Cloudron Forum

[1.16.13] Update freescout to 1.8.222 Full Changelog Updated German translation. Fixed undefined $signature_mailbox error on sending (#5427) Send Auto Reply from the alias the customer emailed to (#5428)

[2.5.1] Update cloudflared to 2026.5.1

[3.3.2] Update Rocket.Chat to 8.4.2 Full Changelog Ensures OAuth tokens are cleaned up after user deactivation Fixes the users.presence endpoint returning an empty array when called with multiple comma-separated IDs, caused by ajvQuery coercing the string into a single-element array after the OpenAPI migration (#40527 by @dionisio-bot) Ensures that deactivated users have their login tokens cleaned up in users.deactivateidle Ensures the Meteor method for translateMessage validates access and types Ensures the visitor token is not present in the visitors.info response Ensures the autotranslate.translateMessage endpoint checks for room access

[2.7.26] Update mirotalksfu to 2.2.83

[2.10.1] Update roundcubemail to 1.7.1 Full Changelog Enigma: Support automatic public key lookup (import) using HKP v1 protocol (#5314) Managesieve: Fix error when a mail message contains duplicate List-Id header (#10186) Clarified Elastic installation instructions (#10163) Fix so "has:attachment" search uses $HasAttachment/$HasNoAttachment keywords (#10168) Fix potential too long value in IMAP ID command (#10136) Fix redis/memcache disconnection in rcube::sleep() (#10127) Fix so static resources, e.g. skin_logo can be put inside the public_html directory (#10160) Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog Security: Fix pre-auth SQL injection in virtuser_query plugin via preg_replace backslash escape bypass Security: Fix code injection vulnerability - remove support for code evaluation in LDAP autovalues option

[2.88.0] Update tt-rss to 23e6087

[1.39.0] Update koel to 9.4.0 Full Changelog feat: add OpenID Connect SSO provider for Koel Plus by @phanan in #2494 feat: add WebDAV storage support for Koel Plus by @phanan in #2495 test: harden proxy-auth coverage + Caddy E2E in CI by @phanan in #2496 Full Changelog: https://github.com/koel/koel/compare/v9.3.6...v9.4.0

[2.95.0] Update searxng to 323ce76

[1.13.7] Update jellyfin to 10.11.10 Full Changelog Fix GHSA-f47c-m7gr-q92j, by @Shadowghost Fix GHSA-jg92-mrxq-vv75, by @Shadowghost Fix GHSA-wwwm-px48-fpvq, by @Shadowghost Fix stale UserData cache MR #15048, by @theguymadmax Fix/user manager collation MR #16906, by @JPVenson

[1.46.0] Update languagetool to 01aaccc

[1.19.4] Update core to 2026.5.4 Full Changelog Apply web search citation stripping for GPT-5.x models in OpenAI conversation (@frenck - #170956) (openai_conversation docs) Add missing Miele Dishwasher codes (@astrandb - #171175) (miele docs) Fix ZHA blocking minor version downgrades (@TheJulianJES - #171319) (zha docs) Fix SmartThings crash when timestamp attribute is None (@frenck - #171467) (smartthings docs) Fix habitica ignoring zero values for interval and streak (@frenck - #171468) (habitica docs) Fix PowerView cover crash when shade position is unavailable (@frenck - #171471) (hunterdouglas_powerview docs) Fix Wyoming satellite crash when TTS is not configured (@frenck - #171513) (wyoming docs) Fix ZBT-2 hardware page crash when entry data is missing VID (@frenck - #171828) (homeassistant_connect_zbt2 docs) Fix Lutron Caseta battery sensor crash on unsupported devices (@frenck - #171829) (lutron_caseta docs) Fix Hue device trigger crash for devices removed from bridge (@frenck - #171844) (hue docs)

[4.6.9] Update PeerTube to 8.1.8 Full Changelog We have learned that the SQL injection vulnerability fixed in v8.1.6 has been exploited at scale since at least May 18, 2026 and so before the v8.1.6 release. According to our investigation, the attacker exploited this SQL injection to generate a token for the root user and install the peertube-plugin-google-analytics-js plugin. This plugin imports a client script from hxxps://www.googie-anaiytics.com/jquery.ui.js that currently only logs a line in the web browser. Automatically remove peertube-plugin-google-analytics-js in v8.1.8 Invalidate OAuth tokens in v8.1.8 (all users must log in again) Add a new user.disable_root_auth config key to disable root token usage Remove the plugin from the plugin registry Upgrade to v8.1.8 as soon as possible Review newly created users and videos Review your instance configuration, especially Configuration -> Customization -> JavaScript/CSS Review installed plugins