Cloudron Forum

[1.37.0] Update koel to 9.2.0 Full Changelog fix: use default cursor on context menu items instead of text cursor by @phanan in #2408 feat: include user's edit permission in album resource by @phanan in #2409 feat: include user's edit permission in artist resource by @phanan in #2410 feat: include user's edit and delete permissions on playlist resource by @phanan in #2411 feat: include user's edit and delete permissions on radio station resource by @phanan in #2412 feat: include viewer's edit and delete permissions on user resource by @phanan in #2413 fix: align user card with album/artist card affordances by @phanan in #2417 fix: add hover state to BasicListSorter menu items by @phanan in #2420 fix: increase album/artist thumbnail corner radius by @phanan in #2423 fix: shift tabindex from list/panel wrappers to media list items by @phanan in #2431

[2.27.1] Update NodeBB to 4.11.2 Full Changelog test manual dispatcher (3d969f0)

[4.167.0] Update ghost to 6.36.0 Full Changelog Added direct access-code entry for private sites - Jonatan Svennberg Moved private site controls into Access settings (#27390) - John O'Nolan Fixed RTL languages rendering left-to-right in newsletter emails (#27357) - Jannis Fedoruk-Betschki Declared lodash as a phantom dep in apps/admin - Rob Lester Preserved trailing slashes inside admin redirect query values - Rob Lester Fixed admin deep-link redirect when URL has a trailing slash - Rob Lester Fixed What's New banner breaking on null changelog fields - Rob Lester Fixed missing favicon and apple-touch-icon in React admin (#27528) - leafwind Added missing empty state for members (#27463) - Weyland Swart Fixed member import tier mapping (#27612) - Jonatan Svennberg

[1.13.7] Update wiki to 2.5.314 Full Changelog ec36eb2 - update arm docker base to node 24 (commit by @NGPixel) da64dcd - fix windows build missing migration file during tarball creation (commit by @NGPixel)

[2.15.0] Update woodpecker to 3.14.0 Full Changelog docs: bump follow-redirects [#6441] Sanitize agent introduced pipeline/workflow/step state changes and log streaming [#6308] Send 404 if logs are not allowed to access [#6349] Prevent registering as arbitrary agents with system token [#6283] Support one-shot agent execution mode [#6150] Add external secret extension implementation [#6252] Add Container Registry credential extension [#5993] fix(web): escape HTML in commit messages to prevent XSS [#6523] Add WOODPECKER_FORCE_IGNORE_SERVICE_FAILURE config to preserve non-breaking behavior by default [#6448] Fix when.status filter evaluation and add workflow-level support [#6183]

[2.4.0] Update uptime-kuma to 2.3.0 Full Changelog #7194 fix: Revert "add sorting to status pages" #7312 fix(database): add UPTIME_KUMA_SQLITE_SINGLE_CONNECTION #7304 feat: websocket improve to fix issue #7268 including support authentication (Thanks @sofia-fernandez-six) #7201 feat: add Telnyx messaging provider (Thanks @LuvForAirplanes) #7156 feat: add OracleDB monitor (Thanks @sitiom) #7154 feat: add collapsible groups to status page (Thanks @marco-carvalho) #7248 fix(notification): check for monitorJSON in Stackfield provider (Thanks @jlbrt) #7235 fix(uptime): ensure correct handling of missing time buckets in uptime calculations (Thanks @adrianceding) #7198 fix: Domain expiry doesn't seem to update #7189 (Thanks @shanto) #7125 fix: prometheus metrics have two series for a single monitor when that monitor has tags (Thanks @nicjansma)

[1.1.4] Fixup docs link

[1.25.3] Update ampache to 7.9.3 Full Changelog run:updateCatalogFile: Add -m|--move parameter to move file in the database to a new location run:updateCatalogFolder: Add -m|--move parameter to move all music in a folder to a new location Catch any Garbage Collection error for Albums Garbage collection for Albums missing from the album table License checks on upload not considering int ID's Star ratings scale Advanced Random actions missing joins for Artist and Album Don't limit Album track display by page size Extended orphan_album check in Song search Correct structuredLyrics array

[3.3.0] Update Rocket.Chat to 8.4.0 Full Changelog Adds file thumbnails with image preview to the message composer attachments Adds a new REST endpoint to accept or reject media calls without an active media session Adds externalIds field to livechat visitors for external platform identification. Adds a skipTranspile flag (default false) to webhook integrations. When set to true, the integration script is stored as-is without Babel transpilation matching the 9.0.0 default where Babel is removed entirely. Admins can flip the flag per-integration to validate strict-mode compatibility before upgrading. The field is deprecated and will be removed in 9.0.0. Updates omnichannel routing so agents with offline status are always excluded from assignment. The Livechat_enabled_when_agent_idle setting now only affects agents with away status. Introduces Cold Storage Archiving for Read Receipts to improve performance and scalability in large deployments. Fixed UI becoming unresponsive after clicking "See on Engagement Dashboard" from the workspace info card, which required a manual page refresh to recover. Fixes a bug that could remove all of a user's subscriptions when the user was re-added to a room while still banned. Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates) Fixes an issue where the Omnichannel routing system ignored the Livechat_accept_chats_with_no_agents setting. Now, offline agents are correctly considered for assignment when the setting allows it.

[1.35.0] Update calibre to 9.8.0 Full Changelog

[1.52.0] Update gotenberg to 8.32.0 Full Changelog Reverted SSRF defaults (breaking vs 8.31.0). 8.31.0 blocked private-IP destinations by default, which broke deployments running Gotenberg inside a private network. 8.32.0 restores the 8.30.x permissive defaults. Operators with internet-facing APIs opt into the strict posture via the new flags below. Rejected file:// at /forms/chromium/convert/url. Submitting url=file:///tmp/... used to let an unauthenticated caller enumerate the request working directory and read other in-flight uploads as rendered PDFs. The route now returns HTTP 400 for any file:// URL. Required uploaded file for image / pdf stamp and watermark sources. Twelve callsites accepted stampSource=pdf or watermarkSource=pdf with an expression pointing at any path the Gotenberg process could open, even when no file was uploaded. Handlers now return HTTP 400 unless the caller uploaded a matching file. Scoped file:// sub-resources to the request working directory. Crafted HTML could reference another request's file:///tmp/<reqdir>/.... The CDP request handler now restricts file:// sub-resources to the current request's directory. /convert/url and /screenshot/url reject every file:// sub-resource outright. Hardened Chromium against DNS rebinding. A short-TTL DNS authority could return a public IP at validation and a private IP at connect. A loopback HTTP / CONNECT proxy now sits between Chromium and the network, resolves DNS once, and pins the dial to the resolved IP. Skipped when --chromium-proxy-server or --chromium-host-resolver-rules is set. Filtered LibreOffice outbound fetches through a proxy. Uploaded OOXML, RTF, and ODF files can embed external URLs that LibreOffice's libcurl resolves below every Go-side SSRF filter. LibreOffice now routes every outbound fetch through an in-process forward proxy on the same gotenberg.DecideOutbound path Chromium and webhook delivery use. See the four new flags below. Recovered webhook async panics. High-concurrency webhooks could panic the async goroutine and crash the whole process. The goroutine now snapshots the request context and recovers any future panic through the existing error path. LibreOffice outbound URL filtering. Four flags mirror the Chromium and webhook layout: --libreoffice-allow-list, --libreoffice-deny-list, --libreoffice-deny-private-ips, --libreoffice-deny-public-ips. All default permissive. IP-class filtering on four modules. chromium, webhook, api-download-from, and libreoffice each accept matching deny-private-ips and deny-public-ips flags. All default to false. Charts print as blank rectangles (#1531, #1532, #1534, #1535 chromedp v0.15.0 suspended the BeginFrame-driven callback dispatch loop under emulatedMediaType=print. requestAnimationFrame, ResizeObserver, IntersectionObserver, CSS transitionend, and CSS animationend all stopped firing. Pinning chromedp back to v0.14.2 restores native dispatch.

[1.11.0] Update Kavita to 0.9.0 Full Changelog Added: Kavita now has a dedicated queue for downloads with auto-processing, series will now deconstruct to individual items, and it's persistent between reloads. Added: Added the ability to export a reading list to CBL v1 or v2 support Added: You can now craft and save Smart Filters for Reading lists and bind them to your Side Nav/Dashboard as you would Series-based. Changed: Version update checking has been drastically streamlined and made less annoying. Backoff support is implemented, after 5 prompts, Kavita will stop pestering you to update. Changed: Fixed how Kavita creates transactions with SQLite to reduce the 'database is locked' issue. From my testing, database is locked which was happening during reading (webtoon) and from some concurrent scans were eliminated. Changed: Removed all Deprecated APIs (this was communicated last release, I reached out to the big app providers) Fixed: Fixed a lot of endpoints missing access checks Fixed: Fixed the scanner merging several series into one under specific circumstances Fixed: Fixed panels not properly working with the new reading sessions Fixed: Fixed Volume progress tracking not working on Mihon (Thanks @Nedra1998 )