Cloudron Forum

[2.4.3] Update osTicket to 1.18.4 Full Changelog security: Latest Patches 06/2026 (52c366f, 5afdf54, c54a6ac, 1e39bf1, feccb6a, 6eb6b98, 078516e, 98abb05, e52e010, fd96bba, 7bbd8ab, ba6217a, 580e1c8, b535782, 5963797, d590a97, eaebe01, b4cc092, d457c14, 5600f94, 5ff9795, 119cefe, b4ede88, 2a0c388, 6558b33)

[3.0.0] ️ WARNING ️ | [GUIDE] Directus v12 migration | Directus 12 requires a license Update directus to 12.0.2 Full Changelog Added support for non-interactive mode (#27577 by @pklenovic) Fixed user count for users with conflicting direct policy and role (#27720 by @ComfortablyCoding) Added keyboard-editable date entry directly in the datetime field. The field shows its formatted value at rest and swaps to editable date segments on focus, while a calendar button still opens the picker popup. (#27693 by @robluton) Added inline editing support to the JSON repeater interface. (#26863 by @bryantgillespie) Fixed revision snapshots being assigned to the wrong items during batch updates when read order differs (#27407 by @luciemdx) Changed license to MSCL-1.0-GPL (#27417) Changed the default of IP_TRUST_PROXY from true to false to harden the default deployment against IP spoofing. (#27607) Fixed health check results not being shared in multi-instance settings. Restricted /server/health to authenticated users (#27160) Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner) Added JSON filtering, alias and sorting support (#26981 by @br41nslug)

[1.23.0] Update documenso to 2.13.0 Full Changelog feat: add CSC AES/QES signing (v1 instance-wide config) by @Mythie in #2874 feat: add cancellable document status by @Mythie in #2992 fix: include envelopeId in webhook payload by @Mythie in #2998

[1.58.2] Update matomo to 5.11.2 Full Changelog

[1.18.1] Added enable-access-tokens and enable-mcp flags and handler for extra flags

[1.25.1] Update typebot.io to 3.17.2 Full Changelog Configure WhatsApp forwarded events (#2528) [c5516cd] Configure WhatsApp webhook forwarding URL (#2529) [3db24c4] Fix landing page Discord URL (#2512) [b4a7aab] Fix missing result columns in CSV export (#2513) [08cb6ea] Fix OpenAI audio transcription uploads (#2521) [2fd5510] Fix OpenAI chat completions endpoint (#2522) [b252a9c] Fix embedded audio uploads (#2523) [c82ac43] Ignore expected WhatsApp webhook errors (#2527) [3b321f4] Block IPv6 unspecified SSRF targets (#2511) [f56c3c3]

[2.20.0] Update vpn to 2.20.0 wg: generate configs dynamically openvpn: generate conf file dynamically remove legacy db migrations

[4.30.1] Update n8n to 2.26.6 Full Changelog core: Suspend query acquisition during database connection recovery (#32467) (b0458a4) core: Add telemetry for import/export on server CLI (#32321) (2d93907)

[2.9.11] Update formbricks to 5.1.2 Full Changelog fix: avoid undefined workspace redirect (Backport) [ENG-1463] (#8300) by @Dhruwang in #8304

[3.16.1] Update metabase to 0.62.2.2 Full Changelog

[1.18.0] Update mastodon to 4.6.0 Full Changelog Add collections (#37992 and others) - Create collections with up to 25 accounts each, then share them with others. Add email subscriptions (#38163 and others) - Admins can allow specific roles to enable email subscriptions on their profile. Add new overview landing page setting (#39074 and others) - Admins can choose a new frontpage for anonymous visitors. Add ability to require 2FA for specific roles (including Everybody) (#37701 and others) Remove support for EOL Node version 20 (#38926 by @mjankowski) Remove support for Ruby 3.2 (#37476 by @mjankowski) Remove support for ImageMagick (#37488 by @mjankowski) Change invitations to only bypass sign-up approval setting when the issuer of the invitation has the invite_bypass_approval permission (#38278 by @ClearlyClaire) Fix filters not being applied to search results in web UI (#36346 by @ClearlyClaire) Fix remote posts with large media descriptions being rejected (#39135 by @ClearlyClaire)

[1.53.1] Update chatwoot to 4.15.1 Full Changelog Reverted a the unread counts for mentions, participating and folders due to performance relates issues.

[1.83.4] Update vault to 2.0.3 Full Changelog auth/radius: Added case_insensitive_names toggle to prevent username collisions and enable case-insensitive user handling. core/acl: Fix LIST ACL bypass where a trailing-slash request could skip a more-specific deny rule. core: Use constant-time recovery token comparison core/acl: LIST requests with a trailing slash now correctly respect more-specific deny policies. Previously, a deny on path "kv/*" { deny } could be bypassed for LIST kv/private/ if a broader allow path "kv/*" also existed. Policies relying on the previous (incorrect) behavior may now be denied. core: Vault will now redirect non-canonicalized paths (containing /./, /../, or //) to a cleaned path, instead of rejecting these requests AI Agent Support (Beta/Enterprise): Adds beta support for first-class AI agents. Adds an Agent Registry to register agents, and adds support for using Vault as an OAuth resource server for registered agent entities. When configured, allows OAuth 2.0 JWTs to be used to directly authorize requests to Vault, without needing a Vault token. core/rotationMgr: Fix storage routing for local mounts in namespaces to prevent metadata replication and ensure GDPR compliance. secrets/pki: Fix PKI certificate issuance not_after time to respect max TTL. secrets/transit: Add managed key support to Transit rewrap endpoint. storage/raft: reject performance_multiplier values less than or equal to zero

[1.27.2] Update traccar to 6.14.5 Full Changelog

[1.36.0] Update whitebophir to 2.10.0 Full Changelog

[1.58.1] Update LimeSurvey to 7.0.2+260617

[1.29.1] Update mattermost to 11.8.1 Full Changelog Mattermost Platform Release 11.8.1 contains Medium severity level security fixes.