Cloudron Forum

[1.6.13] Update v2 to 2.2.19 Full Changelog Remove sensitive values (CSRF tokens, OAuth state, session cookies) from log messages. Verify OIDC ID token signatures and claims. Prevent OAuth identity overwrite when already linked. Clear PKCE verifier and CSRF state after use. Validate HTTP status from Google userinfo endpoint. Use HMAC-SHA256 instead of SHA1 for Google Reader API authentication. Use constant-time comparison for token validation. Fix potential DoS when truncating large untrusted input in templates. Reject oversized favicons.

[0.5.0] Update contacts to 0.5.0 Remove app internal app passwords in favor of built-in Cloudron ones Improve phone number search Various UI fixes Update dependencies

[3.10.2] Update Stirling-PDF to 2.9.2 Full Changelog hotfix for folder scanning issues

[1.13.2] Update dolibarr to 23.0.2 Full Changelog FIX: #​37412 Better fix FIX: #​37461 #​37511 Accountancy - Bank journal - Problem of cache (#​37603) FIX: #​37482 FIX: #​37551 Accounting - Use better rights on create / export entry (#​37555) FIX: #​37707 FIX: #​37707 Can pay supplier invoices with the same parent company FIX: Accountancy - Need more information about mandatory step in various journal (#​37573) FIX: - Added user filtering for displaying leave in the calendar (#​37385) FIX: Add http code 503 on deadlock FIX: API Warehouse : Error 401 when getting warehouse by id (backport from 22)

[1.18.0] Update core to 2026.4.0 Full Changelog growatt_server: use human-readable labels in exception messages (@​johanzander - #​166024) Add trigger water_heater.operation_mode_changed (@​emontnemery - #​166450) Use NumericThresholdSelector in numeric conditions (@​emontnemery - #​166507) Improve cloud action naming consistency (@​frenck - #​166516) Improve script action naming consistency (@​frenck - #​166517) Improve valve action naming consistency (@​frenck - #​166521) Speed up trigger tests (@​emontnemery - #​166522) Improve humidifier action naming consistency (@​frenck - #​166524) Improve automation action naming consistency (@​frenck - #​166525) Improve counter action naming consistency (@​frenck - #​166526)

[1.28.1] Update navidrome to 0.61.1 Full Changelog This patch release addresses a WebP performance regression on low-power hardware introduced in v0.61.0, adds a new EnableWebPEncoding config option and a configurable UI cover art size, and includes several Subsonic API and translation fixes. | New | EnableWebPEncoding | Opt-in to WebP encoding for resized artwork. When false (default), Navidrome uses JPEG/PNG (preserving the original source format), avoiding the WebP WASM encoder overhead that caused slow image processing on low-power hardware in v0.61.0. Set to true to re-enable WebP output. Replaces the internal DevJpegCoverArt flag. (#​5286) | false | | New | UICoverArtSize | Size (in pixels, 2001200) of cover art requested by the web UI. It was increased from 300px to 600px in 0.61.0; now configurable and defaulting to 300px to reduce image encoding load on low-power hardware. Users on capable hardware can raise it for sharper thumbnails. (#​5286) | 300 | | Changed | DevArtworkMaxRequests | Default lowered from max(4, NumCPU) to max(2, NumCPU/2) to reduce load on low-power hardware. (#​5286). (Note: this is an internal configuration and can be removed in future releases) | max(2, NumCPU/2) | | Removed | DevJpegCoverArt | Replaced by the user-facing EnableWebPEncoding option. (#​5286) | |

[1.17.8] Update kanboard to 1.2.52 Full Changelog fix: revoke public tokens for inactive users fix: use timing-safe comparison for token validation fix: validate task ownership before applying property changes fix: enforce visibility controls for public and unprivileged access fix: use parameterized queries in task finder and iCal

[1.8.1] Update ollama to 0.20.2 Full Changelog app: default app home view to new chat instead of launch by @​jmorganca in #​15312 bench: add prompt calibration, context size flag, and NumCtx reporting by @​dhiltgen in #​15158 model/parsers: fix gemma4 arg parsing when quoted strings contain " by @​drifkin in #​15254 ggml: skip cublasGemmBatchedEx during graph reservation by @​jessegross in #​15301 gemma4: enable flash attention by @​dhiltgen in #​15296 ggml: fix ROCm build for cublasGemmBatchedEx reserve wrapper by @​jessegross in #​15305 model/parsers: rework gemma4 tool call handling by @​drifkin in #​15306

[2.6.28] Update mirotalksfu to 2.1.84

[4.161.0] Update ghost to 6.26.0 Full Changelog Restored Renovate automerge rebasing - Hannah Wolfe Added slug to members tier filter search - Rob Lester