Cloudron Forum

[1.133.2] Update synapse-s3-storage-provider to 1.6.1

[3.10.1] Update metabase to 0.60.5.3 Full Changelog

[1.34.2] Update whitebophir to 2.8.4 Full Changelog

[1.11.4] Update ollama to 0.23.4 Full Changelog ollama launch opencode now supports vision models with image inputs Fixed formatting of Claude tool results when using local image paths

[1.1.0] Update seaweedfs to 4.24 Full Changelog fix(balance): don't move remote-tiered volumes; don't fatal on missing .idx by @chrislusf in #9335 fix(ec): planner treats each (server, disk_id) as a distinct target (#9369) by @chrislusf in #9371 fix(volume): don't nuke local data on transient IO error (#9378) by @chrislusf in #9382 fix(iam): deny IAM users with no policies instead of granting full access by @chrislusf in #9317 feat(iam): STS web-identity AWS-fidelity polish (Phase 1) by @chrislusf in #9318 feat(iam): OIDC provider store + read-only IAM API (Phase 2a) by @chrislusf in #9319 feat(s3api): stream chunk copy via io.Pipe to cut peak working set by @chrislusf in #9424 fix(mount): preserve user-set mtime through async/periodic flush (#9363) by @chrislusf in #9370 fix(ec): make multi-disk same-server EC reads work + full-lifecycle integration test by @chrislusf in #9487 cluster: restrict Ping RPC to known peers of the requested type by @chrislusf in #9445

[1.29.0] Update Trilium to 0.103.0 Full Changelog api.axios has been removed. It has already been marked as deprecated for more than two years now and given the recent security compromise and the fact that it's not actually used in the Trilium code base we took the decision to remove it completely. Please update your scripts to use the built-in fetch() instead. api.cheerio has been marked as deprecated, but not removed. As an alternative we provide node-html-parser which has a more DOM-oriented syntax. A long-awaited note type is now supported: Spreadsheets, allowing for a familiar (Excel-like) editing experience with formulas, powered by Univer Sheets. Basic Markdown support with preview and sync scrolling. Built-in OCR support for images, but also PDF and Office (Word, PowerPoint, Spreadsheet) text extraction which integrates with the search function. See the Media page in Options for configuration. Custom dictionary is now synchronized across instances New deployment for Linux under test: AppImage We are reintroducing an LLM chat functionality with full-size chats as well as a sidebar with tools that allow it to alter your notes or even create scripts. Save indicator not showing in quick edit popup. Grid of child notes does not clear floats.

[1.21.0] Update documenso to 2.11.0 Full Changelog fix: prevent 2fa users from being flagged as bots by @Mythie in #2748 feat: allow add myself feature for embeds by @dguyen in #2754 feat: remove default personal orgs from custom sso by @dguyen in #2741 feat: add pending signed PDF downloads by @ephraimduncan in #2730 feat: add DD-MM-YYYY date format variants by @catalinpit in #2767 fix: paginate and search member/group pickers by @Mythie in #2768 feat: add new field overflow methods by @dguyen in #2715 feat: add granular signup disable flags by @ephraimduncan in #2765 feat: add custom branding for signing pages by @Mythie in #2785 feat: support DOCX uploads via Gotenberg by @Mythie in #2801

[1.115.2] Update gitlab-foss to 18.11.3 GitLab 18.11 release notes Fix import_url validation for passwords with special characters Fix project moved notification when project is scheduled for deletion Downgrade Rugged to 1.7.2 to avoid llhttp collision Raise permission for test upstream endpoints GitLab Enterprise Edition Gate trial CTA's on FF automatic_self_managed_trial_activation GitLab Enterprise Edition 18.11 Backport: Fix missing DuoApiAuthenticator stub in json_validation_spec (merge request) Address XSS via file path in global search (merge request) Sanitize HTML in Duo Chat markdown renderer (merge request) Fix the group permission user search results (merge request) Filter tag names with invalid formats during deletion (merge request) Prevent source issue disclosure via issue links API (merge request) Remove componentProps from analytics dashboards DataTable (merge request) Fix value_stream data source passing arbitrary query fields (merge request) Fix HTML injection in achievement email notifications (merge request) Clarify Jira integration access scope in docs and UI (merge request) Authenticate internal API requests pre JSON parsing (merge request) Approval rule lock bypass via GraphQL mutations (merge request) Gate create_note_email on write-level token scope (merge request) Reject oversized job tokens early in AuthJobFinder (merge request) Normalize PyPI package names in protection rule checks (merge request) Enhance DNS rebinding protection in VirtualRegistries RedirectHandler (merge request) Count carriage-return separators in CSV structural char estimate (merge request) Fix DoS via unauthenticated POST to Duo Workflow endpoints - 18.11 backport (merge request) Remove legacy JiraConnect::Subscriptions#create to close CSRF vector (merge request) Remove all namespaced attributes in BaseSanitizationFilter (merge request) Filter out non-user-defined rules on approval update (merge request) Fix orphaned scan_result_policy_reads on policy project reassignment (merge request) Fix confidential issue data leak via move/clone API endpoints (merge request) Add Helm package protection rule check to CreatePackageFileService (merge request) Scope NuGet symbols lookup to projects within the requested namespace (merge request) Security Fix Vulnerability 586634 (merge request)

[2.27.2] Update NodeBB to 4.11.3 Full Changelog add escaping to id/type/activityType in AP/errors ACP page to guard against improper user data (e95f5bc) escape id, type, activityType, body on AP errors page (16bda6b) #14250 (40b9414) #14208, off-by-some error on getUsersFields (54df63c) use configured forum URL for shared links (#14226) (bd4b34a) hide current category from move topic selector (#14228) (bbdf05d) remove msapplication-badge (00d3c87) bypass self-edit reputation checks for privileged users (#14214) (164a3d4) skip actor resolution when federation is disabled (a729d0a) handle before cursor for upward infinite scroll navigation (0c6988c)

[2.7.18] Update mirotalksfu to 2.2.55

[1.27.2] Update mattermost to 11.6.2 Full Changelog

[3.48.2] Update openproject to 17.3.2 Full Changelog GHSA-r85r-gjq2-f83r - Docker Container starts with SECRET_KEY_BASE default value CVE-2026-44731 - Improper Access Control on OpenProject through /projects/[projectName]/meetings via "invited_user_id" in GET parameter "filters" leads to user names disclosure CVE-2026-44732 - IDOR on OpenProject through /api/v3/documents/{id} via PATCH parameter "project_id" leads to Unauthorized Modification of Resources CVE-2026-44733 - Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements CVE-2026-44734 - Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/rename CVE-2026-44735 - Shares API Information Disclosure Bugfix: Performance impact of large Markdown/HTML templates caused by the tagfilter GFM extension [#74151] Bugfix: Budget widget breaks when lots of cost types defined [#74189] Bugfix: Direct login prevents authentication from mobile app [#74569]