Cloudron Forum

[2.9.9] Update formbricks to 5.0.2 Full Changelog fix: resolve all pnpm audit vulnerabilities by @mattinannt in #8192 fix: S3 internal server error for older images (backport to release/5.0) by @Dhruwang in #8196 fix: fixes ces rating question's email embed UI (backport to release/5.0) by @Dhruwang in #8181

[1.7.1] Update miniflux to 2.3.1 Full Changelog Fixed an OAuth account binding vulnerability that could allow users to associate arbitrary OAuth identities with their account. Fixed an open redirect vulnerability caused by backslashes in relative redirect URLs. Fixed a potential SQL injection vulnerability in dynamically generated ORDER BY clauses. Hardened metrics endpoint authentication by using constant-time credential comparisons. Fixed an issue where the stdlib cross-origin protection middleware could block legitimate requests in certain self-hosted environments. The middleware has been reverted. Added Korean language support. Improved HTML truncation performance and reduced memory allocations. Optimized feed discovery, subscription detection, date parsing, and tag filtering. Simplified and refactored several storage and query-building components for better maintainability.

[1.53.0] Update gotenberg to 8.33.0

[3.13.1] Update metabase to 0.61.3.1 Full Changelog

[1.7.1] Update answer to 2.0.1 Full Changelog New: Support semantic search in AI chat and embedding ability (@hgaol #1510) New: Add vector search plugin and vector sync service for question and answer embeddings (@hgaol) Improve: Enhance local plugin path resolution and module replacement handling for local plugins (@hgaol #1520) Fixed: Attachment upload broken after upgrading to v2.0.0 (@robinv8 #1527) Fixed: Keep Helm install port aligned with service port (@Herrtian #1522) Fixed: Change avatar column type to TEXT to support long URLs (@maishivamhoo123 #1499) Fixed: Update bubble user background color for dark mode (@MakiWinster72 #1505) Fixed: Implement HTML rendering for AI chat display content (@LinkinStars) Fixed: Add admin moderator visibility checks for timeline objects, answers, and comments (@LinkinStars) Fixed: Escape HTML characters in dynamic email template content (@LinkinStars)

[2.18.3] Update Shaarli to 0.16.3 Full Changelog fix(xss): escape bookmark title in permalink pagetitle build/release: no longer build .tar.gz full release archives, only provide .zip build: fix inconsistent file permissions in release archives (Fixes #2214) doc: fix issues in the release procedure

[1.1.3] Update grist-core to 1.7.14 Full Changelog Guided first-run setup wizard. The setup wizard previewed in v1.7.13 is now the flow fresh self-hosted installations land on. Sign in with the boot key (the GRIST_BOOT_KEY admin secret printed at startup), and the wizard walks you through /admin/setup to configure your instance. The "Quick setup" entry is now active in the admin sidebar. Refinements this release: POST /records/list endpoint. A POST companion to the records endpoint. Large queries can be sent in the request body instead of the URL (#2321). Accessibility (contributed by @manuhabitela) A custom CSS file configured with APP_STATIC_INCLUDE_CUSTOM_CSS is now also applied inside widgets, not just the main app. Contributed by @manuhabitela (#2089) The built-in calendar widget now loads from the copy bundled with Grist instead of the one hosted on GitHub. The GitHub copy pulled in external CDN files that ad blockers and privacy extensions sometimes blocked (#2262) Action summaries (the change summaries used by features such as webhooks) now mark which cell values are genuinely unknown. Before, merging two summaries could replace a known value with a wildcard. Now it keeps the real value where it has one (#2361) Edit a document from the assistant popup, and Grist now copies (forks) it first if it is a template or an unsaved scratch document ("fiddle"). The original is no longer changed in place (commit) Fixed a case where editing through the assistant could slip past access checks. It happened while previewing a document as owner, before the fork was made, and could leave the data engine in a bad state (commit) Prevent anonymous users from forking documents (#2319) On first startup, the /status health check now returns "starting" (HTTP 503) until the server is ready. Before, it could report healthy too early (#2322)

[3.11.4] Update redmine_oauth to 4.0.8 Full Changelog