Cloudron Forum

[2.12.0] Update prometheus to 3.12.0 Full Changelog [SECURITY] Remote-write: Reject snappy-compressed requests whose declared decoded length exceeds the 32MB. Thanks to @hibrian827 for reporting it. #18642 [SECURITY] STACKIT SD: Fix secrets being exposed in plaintext via /-/config endpoint. Thanks to @August829 and @Phaxma for reporting. GHSA-39j6-789q-qxvh #18649 [CHANGE] TSDB/Agent: Adds Start Timestamp field to all WAL Histogram samples in memory; used st-storage flag is enabled. #18221 [FEATURE] API: Add /api/v1/status/self_metrics endpoint returning the current state of the Prometheus server's own metrics about itself as JSON. #18411 [FEATURE] Discovery: Add DigitalOcean Managed Databases service discovery #18287 [FEATURE] PromQL: Add start(), end(), range(), and step() experimental functions #17877 [FEATURE] UI: Add a web interface for deleting time series and cleaning tombstones, accessible from the Status menu. #18390 [BUGFIX] PromQL: Fix info() function incorrectly handling negated __name__ matchers #17932 [BUGFIX] Config: Validate remote_write queue_config fields at load time to prevent runtime panic and silent misconfiguration. #18209 [BUGFIX] TSDB: panic with native histograms during query of overlapping chunks. #18692

[4.25.2] Update n8n to 2.22.5

[1.37.12] Update uv to 0.11.17

[1.99.1] Update audiobookshelf to 2.35.1 Full Changelog Duplicate refresh tokens across sessions can cause unexpected logout #5253 by @nichwall in #5255 Server crash when renaming an author to another author when they are both on the same book #5247 by @nichwall in #5256 Server crash when invalid metadata.json is scanned in #5268 Sequelize user queries to use direct case-insensitive username/email matching

[2.7.29] Update mirotalksfu to 2.2.86

[1.17.0] Update pocketbase to 0.39.0 Full Changelog Added new "SQL console" section under Settings > Debug allowing executing any raw SQL query from the UI (#2236; #7638). Send system email alerts to superusers in case of an error with the automated backups (#7698). fixed logs bulk selection export error optimized logs and records list rendering allowed word breaking in labels text contrast improvements registered missing oidc2 and oidc3 option fields updated default email template texts for consistency updated modernc.org/sqlite to v1.51.0

[6.1.1] Update mautic to 7.1.2 Full Changelog CVE-2026-4776: SQL Injection in API Contact Filtering Advisory: GHSA-fcmw-wx57-9p75 CVE-2026-9557: SSRF in the Mautic Focus Component Advisory: GHSA-jmv8-8j9j-rcpc CVE-2026-9558: Server-Side Template Injection (SSTI) in Theme Templates CVE-2026-9559: Path Traversal via Campaign Import CVE-2026-9808: Authorization Bypass in API v2 Endpoints CVE-2026-9809: Stored Cross-Site Scripting (XSS) in Projects Component CVE-2026-9811: Stored Cross-Site Scripting (XSS) in Project Option Selector Bumping CK editor libraries by @escopecz in #16074

[2.1.0] Update BookStack to 26.05 Full Changelog Upgrade Notices - Folder Permissions - Due to some changes in how fonts are used for exports, after updating you may need to ensure that the storage/fonts folder (and all folders within that) are accessible & writable by the web-server. If you start seeing errors on PDF export after updating, it's likely this issue. See this page for guidance on setting permissions. Revision Access - Revision access & visibility is now controlled separately to pages. In some cases, after upgrading, users may no longer be able to access revisions by default (for example, where users had access to view page content but had no role-level view permissions). Added page contents view to page editor. (#6131, #4218) Added API endpoints for browsing tags. (#6095, #5835) Added custom font load handling for default PDF renderer. (#6109, #148, #719, #5770) Added specific permission for revision viewing. (#6108, #4526) Added Thai language support. (#6105) Fixed misaligned link attachment validation rules. (#6093) Fixed non-ascii character issues in headers on PDF exports. Thanks to @alexwoo-awso. (#6069, #6107)

[2.15.0] Update discourse to 2026.5.0 Full Changelog

[0.15.0] Update rustfs to 1.0.0-beta.5 Full Changelog fix(tooling): harden internode transport benchmark setup by @marshawcoco in #3037 fix(ecstore): harden multipart part metadata visibility by @houseme in #3042 feat(internode): label transport operation metrics by @marshawcoco in #3045 fix(ecstore): allow expired delete markers on locked buckets by @houseme in #3048 feat(internode): define transport capabilities by @marshawcoco in #3047 fix(tls): resolve RUSTFS_TLS_PATH startup regression by @houseme in #3059 fix(replication): avoid skipping existing-object backfill for new targets by @LeonWang0735 in #2992 feat(s3select): improve SelectObjectContent streaming by @GatewayJ in #3072 fix(ecstore): correct is_truncated logic in ListObjectsV2 pagination by @DemoMacro in #2997 fix: unify runtime readiness publication and graceful shutdown flow by @houseme in #3087

[1.3.1] Update docmost to 0.90.1 Full Changelog bug fixes by @Philipinho in #2250

[2.16.0] Update woodpecker to 3.15.0 Full Changelog Support optional flag in depends_on for workflows and steps [#6461] Add config to change default pipeline config paths and extensions [#6580] Allow disabling service workspace volumes in k8s [#6644] Add timezone support for crons [#6597] Add CI_PIPELINE_RERUNS environment variable [#6588] Group logs by command in step logs UI and make them collapsible [#6398] Fix org lookup panic [#6652] local backend: on linux / mac start commands in own process group and kill the group on cancel [#6609] fix(agent): persist agent ID after auth to prevent crashloop duplicates [#6543] fix(gitlab): preserve private flag when webhook payload omits project visibility [#6544]

[1.13.0] Update leantime to 3.8.0 Full Changelog Complete Blade Template Migration: All remaining legacy .tpl.php, .sub.php, and .inc.php templates have been converted to Laravel Blade, completing the frontend template unification. 272 legacy files removed, 200 Blade files added (net reduction of 72 files). (#3362) Mobile API Surface: Backend API changes to support the Leantime Mobile app (first TestFlight beta). (#3395) Task Collaborators: Full multi-collaborator support for task assignment. (#3337) PDO Constant Crash on Shared Hosting Guarded all MySQL-specific PDO constants (MYSQL_ATTR_SSL_VERIFY_SERVER_CERT, etc.) with defined() checks in the database config (#3371) Commenter Role Cannot Comment Fixed enableCommenterForms() not re-enabling submit buttons inside reply comment boxes (#3194, #3186) Wiki Article Creation Fails on Postgres Fixed createArticle() using camelCase sortIndex column name which Postgres rejects (#3382) Ideas Saved to canvasId 0 POST handler in IdeaDialog now reads canvasId from the submitted form with session as fallback (#3181) Kanban Board Cannot Scroll with 8+ Columns Added overflow-x: auto to the kanban row container (#3394) Calendar Zero-Date Crash getCalendar() now skips events with MySQL zero-date sentinels (0000-00-00) instead of crashing the entire calendar feed (#3396) Added Arabic (ar-SA) language support (#3370)

[2.5.2] Update cloudflared to 2026.5.2