Cloudron Forum

[2.7.1] Update distribution to 3.1.1 Full Changelog Fixes CVE-2026-41888 Bounds-check the file basename in PurgeUploads Walk callback Add S3 Express One Zone support to the S3 storage driver (#4858) Fix tag list endpoint in proxy mode (#4846) Clamp oversized n query parameter in proxy mode instead of returning 400 (#4856)

[1.22.16] Update invoiceninja to 5.13.20 Full Changelog Updates for payment failure mailer Fixes for design bulk actions Update merge client actions to use transactions for client balance Fixes for openapi spec + e-invoicing schemeId resolution Fixes for peppol multi tax invoices + quickbooks AST product creation Allow signatures at client/group levels Fixes for cancel/delete invoice balance adjustment sequence Fixes for invoice tax summary reporting date ranges across timezones feat(bank-rules): add participant fields to transaction rule matching by @eelco2k in #11905 Add expireAfter to WithoutOverlapping middleware on five webhook jobs by @JoshSalway in #11896

[1.32.4] Update whitebophir to 2.6.5 Full Changelog

[1.15.4] Update pocketbase to 0.37.5 Full Changelog Fixed password fields not being detected as changed (#7670). Added the local time zone name next to the date field label. Reload trusted proxy info UI after settings save. Other minor improvements (skips the duplicated record ids from the IN expand list, reordered confirm-email-change error checks to minimize enumeration attacks, etc.).

[1.22.1] Update evcc to 0.306.1 Full Changelog Drop unused eebus and mqtt requirement values (#29537) PSA: update base url Sponsor: fix machine id panic on startup with plant config (#29542) fix: add testid for app menu button (#29539)

[4.108.0] Update wekan to 9.06 Full Changelog Docs: Update lxc commands. Docs: Added firewall config for Internet access from LXD Ubuntu container at Fedora Asahi Linux Remix, because building Linux arm64 .zip bundle of WeKan. Docs: Added Manual Parallel Snap. Fix Snap Candidate WRITABLE_PATH directory permissions at Parallel Snap file path /var/snap/wekan_SOMENAME/common/files/. Update version script and dependencies.

[3.8.2] Update metabase to 0.60.3.4 Full Changelog

[2.7.11] Update mirotalksfu to 2.2.33

[1.37.0] Update koel to 9.2.0 Full Changelog fix: use default cursor on context menu items instead of text cursor by @phanan in #2408 feat: include user's edit permission in album resource by @phanan in #2409 feat: include user's edit permission in artist resource by @phanan in #2410 feat: include user's edit and delete permissions on playlist resource by @phanan in #2411 feat: include user's edit and delete permissions on radio station resource by @phanan in #2412 feat: include viewer's edit and delete permissions on user resource by @phanan in #2413 fix: align user card with album/artist card affordances by @phanan in #2417 fix: add hover state to BasicListSorter menu items by @phanan in #2420 fix: increase album/artist thumbnail corner radius by @phanan in #2423 fix: shift tabindex from list/panel wrappers to media list items by @phanan in #2431

[2.27.1] Update NodeBB to 4.11.2 Full Changelog test manual dispatcher (3d969f0)

[4.167.0] Update ghost to 6.36.0 Full Changelog Added direct access-code entry for private sites - Jonatan Svennberg Moved private site controls into Access settings (#27390) - John O'Nolan Fixed RTL languages rendering left-to-right in newsletter emails (#27357) - Jannis Fedoruk-Betschki Declared lodash as a phantom dep in apps/admin - Rob Lester Preserved trailing slashes inside admin redirect query values - Rob Lester Fixed admin deep-link redirect when URL has a trailing slash - Rob Lester Fixed What's New banner breaking on null changelog fields - Rob Lester Fixed missing favicon and apple-touch-icon in React admin (#27528) - leafwind Added missing empty state for members (#27463) - Weyland Swart Fixed member import tier mapping (#27612) - Jonatan Svennberg

[1.13.7] Update wiki to 2.5.314 Full Changelog ec36eb2 - update arm docker base to node 24 (commit by @NGPixel) da64dcd - fix windows build missing migration file during tarball creation (commit by @NGPixel)

[2.15.0] Update woodpecker to 3.14.0 Full Changelog docs: bump follow-redirects [#6441] Sanitize agent introduced pipeline/workflow/step state changes and log streaming [#6308] Send 404 if logs are not allowed to access [#6349] Prevent registering as arbitrary agents with system token [#6283] Support one-shot agent execution mode [#6150] Add external secret extension implementation [#6252] Add Container Registry credential extension [#5993] fix(web): escape HTML in commit messages to prevent XSS [#6523] Add WOODPECKER_FORCE_IGNORE_SERVICE_FAILURE config to preserve non-breaking behavior by default [#6448] Fix when.status filter evaluation and add workflow-level support [#6183]