Rallly - Package Updates

Package Updates

[2.1.1]

Package Updates

[2.1.2]

Package Updates

[2.2.0]

Update rallly to 4.2.0
Full Changelog
Fix issue where wrong start time is shown on event page by @lukevella in https://github.com/lukevella/rallly/pull/1791
Add option to cancel a scheduled event by @lukevella in https://github.com/lukevella/rallly/pull/1800

Package Updates

[2.3.0]

Update rallly to 4.3.1
Full Changelog
Fix missing PORT environment variable that caused healthcheck failures in Docker containers
Spaces allow you to organize your polls and events into different areas. You can also invite team members to share and collaborate within a space.
This release reintroduces ARM support for the official docker image.
Various stability improvements

Package Updates

[2.4.0]

Update rallly to 4.4.0
Full Changelog
Improved the formatting of the email that gets sent out when finalizing a poll so that it is recognized as a calendar invite by email clients
Added uid to the ICS file so that event details are synchronized across all attendees when changes are made
Added sequence so to keep track of changes to the event such as cancellation
Added EMAIL_LOGIN_ENABLED which can be set to false to limit login to SSO
Added REGISTRATION_ENABLED which can be set to false to disable the registration page
Improved the default configuration to reject unauthorized certifications when using TLS
Deprecated SMTP_TLS_ENABLED and introduced SMTP_REJECT_UNAUTHORIZED instead

Package Updates

[2.4.1]

Package Updates

[2.4.2]

Package Updates

[2.5.0]

Package Updates

[2.5.1]

Update rallly to 4.5.4
Use multistage build for smaller image
Full Changelog
This patch release delivers important security fixes and hardens permission checks across the app. We recommend upgrading as soon as possible.
Patched vulnerabilities affecting authorization checks and comment/participant operations.
CVE-2025-65020
CVE-2025-65021
CVE-2025-65028
CVE-2025-65029
CVE-2025-65030
CVE-2025-65031
CVE-2025-65032
CVE-2025-65033

Package Updates

[2.5.2]

Package Updates

[2.5.3]

Update rallly to 4.5.6
Full Changelog
Patched vulnerability where participant data is exposed through the API even when option to hide the participant list is enabled.

Package Updates

[2.5.4]

Update rallly to 4.5.7
Full Changelog
This is a critical security update that upgrades Next.js to address CVE-2025-66478. We strongly recommend all users upgrade to this version immediately.

Package Updates

[2.5.5]

Update rallly to 4.5.8
Full Changelog
This release includes updates to dependencies, adds missing translations and fixes a bug where emails for scheduled events are not delivered to a participant's email address.

Package Updates

[2.5.6]

Update rallly to 4.5.9
Full Changelog
This release fixes an issue where participants are not able to edit their response using the link they receive in their confirmation email when their session is expired or they are not logged in.

Package Updates

[2.5.7]

Update rallly to 4.5.10
Full Changelog
This release includes important security updates to address vulnerabilities in React Server Components (RSC) protocol.
We've updated Next.js and React to fix two additional vulnerabilities (CVE-2025-55183, CVE-2025-55184) that were discovered while security researchers examined the patches for React2Shell.
Important: Neither of these new issues allow for Remote Code Execution. The patch for React2Shell remains fully effective.
These vulnerabilities originate in the upstream React implementation. This release addresses the downstream impact on Next.js applications using the App Router.
For full details, see the React blog post.
All users are strongly encouraged to update to v4.5.10 as soon as possible to ensure they are protected against these vulnerabilities.

Package Updates

[2.5.8]

Package Updates

[2.5.9]

Update rallly to 4.5.12
Full Changelog
Fixed an issue where some Microsoft users couldn't log in after signing up with an older version of the app
Fixed an issue where users with invalid/expired sessions were not able to access the login screen
Update translations

Package Updates

[2.5.10]

Update rallly to 4.5.13
Full Changelog
This release contains updates to upstream dependencies that include important security fixes. Please update to this version as soon as possible.

Package Updates

[2.5.11]

Update rallly to 4.5.14
Full Changelog
Fixed an issue where anonymous users were incorrectly included in the total user count and displayed in the control panel.

Package Updates

[2.6.0]

Update rallly to 4.6.1
Full Changelog
This patch fixes an issue where the edit link that is emailed to participants would expire, preventing them from making changes to their response.
Full dark mode support across the entire application. Users can switch between light, dark, or system themes from their preferences.
Customize your Rallly instance with your own branding. Available as an add-on for Enterprise license holders. Learn more.
Custom application name
Custom primary colors (light and dark mode)
Custom logos
Option to hide "Powered by Rallly" attribution
Participant avatars now automatically display Gravatar images when available.
Various performance improvements, UI refinements, and bug fixes throughout the application.

Cloudron Forum