Cloudron Forum

[2.6.2] Update cloudflared to 2026.6.1

[2.29.1] Update NodeBB to 4.13.2 Full Changelog register service worker on safari (2ec0987) closes #14355 dont flash unread notif for topics (0e8544b) uids used for priv check (bd7bf5b) dont allow global mods gdpr export (39299bd) prevent uploading thumbs if user does not have upload:image privilege (72defdc) dont mark nids that you don't own read/unread (001e45d) bind hooks module in admin/settings/email define() (#14352) (86fd621) translator.escape chat messages & teasers (7ef400b) closes #14346, make nodebb global available in src/cli (620ab63) closes #14344, fix cron jobs (d23efb4)

[1.22.0] Update hedgedoc to 1.11.0 Full Changelog GHSA-6c2w-8w96-3pcv reports a possible HTML injection via the localpart of an email address. GHSA-qj78-mjch-wwrv reports a possible Denial-of-Service attack using the YAML frontmatter parsing. GHSA-8v9p-5j95-826j reports a possible CSRF attack vector in the GitHub Gist export. GHSA-2f9f-w8xq-276v reports a rate-limiting bypass by abusing the CF-Connecting-IP header. When using Cloudflare in front of HedgeDoc, you should set rateLimitUsingCloudflare in the config.json or CMD_RATE_LIMIT_USING_CLOUDFLARE as environment variable to true. Added a warning page when clicking external links Improve the config.json.example file, which is used by bin/setup Allow configuration of login / signup rate-limits Allow configuration of Cloudflare usage in regards of rate-limits Several improvements in the documentation at https://docs.hedgedoc.org

[1.37.0] Update whitebophir to 2.11.3 Full Changelog

[1.58.2] Update LimeSurvey to 7.0.3+260618 Full Changelog New feature: Extended integrity check to look for orphaned old_question tables (Carsten Schmitz) New feature: Additional check to find orphaned subquestions in integrity check (Carsten Schmitz) Fixed issue: Remove any superflous subquestions on ranking question type before DB migration (Carsten Schmitz) Fixed issue: Ranking subquestions are written as ranking type (Carsten Schmitz) Fixed issue: Extended integrity check to also catch questions that should not have answer options and should not have subquestions (#5064) (Carsten Schmitz)

[1.14.3] Update leantime to 3.9.5 Full Changelog Mobile API Endpoints - Added session-scoped mobile endpoints for the notifications inbox and calendar (#3529) Blueprints Canvas - Fixed a 404 error when adding or editing canvas items (#3544) Editor Mentions - The @mention dropdown now appears directly beneath the caret (#3530) General Fixes - Resolved several recently reported bugs (#3532) symfony/yaml - Promoted to a production dependency (#3543)

[1.1.1] added Multi-Workspace Mode support

[2.45.0] Update Lychee to 7.6.0 Full Changelog Async reverse-geocoding, configurable rate limit, remove Wikimedia map provider by @Copilot in #4275 feat(036): fix direct photo links in large paginated albums via ?page=N by @ildyria in #4294 feat(35) Chunked Archive Download by @ildyria in #4300 feat(34): add bulk album edit by @ildyria in #4296 feat: Add setting to disable embed endpoints and UI. by @ildyria in #4316 feat(37): improved admin panel by @ildyria in #4312 feat(white-label): hide Lychee SE / version branding on login form and all public surfaces by @Copilot in #4335 Fix SSRF on TOCTOU by @ildyria in #4344 Feature 041: supply title/description at upload time; return expected_id in response by @Copilot in #4385 Add support for uploading folders by drag&drop by @ildyria in #4417

[0.3.1] Update urlaubsverwaltung to 6.0.0-RC1 Full Changelog Access validation for "me"-Controller #6231 Keyboard navigation is not supported in search results #6247 Search input is not highlighted in mobile view while results are active #6250

[2.4.3] Update osTicket to 1.18.4 Full Changelog security: Latest Patches 06/2026 (52c366f, 5afdf54, c54a6ac, 1e39bf1, feccb6a, 6eb6b98, 078516e, 98abb05, e52e010, fd96bba, 7bbd8ab, ba6217a, 580e1c8, b535782, 5963797, d590a97, eaebe01, b4cc092, d457c14, 5600f94, 5ff9795, 119cefe, b4ede88, 2a0c388, 6558b33)

[3.0.0] ️ WARNING ️ | [GUIDE] Directus v12 migration | Directus 12 requires a license Update directus to 12.0.2 Full Changelog Added support for non-interactive mode (#27577 by @pklenovic) Fixed user count for users with conflicting direct policy and role (#27720 by @ComfortablyCoding) Added keyboard-editable date entry directly in the datetime field. The field shows its formatted value at rest and swaps to editable date segments on focus, while a calendar button still opens the picker popup. (#27693 by @robluton) Added inline editing support to the JSON repeater interface. (#26863 by @bryantgillespie) Fixed revision snapshots being assigned to the wrong items during batch updates when read order differs (#27407 by @luciemdx) Changed license to MSCL-1.0-GPL (#27417) Changed the default of IP_TRUST_PROXY from true to false to harden the default deployment against IP spoofing. (#27607) Fixed health check results not being shared in multi-instance settings. Restricted /server/health to authenticated users (#27160) Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner) Added JSON filtering, alias and sorting support (#26981 by @br41nslug)

[1.23.0] Update documenso to 2.13.0 Full Changelog feat: add CSC AES/QES signing (v1 instance-wide config) by @Mythie in #2874 feat: add cancellable document status by @Mythie in #2992 fix: include envelopeId in webhook payload by @Mythie in #2998

[1.58.2] Update matomo to 5.11.2 Full Changelog

[1.18.1] Added enable-access-tokens and enable-mcp flags and handler for extra flags

[1.25.1] Update typebot.io to 3.17.2 Full Changelog Configure WhatsApp forwarded events (#2528) [c5516cd] Configure WhatsApp webhook forwarding URL (#2529) [3db24c4] Fix landing page Discord URL (#2512) [b4a7aab] Fix missing result columns in CSV export (#2513) [08cb6ea] Fix OpenAI audio transcription uploads (#2521) [2fd5510] Fix OpenAI chat completions endpoint (#2522) [b252a9c] Fix embedded audio uploads (#2523) [c82ac43] Ignore expected WhatsApp webhook errors (#2527) [3b321f4] Block IPv6 unspecified SSRF targets (#2511) [f56c3c3]