-superset to v6

Surfer

102 774

102 Topics

774 Posts

[6.5.1] Update surfer to 6.5.1 Improved preview behavior Various mobile fixes

Syncthing

32 238

32 Topics

238 Posts

[1.33.17] Update syncthing to 2.0.16 Full Changelog Database backend switched from LevelDB to SQLite. There is a migration on first launch which can be lengthy for larger setups. The new database is easier to understand and maintain and, hopefully, less buggy. The logging format has changed to use structured log entries (a message plus several key-value pairs). Additionally, we can now control the log level per package, and a new log level WARNING has been inserted between INFO and ERROR (which was previously known as WARNING...). The INFO level has become more verbose, indicating the sync actions taken by Syncthing. A new command line flag --log-level sets the default log level for all packages, and the STTRACE environment variable and GUI has been updated to set log levels per package. The --verbose and --logflags command line options have been removed and will be ignored if given. Deleted items are no longer kept forever in the database, instead they are forgotten after fifteen months. If your use case require deletes to take effect after more than a fifteen month delay, set the --db-delete-retention-interval command line option or corresponding environment variable to zero, or a longer time interval of your choosing. Modernised command line options parsing. Old single-dash long options are no longer supported, e.g. -home must be given as --home. Some options have been renamed, others have become subcommands. All serve options are now also accepted as environment variables. See syncthing --help and syncthing serve --help for details. Rolling hash detection of shifted data is no longer supported as this effectively never helped. Instead, scanning and syncing is faster and more efficient without it. A "default folder" is no longer created on first startup. Multiple connections are now used by default between v2 devices. The new default value is to use three connections: one for index metadata and two for data exchange. The following platforms unfortunately no longer get prebuilt binaries for download at syncthing.net and on GitHub, due to complexities related to cross compilation with SQLite: The handling of conflict resolution involving deleted files has changed. A delete can now be the winning outcome of conflict resolution, resulting in the deleted file being moved to a conflict copy. fix(protocol): verify compressed message length before decompression by @calmh in #10595

Taiga

21 199

21 Topics

199 Posts

[2.19.0] Update taiga-front-dist to 6.10.0

Tandoor

6 96

6 Topics

96 Posts

[1.12.9] Update recipes to 2.6.9 Full Changelog fixed another stored XSS in recipe instructions GHSA-89pw-5qxc-7v86 updated pillow library security update

TeamSpeak

10 69

10 Topics

69 Posts

[1.5.2] Fixup doc URL

Teddit

9 79

9 Topics

79 Posts

@timconsidine said in Teddit Subscriptions no longer working: Just FYI - my LibReddit - selfhosted as Docker on another VPS = is still working. But now it is down. Maybe they have caught up with me.

The Lounge

5 48

5 Topics

48 Posts

[1.22.1] checklist added to manifest

TLDraw

10 67

10 Topics

67 Posts

@Sam_uk we have unlisted TLDraw by now. Please see https://forum.cloudron.io/topic/10806/no-more-updates-to-tldraw . The license and company direction has changed.

Traccar

20 211

20 Topics

211 Posts

Thanks a lot!

Translate

10 101

10 Topics

101 Posts

[2.7.2] Update libretranslate to 1.9.5 Full Changelog Fix version display by @pierotofy in #951 Prefetch MiniSBD models by @pierotofy in #953

Transmission

11 77

11 Topics

77 Posts

[2.5.0] Update transmission to 4.1.0 Full Changelog Improved TP download performance. (#6508) Added support for IPv6 and dual-stack UDP trackers. (#6687) Support trackers that only support the old BEP-7 with &ipv4= and &ipv6=. (#7481) New JSON-RPC 2.0-compliant RPC API. (#7269) Added optional sequential downloading. (#4795) Use native icons for menus and toolbars: SF Symbols on macOS, Segoe Fluent on Windows 11, Segoe MDL2 on Windows 10, and XDG standard icon names everywhere else. (#7819, Qt Client) Fixed 4.0.6 bug where Transmission might spam HTTP tracker announces. (#7086) Improved libtransmission code to use less CPU. (#4876, #5645, #5715, #5734, #5740, #5792, #6103, #6111, #6325, #6549, #6589, #6712, #7027, #7744, #7800) Avoid unnecessary heap memory allocations. (#5519, #5520, #5522, #5527, #5540, #5649, #5666, #5672, #5676, #5720, #5722, #5725, #5726, #5768, #5788, #5830, #6542) Slightly reduced latency when sending protocol messages to peers. (#5394)

TriliumNext

13 158

13 Topics

158 Posts

[1.28.2] Update Trilium to 0.102.2 Full Changelog Improved request handling for SVG content in share routes Improved request handling for SVG content in the main API Enhanced content rendering in the Mermaid diagram editor Fixed toast notifications to properly escape content Added validation for the docName attribute in the document renderer Marked docName as a sensitive attribute in the commons module Added Electron fuses to harden the desktop application against external abuse Improved application integrity checks Added MIME type validation for image uploads via ETAPI Aligned attachment upload validation with note upload validation

Tiny Tiny RSS

37 405

37 Topics

405 Posts

[2.85.0] Update tt-rss to 96ddb40

Twenty

7 50

7 Topics

50 Posts

[0.9.0] Update twenty to 2.1.0 Full Changelog Fix Email composer rich text to HTML conversion by @neo773 in #19872 Fix side panel hotkeys breaking when opening records from table by @abdulrahmancodes in #19849 fix email workflow by @neo773 in #19929 Fix left/right arrow keys not working in dropdown search inputs by @abdulrahmancodes in #19759 feat(sdk): confirm authentication method on remote add by @FelixMalfait in #19947 fix(server): preserve kanban/calendar fields in view manifest sync by @FelixMalfait in #19946 feat(sdk): add definePageLayoutTab for extending existing page layouts by @charlesBochet in #20004 feat(app): infrastructure for pre-installed apps by @FelixMalfait in #19973 feat(admin-panel): add read-only Billing tab and workspace logos by @FelixMalfait in #20012 [breaking, deploy server first] fix(ai-chat): persist providerExecuted flag on tool parts by @FelixMalfait in #20030

Typebot

42 296

42 Topics

296 Posts

[1.24.1] Update typebot.io to 3.16.1 Full Changelog baptisteArno/typebot.io (baptisteArno/typebot.io) Compare Source

Umami

33 276

33 Topics

276 Posts

@James fair point .... but still stupid IMHO. Especially as it worked perfectly well in 3Gb until recent updates. Not much time to research an alternative just now so will live with it. Simply because I'm lucky enough to have 128Gb RAM on my Cloudron VPS .... but I didn't spec it that way to be wasted on Umami.

Uptime Kuma

39 341

39 Topics

341 Posts

[2.4.0] Update uptime-kuma to 2.3.0 Full Changelog #7194 fix: Revert "add sorting to status pages" #7312 fix(database): add UPTIME_KUMA_SQLITE_SINGLE_CONNECTION #7304 feat: websocket improve to fix issue #7268 including support authentication (Thanks @sofia-fernandez-six) #7201 feat: add Telnyx messaging provider (Thanks @LuvForAirplanes) #7156 feat: add OracleDB monitor (Thanks @sitiom) #7154 feat: add collapsible groups to status page (Thanks @marco-carvalho) #7248 fix(notification): check for monitorJSON in Stackfield provider (Thanks @jlbrt) #7235 fix(uptime): ensure correct handling of missing time buckets in uptime calculations (Thanks @adrianceding) #7198 fix: Domain expiry doesn't seem to update #7189 (Thanks @shanto) #7125 fix: prometheus metrics have two series for a single monitor when that monitor has tags (Thanks @nicjansma)

Valheim

19 123

19 Topics

123 Posts

Closed due to inactivity note: mods are working, asked @BrutalBirdie he tested it briefly

Vault

4 114

4 Topics

114 Posts

[1.83.0] Update vault to 2.0.0 Full Changelog PKI External CA (Enterprise): A new plugin that provides the ability to acquire PKI certificates from Public CA providers through the ACME protocol IBM PAO License Integration: Added IBM PAO license support, allowing usage of Vault Enterprise with an IBM PAO license key. A new configuration stanza license_entitlement is required in the Vault config to use an IBM license. For more details, see the License documentation. KMIP Bring Your Own CA: Add new API to manage multiple CAs for client verification and make it possible to import external CAs. LDAP Secrets Engine Enterprise Plugin: Add the new LDAP Secrets Engine Enterprise plugin. This enterprise version adds support for self-managed static roles and Rotation Manager support for automatic static role rotation. New plugin configurations can be set as "self managed", skipping the requirement for a bindpass field and allowing static roles to use their own password to rotate their credential. Automated static role credential rotation supports fine-grained scheduled rotations and retry policies through Vault Enterprise. Login MFA TOTP Self-Enrollment (Enterprise): Simplify creation of login MFA TOTP credentials for users, allowing them to self-enroll MFA TOTP using a QR code (TOTP secret) generated during login. The new functionality is configurable on the TOTP login MFA method configuration screen and via the enable_self_enrollment parameter in the API. Plugins (Enterprise): Allow overriding pinned version when creating and updating database engines Plugins (Enterprise): Allow overriding pinned version when enabling and tuning auth and secrets backends Template Integration for PublicPKICA: Vault Agent templates are now automatically re-rendered when a PKI external CA certificate is issued or renewed.

Vaultwarden

93 789

93 Topics

789 Posts

[1.24.4] Update vaultwarden to 1.35.8 Full Changelog Dummy org Master password policy auth fix by @Timshel in #7097 Fix recovery-code not working by @BlackDex in #7102 Fix invalid refresh token response by @BlackDex in #7105 Fix 2FA for Android by @BlackDex in #7093 Fix MFA Remember by @BlackDex in #7085 GHSA-937x-3j8m-7w7p Unconfirmed Owner Can Purge Entire Organization Vault. GHSA-569v-845w-g82p Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization GHSA-6j4w-g4jh-xjfx Refresh tokens not invalidated on security stamp rotation Two Factor Remember Tokens are now valid for max 30 days. Old tokens are invalid directly after upgrading. Rotate refresh-tokens on sstamp reset by @BlackDex in #7031

Verdaccio

9 159

9 Topics

159 Posts

[1.77.0] Update verdaccio to 6.5.2 Full Changelog update ui to major (#5794) (b957c6f) @juanpicado Big UI refactoring #5563 package-filter: fix O(n) complexity in cleanupDistFiles (b15f622) #5797 by @plottodev ui search returns no output #5798 (3edd3ee) @juanpicado

Vikunja

37 259

37 Topics

259 Posts

[1.23.0] Update vikunja to 2.3.0 Full Changelog (auth) Normalize API base URL to prevent refresh cookie path mismatch (auth) Add retry and logging for token refresh failures (auth) Enforce TOTP on OIDC callback for users with 2FA enabled (background) Use targeted column update when removing background (caldav) Add tags and sync token to collections (#2482) (caldav) Resolve lint issues in caldavtests package (caldav) Skip tests for known CalDAV bugs and fix timing issues (caldav) Escape user-controlled strings per RFC 5545 in VCALENDAR output (caldav) Enforce task read authorization on GetTasksByUIDs (caldav) Reject GetResource when URL project mismatches task project

VPN

64 490

64 Topics

490 Posts

Hello @nottheend @nottheend said: Is there a complexity or a legal issue to not continuing the implementation? Simply put, demand is not enough for this feature to be put up higher in the prioritisation queue and other tasks and feature requests are higher in demand.

Wallabag

20 169

20 Topics

169 Posts

[2.5.6] Update wallabag to 2.6.14 Full Changelog Change version in wallabag.yml by @nicosomb in #8251 Fix deprecation by @j0k3r in #8267 Add annotations filter to entries API endpoint by @skn in #8346 Update dependencies by @yguedidi in #8435 Bump deps (mostly for siteconfig) by @j0k3r in #8489 Fix reading time computation for short entries by @andreadecorte in #8332 Fix urls parameter when sending many urls to be stored using the API by @j0k3r in #8488 Prepare 2.6.14 by @j0k3r in #8494

Wallos

5 79

5 Topics

79 Posts

[1.21.3] Update Wallos to 4.8.4 Full Changelog improve date formatting with IntlDateFormatter fallback (b2c565f) (#1048) (8d43623) missing year for subscription next payment display (ca5823d) (8d43623)

WBO

5 66

5 Topics

66 Posts

[1.32.4] Update whitebophir to 2.6.5 Full Changelog

Weblate

8 149

8 Topics

149 Posts

Hello @big-boy-games Glad to hear and always happy to help.

Wekan

25 504

25 Topics

504 Posts

[4.108.0] Update wekan to 9.06 Full Changelog Docs: Update lxc commands. Docs: Added firewall config for Internet access from LXD Ubuntu container at Fedora Asahi Linux Remix, because building Linux arm64 .zip bundle of WeKan. Docs: Added Manual Parallel Snap. Fix Snap Candidate WRITABLE_PATH directory permissions at Parallel Snap file path /var/snap/wekan_SOMENAME/common/files/. Update version script and dependencies.

Wiki.js

16 139

16 Topics

139 Posts

[1.13.7] Update wiki to 2.5.314 Full Changelog ec36eb2 - update arm docker base to node 24 (commit by @NGPixel) da64dcd - fix windows build missing migration file during tarball creation (commit by @NGPixel)

Woodpecker

4 65

4 Topics

65 Posts

[2.15.0] Update woodpecker to 3.14.0 Full Changelog docs: bump follow-redirects [#6441] Sanitize agent introduced pipeline/workflow/step state changes and log streaming [#6308] Send 404 if logs are not allowed to access [#6349] Prevent registering as arbitrary agents with system token [#6283] Support one-shot agent execution mode [#6150] Add external secret extension implementation [#6252] Add Container Registry credential extension [#5993] fix(web): escape HTML in commit messages to prevent XSS [#6523] Add WOODPECKER_FORCE_IGNORE_SERVICE_FAILURE config to preserve non-breaking behavior by default [#6448] Fix when.status filter evaluation and add workflow-level support [#6183]

WordPress (Managed)

113 867

113 Topics

867 Posts

[3.16.3] Update WordPress to 6.9.4

WordPress (Developer)

224 2k

224 Topics

2k Posts

[3.13.3] Update WordPress to 6.9.4

XBackBone

13 66

13 Topics

66 Posts

Problems with Flameshot, GNU+Linux, Wayland, keyboard short-cuts? Check out this blog for solutions and save time, especially if you use Bazzite as your operating system. https://wanderingmonster.dev/blog/flameshot-xbackbone-linux/

YOURLS

20 135

20 Topics

135 Posts

Could be. Cloudron uses the default URL size - https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers If you want to experiment, edit the file in /etc/nginx/applications/*conf and then systemctl restart nginx .

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Cloudron Forum

Subcategories