Cloudron Forum

[1.18.2] Update penpot to 2.16.1 Full Changelog Batch multiple thumbnail deletions into a single RPC call #9944 (MR: #9943) Add WebSocket proxy configuration for MCP in Nginx example (by @lancatlin) #10153 (MR: #10152) Add tenant prefix to MCP Redis channel names for multi-environment isolation #10277 (MR: #10276) Show MCP key on Integrations page and remove non-recoverable warning from modal #10290 (MR: #10298) Add MCP status button with single-tab connection control #9923 (MR: #9930) Fix race condition between MCP initialization and plugin runtime #10138 (MR: #10137) Filter ignorable React removeChild errors from browser extensions in error boundary #10146 (MR: #10145) Show resolved values in font family token combobox when pasting comma-separated values #10212 (MR: #10215) Fix MCP server status toggle persistence and missing workspace connection options #10292 (MR: #10226) Allow pasting comma-separated emails in the invite members modal #10173 (MR: #10186)

[1.2.3] force cert trust fixing send mail issue

[2.21.0] Update vpn to 2.21.0 Update modules dnsmasq: localize queries remove auto tunnel routing mode Fix ui to handle managed tunnel

[0.5.0] Update urlaubsverwaltung to 6.1.0 Full Changelog Improve performance and reduce settings calls while asking for public holidays #6272 fix minor ui glitches #6279

[1.13.0] Update seaweedfs to 4.36 Full Changelog s3api: sort repeated SigV4 query values @7y-9 (#10031) s3api: reject malformed Range offsets @guankai (#10034) s3: propagate IAM changes from standalone weed s3 to peer pods @chrislusf (#10095) iceberg: support multi-table transaction commit @chrislusf (#10066) iceberg: support views @chrislusf (#10069) sts: authorize AssumeRole by the role's trust policy @chrislusf (#10097) feat: support marking volumes by collection @7y-9 (#9585) mount: don't hang close() when a writer is killed during flush @chrislusf (#10090) postgres: resolve startup message length type mismatch and uint underflow OOM risk @198wmj (#10065) util/http: lazily init the global HTTP client to fix admin metrics nil panic @chrislusf (#10044)

[3.14.2] Update Stirling-PDF to 2.13.2 Full Changelog fix(frontend): correctly display the current user role in the edit dialog by @Ludy87 in #6758 Make pre-commit scripts more OS-agnostic by @jbrunton96 in #6724 fix(team): hide users already assigned to the selected team by @Ludy87 in #6760 Upgrade to TypeScript 6 by @jbrunton96 in #6772 Redesign tool config types to avoid any typing by @jbrunton96 in #6582 Remove ffmpeg from published Docker images by @Frooodle in #6791 fix update notification visibility and install flicker by @Frooodle in #6776 fix desktop bundles by @Frooodle in #6773 fast-path local PDF transport and reduce chat re-renders by @EthanHealy01 in #6798 Add JUnit tests to raise coverage across all modules by @Frooodle in #6782

[4.31.1] Update n8n to 2.27.4 Full Changelog core: Let allowlisted Python packages import their own submodules via relative imports (#32832) (62e876c) core: Fix building incorrect chained nodes (#32850) (91ac921) Google Ads Node: Upgrade API from v20 to v21 (#32791) (16699e2)

[3.17.1] Update metabase to 0.62.3.3 Full Changelog

[2.45.2] Update Lychee to 7.6.3 Full Changelog Hardcode sqlite migration key-drop fix by @ildyria in #4458 Fix download bypass on password protected albums by @ildyria in #4459 Version 7.6.3 by @ildyria in #4461 Do not display errors when feature is disabled by @ildyria in #4462

[1.10.3] Update grav to 2.0.2 Full Changelog [security] ZIP extraction in both Direct Install and the internal archiver now enforces the uncompressed-size limit against the bytes actually written, rather than the size each entry claims, so an archive that understates its real size can no longer slip a decompression bomb past the limit (GHSA-8h9x-89f2-m7x3). [security] Editor-authored Twig in page content can no longer read configuration secrets by dumping the config object through a filter such as print_r or json_encode, closing a sandbox bypass that exposed plugin credentials and API keys (GHSA-mc5q-6hpj-rp7j). A failed bin/gpm self-upgrade now reports the specific reason it stopped and records the full details in logs/grav.log, instead of showing a generic "Unknown error" with nothing to act on. Fixes getgrav/grav#4158. A page that displays inline SVG or MathML icons, such as the svg-icon shortcode or GitHub-style alert callouts, no longer renders blank when page-content Twig processing is enabled, because the render-time security scan now skips that legitimate icon markup while still catching injected scripts around it.

[1.28.0] Update ntfy to 2.25.0 Full Changelog Generate access tokens, IDs, and magic-link tokens with a cryptographically secure RNG (crypto/rand) instead of a clock-seeded PRNG Add password reset via emailed magic link, with a "Forgot password" link on the login page and a ntfy user reset-pass CLI command for admins Rework email verification to use durable, single-use, expiring magic links instead of in-memory 6-digit codes, and add a "primary" email (used for account recovery and as the X-Email: yes target) with verified/unverified state in the account UI You can now clear/read messages and delete messages with a GET request (#1771, thanks to @lemmi for reporting and to @wunter8 for implementing) Add a reload button to the web app's action bar when running as an installed PWA, which clears the service worker caches and hard-refreshes the app X-Email: yes (also true/1) now sends to your primary verified email regardless of the smtp-sender-verify setting (previously it was rejected unless verification was enabled); it requires being logged in with a verified address Grant users full access to their own sync topic (st_...) so cross-device subscription sync works under auth-default-access: deny-all (#733, #1795, thanks to @lmorchard for the contribution) Support HTTP (non-TLS) S3-compatible endpoints by preserving the endpoint scheme, e.g. for a local MinIO instance (#1794, #1734, thanks to @sskender for the contribution, and @Kernald for reporting) Stop silently stripping spaces from passwords while typing in the web app's login, signup, and password-reset forms (#1246, thanks to @aldem for reporting) Stop escaping <, >, and & as \u003c/\u003e/\u0026 in JSON responses (#1511, #1512, thanks to @wunter8 for the contribution)

[1.2.1] Update keila to v0.30.1 Full Changelog Add HTML option to campaign type dropdown in campaign settings Fixed a bug that caused an internal server error when creating new Block campaigns Fixed rendering errors when using self-closing MJML tags Fix gettext error with Block editor social media block

[1.18.1] Update mastodon to 4.6.1 Full Changelog Add avatar_description and header_description to /api/v1/accounts/update_credentials (#39547 and #39574 by @ClearlyClaire and @mkljczk) Fix combobox menu not closing after a selection (#39595 by @diondiondion) Fix Emoji IndexedDB upgrades when multiple tabs are open (#39576 by @ChaosExAnima) Fix combobox listbox not scrolling up when new suggestions have loaded (#39588 by @diondiondion) Fix media modal navigation in RTL languages (#39587 by @diondiondion) Fix accounts not visible in collection editor in advanced web interface (#39586 by @diondiondion) Fix error on login with certain LDAP configurations (#39571 by @oneiros) Fix simplified layout applying to other pages in web UI (#39570 by @Gargron) Fix emoji database loading in web worker (#39558 and #39562 by @ChaosExAnima) Fix display name length limit being incorrectly enforced in web UI (#39499 by @shleeable)

[1.43.0] Update mealie to 3.20.0 Full Changelog feat: Enhanced MR Lint/Validation @Choromanski (#7329) feat: warn when deleting foods used in recipes @ZacharySchaffter (#7117) feat: Added version info to backup file @Choromanski (#7416) fix: add missing dependencies in package.json @p0lycarpio (#7709) fix: support CSV/TXT upload and add validation for Plan to Eat import (#6360) @hay-kot (#7622) fix: harden recipe content against stored XSS (chips, instructions, asset media) @hay-kot (#7719) fix: default ingredient_references on RecipeInstruction init @alexander-wenzel-dev (#7732) fix: refactor cookie settings for Home Assistant i-frame login @cheebreezee (#7741) fix: send default_headers with curl_cffi impersonation (fixes 403 on WAF sites) @xenoputtss (#7792) fix: Various lint issues @michael-genson (#7766)