Cloudron Forum

[1.22.15] Update invoiceninja to 5.13.19 Full Changelog Align all payment failure emails into single codepath Fix currency codes in payment receipt templates Add padding to footer in Playful design Improvements for Cash Accounting tax reports Roll back regression for AutoBillInvoice Allow conversion of custom fields for reserved keywords such as :MONTH etc for Recurring Invoices v5.13.19 by @turbo124 in #11891 Full Changelog: https://github.com/invoiceninja/invoiceninja/compare/v5.13.18...v5.13.19

[1.12.9] Update recipes to 2.6.9 Full Changelog fixed another stored XSS in recipe instructions GHSA-89pw-5qxc-7v86 updated pillow library security update

[3.2.2] Pre install deno cache and make it rw in /run/

[3.6.2] Update metabase to 0.60.1.3 Full Changelog

[2.49.0] Update kimai to 2.55.0 Full Changelog System-Account flag should always be editable (#5907) Use absolute avatar URLs in Fixtures (#5907) Explain importance of TRUSTED_HOSTS in .env (#5907) Fix exporter column styles (duration, internal price and maybe more) (#5907) Translations update from Hosted Weblate (#5904)

[1.26.1] Update whitebophir to 1.30.2 Full Changelog

[1.17.9] Update mastodon to 4.5.9 Full Changelog Insufficient verification of email addresses (GHSA-5r37-qpwq-2jhh) Updated dependencies Add trademark warning to mastodon:setup task (#38548 by @ClearlyClaire) Fix definition for quote in JSON-LD context (#38686 by @ClearlyClaire) Fix being unable to disable sound for quote update notification (#38537 by @ClearlyClaire) Fix being able to quote someone you blocked (#38608 by @ClearlyClaire)

[1.14.13] Update AdGuardHome to 0.107.74 Full Changelog Frontend libraries has been updated to prevent the possibility of exploiting the vulnerability described in CVE-2026-40175. Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.26.2. In this release, the schema version has changed from 33 to 34. Added a new field doh in http configuration. Incorrect forwarding of root domain requests when domain-specific upstreams are configured (#7058). The strict SNI check setting is not persisted when the TLS configuration is changed (#8327). Status reported by the launchd service implementation in cases of scheduled service restart. Fixed clients block/unblock when moving clients between allowed and disallowed lists.

[1.16.7] Update freescout to 1.8.216 Full Changelog Fixed null parameter error in CheckBrowser middleware (#5342) Fixed moving conversations (#5343) Fixed OAuth disconnect link on PHP 7.1 (#5345) Fixed search.title hook (#5347) Fixed mute icon for non-admin users in Dashboard (#5348) Improved fetching into multiple mailboxes (#5350) Fixed error in MailHelper::isGeneratedMessageId() (#5351)

[1.1.0] Update forgejo to 15.0.0 Full Changelog See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/15.0.0.md PR: remove admin-level permissions from repo-specific & public-only access tokens PR: The template generation (POST /repos/{template_owner}/{template_repo}/generate) and repository deletion (DELETE /repos/{username}/{reponame}) APIs have been updated to require the same permission scope as creating a new repository. Either write:user or write:organization is required, depending on the owner of the repository being created or deleted. PR: Accessing the /repositories/{id} API with a public-only access token did not restrict read access to only public repositories, which is now prevented. PR: Accessing the /repos/{owner}/{repo}/issues/{index}/dependencies and /repos/{owner}/{repo}/issues/{index}/blocks APIs with a public-only access token had access to modification operations against private repositories in the form component of the API (not the URL component), which is now prevented. PR: Accessing the /repos/{owner}/{repo}/issues/{index}/dependencies and /repos/{owner}/{repo}/issues/{index}/blocks APIs with a public-only access token could view dependencies or blocking issues from private repositories, which is now prevented. PR: Accessing the /repos/{owner}/{repo}/issues/{index}/timeline API with a public-only access token could view comment cross-references from private repositories, which is now prevented. PR: Accessing the /teams/{id}/repos/{org}/{repo} API with a public-only access token could view private repositories assigned to a team, which is now prevented.