Rallly - Package Updates

Package Updates

[2.4.0]

• Update rallly to 4.4.0
• Full Changelog
• Improved the formatting of the email that gets sent out when finalizing a poll so that it is recognized as a calendar invite by email clients
• Added uid to the ICS file so that event details are synchronized across all attendees when changes are made
• Added sequence so to keep track of changes to the event such as cancellation
• Added EMAIL_LOGIN_ENABLED which can be set to false to limit login to SSO
• Added REGISTRATION_ENABLED which can be set to false to disable the registration page
• Improved the default configuration to reject unauthorized certifications when using TLS
• Deprecated SMTP_TLS_ENABLED and introduced SMTP_REJECT_UNAUTHORIZED instead

Package Updates

[2.4.1]

• Update rallly to 4.4.1
• Full Changelog
• Fix participant count by @​lukevella in #​1944
• New Crowdin updates by @​lukevella in #​1943
• New Crowdin updates by @​lukevella in #​1946

Package Updates

[2.4.2]

• Make pnpm use /home/cloudron to solve prisma issue

Package Updates

[2.5.0]

• Update rallly to 4.5.3
• Full Changelog
• Handle legacy google and microsoft redirect uris
• Enable PKCE for OIDC provider
• Fixes an issue causing OIDC login to fail due to mismatched redirect URIs.
• Update posthog
• New Crowdin updates
• Use next-runtime-env to read runtime env values
• Trim user input
• Fix broken compatibility with previous oidc redirect uri
• Fix incorrect auth client base url
• Added support for password-based login

Package Updates

[2.5.1]

• Update rallly to 4.5.4
• Use multistage build for smaller image
• Full Changelog
• This patch release delivers important security fixes and hardens permission checks across the app. We recommend upgrading as soon as possible.
• Patched vulnerabilities affecting authorization checks and comment/participant operations.
• CVE-2025-65020
• CVE-2025-65021
• CVE-2025-65028
• CVE-2025-65029
• CVE-2025-65030
• CVE-2025-65031
• CVE-2025-65032
• CVE-2025-65033

Package Updates

[2.5.2]

• Update rallly to 4.5.5
• Full Changelog
• Default to pro space when self-hosting by @lukevella in #2031
• Fix issue where user cannot be deleted by @lukevella in #2032
• Hide pro badge in pro space by @lukevella in #2034
• Show pinging indicator when there are invisible options by @lukevella in #2036
• Fix email not being sent in users preferred language by @lukevella in #2037

Package Updates

[2.5.3]

• Update rallly to 4.5.6
• Full Changelog
• Patched vulnerability where participant data is exposed through the API even when option to hide the participant list is enabled.

Package Updates

[2.5.4]

• Update rallly to 4.5.7
• Full Changelog
• This is a critical security update that upgrades Next.js to address CVE-2025-66478. We strongly recommend all users upgrade to this version immediately.

Package Updates

[2.5.5]

• Update rallly to 4.5.8
• Full Changelog
• This release includes updates to dependencies, adds missing translations and fixes a bug where emails for scheduled events are not delivered to a participant's email address.

Package Updates

[2.5.6]

• Update rallly to 4.5.9
• Full Changelog
• This release fixes an issue where participants are not able to edit their response using the link they receive in their confirmation email when their session is expired or they are not logged in.