Cloudron Forum

[1.98.0] Update audiobookshelf to 2.34.0 Full Changelog Japanese language and Japan as podcast search region by @na3shkw in #5211 Autocomplete attributes on login and setup fields for password manager support by @meek2100 in #5089 Recent episodes not updating from cache when media progress changes in #5159 Error logging when a podcast's auto-download schedule has an invalid cron expression Public media item shares: use start time passed in query parameter for existing sessions by @pjkottke in #5163 Podcast episode downloads use SSRF filtering on the HTTP request (matches other external requests) Podcast create and update validate the auto-download schedule cron expression and sanitizes the HTML description Playlists, collections, and library item batch API routes enforce library and per-item access

[2.0.0] Update memos to 0.28.0 Full Changelog Breaking change: Existing SSO users must link their identity again - If you previously signed in through SSO, sign in once with your username and password after upgrading, then go to Account Settings to link your SSO identity. After the identity is linked, future SSO sign-ins will resolve to your existing Memos account. feat: auth: add SSO user identity linkage (#5883) (d688914) feat: memos: choose created or updated time for memos (#5894) (c268551) feat: redesign account and SSO management (#5886) (ee17998) fix: auth: harden authorization and username validation (#5890) (0fb83a7) fix: disable modal prop on DropdownMenu to prevent scroll disappearing (#5861) (d98f665) fix: fix legacy username auth flows (#5885) (30c0611) fix: markdown: split mixed task and bullet lists (e2c6084) fix: reduce list memo query overhead (#5880) (5063804) fix: web: preserve task checkbox state (#5867) (b5863d7)

[1.38.1] Update gitea to 1.26.1 Full Changelog Add event.schedule context for schedule actions task (#37320) (#37348) Fix an issue where changing an organization's visibility caused problems when users had forked its repositories. (#37324) (#37344) Use modern "git update-index --cacheinfo" syntax to support more file names (#37338) (#37343) Fix URL related escaping for oauth2 (#37334) (#37340) When the requested arch rpm is missing fall back to noarch (#37236) (#37339) Fix actions concurrency groups cross-branch leak (#37311) (#37331) Fix bug when accessing user badges (#37321) (#37329) Fix container auth for public instance (#37290) (#37294) Fix Mermaid diagrams failing when node labels contain line breaks (#37296) (#37299) Fix: dump with default zip type produces uncompressed zip (#37401) #37402

[1.30.1] Update changedetection.io to 0.55.3 Full Changelog

[1.21.3] Update Wallos to 4.8.4 Full Changelog improve date formatting with IntlDateFormatter fallback (b2c565f) (#1048) (8d43623) missing year for subscription next payment display (ca5823d) (8d43623)

[3.12.1] Update firefly-iii to 6.6.2 Full Changelog MR 12179 (implement password validation JS script) reported by @tasnim0tantawi MR 12182 (fix shrinked sidebar expanding when navigating by clicking on icons) reported by @tasnim0tantawi Issue 12169 (The 'Running balance' column is not showing the respective calculation instantly for new records that use 'Rules') reported by @jgmm81 Issue 12186 (Set a year validator accepted by the system when saving or editing a transaction) reported by @jgmm81 Fixed an issue where oAuth tokens could be generated before you confirmed your 2FA state. This would allow access to your data when your password was stolen, despite you having MFA enabled.

[1.17.11] Update loomio to 3.0.22 Full Changelog STV (Single Transferable Vote) poll type beta. Anonymous by default, results hidden until the poll closes. The form shows a warning asking users to report bugs and feedback on GitHub. Cloudflare Turnstile challenge on password sign-in, login-token requests, signup, and trial creation. Admin login-link sign-in bypasses the challenge; sign-in with a login code also bypasses it. Fixed SQL injection in HasTimeframe via timeframe_for. Blocked SSRF in the link preview service; link previews now require auth and are throttled to 20/hour per user. Direct upload size limit (25 MB trial, 1 GB paid); blocked dangerous uploads. Bumped vue-i18n to 9.14.5 (XSS + prototype pollution). Refresh a user's groups after joining or being added to a group. Return a token error on session failure when a login token is pending; translate sessions errors server-side; surface server errors on login code entry. Fix demo poll cloning (missing opening_at/opened_at). Translation fixes: needs_a_rethink_meaning, "vote in" "vote on", German typo in discard.

[3.11.0] Update Stirling-PDF to 2.10.0 Full Changelog Users can now set a default startup view and reader zoom preferences for desktop new pixel compare mode in PDF Compare tool to compare formatting and other changes Improved memory efficiency of API calls Improved thumbnail speed and rendering and fixed thumbnail bugs Support AppImage files for desktop release (This is new so please report any bugs you have!) Support RPM Builds for desktop release (This is new so please report any bugs you have!) Support Homebrew, AUR, Scoop and winget for desktop release! More to come soon, as well as for server releases File sharing bugs for SSO users Thumbnail rendering issues Encrypted PDF modal not working

[0.5.0] Update seaweedfs to 4.22 Full Changelog fix(shell): volume.fsck keeps going past a single broken chunk manifest by @chrislusf in #9140 feat(shell): fs.mergeVolumes deletes source needles after filer update by @chrislusf in #9160 feat(security): hot-reload HTTPS certs without restart (k8s cert-manager) by @chrislusf in #9181 fix(master): register EC shards per physical disk on full heartbeat sync (#9212) by @chrislusf in #9219 feat(iam): allow caller-supplied AccessKeyId and SecretAccessKey in CreateAccessKey by @JonNesvold in #9172 fix(s3api): correct SSE-S3 decryption key handling in multipart uploads by @os-pradipbabar in #9211 fix(s3api): stream multipart-SSE chunks lazily to avoid truncated GETs (#8908) by @chrislusf in #9228 feat(credential/postgres): inline policies, mTLS and pgbouncer connection support by @JonNesvold in #9226 fix(nfs): make Linux mount -t nfs work without client workaround (#9199) by @chrislusf in #9201 fix(mount): sanitize non-UTF-8 filenames; keep marshal errors per-request by @chrislusf in #9207

[1.16.9] Update freescout to 1.8.218 Full Changelog Added indexes to several tables (#5328) Fixed decoding ISO-2022-JP emails (#5356) Require DB Password and check PHP Path direcotory in tools.php (Security: GHSA-jx2w-fhmw-rg39) Patched PHPUnit (Security: GHSA-qrr6-mg7r-m243) Fixed Helper::linkify() for emails (#5362) Do not allow to merge convesation with itself. Fixed linking messages into conversations (#5372) Fixed fetching emails into multiple mailboxes (#5368) Do not log "Untrusted host" error (#5361) Allow to use CIDR in APP_REMOTE_HOST_WHITE_LIST (#5363)