Cloudron Forum

[2.0.4] Update BookStack to 26.03.4 Full Changelog Updated PHP package versions. Updated attachment actions to align page access check. Updated URL validation in webhooks to help prevent escaping workarounds. Fixed issue where exact search term negation would lead to no results. (#6121)

[1.36.0] Update nocodb | stage to 2026.04.4 Full Changelog

[2.10.0] Update rallly to 4.10.0 Full Changelog Version tile in the control panel showing the running version and whether an update is available (#2355, #2351, #2348) Send poll response confirmation email in the respondent's locale (#2356) Optimize invite page queries (#2350)

[2.20.6] Update espocrm to 9.3.6 Full Changelog

[4.6.2] Update etherpad-lite to 2.7.2 Full Changelog Accessibility pass: corrected dialog semantics, improved focus management, added missing icon labels, and set the html lang attribute correctly. Chat: clicking the chat icon works again, disabled toggles render properly, and the username layout no longer overflows. /export/etherpad now honors the :rev URL segment, so revision-specific exports return the requested revision instead of the latest. Undo / redo now scrolls the viewport to follow the caret, so reverted edits stay in view. Page Down / Page Up now scrolls by viewport height instead of a fixed line count, matching standard editor behavior on tall and short windows alike. Editbar: caret is restored to the pad after changing a toolbar select, so typing continues in the document instead of falling through to the toolbar. Admin: i18n is restored on /admin so the admin UI is translated again.

[1.7.0] Update pretix to 2026.4.0 Full Changelog

App discontinued due to no upstream updates.

[1.1.1] Update forgejo to 15.0.1 Full Changelog See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/15.0.1.md

[1.1.1] Update grist-core to 1.7.13 Full Changelog Boot key login: New installations generate a GRIST_BOOT_KEY and print it at startup. Visit /boot, paste the key, and you're logged in as the install admin and ready to set the admin email. No pre-existing account needed, and no window where the server is open to the world before authentication is configured. The key (and the related GRIST_IN_SERVICE flag) can also be set via env vars or managed from the Admin Panel. Existing installations are unaffected. (commit) Restart in place: Grist can now apply config changes by restarting itself without dropping the listening socket. During the brief gap, /status keeps answering for liveness checks while readiness flips to 503. On by default for Linux under Node, off for Windows and Electron. Toggle with GRIST_RESTART_SHELL=true/false (#2265). Site Settings page: Team site owners on self-managed installations can edit team name, domain, and logo from a new /site-settings page (commit). WebSocket auth for API keys, boot keys, and access tokens: The WebSocket side now goes through the same identity-resolving code path as the REST API, so any auth method that works on one works on the other. Opens the door to console clients and out-of-page custom widgets. Also tidies up auth priority and unifies API rate-limiting between the two. (commit) (Bulk)AddOrUpdateRecord now returns id / recordIds / createdRecordIds / updatedRecordIds, and BulkAddOrUpdateRecord accepts a record-shaped payload that can match different columns per row (#2193) Fix wrong active section in the creator panel after duplicating a page with collapsed widgets (#2298) Fix CORS handling for opaque ("null") origins, eliminating spurious 500s for https:// widgets on http:// hosted sites (#2299) Fix padded checkboxes so the border and tick line up inside padded wrappers (#2300) Fix SELF_HYPERLINK() returning a share-key URL when a doc was first opened via a share link (commit) Bump handlebars from 4.7.7 to 4.7.9 (#2208)

[1.9.1] Update grav to 1.7.52 Full Changelog GPM client now sends the running PHP version with index requests so the server can substitute PHP-aware compat fallbacks when a plugin's latest release requires a newer PHP than the client can run. [security] Extended default uploads_dangerous_extensions to include md, yaml, yml, json, twig, ini page-content extensions that can be weaponised via permissive form-upload accept policies (GHSA-w4rc-p66m-x6qq, defense-in-depth alongside the Form 9.1.0 plugin fix). Added foundation for migrating to Grav 2.0: cross-major auto-upgrades are blocked in GPM, and core now surfaces a next_major hint so admin can point users at the new migrate-grav plugin Added compatibility: blueprint support so plugins/themes can declare which Grav versions they support Added self-upgrade preflight that flags incompatible plugins/themes and psr/log / Monolog conflicts before proceeding Added upgrade resilience with automatic maintenance mode and opcache reset during self-upgrade Added new cache-cleanup CLI command to prune obsolete cache entries Added new onFlexDirectoryConfigBeforeSave event for Flex More readable time output in bin/grav logviewer #4009 Fixed selectize field losing values when keyed options were used

[1.37.4] Update baserow to 2.2.2 Full Changelog [Automation] Send notification when a workflow is disabled #5186 [Core] Allow self-hosted operators to inject custom client-side scripts via environment variables. [Builder] Resolved a bug which prevented users from creating data sources from the data source dropdown's footer. #5118 [Core] Give Kuma the current license tier in its context and steer uncertain feature or plan questions to docs search. #5210 [Core] Hardened user uploaded media serving and neutralized active-content file uploads by default. [Builder] stop infinite /dispatch-data-sources/ refetch loop in page editor

[1.1.3] Update opodsync to 0.5.3 Full Changelog Fix: get around wrong use of NextCloud auth by YourPods client (thanks @kaiwei)

[1.19.3] Update mirotalkp2p to 1.8.24