Cloudron Forum

[1.38.2] Update koel to 9.3.6 Full Changelog feat: migrate Tailwind CSS from v3 to v4 (second attempt with cascade fix) by @phanan in #2488 refactor: replace overflowFade directive with CSS scroll-mask utility by @phanan in #2490 fix: cap QR-login auto-refresh and add pause overlay by @phanan in #2491 fix: canonicalize media_path and enforce boundary check in media browser by @phanan in #2492

[1.19.4] Update core to 2026.5.4 Full Changelog Apply web search citation stripping for GPT-5.x models in OpenAI conversation (@frenck - #170956) (openai_conversation docs) Add missing Miele Dishwasher codes (@astrandb - #171175) (miele docs) Fix ZHA blocking minor version downgrades (@TheJulianJES - #171319) (zha docs) Fix SmartThings crash when timestamp attribute is None (@frenck - #171467) (smartthings docs) Fix habitica ignoring zero values for interval and streak (@frenck - #171468) (habitica docs) Fix PowerView cover crash when shade position is unavailable (@frenck - #171471) (hunterdouglas_powerview docs) Fix Wyoming satellite crash when TTS is not configured (@frenck - #171513) (wyoming docs) Fix ZBT-2 hardware page crash when entry data is missing VID (@frenck - #171828) (homeassistant_connect_zbt2 docs) Fix Lutron Caseta battery sensor crash on unsupported devices (@frenck - #171829) (lutron_caseta docs) Fix Hue device trigger crash for devices removed from bridge (@frenck - #171844) (hue docs)

[4.6.9] Update PeerTube to 8.1.8 Full Changelog We have learned that the SQL injection vulnerability fixed in v8.1.6 has been exploited at scale since at least May 18, 2026 and so before the v8.1.6 release. According to our investigation, the attacker exploited this SQL injection to generate a token for the root user and install the peertube-plugin-google-analytics-js plugin. This plugin imports a client script from hxxps://www.googie-anaiytics.com/jquery.ui.js that currently only logs a line in the web browser. Automatically remove peertube-plugin-google-analytics-js in v8.1.8 Invalidate OAuth tokens in v8.1.8 (all users must log in again) Add a new user.disable_root_auth config key to disable root token usage Remove the plugin from the plugin registry Upgrade to v8.1.8 as soon as possible Review newly created users and videos Review your instance configuration, especially Configuration -> Customization -> JavaScript/CSS Review installed plugins

[1.16.12] Update freescout to 1.8.221 Full Changelog Links to attachments uploaded before the FreeScout version of 2020-03-06 will become unavailable. This is a breaking change. Improved permissions check when deleting notes (Security: GHSA-9vx8-gx3p-9mh6) Improved permissions check when editing messages (GHSA-3w38-h42v-3h6w) Fixed signature when moving conversations between mailboxes (#5419) Optimized Helper::stripDangerousTags() to avoid pcre.backtrack_limit hit (#5424) Show detailed error on uploading attachments (#5426) Deprecated links to attachments without a token (Security: GHSA-wg74-ww4w-2qpc) Updated module activation logic.

[4.9.0] Update etherpad-lite to 3.2.0 Full Changelog HTTP accept X-Forwarded-Prefix and X-Ingress-Path under trustProxy (#7802 / #7806). Admin settings resolved runtime values surface on env-pill chips (#7803 / #7807). Admin pads filter chip now applies server-side, before pagination (#7798). Pad outdated notice author now resolved from token cookie, not session (Qodo #7804 / #7805). Localisation silence spurious "could not translate element content" warning (#7797). CI swap archived ep_readonly_guest for ep_guest in the plugin matrix (#7795 / #7808). Tests admin saveSettings round-trip + cross-restart persistence (#7819 / #7820 / #7821). Bug report template now asks contributors whether the abstraction in their proposed fix matches the rest of the codebase, to head off premature-generalisation fixes earlier in review. ueberdb2 6.0.3 6.1.2 (two patch releases of cleanup on top of the 6.1.0 findKeysPaged API that the 3.1.0 sessionstorage OOM fix relies on). Multiple updates from translatewiki.net.

[2.37.12] Update bedrock to 1.26.23.1

[3.12.5] Update metabase to 0.61.2.6 Full Changelog

[1.37.11] Update uv to 0.11.16

[4.24.0] Update n8n to 2.21.7 Full Changelog core: Acquire expression isolate for scheduled polls (#30742) (6167d4a) core: Validate non-empty prompts in AI vendor nodes before API calls (#30820) (15d0dbb) core: Preserve nested arrays in VM expression engine output (#30333) (f5698a1) core: Introduce native Python code tool for AI agent (#22595) (763b858) core: Add new Chat hub feature for chatting with LLMs and your n8n agent workflows (#23035) (fa1c87f) Google Gemini Node: Introduce built-in Gemini tools (#22454) (f830447) Jira Node: Add OAuth2 (3LO) support (#29414) (4d5bafc) Schedule Node: Fix hourly intervals that don't divide evenly into 24h (#29778) (1a22c76) Figma Trigger Node: Add OAuth2 authentication support (#30079) (e3e70d6) Snowflake Node: Fix issue with Insert and Update operations not working (#29339) (4c369e8)

[2.7.25] Update mirotalksfu to 2.2.82