Cloudron Forum

[1.22.3] Update invoiceninja to 5.13.3 Full Changelog Inject small delay into client webhooks to allow contacts to be returned. Fixes for e-invoice notifications Updates for PEPPOL SE sending Ensure GoCardless displays correct payment method type Updated Translations

[1.98.0] Update immich to 2.6.1 Full Changelog Fixed a failed migration issue on the mobile app when the URL Switching feature is used fix(server): fallback to email when name is empty by @​jrasm91 in #​27016 fix: ignore errors deleting untitled album by @​jrasm91 in #​27020 fix(web): wrap long album title by @​jrasm91 in #​27012 fix(web): stop in-progress uploads on logout by @​jrasm91 in #​27021 fix: writing empty exif tags by @​danieldietzler in #​27025 fix(web): disable send button by @​jrasm91 in #​27051 fix(mobile): server url migration by @​mertalev in #​27050

[3.8.1] Update Stirling-PDF to 2.7.3 Full Changelog New PDF read aloud feature in viewer mode to "speak" the PDF to you, will be improved more going forwards! Improved annotation handling in annotation UI Mac printing is finally working on desktop app! Several general bug fixes such as Fix non-ASCII characters in headers being rejected Fix bug for HTTP2 support

[1.35.10] Update uv to 0.10.12 Full Changelog Add pypy 3.11.15 (#​18468) Add support for using Python 3.6 interpreters (#​18454) Include uv's target triple in version report (#​18520) Allow comma separated values in --no-emit-package (#​18565) Show uv audit in the CLI help (#​18540) Improve reporting of managed interpreter symlinks in uv python list (#​18459) Preserve end-of-line comments on previous entries when removing dependencies (#​18557) Treat abi3 wheel Python version as a lower bound (#​18536) Detect hard-float support on aarch64 kernels running armv7 userspace (#​18530)

[2.26.0] Update NodeBB to 4.10.0 Full Changelog add /world as a potential home page route (58d3aa7) add category selector to /world quick composer (2f5021e) ability to show only local posts in /world (44e65b8) #​14094, notification drawer UX improvements (6c01a5d) allow 3 profile pics (#​14092) (533ae69) category group actor outbox, #​14083 (b317cdd) improve idempotency of ap test (8ca34e7) call syncfollowcounts on unfollow as well (ebe709d) sync follow counts on local and remote follows, #​14105 (44e78e4) cold load redirect should only affect guests (cc60667)

[2.8.2] Update formbricks to 4.8.2 Full Changelog fix: [Backport] backports sentry improvement and loading page fix by @​pandeymangg in #​7534 fix: [Backport] backports the sdk initialization issues by @​pandeymangg in #​7536

[1.97.1] Update audiobookshelf to 2.33.1 Full Changelog API Keys not respecting user enabled/disabled flag Podcast episode update endpoint sanitizes HTML for subtitle Playlist & collection create/update endpoints strip HTML tags from name More strings translated Belarusian by @​pavel-miniutka German by @​fabianjuelich Spanish by @​cyphra

[1.20.1] Update Wallos to 4.7.2 Full Changelog password reset tokens now expire after 60 minutes (90bb618) vulnerability would allow to bypass 2fa (#​1021) (90bb618)

[1.5.6] Update keycloak to 26.5.6 Full Changelog CVE-2026-1180 - Blind Server-Side Request Forgery (SSRF) in Keycloak OIDC Dynamic Client Registration via jwks_uri oidc CVE-2026-1035 - Keycloak Refresh Token Reuse Bypass via TOCTOU Race Condition oidc CVE-2025-14777 - Keycloak IDOR in realm client creating/deleting CVE-2025-14082 keycloak-server: Keycloak Admin REST API: Improper Access Control leads to sensitive role metadata information disclosure CVE-2026-3121 - Keycloak: Privilege escalation via manage-clients permission CVE-2026-3190 - Information Disclosure via improper role enforcement in UMA 2.0 Protection API core CVE-2026-3911 Keycloak: Information disclosure of disabled user attributes via administrative endpoint user-profile CVE-2026-2366 Authorization Bypass: Unprivileged tokens can enumerate user organization memberships organizations Federated user disabled when external DB unavailable, never re-enabled storage AUTH_SESSION_ID cookie reuse causes cross-user session contamination on re-authentication authentication