Cloudron Forum

[1.115.2] Update gitlab-foss to 18.11.3 GitLab 18.11 release notes Fix import_url validation for passwords with special characters Fix project moved notification when project is scheduled for deletion Downgrade Rugged to 1.7.2 to avoid llhttp collision Raise permission for test upstream endpoints GitLab Enterprise Edition Gate trial CTA's on FF automatic_self_managed_trial_activation GitLab Enterprise Edition 18.11 Backport: Fix missing DuoApiAuthenticator stub in json_validation_spec (merge request) Address XSS via file path in global search (merge request) Sanitize HTML in Duo Chat markdown renderer (merge request) Fix the group permission user search results (merge request) Filter tag names with invalid formats during deletion (merge request) Prevent source issue disclosure via issue links API (merge request) Remove componentProps from analytics dashboards DataTable (merge request) Fix value_stream data source passing arbitrary query fields (merge request) Fix HTML injection in achievement email notifications (merge request) Clarify Jira integration access scope in docs and UI (merge request) Authenticate internal API requests pre JSON parsing (merge request) Approval rule lock bypass via GraphQL mutations (merge request) Gate create_note_email on write-level token scope (merge request) Reject oversized job tokens early in AuthJobFinder (merge request) Normalize PyPI package names in protection rule checks (merge request) Enhance DNS rebinding protection in VirtualRegistries RedirectHandler (merge request) Count carriage-return separators in CSV structural char estimate (merge request) Fix DoS via unauthenticated POST to Duo Workflow endpoints - 18.11 backport (merge request) Remove legacy JiraConnect::Subscriptions#create to close CSRF vector (merge request) Remove all namespaced attributes in BaseSanitizationFilter (merge request) Filter out non-user-defined rules on approval update (merge request) Fix orphaned scan_result_policy_reads on policy project reassignment (merge request) Fix confidential issue data leak via move/clone API endpoints (merge request) Add Helm package protection rule check to CreatePackageFileService (merge request) Scope NuGet symbols lookup to projects within the requested namespace (merge request) Security Fix Vulnerability 586634 (merge request)

[2.27.2] Update NodeBB to 4.11.3 Full Changelog add escaping to id/type/activityType in AP/errors ACP page to guard against improper user data (e95f5bc) escape id, type, activityType, body on AP errors page (16bda6b) #14250 (40b9414) #14208, off-by-some error on getUsersFields (54df63c) use configured forum URL for shared links (#14226) (bd4b34a) hide current category from move topic selector (#14228) (bbdf05d) remove msapplication-badge (00d3c87) bypass self-edit reputation checks for privileged users (#14214) (164a3d4) skip actor resolution when federation is disabled (a729d0a) handle before cursor for upward infinite scroll navigation (0c6988c)

[2.7.18] Update mirotalksfu to 2.2.55

[1.27.2] Update mattermost to 11.6.2 Full Changelog

[4.169.0] Update ghost to 6.38.0 Full Changelog Added {{#social_accounts}} block helper for theme social rendering (#27834) - Hannah Wolfe Fixed 500 error when updating members with nameless labels (#27789) - Rob Lester Fixed members API timing out on sites with large email_recipients tables - Rob Lester

[2.5.0] Update cloudflared to 2026.5.0 Full Changelog

[2.18.8] Update sogo to 5.12.8 Full Changelog 2 possible XSS injections with malicious mail: fixed. 1 possible SQL injection with specific request: fixed.

[1.0.0] Fix issue where files could not be uploaded

[1.17.10] fix: update doc links from /apps/ to /packages/

[1.22.2] fix: update doc links from /apps/ to /packages/

[2.11.0] Update cubby to 2.11.0 Breaking change: WebDAV endpoints will prompt for a new password. You can create a new app password from the Cloudron dashboard. Add SCIM user listing support to preprovision users Use the Vite proxy setup for local development Use @cloudron/connect-lastmile Move user count into the header Improve the users view and add basic search Use the Cloudron auth endpoint for WebDAV Remove WebDAV UI Purge password and salt from user signup code paths as well Fix displaying search results in group folders Fix search results max-height

[0.7.0] Update calendar to 0.7.0 Add support for custom reminders in the event editor Integrate SCIM addon for pre-provisioning users (scimSync, manifest/server/storage updates) Replace uuid with Node crypto for ID generation Event details popover: positioning fixes, less layout “jumping,” fewer distracting loading states for attendees Schedule view: disable animation on event details Week boundary: fix event display when events sit on a week edge Shared calendar: alignment tweak in the shell UI

[1.14.14] fix: update doc links from /apps/ to /packages/