Cloudron Forum

[1.28.1] Update mattermost to 11.7.1 Full Changelog

[0.14.1] Update rustfs to 1.0.0-beta.4 Full Changelog test(ecstore): cover managed sse range reads by @marshawcoco in #2962 bucket policy notify & pba by @GatewayJ in #2968 fix(sftp): preserve OPEN-time client attrs as object metadata by @simon-escapecode in #2913 fix(admin): surface access key policy errors by @marshawcoco in #2970 fix: handle Windows paths in pre-commit tests by @marshawcoco in #2974 fix(security): harden proxy auth and default credentials by @overtrue in #2981 fix: stabilize rebalance start and listing by @weisd in #2961 feat(internode): add transport observability by @marshawcoco in #3007 feat(obs): expose key S3 usecase spans at info by @houseme in #3013 feat(ecstore): add internode transport boundary and TCP baseline runner by @marshawcoco in #3010

[2.51.0] Update kimai to 2.57.0 Full Changelog New API endpoints for comment (list, create, delete, pin) for projects and customers New configuration to define the theme for non-authenticated requests like login page (#5929) Export naming: only name the default renderer "default" (#5929) Fix: new weekly-hours could not be added in weeks with exported timesheets (#5642) Fix: some dashboard widget links were invisible in dark mode (#5940) Prevent querying arbitrary user timesheets (#5929) Prevent changing favorites of arbitrary users (#5929) Prevent regular users from turning their account into a systemAccount (#5929) Prevent cross entity rate manipulation (#5929) Fix checking for correct formatter in durationDecimal (#5943)

[2.9.7] Update formbricks to 4.9.7 Full Changelog fix: [Backport] backports dns pinning fix by @pandeymangg in #8108

[1.16.2] Update pocketbase to 0.38.2 Full Changelog Added RealtimeConnectRequestEvent.MaxTimeout field to specify the absolute max duration a realtime connection can remain open (default to 30mins). Added extra checks for the connected user IP in the realtime APIs to prevent bruteforce guest subscription update attempts and to serve as an extra protection for the "all-in-one" OAuth2 realtime handler. Don't reset the records list pagination on record update (#7694). Updated all golang.org/x/ packages to cover the recent security fixes (none of them should be a critical issue in PocketBase but nonetheless it is advised to update).

[1.5.0] Update seaweedfs to 4.28 Full Changelog fix(s3/audit): populate requester for GET/HEAD/IAM operations by @chrislusf in #9581 fix(s3): sync IAM policies to advanced IAM Manager policy engine by @Mmx233 in #9577 fix(s3): keep server-side copy data in the bucket collection by @chrislusf in #9607 fix(s3): list empty directories as directory markers by @chrislusf in #9615 fix(shell): volumeServer.evacuate no longer panics on a nil volume by @chrislusf in #9587 fix(filer.sync): keep sync_offset fresh while the source is read-only by @chrislusf in #9589 fix(ec): pack EC shards onto fewer disks instead of refusing the task by @chrislusf in #9588 fix(filer): don't disable the SQL idle connection pool when unconfigured by @chrislusf in #9591 feat(fix): rebuild lost EC index (.ecx) and .vif from local shards by @chrislusf in #9596 feat(helm): add volume.rust toggle to run the Rust volume server by @chrislusf in #9618

[1.13.6] Update jellyfin to 10.11.9 Full Changelog Fix rate control in av1_amf encoder MR #16819, by @nyanmisaka Fix UserManager after EFcore refactor MR #15368, by @JPVenson Update log for user session related concurrency update fails MR #16845, by @JPVenson Allow HDR10 for VPP tonemapping MR #16718, by @gnattu Use strict QSV CPB size for less powerful H.264 decoder MR #16743, by @nyanmisaka

[1.14.16] Update AdGuardHome to 0.107.76 Full Changelog New reason query parameter in GET /control/querylog. See openapi/openapi.yaml for the full description. Duration values in YAML configuration file now support d (days) units and has been updated. NOTE: Any rollback to version below the v0.107.76 should convert the values back to hours. Query parameter response_status in GET /control/querylog is now deprecated. Use new reason query parameter instead. DNS caching with disabled DNSSEC (#8384).