Cloudron Forum

[1.6.1] fix: Mod support

[1.3.0] Update seaweedfs to 4.26 Full Changelog rust(seaweed-volume): distributed EC read across peer servers by @chrislusf in #9516 fix(ec): mount falls back to sibling-disk .ecx (fixes #9519) by @chrislusf in #9521 fix(ec): blanket-clean every destination over the full shard range by @chrislusf in #9512 fix(ec): mirror EC sidecars onto every shard-bearing disk at startup by @chrislusf in #9525 fix(iceberg): dial filer gRPC address verbatim in plugin worker by @chrislusf in #9527 helm: decouple JWT signing from cert-manager mTLS (fixes #9506) by @chrislusf in #9508 fix: ListBucketsHandler for pathStyleDomains by @kmlebedev in #9510 iam: honor configured credential store for IAM API policies and propagate to S3 caches (fixes #9518) by @chrislusf in #9522 filer/iam-grpc: make admin Bearer auth opt-in (fixes #9509) by @chrislusf in #9514 admin: convert filer address to gRPC form before dispatch by @chrislusf in #9523

IsoFlow Detail Link / Info Wishlist topic Topic Author @neoplex Repository Repository Install CloudronVersions.json If you have questions or issues about this community app, please open a separate topic in the @community-apps category and link to this reply.

[1.5.10] Update mirotalkbro to 1.3.20

[2.87.0] Update tt-rss to b6c12be

[1.45.0] Update languagetool to 67944e7

[1.19.2] Update core to 2026.5.2 Full Changelog Fix ValueError for non-numeric value in LG ThinQ ([@LG-ThinQ-Integration] - [#166300]) (lg_thinq docs) Fix non unique_id for Comelit ([@chemelli74] - [#169756]) (comelit docs) Fix local API incorrectly marking devices as unavailable in Overkiz ([@iMicknl] - [#170118]) (overkiz docs) Fix homematicip_cloud config entry setup crash after migration to 2026.5.0 ([@lackas] - [#170156]) (homematicip_cloud docs) Fix MQTT device discovery not using shared QoS and encoding options ([@jbouwh] - [#170195]) (mqtt docs) Add target flow level and mode end time sensors to Duco integration ([@ronaldvdmeer] - [#169298]) (duco docs) Fix fractional setpoints in Matter climate not rounded ([@TheJulianJES] - [#170442]) (matter docs) Fix duplicate doorbell events when entity becomes unavailable ([@jbouwh] - [#170354]) (alexa docs) Fix hassio.backup_partial AttributeError when folders are specified ([@agners] - [#170312]) (hassio docs) Migrate Duco to python-duco-connectivity and remove temperature sensors ([@ronaldvdmeer] - [#170237]) (duco docs) (breaking-change)

[1.13.4] Update dolibarr to 23.0.3 Full Changelog FIX: #36589 (#38037) FIX: broken feature with api auth and Multicompany transverse mode (#37868) FIX: do not print Extrafields in PDF if printable is 0 (#37789) FIX: draft invoice paid when add absolute discount == remain to pay (#38104) FIX: IDOR on messaging.php - Credit Aksoum Abderrahmane FIX: Some remaining cross-customer object creation on API (proposal, orders) - Credit Mitch311 FIX: Can use AI module to make SSRF call. Credit Dilip FIX: #GHSA-crgg-h74r-2m8r (#37636) FIX: SQL Injection via Operator Injection in Contract Service List SEC: Better sanitization param for GETPOST of htmlheader of website page - See commit bbbbb56

[2.94.0] Update searxng to d7e8b7c

[1.26.0] Update ntfy to 2.23.0 Full Changelog Add per-visitor rate limit on new topic creations (visitor-topic-creation-limit-burst / visitor-topic-creation-limit-replenish, defaults 100 burst / 1m replenish) to mitigate topic-enumeration / squatting attacks that inflate the in-memory topic map Remove stacktrace-js, stacktrace-gps, humanize-duration, and js-base64 from the web app to reduce dependency and security footprint Restrict the publish dialog's local file preview to safe image types (png/jpg/gif/webp) to prevent same-origin script execution from blob URLs when previewing a crafted SVG (GHSA-j8hr-p342-xrmh, thanks to @Venukamatchi for reporting)

[1.99.0] Update audiobookshelf to 2.35.0 Full Changelog Access token refresh grace period (fixes frequently needing to re-login) #4630 by @nichwall in #5004 Listening sessions from Android app showing device name as Abs iOS RSS feeds serving m4b files with incorrect Content-Type #5041 by @brandonfhall in #5221 Book & podcast descriptions from audio files are sanitized cancel_scan and set_log_listener socket events validate account type and log level

[1.42.0] Update weblate to 2026.5 Full Changelog Added MDX files support for translating Markdown text while preserving JSX syntax, with File format parameters shared with Markdown files for line wrapping, code blocks, front matter, and placeholder handling. Added extended LLM translation context for automatic suggestions, covering string context, explanations, secondary-language translations, plurals, failing checks, and placeholders. CSV and XLSX downloads in Downloading translations now export plural strings as separate plural-form rows that can be imported back. Hardened search previews and Automatic suggestions suggestion origins against XSS, and stopped exposing database error details in upload failures. Screenshot URL uploads, remote HTML extraction in JavaScript localization CDN, and URL health-check redirects now reject internal or non-public targets by default. Per-project access tokens expiring today now remain valid until the end of the day. The dos-eol flag is no longer supported. Use the dos_eol File format parameters instead. The set_language_team project attribute has been replaced with the po_set_language_team file format parameter at the component level; see File format parameters. Weblate now uses calendar versioning for releases, see Release cycle. The upgrading policy was changed, and upgrades are only supported from the current or previous calendar year.

[4.8.0] Update etherpad-lite to 3.1.0 Full Changelog Self-update Tier 4 (autonomous in a maintenance window). Set updates.tier: "autonomous" together with updates.maintenanceWindow: {"start":"HH:MM","end":"HH:MM","tz":"local"|"utc"} to constrain autonomous updates to a nightly window. The scheduler snaps scheduledFor forward to the next window opening when grace would otherwise land outside the window, and defers the fire when the window has closed by the timer callback. Cross-midnight windows (end < start) are supported; DST transitions are absorbed by host wall-clock arithmetic. A missing or malformed window degrades the policy to Tier 3 with an explicit policy.reason of maintenance-window-missing / maintenance-window-invalid; an admin banner surfaces the misconfiguration so autonomous behaviour is not silently disabled. The admin update page shows a "Maintenance window" section with the parsed window summary, the next opening, and a "deferred until <iso>" subtitle on the scheduled panel when the timer has been snapped forward. Closes #7607 (#7753). Updater real SMTP via nodemailer (new top-level mail.* block). Replaces the "(would send email)" stub. New settings: mail.host, mail.port, mail.secure, mail.from, mail.auth.{user,pass}. mail.host=null keeps the legacy log-only behaviour. The nodemailer dependency is lazy-imported on first send so installs that don't configure mail pay no runtime cost; the transport is cached on the full SMTP options tuple so a reloadSettings() change to host/port/credentials invalidates the cache. settings.json.docker reads MAIL_HOST / MAIL_FROM / MAIL_PORT / MAIL_SECURE from env. Send errors are logged warn and swallowed so a transient SMTP failure can never poison the updater state machine.