Rallly - Package Updates

Package Updates

[2.3.0]

• Update rallly to 4.3.1
• Full Changelog
• Fix missing PORT environment variable that caused healthcheck failures in Docker containers
• Spaces allow you to organize your polls and events into different areas. You can also invite team members to share and collaborate within a space.
• This release reintroduces ARM support for the official docker image.
• Various stability improvements

Package Updates

[2.4.0]

• Update rallly to 4.4.0
• Full Changelog
• Improved the formatting of the email that gets sent out when finalizing a poll so that it is recognized as a calendar invite by email clients
• Added uid to the ICS file so that event details are synchronized across all attendees when changes are made
• Added sequence so to keep track of changes to the event such as cancellation
• Added EMAIL_LOGIN_ENABLED which can be set to false to limit login to SSO
• Added REGISTRATION_ENABLED which can be set to false to disable the registration page
• Improved the default configuration to reject unauthorized certifications when using TLS
• Deprecated SMTP_TLS_ENABLED and introduced SMTP_REJECT_UNAUTHORIZED instead

Package Updates

[2.4.1]

• Update rallly to 4.4.1
• Full Changelog
• Fix participant count by @​lukevella in #​1944
• New Crowdin updates by @​lukevella in #​1943
• New Crowdin updates by @​lukevella in #​1946

Package Updates

[2.4.2]

• Make pnpm use /home/cloudron to solve prisma issue

Package Updates

[2.5.0]

• Update rallly to 4.5.3
• Full Changelog
• Handle legacy google and microsoft redirect uris
• Enable PKCE for OIDC provider
• Fixes an issue causing OIDC login to fail due to mismatched redirect URIs.
• Update posthog
• New Crowdin updates
• Use next-runtime-env to read runtime env values
• Trim user input
• Fix broken compatibility with previous oidc redirect uri
• Fix incorrect auth client base url
• Added support for password-based login

Package Updates

[2.5.1]

• Update rallly to 4.5.4
• Use multistage build for smaller image
• Full Changelog
• This patch release delivers important security fixes and hardens permission checks across the app. We recommend upgrading as soon as possible.
• Patched vulnerabilities affecting authorization checks and comment/participant operations.
• CVE-2025-65020
• CVE-2025-65021
• CVE-2025-65028
• CVE-2025-65029
• CVE-2025-65030
• CVE-2025-65031
• CVE-2025-65032
• CVE-2025-65033

Package Updates

[2.5.2]

• Update rallly to 4.5.5
• Full Changelog
• Default to pro space when self-hosting by @lukevella in #2031
• Fix issue where user cannot be deleted by @lukevella in #2032
• Hide pro badge in pro space by @lukevella in #2034
• Show pinging indicator when there are invisible options by @lukevella in #2036
• Fix email not being sent in users preferred language by @lukevella in #2037

Package Updates

[2.5.3]

• Update rallly to 4.5.6
• Full Changelog
• Patched vulnerability where participant data is exposed through the API even when option to hide the participant list is enabled.

Package Updates

[2.5.4]

• Update rallly to 4.5.7
• Full Changelog
• This is a critical security update that upgrades Next.js to address CVE-2025-66478. We strongly recommend all users upgrade to this version immediately.

Package Updates

[2.5.5]

• Update rallly to 4.5.8
• Full Changelog
• This release includes updates to dependencies, adds missing translations and fixes a bug where emails for scheduled events are not delivered to a participant's email address.