Cloudron Forum

[1.39.0] Update nocodb to 2026.05.1 Full Changelog

[0.11.0] Update twenty to 2.4.0 Full Changelog Add description to oAuth_only app created by @martmull in #20336 Fix plan-required modal issue by @etiennejouan in #20346 fix: workspace member "me" filters now work in dashboard widgets by @QuantumByteMaster in #20266 feat: add email forwarding message channel by @FelixMalfait in #19535 feat(public-domain): bind public domains to apps + reorganize settings by @FelixMalfait in #20360 fix(messaging): reset sync state when IMAP/SMTP/CalDAV credentials are updated by @fucx in #20405 [AI] Add thread actions, filters, and archive support by @ehconitin in #20068 feat(apps): generic OAuth provider support for app SDK by @FelixMalfait in #20181 [Dashboards] [Warning] Remove gauge chart support and delete existing widgets by @ehconitin in #20172 feat(apps): split AI tool and workflow action triggers in LogicFunction manifest by @FelixMalfait in #20208

[2.5.0] Cloudron OIDC login integration

[2.20.7] Update espocrm to 9.3.7 Full Changelog Maintenance updates.

[1.6.1] fix: Mod support

[1.3.0] Update seaweedfs to 4.26 Full Changelog rust(seaweed-volume): distributed EC read across peer servers by @chrislusf in #9516 fix(ec): mount falls back to sibling-disk .ecx (fixes #9519) by @chrislusf in #9521 fix(ec): blanket-clean every destination over the full shard range by @chrislusf in #9512 fix(ec): mirror EC sidecars onto every shard-bearing disk at startup by @chrislusf in #9525 fix(iceberg): dial filer gRPC address verbatim in plugin worker by @chrislusf in #9527 helm: decouple JWT signing from cert-manager mTLS (fixes #9506) by @chrislusf in #9508 fix: ListBucketsHandler for pathStyleDomains by @kmlebedev in #9510 iam: honor configured credential store for IAM API policies and propagate to S3 caches (fixes #9518) by @chrislusf in #9522 filer/iam-grpc: make admin Bearer auth opt-in (fixes #9509) by @chrislusf in #9514 admin: convert filer address to gRPC form before dispatch by @chrislusf in #9523

[2.87.0] Update tt-rss to b6c12be

[1.45.0] Update languagetool to 67944e7

[1.19.2] Update core to 2026.5.2 Full Changelog Fix ValueError for non-numeric value in LG ThinQ ([@LG-ThinQ-Integration] - [#166300]) (lg_thinq docs) Fix non unique_id for Comelit ([@chemelli74] - [#169756]) (comelit docs) Fix local API incorrectly marking devices as unavailable in Overkiz ([@iMicknl] - [#170118]) (overkiz docs) Fix homematicip_cloud config entry setup crash after migration to 2026.5.0 ([@lackas] - [#170156]) (homematicip_cloud docs) Fix MQTT device discovery not using shared QoS and encoding options ([@jbouwh] - [#170195]) (mqtt docs) Add target flow level and mode end time sensors to Duco integration ([@ronaldvdmeer] - [#169298]) (duco docs) Fix fractional setpoints in Matter climate not rounded ([@TheJulianJES] - [#170442]) (matter docs) Fix duplicate doorbell events when entity becomes unavailable ([@jbouwh] - [#170354]) (alexa docs) Fix hassio.backup_partial AttributeError when folders are specified ([@agners] - [#170312]) (hassio docs) Migrate Duco to python-duco-connectivity and remove temperature sensors ([@ronaldvdmeer] - [#170237]) (duco docs) (breaking-change)

[1.13.4] Update dolibarr to 23.0.3 Full Changelog FIX: #36589 (#38037) FIX: broken feature with api auth and Multicompany transverse mode (#37868) FIX: do not print Extrafields in PDF if printable is 0 (#37789) FIX: draft invoice paid when add absolute discount == remain to pay (#38104) FIX: IDOR on messaging.php - Credit Aksoum Abderrahmane FIX: Some remaining cross-customer object creation on API (proposal, orders) - Credit Mitch311 FIX: Can use AI module to make SSRF call. Credit Dilip FIX: #GHSA-crgg-h74r-2m8r (#37636) FIX: SQL Injection via Operator Injection in Contract Service List SEC: Better sanitization param for GETPOST of htmlheader of website page - See commit bbbbb56

[2.94.0] Update searxng to d7e8b7c

[1.26.0] Update ntfy to 2.23.0 Full Changelog Add per-visitor rate limit on new topic creations (visitor-topic-creation-limit-burst / visitor-topic-creation-limit-replenish, defaults 100 burst / 1m replenish) to mitigate topic-enumeration / squatting attacks that inflate the in-memory topic map Remove stacktrace-js, stacktrace-gps, humanize-duration, and js-base64 from the web app to reduce dependency and security footprint Restrict the publish dialog's local file preview to safe image types (png/jpg/gif/webp) to prevent same-origin script execution from blob URLs when previewing a crafted SVG (GHSA-j8hr-p342-xrmh, thanks to @Venukamatchi for reporting)

[1.99.0] Update audiobookshelf to 2.35.0 Full Changelog Access token refresh grace period (fixes frequently needing to re-login) #4630 by @nichwall in #5004 Listening sessions from Android app showing device name as Abs iOS RSS feeds serving m4b files with incorrect Content-Type #5041 by @brandonfhall in #5221 Book & podcast descriptions from audio files are sanitized cancel_scan and set_log_listener socket events validate account type and log level

[1.42.0] Update weblate to 2026.5 Full Changelog Added MDX files support for translating Markdown text while preserving JSX syntax, with File format parameters shared with Markdown files for line wrapping, code blocks, front matter, and placeholder handling. Added extended LLM translation context for automatic suggestions, covering string context, explanations, secondary-language translations, plurals, failing checks, and placeholders. CSV and XLSX downloads in Downloading translations now export plural strings as separate plural-form rows that can be imported back. Hardened search previews and Automatic suggestions suggestion origins against XSS, and stopped exposing database error details in upload failures. Screenshot URL uploads, remote HTML extraction in JavaScript localization CDN, and URL health-check redirects now reject internal or non-public targets by default. Per-project access tokens expiring today now remain valid until the end of the day. The dos-eol flag is no longer supported. Use the dos_eol File format parameters instead. The set_language_team project attribute has been replaced with the po_set_language_team file format parameter at the component level; see File format parameters. Weblate now uses calendar versioning for releases, see Release cycle. The upgrading policy was changed, and upgrades are only supported from the current or previous calendar year.