Cloudron Forum

[1.25.0] Update typebot.io to 3.17.1 Full Changelog Fix upload proxy public URL (#2508) Add Ask Model action using OpenAI Responses API (#2455) Add time filter to results export and fix CSV download on R2 (#2449) (openai) Add Ask Model file search controls (#2483) Handle GA script load failure to prevent bot from hanging (#2446) Fix transcript compute crash on choice items with session-var display condition (#2468) Fix credential access control and remove vulnerable S3 upload endpoint (#2459) Fix SSRF bypass via DNS rebinding in HTTP request and script fetch flows (#2461) Add SSRF_ALLOWED_HOSTS env for self-hosted internal APIs (#2474) Sanitize CSV exports against formula injection (#2493)

[1.41.2] Fix album cover issue

[2.5.2] Update transmission to 4.1.2 Full Changelog Fixed 4.1.0 bug that could cause duplicate HTTP announces to be sent to trackers. (#8639) Reject benc data that has invalid characters. (#8577) Fixed a bug during the startup sequence where if one torrent failed to parse, subsequent torrents would also fail. (#8605) Fixed a bug that stalled some downloads at 99%. (#8654) Fixed a 4.1.0 upgrade bug that could overwrite utp_enabled and tcp_enabled settings. (#8658) Fixed a 4.1.0 crash that could happen when a peer supplied reqq value smaller than 32 in LTEP handshake. (#8713) Fixed a 4.1.0 bug that prevented TCP peer connections on some systems. (#8748) Added safeguards to HTTP responses to prevent clickjacking. (#8749) Fixed edge case that didn't preserve the order of a batch of torrents when moving their queue position up or down. (#8782) Added sanitization for UTF-8 client names provided by peers during handshake. (#8809)

[5.8.3] Update server to 33.0.5 Full Changelog

[3.3.3] Update Rocket.Chat to 8.4.3 Full Changelog (#40771 by @dionisio-bot) Fixes the Chat Limits locking mechanism to allow bot agents to skip the lock as they aren't limited

[3.13.3] Update metabase to 0.61.3.3 Full Changelog

[5.2.2] Update php-src to 8.5.7

[4.28.0] Update n8n to 2.23.2 Full Changelog core: Insights page shows license paywall for licensed users (#31452) core: Use slugs instead of ids to identify MCP registry servers (#31301) editor: Clear pin data on workspace initialization of production execution (#31258) Revert 'Input validation for workflow and data table names' (MR 30594) (#31367) Execute Workflow Node: Return items from every run of the sub-workflow's last node (#30716) Odoo Node: Add v2 with resource locators, field mapping, and API key auth (#30796) Oracle DB Vector Store Node: Add support for vectorstore and embedding node support (#29014) Gumroad Trigger Node: Add OAuth2 authentication (#29974) core: Split workflow:updateRedactionSetting into enable and disable scopes (#30446) HTTP Request Node: Fix parallel binary filename mixing (#30568)

[1.13.1] Update ollama to 0.30.2 Full Changelog feat(launch): show and auto-install Cline CLI by @hoyyeva in #16402 log template details to aid troubleshooting by @dhiltgen in #16403 cmd/launch: add Qwen code integration by @hoyyeva in #15900 launch: fix opencode local model limits by @dhiltgen in #16425 llm: include cached prompt tokens in llama-server counts by @dhiltgen in #16428 discover: allow Radeon 8060S iGPU by default by @dhiltgen in #16429 llm: detect llama-server load stalls from output by @dhiltgen in #16427 llama: add laguna (poolside) arch via a llama.cpp patch under llama/c by @dhiltgen in #16396 llm: ignore llama-server SSE ping comments by @dhiltgen in #16443 fix laguna patch build breakage by @dhiltgen in #16445

[1.27.0] Update traccar to 6.14.2 Full Changelog Resizable map in reports. Connection status events are now disabled by default to avoid spamming the database and users. Added a map ruler tool for measuring distances. Added support for snapping locations to roads. Improved map controls. Added user device count. Implemented support for KML styling. Added support for channels in video streaming. Added KML and KMZ export. Added chart report export.

[1.34.1] Update syncthing to 2.1.1 Full Changelog fix(syncthing): properly upgrade via REST when Syncthing is running (fixes #10697) by @calmh in #10699 fix(versioner): ensure user read/write/execute on archived dirs (fixes #10532) by @calmh in #10696 fix(discover): only announce wildcard for TCP punching when listening on wildcard address (fixes #10503) by @calmh in #10691 fix(stcrashreceiver): close source loader responses on errors by @mattn in #10704 fix(protocol): handle zero-size requests (fixes #10709) by @calmh in #10710

[1.14.17] Update AdGuardHome to 0.107.77 Full Changelog Authorization in GLiNET mode is no longer vulnerable to path traversal attacks. NOTE: This is CVE-2026-41448. We thank @djnnvx for reporting this security issue. New reason query parameter in GET /control/querylog. See openapi/openapi.yaml for the full description. Query parameter response_status in GET /control/querylog is now deprecated. Use new reason query parameter instead.