Cloudron Forum

[3.13.0] Update openid-connect-generic to 3.11.3 Add configurable issuer setting for JWT validation by @​daggerhart in #​639 Fix JWT verification with Microsoft Entra ID JWKS by @​daggerhart in #​636 629: Fix to better match issuer in jwt validator by @​daggerhart in #​630 Previous versions decoded JWT tokens without cryptographic verification Added proper JWT signature verification using JWKS (JSON Web Key Set) Implements firebase/php-jwt library for validation Validates all required claims: exp, aud, iss, iat, sub Added signature verification for aggregated claims from secondary JWTs Prevents injection of forged claims Replaced unsafe HTTP functions with SSRF-protected alternatives

[2.15.2] Update directus to 11.15.2 Full Changelog Added Netlify as a deployment provider (#​26594 by @​yassilah) Added Netlify as a deployment provider (#​26594 by @​yassilah) Added Netlify as a deployment provider (#​26594 by @​yassilah) Fixed only focusing on fields that have a schema (#​26622 by @​Nitwel) Fixed nested group fields losing values when a condition toggles the group's readonly property (#​26563 by @​HZooly) Fixed useStores, useApi, and useSdk not working inside Pinia stores in extensions (#​26438 by @​kekekuli)

[3.16.0] Update openid-connect-generic to 3.11.3 Add configurable issuer setting for JWT validation by @​daggerhart in #​639 Fix JWT verification with Microsoft Entra ID JWKS by @​daggerhart in #​636 629: Fix to better match issuer in jwt validator by @​daggerhart in #​630 Previous versions decoded JWT tokens without cryptographic verification Added proper JWT signature verification using JWKS (JSON Web Key Set) Implements firebase/php-jwt library for validation Validates all required claims: exp, aud, iss, iat, sub Added signature verification for aggregated claims from secondary JWTs Prevents injection of forged claims Replaced unsafe HTTP functions with SSRF-protected alternatives

[1.11.1] Update recipes to 2.5.1 Full Changelog improved ingredient parser handling of leading special characters (like ,.-_=+#*|/) changed start page link icon to "more" text for opening search fixed ical issues #​4429 fixed recipe view performance degradation (thansk to @​poikilotherm #​4426) fixed syntax error in template breaking recipe view and editor #​4421 fixed creating food trough shopping list entry failing #​4418 fixed admins could include arbitrary local files trough local storage provider https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6485-jr28-52xx fixed server side request forgery trough redirects/dns rebinding attacks https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-j6xg-85mh-qqf7 fixed issue with diameter scaling when base servings were not 1

We have finally implemented Passkey support. Will be part of 9.1 then

[4.152.0] Update ghost to 6.19.0 Full Changelog Fixed 404 when navigating between post stats and editor (#​26285) - Troy Ciesco Fixed Content API settings missing GA labs flags (#​26374) - Rob Lester Fixed comment permalinks not scrolling to selected comment - Kevin Ansfield Fixed redirect back to account pages after login (#​26369) - Rob Lester

[3.46.0] Update openproject to 17.1.0 Full Changelog Work package created for a project initiation request Automatically generated project initiation artifact (PDF) Add new or existing work packages as meeting outcomes Show iCal responses in OpenProject Duplicate agenda items to the next recurring meeting occurrence Release Attribute highlighting to Community

[1.24.1] Update mattermost to 11.3.1 Full Changelog Mattermost Platform Release 11.3.1 contains medium to high severity level security fixes.