Cloudron Forum

[4.91.0] Update wekan to 8.19 Full Changelog Security Fix 1: IDOR in setCreateTranslation. Non-admin could change Custom Translation Security Fix 2: Private-only board setting can be bypassed Security Fix 3: Card comment author spoofing (IDOR) via API Security Fix 4: Cross-board card move without destination authorization Security Fix 5: Read-only roles can still update cards Security Fix 6: Checklist delete IDOR: checklist not verified against board/card Security Fix 7: Checklist create IDOR: cardId not verified against boardId Security Fix 8: Attachments publication leaks metadata without auth Security Fix 9: Attachment upload not scoped to card/board relationship Security Fix 10: LDAP filter injection in LDAP auth

[1.32.0] Update mealie to 3.9.0 Full Changelog feat: persist selected dates in meal planner @gitolicious (#6512) feat: Animate shopping list and increase touch target @miah120 (#6569) feat: Replace number inputs with new v-number-input compontent @michael-genson (#6767) fix: PWA maskable android icons & enctype shared_target @p0lycarpio (#6731) fix: Consistent Shopping List Recipe State @michael-genson (#6758) fix: Backup selection doesn't work sometimes @michael-genson (#6759) fix: add loader for create backup button @p0lycarpio (#6763) fix: the add_pagination_to_query now always returns the correct count @AurelienPautet (#6505) fix: Imported API keys not working on a new server #6477 @onemustpersist (#6496) fix: Add resiliency to LDAP admin filter @michael-genson (#6766)

[2.29.8] Update metabase to 0.57.7.11 Full Changelog

[2.5.35] Update mirotalksfu to 2.0.86

[4.5.0] Update etherpad-lite to 2.6.0 Full Changelog Added native option to transfer your Etherpad session between browsers. If you use multiple browsers or different PC for Etherpad they are different sessions. Meaning typing on one PC and then switching to another one in the same pad will result in different authorship colors. With this new feature you can now transfer your session to another browser or PC. To do so, open the home page and click on the wheel icon in the top right corner. After that click through the first dialog prompting you to copy a code to your clipboard. On your second browser open the same dialog and switch to "Receive Session" tab. There you can paste the code you copied before and click on "Receive Session". After that your session is transferred, and you can continue editing with the same authorship color as before. Just be aware that you can't have two active sessions at once in a pad. Updated to oidc provider v2.6.0 after resolving compatibility issues.

[1.23.0] Update vaultwarden to 1.35.0 Full Changelog Implement support for SSO with OpenID Connect, https://github.com/dani-garcia/vaultwarden/wiki/Enabling-SSO-support-using-OpenId-Connect Updated web vault to 2025.12.0 Added support for future mobile apps with versions 2026.1.0+ Fix multi delete slowdown by @BlackDex in #6144 Perform same checks when setting kdf by @Timshel in #6141 SSO using OpenID Connect by @Timshel in #3899 Delete SSO.md by @dani-garcia in #6152 Update webauthn-rs to 0.5.x by @zUnixorn in #5934 a little cleanup after SSO merge by @stefan0xC in #6153 Fix link to point to the wiki by @Timshel in #6157

[2.39.0] Update kimai to 2.45.0 Full Changelog Fade-out customer address (#5749) Fix export label "buyer reference" (#5749) Support for setting a section name via plugin for Activity/Project/Customer meta-fields via plugin (#5747) Support PHP 8.5 (#5746) Invoice: support for dynamic invoice tax rates via plugin (#5740) Configurable rate rounding (classic, decimal - default: classic) see docs (#5734) Merge "user default currency" and "customer default currency" into one "My company" setting (#5739) Theme upgrade (#5720) API: query modified_after in UTC (#5743) API: Add many fields to Collection calls, to reduce the need of calling the entity endpoint (#5721)