Cloudron Forum

[1.3.2] Update ollama to 0.15.2 Full Changelog New ollama launch clawdbot command for launching Clawdbot using Ollama models

[1.5.1] Update dawarich to 1.0.1 Full Changelog SSL certificate verification can now be disabled for Immich and Photoprism integrations to support self-signed certificates. A prominent security warning is displayed when this option is enabled. #1645 Photo timestamps from Immich are now correctly parsed as UTC, fixing the double timezone offset bug where times were displayed incorrectly. #1752 Trip photo grids now update immediately after photos are imported, instead of showing cached/stale results for up to 24 hours. #627 #988 Immich API responses are now validated for content-type and JSON format before parsing, providing clear diagnostic error messages when the API returns unexpected responses. #698 #1013 #1078 Response validator logs truncated response bodies (max 1000 chars) when JSON parsing fails, improving debugging capabilities. GeoJSON formatted points now have correct timestamp parsed from raw_data['properties']['date'] field. Reduce number of iterations during cache cleaning to improve performance. Version in the navbar is now correct. #2154 Fix an error on the Trips page when trip is created but no path is yet calculated. #1426 Catch an error with invalid response during reverse-geocoding. #1439

[2.12.4] Update cal.com to 6.1.4 Full Changelog fix: update Learn More button link on teams page to cal.com/teams by @devin-ai-integration[bot] in #27065 fix: update Learn more button URL on routing forms page to cal.com/routing by @devin-ai-integration[bot] in #27068 refactor: remove remaining user.startTime and user.endTime usages by @emrysal in #27092 fix: ensure verification token has team before processing by @anikdhabal in #27139 feat(flags): add @Memoize and @Unmemoize decorators for declarative caching by @eunjae-lee in #27063 feat: add rrHostSubsetIds to reschedule booking endpoint by @ThyMinimalDev in #27135 perf: optimize getEventTypeIdsFromTeamIdsFilter with raw SQL query by @keithwillcode in #27145 feat: Add download CSV button on bookings page by @pumfleet in #27107 feat: add wrong assignment report dialog and webhook for routing form bookings by @PeerRich in #25839 perf: Add teamId index on Credential by @keithwillcode in #27153

[3.4.0] Update Stirling-PDF to 2.4.0 Full Changelog database backup management (Only for internal H2 database users) Full 2FA support with One-time-password auth code app support! Get info supporting better compliance verification PDF/X conversions automation tool now export into folder scan JSONs for folder automation fix(annotations): fix error 300 on sign frontend by @balazs-szucs in Stirling-Tools#5536 Fix: Whitelist health endpoints in Security and Enterprise Filter + fix keep original commit by @Frooodle in Stirling-Tools#5494 API cleanups by @Frooodle in Stirling-Tools#5537 refactor(security): clean up SSO handling, harden URL parsing, and bump dependencies by @Ludy87 in Stirling-Tools#5523 fix(common): CWE-681 & CWE-197 eliminate tainted numeric casts in size parsing by using BigDecimal with range guards by @Ludy87 in Stirling-Tools#5521

[1.21.3] Update invoiceninja to 5.12.50 Full Changelog v5.12.49 by @turbo124 in #11592 Fixes for qb imports without direction access to QB API by @turbo124 in #11594 Minor fixes for type casting freshbooks imports by @turbo124 in #11595 fixes for release composer by @turbo124 in #11596 v5.12.50 by @turbo124 in #11601

[3.9.3] Update redmine_oauth to 3.0.9

[1.12.1] Update Jirafeau to 4.7.1 Full Changelog Fixed another possibility to bypass the checks for CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066 (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image". When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled. The default value of max_upload_chunk_size_bytes was set to 5000000. Higher values could trigger a bug Chromium-based browsers on servers with HTTP/3 enabled, causing asynchronous uploads to fail.

[1.27.1] Update FreshRSS to 1.28.1 Full Changelog Handle Web scraping of text/plain as <pre class="text-plain"> #​8340 New customisable message for closed registrations #​8462 Fix unwanted expansion of user queries (saved searches) applied to filters #​8395 Fix encoding of filter actions for labels #​8368 Fix searching of tags #​8425 Fix refreshing feeds with token while anonymous refresh is disabled #​8371 Fix RSS and OPML access by token #​8434 Fix MySQL/MariaDB transliterator_transliterate fallback (when the php-intl extension is unavailable) #​8427 Fix regression with MySQL/MariaDB index hint #​8460 Auto-add lastUserModified database column also during mark-as-read action #​8346

[2.75.0] Update searxng to eea1892

[2.41.0] Update kimai to 2.47.0 Full Changelog Further SecurityPolicy hardening for twig invoice and export templates (#5784) Fix: moved "print" export to self-contained template (#5784) Fix: synchronisation problem when editing user-preferences of the currently logged-in user (#5784) Fix: selected text highlight color in dark mode (#5784) Fix: remove backdrop from the "loading indicator" (#5784) Do not show report toolbars in a card, following the general Kimai UI principles (#5784) Removed most toast messages, replacing them by a tiny loading indicator. reason: an app should work as expected and not need to indicate that an action was successful, instead it should only warn if something fails. toasts were kept for ticktack / restarting of timesheets and error messages, as those might be started from any screen. (#5784)

[1.16.0] Update documenso to 2.5.0 Full Changelog fix: mark document auth types for translation by @mKoonrad in #2331 fix: mark document visibility options for translation by @mKoonrad in #2330 refactor: simplify field dialog component by @catalinpit in #2369 feat: add audit logs to document details page by @Mythie in #2379 feat: add default recipients for teams and orgs by @catalinpit in #2248 fix: downgrade pdfjs-dist to version 5.4.296 and update react-pdf to version 10.3.0 by @KarloDerEchte in #2383 fix: dont flatten forms for templates by @Mythie in #2386 fix: security CVE-2026-22817 CVE-2026-22818 by @tedliang in #2390 fix: sync envelope state after direct link changes by @ephraimduncan in #2257 refactor: replace pdf-sign with libpdf/core for PDF operations by @Mythie in #2403

[1.15.4] Update core to 2026.1.3 Full Changelog