What's coming in Cloudron 10
-
Login sessions is now much better. It individually lists the sessions and you can also log out from those specifically (or all of them).
I think there was always some confusion about "app" oidc sessions and I looked into this. In theory, we can list the app sessions in the UI below as well. But clearing a app oidc session, will only clear the session from the Cloudron side. Practically speaking, all apps maintain their own session and this means the app will still remain logged in. So, we have decided to not list them here to avoid any confusion.
If you want to truly log out (from say some kiosk):
- Click "log out from all" in cloudron dashboard. At this point, Cloudron will ask apps which want to authenticate afresh to re-login.
- Log out from apps that were already logged in previously one by one.
-
We will be working on the following for Cloudron 10. mail server needs a bunch of housekeeping and fixes and will be the focus for this release.
Mail related:
- mail: allow cloudron email to be used as a mail relay. this will allow one cloudron to relay emails via another cloudron without having to disable mail from validation.
- mail: fix mail forwarding. there's been lots of bug reports on this feature. have to investigate the root cause
- mail: admin notes field for mailboxes and lists
- mail: housekeeping task. we want to move away from usage of ldap for auth entirely. many of the node ldap modules have become unmaintained
- mail: housekeeping task. the mail database is partly in box code and partly in mail server. have to move everything into mail server. this will help us implement backup/restore of mail nicely as well.
- mail: expose mailbox indexing and spam learning status in the UI
Non-mail related:
- Ubuntu 26.04 support
- Improved progress reporting - show percentage complete and elapsed/estimated time for backups and app installations
- Convert backup site creation dialog to a view
- Policy change: self updating ubuntu packages will be permitted i.e apt update and apt upgrade is allowed.
- Personal access tokens will be renamed to API tokens.
- VPN protection of apps
girish said:
Ubuntu 26.04 support
We will have Ubuntu 26.04 LTS Resolute Raccoon support next release. I have managed to test this across most of the providers we support. We will have a guide during release time to upgrade manually from Ubuntu 24.04.
Before someone asks, I don't know the ETA for Cloudron 10 yet, I think we will need 2-3 weeks more at least.
-
Most of my work related software upgrades take YEARS to release with hotfixes taking months after constant community reporting and uproar. Meanwhile, Cloudron staff push major updates in WEEKS and hotfixes in hours. You're spoiling us, guys. Keep up the amazing work!
-
girish said:
Ubuntu 26.04 support
We will have Ubuntu 26.04 LTS Resolute Raccoon support next release. I have managed to test this across most of the providers we support. We will have a guide during release time to upgrade manually from Ubuntu 24.04.
Before someone asks, I don't know the ETA for Cloudron 10 yet, I think we will need 2-3 weeks more at least.
-
Just to make sure, someone will still ask at least bidailyβ¦:
-
Since we are getting swarmed by bots and crawlers (including our gitlab/forum/crm), we decided to include some features that will help in protecting apps. The first one is VPN protection. With this feature, people can access apps only via the VPN.
In the network UI, there is a setting called "VPN protection". First enable the feature and select how to route the client traffic.
There is a per-app checkbox to VPN protect the app:
If you try to access mautic now without a VPN connection, you will see (placeholder):
With OpenVPN/Wireguard connection, you will see mautic .
Of course, this feature is mostly useful for internal apps. For public facing apps (like ghost, gitlab, nodebb), we are working on a different solution.
-
We will be working on the following for Cloudron 10. mail server needs a bunch of housekeeping and fixes and will be the focus for this release.
Mail related:
- mail: allow cloudron email to be used as a mail relay. this will allow one cloudron to relay emails via another cloudron without having to disable mail from validation.
- mail: fix mail forwarding. there's been lots of bug reports on this feature. have to investigate the root cause
- mail: admin notes field for mailboxes and lists
- mail: housekeeping task. we want to move away from usage of ldap for auth entirely. many of the node ldap modules have become unmaintained
- mail: housekeeping task. the mail database is partly in box code and partly in mail server. have to move everything into mail server. this will help us implement backup/restore of mail nicely as well.
- mail: expose mailbox indexing and spam learning status in the UI
Non-mail related:
- Ubuntu 26.04 support
- Improved progress reporting - show percentage complete and elapsed/estimated time for backups and app installations
- Convert backup site creation dialog to a view
- Policy change: self updating ubuntu packages will be permitted i.e apt update and apt upgrade is allowed.
- Personal access tokens will be renamed to API tokens.
- VPN protection of apps
Policy change: self updating ubuntu packages will be permitted i.e apt update and apt upgrade is allowed.
I'm intrigued as to
- why the change, and
- how this is being handled.
There was obviously a good reason to not do this in the past, i.e. it might break things.
But presumably you've made changes so that it now can't break things? What have you done?
-
Since we are getting swarmed by bots and crawlers (including our gitlab/forum/crm), we decided to include some features that will help in protecting apps. The first one is VPN protection. With this feature, people can access apps only via the VPN.
In the network UI, there is a setting called "VPN protection". First enable the feature and select how to route the client traffic.
There is a per-app checkbox to VPN protect the app:
If you try to access mautic now without a VPN connection, you will see (placeholder):
With OpenVPN/Wireguard connection, you will see mautic .
Of course, this feature is mostly useful for internal apps. For public facing apps (like ghost, gitlab, nodebb), we are working on a different solution.
-
Policy change: self updating ubuntu packages will be permitted i.e apt update and apt upgrade is allowed.
I'm intrigued as to
- why the change, and
- how this is being handled.
There was obviously a good reason to not do this in the past, i.e. it might break things.
But presumably you've made changes so that it now can't break things? What have you done?
I'm intrigued as to
why the change, and how this is being handled.What has changed is a mix of many things. Some VPS providers have automated calling apt update/upgrade on server start up. They have also started flagging outdated packages as security warnings, and it shows up in the VPS dashboard or MOTD with some fearmongering message. Server admins are also running updates randomly despite what we say anyway. I think a big increase here is because of suggestions by LLMs. People are running some automated AI security checks on the server and without fail it spots "20 packages to be updated" and flags it as if it is the end of the world
I think we are just accepting that we cannot fight this, just have to live with all this. One good thing is over the years Cloudron depends very little on system ubuntu packages. So, there is not much harm in running apt update anymore.
-
While I appreciate the upcoming mail related features and fixes, there is still one crucial feature left out that was talked about for years: Auto/Custom BCC for incoming/outgoing mail
We need to make them archivable to comply with german GoBD law. Setting this at client level would not pass as the law requires seamless documentation without user influence. This is not limited to german law but is generally useful for any company that needs to document business processes comprehensively. I know a lot of companys and freelancers lacking DMS systems, mostly because its complicated and can be very expensive.
Best case would be the ability to set global BCC per mailbox within Cloudron.
-
Since we are getting swarmed by bots and crawlers (including our gitlab/forum/crm), we decided to include some features that will help in protecting apps. The first one is VPN protection. With this feature, people can access apps only via the VPN.
In the network UI, there is a setting called "VPN protection". First enable the feature and select how to route the client traffic.
There is a per-app checkbox to VPN protect the app:
If you try to access mautic now without a VPN connection, you will see (placeholder):
With OpenVPN/Wireguard connection, you will see mautic .
Of course, this feature is mostly useful for internal apps. For public facing apps (like ghost, gitlab, nodebb), we are working on a different solution.
-
I love the idea of handling bots. Currently I use a script from some sites but itβs more spam-based and unfortunately the API in Cloudron will only handle so many network addresses (or specifically a max size of PUT I believe) so I canβt keep expanding the list of IP firewall lists I want to use for blocking traffic.
Lately this has become an issue for me for a few reasons but notably Iβm finding too much bot traffic showing up in website analytics when using Matomo or Umami, and even third-party app Rybbit, and I have been trying to find a way to fight this so that the analytics is more accurate. If thereβs a way to better fight this at the network layer in Cloudron I think that would be fantastic. At the very least though I think increasing the size allowed for network lists would be very helpful so that we can include more IP addresses.
Also, I love that mail is finally getting the attention it much deserves. Looking forward to that.
I think apart from what one person mentioned which is domain-based SpamAssassin rules or changing scores for example depending on the type of spam they receive, itβd be really nice if we could easily configure SpamAssaasin in the UI for resetting training data and forcing a rescan of spam and ham folders, as well as the ability to note which folders should or should not be treated as ham or spam so that we can add in our own for example.
Just something else to consider.
Thank you for all the hard work! Looking forward to v10.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better π
Register Login