The Asterisk Development Team would like to announce
release candidate 2 of asterisk-23.3.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.3.0-rc2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.3.0-rc2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-23.3.0-rc2

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 2
• Commit Authors: 2
• Issues Resolved: 3
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• George Joseph: (1)
• nappsoft: (1)

Issue and Commit Detail:

Closed Issues:

• 1844: [bug]: cdrel_custom isn't respecting the default time format for CEL records
• 1845: [bug]:res_cdrel_custom produces wrong float timestamps
• 1852: [bug]: res_cdrel_custom: connection to the sqlite3 database closes from time to time

Commits By Author:

• George Joseph (1):

  • res_cdrel_custom: Resolve several formatting issues.

• nappsoft (1):

  • res_cdrel_custom: do not free config when no new config was loaded

Commit List:

• res_cdrel_custom: do not free config when no new config was loaded
• res_cdrel_custom: Resolve several formatting issues.

Commit Details:

res_cdrel_custom: do not free config when no new config was loaded

Author: nappsoft
Date: 2026-04-02

When the res_cdrel_custom modules is reloaded and the config has not been changed asterisk should not free the old config. Otherwise the connection to the database will be closed and no new connection will be opened.

Resolves: #1852

res_cdrel_custom: Resolve several formatting issues.

Author: George Joseph
Date: 2026-03-31

Several issues are resolved:

• Internally, floats were used for timestamp values but this could result
  in wrapping so they've been changed to doubles.

• Historically, the default CEL eventtime format is <seconds>.<microseconds>
  with <microseconds> always being 6 digits. This should have continued to be
  the case but res_cdrel_custom wasn't checking the dateformat setting in
  cel.conf and was defaulting to %F %T. res_cdrel_custom now gets the default
  date format from cel.conf, which will be whatever the dateformat parameter
  is set to or <seconds>.<microseconds> if not set.

• The timeval field formatter for both CDR and CEL wasn't handling custom
  strftime format strings correctly. This is now fixed so you should be able
  to specifiy custom strftime format strings for the CEL eventtime and CDR
  start, answer and end fields. For example: eventtime(%FT%T%z).

Resolves: #1844
Resolves: #1845

The Asterisk Development Team would like to announce
release candidate 2 of asterisk-22.9.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.9.0-rc2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.9.0-rc2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-22.9.0-rc2

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 2
• Commit Authors: 2
• Issues Resolved: 3
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• George Joseph: (1)
• nappsoft: (1)

Issue and Commit Detail:

Closed Issues:

• 1844: [bug]: cdrel_custom isn't respecting the default time format for CEL records
• 1845: [bug]:res_cdrel_custom produces wrong float timestamps
• 1852: [bug]: res_cdrel_custom: connection to the sqlite3 database closes from time to time

Commits By Author:

• George Joseph (1):

  • res_cdrel_custom: Resolve several formatting issues.

• nappsoft (1):

  • res_cdrel_custom: do not free config when no new config was loaded

Commit List:

• res_cdrel_custom: do not free config when no new config was loaded
• res_cdrel_custom: Resolve several formatting issues.

Commit Details:

res_cdrel_custom: do not free config when no new config was loaded

Author: nappsoft
Date: 2026-04-02

When the res_cdrel_custom modules is reloaded and the config has not been changed asterisk should not free the old config. Otherwise the connection to the database will be closed and no new connection will be opened.

Resolves: #1852

res_cdrel_custom: Resolve several formatting issues.

Author: George Joseph
Date: 2026-03-31

Several issues are resolved:

• Internally, floats were used for timestamp values but this could result
  in wrapping so they've been changed to doubles.

• Historically, the default CEL eventtime format is <seconds>.<microseconds>
  with <microseconds> always being 6 digits. This should have continued to be
  the case but res_cdrel_custom wasn't checking the dateformat setting in
  cel.conf and was defaulting to %F %T. res_cdrel_custom now gets the default
  date format from cel.conf, which will be whatever the dateformat parameter
  is set to or <seconds>.<microseconds> if not set.

• The timeval field formatter for both CDR and CEL wasn't handling custom
  strftime format strings correctly. This is now fixed so you should be able
  to specifiy custom strftime format strings for the CEL eventtime and CDR
  start, answer and end fields. For example: eventtime(%FT%T%z).

Resolves: #1844
Resolves: #1845

The Asterisk Development Team would like to announce
release candidate 2 of asterisk-20.19.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.19.0-rc2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.19.0-rc2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-20.19.0-rc2

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 2
• Commit Authors: 2
• Issues Resolved: 3
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• George Joseph: (1)
• nappsoft: (1)

Issue and Commit Detail:

Closed Issues:

• 1844: [bug]: cdrel_custom isn't respecting the default time format for CEL records
• 1845: [bug]:res_cdrel_custom produces wrong float timestamps
• 1852: [bug]: res_cdrel_custom: connection to the sqlite3 database closes from time to time

Commits By Author:

• George Joseph (1):

  • res_cdrel_custom: Resolve several formatting issues.

• nappsoft (1):

  • res_cdrel_custom: do not free config when no new config was loaded

Commit List:

• res_cdrel_custom: do not free config when no new config was loaded
• res_cdrel_custom: Resolve several formatting issues.

Commit Details:

res_cdrel_custom: do not free config when no new config was loaded

Author: nappsoft
Date: 2026-04-02

When the res_cdrel_custom modules is reloaded and the config has not been changed asterisk should not free the old config. Otherwise the connection to the database will be closed and no new connection will be opened.

Resolves: #1852

res_cdrel_custom: Resolve several formatting issues.

Author: George Joseph
Date: 2026-03-31

Several issues are resolved:

• Internally, floats were used for timestamp values but this could result
  in wrapping so they've been changed to doubles.

• Historically, the default CEL eventtime format is <seconds>.<microseconds>
  with <microseconds> always being 6 digits. This should have continued to be
  the case but res_cdrel_custom wasn't checking the dateformat setting in
  cel.conf and was defaulting to %F %T. res_cdrel_custom now gets the default
  date format from cel.conf, which will be whatever the dateformat parameter
  is set to or <seconds>.<microseconds> if not set.

• The timeval field formatter for both CDR and CEL wasn't handling custom
  strftime format strings correctly. This is now fixed so you should be able
  to specifiy custom strftime format strings for the CEL eventtime and CDR
  start, answer and end fields. For example: eventtime(%FT%T%z).

Resolves: #1844
Resolves: #1845

Download de Windows-versie voor 5 clients.

26w14a, supposedly the first and only snapshot for the "Herdcraft Update", is an April Fools' Day joke snapshot released on April 1, 2026. Similar to 22w13oneBlockAtATime, it disables many inventory features. Instead, the player can command "living blocks" using various tools in their hotbar. The blocks act as mobs, meaning they can be hurt, moved, and attacked. Full changelog: https://minecraft.wiki/Java_Edition_26w14a

26.1.1 is a hotfix for Java Edition released on April 1, 2026, which fixes an issue with chat reporting. It is compatible with 26.1 servers. Full changelog: https://minecraft.wiki/Java_Edition_26.1.1

26.1.1 Release Candidate 1 (known as 26.1.1-rc-1 in the launcher) is the first and only release candidate for Java Edition 26.1.1, released on March 31, 2026, which fixes a bug. Full changelog: https://minecraft.wiki/Java_Edition_26.1.1-rc-1

You can install pre-built binaries from https://repo.dovecot.org/

Docker images can be found at https://hub.docker.com/r/dovecot/dovecot

Please review https://doc.dovecot.org/2.4.3/installation/upgrade/2.3-to-2.4.html and https://doc.dovecot.org/2.4.3/installation/installation.html.

Important

There are experimental features in 2.4, one is enabled with --enable-experimental-mail-utf8, and another with --enable-experimental-imap4rev2, and you also need to set mail_utf8_extensions=yes and imap4rev2_enabled=yes to enable them in config.

Critical bug fixes

• CVE-2025-59028: Invalid base64 authentication can cause DoS for other
  logins.
• CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks
  and read unintended files during indexing. Fixed by dropping the script.
• CVE-2026-24031: SQL injection possible if auth_username_chars is
  configured empty. Fixed escaping to always happen. v2.4 regression.
• CVE-2026-27859: Excessive RFC 2231 MIME parameters in email would cause
  excessive CPU usage. Fixed by limiting number of parameters to process.
• CVE-2026-27860: LDAP query injection possible if auth_username_chars
  is configured empty. Fixed escaping to always happen. v2.4 regression.
• CVE-2026-27857: Sending excessive parenthesis causes imap-login to use
  excessive memory.
• CVE-2026-27856: Doveadm credentials were not checked using timing-safe
  checking function.
• CVE-2026-27855: OTP driver vulnerable to replay attack.

Changes

• Remove default service/*/service_extra_groups=$SET:default_internal_group.
  They are now replaced by default mail_access_groups=$SET:default_internal_group.
• The version file has been renamed as version.txt to avoid clash with
  C++ headers.
• auth: oauth2 - Do not export token automatically, must be exported using
  fields.
• config: Don't accept 0 as meaning unlimited anymore for
  last_valid_uid, last_valid_gid, mail_cache_max_headers_count,
  mail_cache_max_header_name_length, mail_vsize_bg_after_count,
  mail_sort_max_read_count, message_max_size, submission_max_recipients
  and quota_mail_size.
• imap, pop3: Don't autoexpunge if Dovecot is shutting down or process
  is killed.
• imap: LIST - Handle invalid mUTF-7 mailbox names as never matching anything
• lazy-expunge: Change lazy_expunge_only_last_instance default to yes.
• lda: Use EX_TEMPFAIL (75) if configuration is invalid instead of 89.
  v2.4 regression.
• lib-master: Increase ANVIL_DEFAULT_LOOKUP_TIMEOUT_MSECS from 5s to 30s
• lib: crc32 - Use zlib's built-in CRC32 function

New features

• Improve UTF-8 support for mail storage.
• auth: Add default auth-token UNIX socket for token-based authentication.
• doc: solr-config-9.xml - Make it compatible with Solr 9.8.0
• doveadm: dsync - Search mails when exporting to reduce number of mails
  exported by dsync-server.
• dovecot-sysreport: Add -D|--destdir support.
• imap, imap-hibernate: Use DOVECOT-TOKEN authentication for unhibernation.
  Default imap-master socket permissioms have been changed due to this.
• imap: Add APPENDLIMIT capability when configured with quota_mail_size.
• imap: Support STATUS (DELETED) for IMAP4rev2.
• imapc: Add support for SEARCH MIMEPART
• imapc: Improve error forwarding.
• imapc: Support SORT and ESORT extensions.
• imapc: Support STATUS (DELETED) for IMAP4rev2.
• lib-sql: Support parameterized queries.
• lib-test: Add new test-dir API for better temporary test directory
  handling.
• lmtp: Advertize SIZE capability when configured with quota_mail_size.
• lmtp: Support XCLIENT DESTADDR and DESTPORT
• pop3-login: proxy - Add support for XCLIENT DESTIP and DESTPORT
• submission-login: proxy - Add support for XCLIENT DESTIP and DESTPORT
• Various optimizations have been made to the code.

Bug fixes

• Fix building dovecot with BSD, Solaris and macOS.
• auth: Crash would occur if users were iterated but
  userdb_ldap_iterate_fields was not set.
• auth: Fix request leak when client authenticates with unsupported mechanism.
• auth: Some passdbs would default to PLAIN instead of CRYPT scheme.
• config: Section and setting names could have been intermixed, resulting
  in the setting being silently ignored.
• configure: Fix checking if BUILD_IMAP_HIBERNATE is set
• doveadm: dsync - -e parameter was handled wrong with dsync-server.
• fts-flatcurve: Mailbox leak would occur if mailbox failed to open.
• imap: Fix potential issues with unhibernation and process state handling.
• imapc: SEARCH failure handling was done wrong.
• imapc: UID STORE commands included extra comma in uidset.
• lib-auth-client: auth-master - Fix panic when reconnecting after
  handshake timeout.
• lib-compression: Lz4 algorithm would assert-crash with malicious data.
• lib-dcrypt: Fix digest algorithm handling.
• lib-dict: Escape username paths to prevent traversal issues with dict-fs.
• lib-http: Fix HTTP parsing edge cases and state handling.
• lib-iostream: Disallow empty ssl_min_protocol.
• lib-json: Fix incorrect character handling logic.
• lib-ldap: Fix various TLS related bugs.
• lib-mail: Fix charset translation and MIME parsing edge cases.
• lib-mail: Fix multiple bounds checks and parsing issues in message handling.
• lib-var-expand: Multiple fixes and improvements for expansion handling.
• lib: Fix punycode decoding out-of-bounds reads.
• lib: Fix unicode normalization edge cases causing crashes.
• lib-http: Chunked transfer trailer size was not limited.
• login-common: Improve logging and internal error handling.
• login-common: login_log_format_elements was split by spaces naively, which
  could break variable expansion. Use template aware splitting now.
• master: Dovecot would fail to start if listen directive was used and
  dovenull or dovecot user was missing.
• pop3c: Connection might've hung with SSL.
• util: Fix handling of environment variables containing control characters.
• Many other bugs have been fixed.

The Asterisk Development Team would like to announce
the release of Certified asterisk-22.8-cert2.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-22.8-cert2
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-22.8-cert2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-certified-22.8-cert2

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 1
• Commit Authors: 1
• Issues Resolved: 1
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• Mike Bradeen: (1)

Issue and Commit Detail:

Closed Issues:

• 1833: [bug]: Address security vulnerabilities in pjproject

Commits By Author:

• Mike Bradeen (1):

  • res_pjsip: Address pjproject security vulnerabilities

Commit List:

• res_pjsip: Address pjproject security vulnerabilities

Commit Details:

res_pjsip: Address pjproject security vulnerabilities

Author: Mike Bradeen
Date: 2026-03-25

Address the following pjproject security vulnerabilities

GHSA-j29p-pvh2-pvqp - Buffer overflow in ICE with long username
GHSA-8fj4-fv9f-hjpc - Heap use-after-free in PJSIP presense subscription termination header
GHSA-g88q-c2hm-q7p7 - ICE session use-after-free race conditions
GHSA-x5pq-qrp4-fmrj - Out-of-bounds read in SIP multipart parsing

Resolves: #1833

The Asterisk Development Team would like to announce
the release of Certified asterisk-20.7-cert10.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert10
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-20.7-cert10

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-certified-20.7-cert10

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 1
• Commit Authors: 1
• Issues Resolved: 1
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• Mike Bradeen: (1)

Issue and Commit Detail:

Closed Issues:

• 1833: [bug]: Address security vulnerabilities in pjproject

Commits By Author:

• Mike Bradeen (1):

  • res_pjsip: Address pjproject security vulnerabilities

Commit List:

• res_pjsip: Address pjproject security vulnerabilities

Commit Details:

res_pjsip: Address pjproject security vulnerabilities

Author: Mike Bradeen
Date: 2026-03-24

Address the following pjproject security vulnerabilities

GHSA-j29p-pvh2-pvqp - Buffer overflow in ICE with long username
GHSA-8fj4-fv9f-hjpc - Heap use-after-free in PJSIP presense subscription termination header
GHSA-g88q-c2hm-q7p7 - ICE session use-after-free race conditions
GHSA-x5pq-qrp4-fmrj - Out-of-bounds read in SIP multipart parsing

Resolves: #1833

The Asterisk Development Team would like to announce
the release of asterisk-21.12.2.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.12.2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 21.12.2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-21.12.2

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 1
• Commit Authors: 1
• Issues Resolved: 1
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• Mike Bradeen: (1)

Issue and Commit Detail:

Closed Issues:

• 1833: [bug]: Address security vulnerabilities in pjproject

Commits By Author:

• Mike Bradeen (1):

  • res_pjsip: Address pjproject security vulnerabilities

Commit List:

• res_pjsip: Address pjproject security vulnerabilities

Commit Details:

res_pjsip: Address pjproject security vulnerabilities

Author: Mike Bradeen
Date: 2026-03-25

Address the following pjproject security vulnerabilities

GHSA-j29p-pvh2-pvqp - Buffer overflow in ICE with long username
GHSA-8fj4-fv9f-hjpc - Heap use-after-free in PJSIP presense subscription termination header
GHSA-g88q-c2hm-q7p7 - ICE session use-after-free race conditions
GHSA-x5pq-qrp4-fmrj - Out-of-bounds read in SIP multipart parsing

Resolves: #1833

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-22.9.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.9.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.9.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-22.9.0-rc1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 48
• Commit Authors: 20
• Issues Resolved: 31
• Security Advisories Resolved: 0

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-23.3.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.3.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.3.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-23.3.0-rc1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 48
• Commit Authors: 20
• Issues Resolved: 31
• Security Advisories Resolved: 0

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-20.19.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.19.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.19.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-20.19.0-rc1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 48
• Commit Authors: 20
• Issues Resolved: 31
• Security Advisories Resolved: 0

2026-03-24

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default proxy HTTP version to HTTP/1.1 with keep-alive enabled.

New uNmINeD development snapshot is available for download!

Changes:

• (GUI) Datapack and mod load errors are now ignored when opening a world
• (GUI) The log now include a stack trace of errors that occur when opening the world
• Improved handling of broken mods/datapacks

2026-03-24

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default HTTP version to HTTP/1.1 with keep-alive enabled.

New uNmINeD development snapshot is available for download!

Changes:

• (Hytale) Added texture average color calculation for vanilla blocks from the latest installed game assets
• (Hytale) Added texture average color calculation for custom blocks added by mods
• (Hytale) Updated vanilla stylesheet to version 2026-03-23
• (Minecraft) Fixed an issue where the Bedrock vanilla resource pack would not load in some cases
• (GUI) Fixed a zoom glitch when a map marker was under the mouse cursor

What's Changed

Security & Fixes

• Fixed proxy config validation to ensure stored config matches the current proxy type (#9146, fixes #9127)
• Fixed environment variables being incorrectly resolved in compose files instead of preserving ${VAR} references (#9147, fixes #9136)
• Fixed deployment issues with shell argument escaping in nixpacks commands (#9122, fixes #9042)
• Fixed GitHub webhook errors for unsupported event types (#9119, fixes #9090)
• Fixed server limit checks when using API tokens (#9123, fixes #9116)
• Fixed hostname validation to be case-insensitive and allow more characters (#9134, fixes #9131)
• Fixed duplicate subscription creation
• Fixed environment variable refresh when variables are missing or stale
• Fixed Docker cleanup logging when server is unreachable

New Services & Templates

• Added EspoCRM one-click service template (#8658)

Improvements

• Improved mobile responsiveness for confirmation modals
• Simplified Docker installation process
• Added storage API endpoints with UUID support for databases and services
• Added Nightwatch monitoring support
• Disabled Booklore service template (#9105)
• Bumped Sentinel and Traefik versions

What's Changed (Github)

• fix(github-webhook): handle unsupported event types gracefully by @andrasbacsai in #9119
• fix(deployment): properly escape shell arguments in nixpacks commands by @andrasbacsai in #9122
• fix(validation): make hostname validation case-insensitive and expand allowed name characters by @andrasbacsai in #9134
• fix(team): resolve server limit checks for API token authentication by @andrasbacsai in #9123
• chore(service): disable Booklore service by @Cinzya in #9105
• Add EspoCRM, provided by the official team by @tmachyshyn in #8658
• fix(parsers): preserve ${VAR} references in compose instead of resolving to DB values by @andrasbacsai in #9147
• fix(proxy): validate stored config matches proxy type by @andrasbacsai in #9146
• v4.0.0-beta.470 by @andrasbacsai in #9139

New Contributors

• @tmachyshyn made their first contribution in #8658

Full Changelog: v4.0.0-beta.469...v4.0.0-beta.470

2026-03-24

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755)

26.1, the release of Tiny Takeover, is a game drop for Java Edition released on March 24, 2026, which adds new textures and models for every baby mob that did not already have a unique model, adds the golden dandelion, makes name tags craftable, makes technical changes, and fixes bugs. Full changelog: https://minecraft.wiki/Java_Edition_26.1

We are pleased to announce the availability of a preview of the MariaDB 13.0 series. MariaDB 13.0 is a preview rolling release, published on 23 March 2026, and it continues the work started in 12.3 while adding a solid set of entirely new features. …

Continue reading \"MariaDB 13.0 Preview Now Available\"

The post MariaDB 13.0 Preview Now Available appeared first on MariaDB.org.

What's Changed

Security & Fixes

• Fixed sporadic SSH "permission denied" errors during key rotation (#8990, fixes #7724)
• Fixed deployment failures when build server is enabled during restart operations (#9045, fixes #9013)
• Fixed breadcrumb queries causing out-of-memory crashes (#9048, fixes #9009)
• Fixed GitHub App webhook endpoint defaulting to IPv4 instead of instance domain (#8948)
• Fixed Hoppscotch service failing to start due to database health check (#8949)
• Fixed Docker Compose not respecting preserveRepository for project directory (#8956, fixes #8953)
• Fixed backup error when S3 storage is missing or deleted (#9038, fixes #9035)
• Fixed Stripe subscription error handling and resilience (#9030)
• Fixed Heyform template configuration (#8747)
• Fixed API resource UUID extraction from route parameters
• Fixed Docker cleanup stale container warning on cloud instances
• Fixed Compose file-not-found error now includes git branch info

New Services & Templates

• Added LibreSpeed service for self-hosted speed testing (#8626)
• Added imgcompress service for offline image processing (#8763)
• Updated Databasus to v3.16.2 (#8586)
• Updated n8n with Postgres and Worker to v2.10.4 (#8807)
• Updated SeaweedFS images to v4.13 (#8738)
• Fixed Castopod service port from 8000 to 8080 (#8817)

Improvements

• Added per-volume control of PR suffix in preview deployments (#9006, fixes #7802, fixes #7343)
• Added auto-population of FQDN from docker_compose_domains for compose previews (#8963, fixes #8958)
• Added force deletion option for servers with existing resources (#8962)
• Added auto-fetch of server metadata after validation (#8964)
• Added container label escape control to services API (#8955, fixes #8954)
• Added database environment variable management API endpoints
• Added storage management API endpoints for applications and backup schedules
• Added support for comments in bulk environment variable API endpoints
• Added placeholder hints for magic environment variables
• Added next billing date and billing interval display for subscriptions
• Added cache-based deduplication for delayed cron execution
• Simplified environment variable settings by removing buildtime/runtime options

What's Changed (Github)

• fix(git): GitHub App webhook endpoint defaults to IPv4 instead of the instance domain by @ShadowArcanist in #8948
• feat(service): update n8n-with-postgres-and-worker to 2.10.4 by @michachan in #8807
• Change Castopod service port from 8000 to 8080 by @SeriousM in #8817
• fix(service): hoppscotch fails to start due to db unhealthy by @ShadowArcanist in #8949
• fix(api): allow is_container_label_escape_enabled in service operations by @andrasbacsai in #8955
• fix(docker-compose): respect preserveRepository when injecting --project-directory by @andrasbacsai in #8956
• feat(server): allow force deletion of servers with resources by @andrasbacsai in #8962
• feat(compose-preview): populate fqdn from docker_compose_domains by @andrasbacsai in #8963
• feat(server): auto-fetch server metadata after validation by @andrasbacsai in #8964
• feat(templates): Add imgcompress service, for offline image processing by @ariqpradipa in #8763
• fix(template): fix heyform template by @iMuFeng in #8747
• chore(service): Update SeaweedFS images to version 4.13 by @FabioHAraujo in #8738
• feat(service): Add librespeed by @diogo24m in #8626
• feat(service): update databasus to v3.16.2 by @Luzefiru in #8586
• fix(preview): enable per-volume control of PR suffix in preview deployments by @andrasbacsai in #9006
• fix: prevent sporadic SSH permission denied on key rotation by @pannous in #8990
• fix(stripe): add error handling and resilience to subscription operations by @andrasbacsai in #9030
• fix(backup): throw explicit error when S3 storage missing or deleted by @andrasbacsai in #9038
• perf(breadcrumb): optimize queries and simplify navigation to fix OOM by @andrasbacsai in #9048
• fix(deployment): disable build server during restart operations by @andrasbacsai in #9045
• v4.0.0-beta.469 by @andrasbacsai in #9007

New Contributors

• @michachan made their first contribution in #8807
• @SeriousM made their first contribution in #8817
• @FabioHAraujo made their first contribution in #8738
• @pannous made their first contribution in #8990

Full Changelog: v4.0.0-beta.468...v4.0.0-beta.469

What's Changed

Security & Fixes

• Fixed SSH connection retry failures during deployments (#8927, fixes #8926)
• Fixed deployment type selection when using GitHub/GitLab Apps (#8934, fixes #8917)
• Fixed deployment authorization endpoint returning incorrect 404 errors (#8931, fixes #8925)
• Fixed shared variables not resolving in Docker Compose environments (#8930, fixes #8918)
• Fixed SSH keys not being used for git submodule and LFS operations (#8933, fixes #8895)
• Added support for scoped npm packages in file path validation (#8928, fixes #8924)

Improvements

• Added log filtering capability based on log level in deployment logs (#8784)

What's Changed (Github)

• fix(ssh): remove undefined trackSshRetryEvent() method call by @andrasbacsai in #8927
• fix(validation): support scoped packages in file path validation by @andrasbacsai in #8928
• fix(parsers): resolve shared variables in compose environment by @andrasbacsai in #8930
• fix(api): cast teamId to int in deployment authorization check by @andrasbacsai in #8931
• fix(git-import): ensure ssh key is used for fetch, submodule, and lfs operations by @andrasbacsai in #8933
• feat(ui): add log filter based on log level by @ShadowArcanist in #8784
• fix(application): clarify deployment type precedence logic by @andrasbacsai in #8934
• v4.0.0-beta.468 by @andrasbacsai in #8929

Full Changelog: v4.0.0-beta.467...v4.0.0-beta.468

What's Changed

Security & Fixes

• Fixed command injection vulnerability in health check commands (#8898)
• Added path validation to prevent command injection in file locations
• Fixed environment variables being overwritten when changing service domains (#8915, fixes #8912)
• Fixed Nixpacks deployment failures when application has no domain set (#8902, fixes #6830)
• Fixed resource deletion failing silently in the danger zone (#8909, fixes #8836)
• Fixed scheduled task input fields losing focus while editing (#8654, fixes #8647)
• Added docker_cleanup parameter to API stop endpoints (#8899, fixes #7758)

Improvements

• Added GitLab source integration with SSH deploy keys and HTTP basic auth (#8910, fixes #5295)
• Added database-backed proxy config storage with automatic recovery and versioned backups (#8905, fixes #7178)
• Added server metadata collection and display

What's Changed

• fix(security): sanitize newlines in health check commands to prevent RCE by @andrasbacsai in #8898
• fix: prevent scheduled task input fields from losing focus by @sharkcreep87 in #8654
• fix(api): add docker_cleanup parameter to stop endpoints by @andrasbacsai in #8899
• fix(deployment): filter null and empty environment variables from nixpacks plan by @andrasbacsai in #8902
• feat(proxy): add database-backed config storage with disk backups by @andrasbacsai in #8905
• fix(livewire): add error handling and selectedActions to delete methods by @andrasbacsai in #8909
• feat(git-sources): add GitLab integration and URL encode credentials by @andrasbacsai in #8910
• fix(parsers): use firstOrCreate instead of updateOrCreate for environment variables by @andrasbacsai in #8915
• v4.0.0-beta.467 by @andrasbacsai in #8911

New Contributors

• @sharkcreep87 made their first contribution in #8654

Full Changelog: v4.0.0-beta.466...v4.0.0-beta.467

What's Changed

Security & Fixes

• Prevent command injection via base64-encoding log drain environment variables
• Prevent command injection via git reference validation
• Add sentinel token validation to prevent command injection
• Require write permission for API validation endpoints
• Prevent false container exits on failed docker queries (#8860)
• Track last_online_at and reset database restart state
• Preserve user-saved environment variables on Docker Compose redeploy (#8894)
• Fix build-time environment variables breaking Next.js (#8890)
• Prevent command injection in developer view shared variables (#8889)
• Make confirmation modal close after dispatching Livewire actions (#8892)
• Respect keep for rollback setting for Nixpacks build images (#8859)

Dependencies

• Bump rollup from 4.57.1 to 4.59.0 (#8691)
• Bump league/commonmark from 2.8.0 to 2.8.1 (#8793)

What's Changed

• fix(docker-cleanup): respect keep for rollback setting for Nixpacks build images by @andrasbacsai in #8859
• fix(docker): prevent false container exits on failed docker queries by @andrasbacsai in #8860
• build(deps): bump rollup from 4.57.1 to 4.59.0 by @dependabot[bot] in #8691
• build(deps): bump league/commonmark from 2.8.0 to 2.8.1 by @dependabot[bot] in #8793
• fix: prevent command injection and fix developer view shared variables error by @andrasbacsai in #8889
• fix: Build-time environment variables break Next.js by @andrasbacsai in #8890
• fix(modal): make confirmation modal close after dispatching Livewire actions by @andrasbacsai in #8892
• fix(parser): preserve user-saved env vars on Docker Compose redeploy by @andrasbacsai in #8894
• v4.0.0-beta.466 by @andrasbacsai in #8893

Full Changelog: v4.0.0-beta.465...v4.0.0-beta.466

What's Changed

Security & Fixes

• Fixed WebSocket connection and host authorization issues in terminal (#8862, fixes #8856)
• Fixed environment variable parser capturing trailing braces in bash-style defaults (#8855, fixes #8851)
• Fixed confirmation modal staying open after database import/restore (#8697, fixes #8689)
• Fixed nginx.conf mounting error in development mode (#8662)
• Fixed docker-compose deployment with custom start commands and preserveRepository setting (#8848, fixes #8417)
• Fixed preview deployment page visibility for deploy key applications (#8579)

Improvements

• Added configurable timeout for public database TCP proxy connections (#8673, fixes #7743)

What's Changed

• fix: enable preview deployment page for deploy key applications by @mauritsderuiter95 in #8579
• fix(docker-compose): respect preserveRepository setting when executing start command by @andrasbacsai in #8848
• fix(proxy): mounting error for nginx.conf in dev by @Cinzya in #8662
• feat: add configurable proxy timeout for public database TCP proxy by @brendanlim in #8673
• fix(database): close confirmation modal after database import/restore by @devrim-1283 in #8697
• fix(env-parser): capture clean variable names without trailing braces in bash-style defaults by @andrasbacsai in #8855
• fix(terminal): resolve WebSocket connection and host authorization issues by @andrasbacsai in #8862
• v4.0.0-beta.465 by @andrasbacsai in #8853

New Contributors

• @mauritsderuiter95 made their first contribution in #8579
• @brendanlim made their first contribution in #8673
• @devrim-1283 made their first contribution in #8697

Full Changelog: v4.0.0-beta.464...v4.0.0-beta.465

What's Changed

Security & Fixes

• Fixed SSH command injection vulnerability (#8748)
• Resolved 419 session errors with Cloudflare Tunnels and domain-based access (#8749, fixes #5404)
• Fixed SSH directory permission issues during upgrades (#8635, resolves #6621)
• Added SSH directory permission auto-fix for new installations (#8635)
• Prevented command injection in certificate handling via base64 encoding (#8617)
• Hardened Docker command execution with centralized escaping (#8615)
• Prevented command injection in health check commands (#8611)
• Fixed cross-tenant IDOR vulnerability in resource cloning (#8613)
• Added IPv6 CIDR support for API access IP allowlist (#8750, fixes #8729)
• Fixed proxy initialization with IPv6 networks on Docker 25+ (#8703, fixes #8649)
• Fixed CSRF redirect loop during 2FA authentication (#8596)
• Corrected API permission requirements for POST endpoints (#8600)
• Added team authorization checks to domains_by_server API (#8616)
• Fixed Cloudreve service data persistence across restarts (#8740)
• Fixed Ente Photos join link configuration (#8727)
• Fixed application rollback to use correct commit SHA (#8576)
• Fixed deployment detection for BuildKit and secrets (#8565)
• Resolved team lookup for service relationships (#8559, fix #8431)
• Added webhook notification status validation (#8557, fix #8448)
• Fixed deploy key handling when private_key_id is zero (#8563, fixes #8562)
• Fixed Redis/KeyDB config permissions with custom configurations (#8561, fix #8539)
• Fixed password field UI flash before Alpine.js initialization (#8599, closes #8592)
• Fixed GlitchTip webdashboard loading issue (#8249)
• Fixed Grist service template configuration (#8384)
• Fixed API documentation schema references (#8239, closes #8229)

New Services & Templates

• Added Pydio Cells service (#8323)
• Added Sure service (#8157)
• Added Spacebot service with custom logo support (#8427)
• Updated N8N templates to 2.10.2 (#8679)
• Upgraded Beszel and Beszel Agent to v0.18 (#8513)
• Disabled Plane service in template suite (#8580)
• Disabled Pterodactyl Panel and Wings from service templates (#8512)
• Disabled Minio Community Edition from service templates (#8686)
• Disabled Maybe service in template suite (#8167)

Features & Improvements

• Added refund and cancellation management for subscriptions (#8637)
• Added comment field support to environment variables (#7269, fix #7239)
• Added command-based health check support for services (#8612)
• Added scheduled job monitoring dashboard (#8433)
• Added scheduled tasks CRUD API with authentication and validation (#8428)
• Made Horizon max time configurable (#8560, fix #8435)
• Fixed Soketi host binding for IPv6 support (#8619, closes #8584)
• Fixed scheduler self-healing for stale Redis locks with UI detection (#8618, fixes #8327)
• Fixed Traefik service label handling for force HTTPS (#8550)
• Improved security by hardening deployment paths and deploy abilities (#8549)
• Fixed queue timeout handling in Horizon gracefully (#8360)
• Fixed missing status variable in Hetzner status checks (#8359)
• Fixed container filtering in push server job (#8361)
• Improved proxy error handling on port allocation failure (#8362)
• Enhanced SSH error tracking with proper Sentry scoping (#8363)

UI & Developer Experience

• Added container labels header to UI (#8752)
• Improved project heading navigation spacing (#8564)
• Fixed datalist border color and added repository selection watcher (#8240)
• Fixed Docker Compose force HTTPS preference behavior (#8424)
• Migrated test suite to SQLite in-memory with Pest browser testing (#8364)

Changes

• feat(database): add official postgres 18 and pgvector 18 support -> You could always change the database image and volume mount path manually and achieve unofficial support that is why this was not added faster
• feat(ui): add postgres 16 to the UI
• feat(ui): improve global search with uuid and pr support
• feat(installer): add tencentos as a supported os
• feat(service): upgrade checkmate to v3 with all the necessary changes
• feat(service): upgrade listmonk to v6 with all the necessary changes
• feat(service): upgrade formbricks to v4 with all the necessary changes
• feat(service): update pterodactyl version
• fix(backup): postgres restore arithmetic syntax error
• fix(validation): add @, / and & support to names and descriptions
• fix(api): infinite loop with github app with many repos
• fix(parser): replace dashes and dots in auto generated envs
• fix(labels): make sure name is slugified
• fix(ui): make tooltips a bit wider
• fix(ui): modal issues
  • tooltips can not extend outside the modal causing a scrollbar to appear
  • modals are to wide
  • remove unused minWidth and maxWidth props
• fix(ui): horizontal overflow on application and service headings
• fix(validation): enforce url validation for instance domain
• fix(service): autobase database is not persisted correctly
• fix(service): supabase studio settings redirect loop
• fix(service): disable supabase kong response buffering and increase timeouts which fixes large file downloads
• fix(service): reactive-resume template
  • pinned to v4.3.7 instead of latest (solution provided by #8045 author)
  • added healthchecks for reactive resume and chrome service
• fix(service): allowed hosts and image version problems with strapi
  • automatically generate vite.config.js with the strapi FQDN
• fix(service): bluesky pds invite code doesn't generate
• fix(service): bugsink login fails due to cors
• fix(service): forgejo login failure
• fix(service): rocketchat fails to start due to database version incompatibility
• fix(service): kimai fails to start due to the healthcheck ip not being in the trusted hosts
• fix(service): activepieces postgres 18 volume mount
• fix(service): users unable to create their first ente account without SMTP
• fix(service): seaweedfs logo
• fix(service): soju svg
• chore(service): use major version for openpanel
• build: upgrade postgres client to fix build error
• refactor(services): improve some service slogans
• docs(api): improve compose app endpoint deprecation description

New Services

• added openclaw template
• added langflow template
• added bento-pdf
• added alexandrie template
• added goatcounter template
• added satisfactory game server
• added back soketi-app-manager

Issues

• fixes: #7976
• fixes: #7987
• fixes: #4577
• fixes: #5055
• fixes: #6236
• fixes: #5699
• fixes: #7941
• fixes: #8014
• fixes: #8026
• fixes: #8015
• fixes: #8045
• fixes: #8028
• fixes: #7818
• fixes: #6670
• fixes: #5443
• fixes: #6150
• fixes: #8097
• fixes: #7279
• fixes: #8092
• fixes: #8103
• fixes: #6856
• fixes: #8035

What's Changed (by Github)

• fix(service): update seaweedfs logo by @yipfram in #7971
• fix(service): autobase database is not persisted correctly by @aschulz90 in #7978
• feat(service): upgrade checkmate to v3 by @ShadowArcanist in #7995
• fix(backup): postgres restore arithmetic syntax error by @Raphael-Afonso in #7997
• feat(service): update pterodactyl version by @majcek210 in #7981
• fix(service): users unable to create their first ente account without SMTP by @StromFLIX in #7986
• fix(ui): horizontal overflow on application and service headings by @Mailootje in #7970
• fix(service): supabase studio settings redirect loop by @codewithtyler in #7828
• fix(service): disable kong response buffering and increase timeouts by @Vadko in #7864
• fix(service): rocketchat fails to start due to database version incompatibility by @HeapReaper in #7999
• feat(service): add langflow template by @viktoravelino in #8006
• fix(service): elasticsearch-with-kibana not generating account token by @ShadowArcanist in #8067
• chore(service): use major version for openpanel by @lindesvard in #8053
• feat(service): add alexandrie template by @Smaug6739 in #8021
• fix(service): kimai fails to start by @ysbrandB in #8027
• feat(service): upgrade formbricks to v4 by @ShadowArcanist in #8022
• feat(service): add goatcounter template by @maxibenner in #8029
• fix(service): reactive-resume template by @ShadowArcanist in #8048
• fix(api): infinite loop with github app with many repos by @BanovMiroslav in #8052
• fix(env): skip escaping for valid JSON in environment variables by @andrasbacsai in #8080
• fix(validation): enforce url validation for instance domain by @ShadowArcanist in #8078
• feat(service): add satisfactory game server by @Terule in #8056
• fix(service): bluesky pds invite code doesn't generate by @Cinzya in #8081
• fix(service): bugsink login fails due to cors by @Cinzya in #8083
• fix(service): strapi doesn't start by @Cinzya in #8084
• feat(service): disable mautic by @ShadowArcanist in #8088
• feat(service): add bento-pdf by @RxDx in #8095
• fix(service): activepieces postgres 18 volume mount by @Elandlord in #8098
• feat(database): add official postgres 18 and pgvector 18 support by @peaklabs-dev in #8143
• fix(service): forgejo login failure by @ShadowArcanist in #8145
• feat(ui): improve global search with uuid and pr support by @albertorizzi in #7901
• fix: stop database proxy when is_public changes to false by @andrasbacsai in #8138
• v4.0.0-beta.463 by @peaklabs-dev in #7998

New Contributors

• @aschulz90 made their first contribution in #7978
• @Raphael-Afonso made their first contribution in #7997
• @StromFLIX made their first contribution in #7986
• @Mailootje made their first contribution in #7970
• @codewithtyler made their first contribution in #7828
• @HeapReaper made their first contribution in #7999
• @viktoravelino made their first contribution in #8006
• @Smaug6739 made their first contribution in #8021
• @ysbrandB made their first contribution in #8027
• @maxibenner made their first contribution in #8029
• @BanovMiroslav made their first contribution in #8052
• @Terule made their first contribution in #8056
• @RxDx made their first contribution in #8095
• @Elandlord made their first contribution in #8098

Full Changelog: v4.0.0-beta.462...v4.0.0-beta.463

Changes

• feat(service): add service database restore/import support
• feat(api): add url update support to services api
• feat(api): add more allowed fields to application api endpoints
  • added dockerfile_location as it is needed for Dockerfile deployments to work properly
  • added is_spa which can be used together with is_static
  • added is_auto_deploy_enabled and is_force_https_enabled
• feat(api): allow to escape special characters in labels
• feat(api): add tag filtering on the applications list endpoint
• feat(api): improve docker_compose_domains with conflict checking and force_domain_override support
• feat(notifications): add mattermost notifications (an open source slack alternative)
• feat: add application logs link to preview deployments PR comment
• feat(magic): add LOWERCASEUSER as magic variable which are sometimes required e.g. as docker registry username
• feat(ui): show server name on resource card
• feat(ui): improve sidebar menu items styling
• feat(install): add postmarketos to the supported distributions
• feat(ui): make git repository dropdown searchable
• feat(service): upgrade n8n template to v2 with all the necessary changes
• feat(service): upgrade trigger.dev template to v4 with all the necessary changes
• feat(service): upgrade uptime kuma to version 2 with all the necessary changes
• feat(service): upgrade docker registry template to v3 with all the necessary changes
• feat(service): upgrade postgresus to databasus
• feat(service): improve matrix templates by adding postgres and improving naming
• feat(service): add healthchecks to evolution-api service
• feat(services): update authentik
• feat: allow more characters specifically Unicode alpha-numeric characters contained in \p{L}, \p{M}, \p{N} when validating while still not allowing any unsafe characters
• feat(lang): add missing chinese translation keys
• feat(lang): update portuguese language keys
• feat(ui): add port mapping format to helper and fix typo
• perf: optimize destinationsByServer query
• fix(env): environment variable sorting not working
• fix(git): trigger deployments when watch paths is empty and not just when they are null
• fix(backup): database restores with custom db name with backup all databases not working
• fix(logdrain): use deployment server and not build server settings
• fix(service): twenty template and enable it again
• fix(docker): use dynamic OS ID for ubuntu based OSs to use the correct Docker repository URL
• fix: instance public ips initialization validation
• fix: cast docker version to int for proper comparison
• fix: making the db public does not instant save the port
• fix(log): preserve leading whitespace in logs
• fix(logs): remove hardcoded 2000 line limit
• fix(api): remove incorrect uuid format from cuid2 parameters in openapi spec
• fix(api): applications post and patch endpoints
  • remove docker_compose_raw from post and patch endpoints, as the compose file is sourced from git and should not be manually settable via the api
  • improve the documentation for docker_compose_domains (URLs)
  • enhanced array validation for docker_compose_domains by validating each array field and verifying which fields are allowed
  • set a custom array validation error message, as the default message is not really clear
  • show an error if the user attempts to set domains when the build pack is dockercompose
  • validate that the domains in docker_compose_domains are proper URLs and include a valid scheme (http or https)
• fix(api): include docker_compose_domains in domain conflict check via Application::ownedByCurrentTeamAPI
• fix(api): is_static and connect_to_docker_network fields where not updating on some endpoints
• fix(api): if domains field is empty clear the fqdn column which allows to remove all URLs from the domains field
• fix(api): check for domain conflicts within the current request
• fix(api): deprecate application create compose endpoint as it is an unstable duplicate of the services endpoint
• fix(api): one click service name and description cannot be set during creation
• fix(api): create service endpoint validation and docs
  • if service type and docker_compose_raw is filled show an error
  • if service type is not valid show an error with all valid service types
  • remove enum from service type docs as it always gets outdated
• fix(api): encoding checks for compose files, nginx configurations, dockerfiles, database configs and labels
  • switch from ASCII to UTF-8 to allow special characters, emojis and more
• fix(api): remove environments from projects API endpoint docs
• fix(api): docs for bulk env update response
• fix: APP_NAME env in development
  • using a different APP_NAME for development might seem like a good idea but it is annoying and causes issues when debugging, especially with Redis as it is used as the key prefix
• fix(preview): docker compose preview URLs
• fix: 404 on /settings for root user on cloud instance
• fix(ui): empty network destinations when cloning a resource
• fix(ui): instance public ips ui validation
• fix(ui): images inside coolify changelog
• fix(ui): domain input whitespace trimming in instance settings
• fix(ui): change password visibility eye icon based on state
• fix(ui): hide Already registered? button from the /register page when there are 0 users as clicking on it would just redirect you back to /register
• fix(ui): improve volume mount warning for compose applications
• fix(service): remove start command from unleash template
• fix(service): add instagram envs to postiz template
• fix(service): budibase worker envs
• fix(service): correct POSTGRES_HOST in freshrss
• fix(service): use fqdn for server host in sequin template
• fix(service): wireguard easy host to use fqdn
• fix(service): signoz metrics env
• chore(deps): update composer and node dependencies
• chore(docker): add healthchecks to dev services
• chore(service): update weblate service
• chore(service): update rybbit service
• chore(service): improve mosquitto template
• refactor(service): remove unused envs from hoppscotch
• refactor(api): remove old stale domains update code from services endpoints
• refactor(api): update application create endpoints docs to specify that Dockerfile and Docker Image deployment type are without git
• refactor(api): application urls (domains) validation
  • rename fqdn to urls as that is what it actually is
  • improve URL validation to allow urls without a TLD
  • improve error messages to make it clear that URLs are needed
  • improve code by combining some actions
• docs(api): improve domains API docs
• docs(api): make docker_compose_raw description more clear

Security Fixes

• fix(env): only cat .env file in development to not expose all ENVs in deployment logs
• fix(env): only show final nixpacks plan variables section in development to not expose all ENVs in deployment logs

New Services

• added seaweedfs template
• added uptime kuma v2 with mariadb and mysql
• added autobase template
• added sftpgo template
• added esphome template
• added linkding and linkding plus template
• added open archiver template
• added cloudreve template
• added booklore template
• added sessy template
• added chibisafe template
• added mage-ai template
• added TrailBase template
• added calibre web automated with downloader template
• added silverbullet template
• added nocobase template
• added hatchet template
• added redmine template
• added glpi template

Issues

• fixed: #7853
• fixed: #7043
• fixed: #7857
• fixed: #7065
• fixed: #6885
• fixed: #7355
• fixed: #7721
• fixed: #7080
• fixed: #7308
• fixed: #7862
• fixed: #6888
• fixed: #6610
• fixed: #7117
• fixed: #7102
• fixed: #7772
• fixed: #7755
• fixed: #7438
• fixed: #7924
• fixed: #6938
• fixed: #4843
• fixed: #4616
• fixed: #6823
• fixed: #6915
• fixed: #6462
• fixed: #7702
• fixed: #5831
• fixed: #4917
• fixed: #5648
• fixed: #6503
• fixed: #7235
• fixed: #7019
• fixed: #7885
• fixed #6044
• fixed #4394

What's Changed (Github)

• fix(workflow): add 'labeled' event type for issues to trigger Claude by @andrasbacsai in #7830
• fix(workflow): enhance label matching for Claude trigger in issues by @andrasbacsai in #7831
• fix(workflow): update prompt for Claude to provide default instructions on issue labeling by @andrasbacsai in #7832
• fix(workflow): update prompt for Claude to include 'ultrathink' for issue analysis by @andrasbacsai in #7833
• fix(workflow): update Claude action to use claude_args for model configuration by @andrasbacsai in #7834
• fix(workflow): update permissions for Claude to write access by @andrasbacsai in #7835
• fix(workflow): remove 'labeled' event from issue triggers and clean up permissions by @andrasbacsai in #7836
• claude fix test by @andrasbacsai in #7825
• feat(logs): Add loading indicator to download all logs buttons by @andrasbacsai in #7847
• Fix: Trim whitespace from domain input in instance settings by @andrasbacsai in #7837
• fix: prevent metric charts from freezing on page navigation by @andrasbacsai in #7848
• fix(settings): fix 404 on /settings for root user on cloud by @andrasbacsai in #7785
• feat: add Sessy as one-click service by @andrasbacsai in #7851
• feat: add ServiceDatabase restore/import support by @murataslan1 in #7540
• feat(template): mage-ai by @nktnet1 in #7705
• Update Rybbit service images to v2.2.3 by @goldflag in #7778
• feat(templates): update Postgresus to Databasus and bump Docker Image by @Luzefiru in #7799
• fix(templates): use FQDN instead of URL for Weblate site domain by @Vadko in #7827
• chore: update contributors guide by @ShadowArcanist in #7807
• fix: use original_server for log drain config in generate_compose_file by @OZCAP in #7619
• perf(server): optimize destinationsByServer query by @luojiyin1987 in #7854
• fix(docs): remove incorrect uuid format in openapi spec by @muhammedaksam in #7419
• feat(lang): add missing chinese translation keys by @Puxhkar in #7477
• feat(services): update authentik by @Datenschmutz in #7380
• chore(docker): add healthchecks to dev services by @luojiyin1987 in #7856
• feat(ui): show server name on resource card by @ShadowArcanist in #7417
• fix: add datetime cast to finished_at column by @muhammedaksam in #7418
• fix(service): correct POSTGRES_HOST in freshrss by @murataslan1 in #7759
• feat(lang): update portuguese language keys by @felipeyousoro in #7020
• chore(service): upgrade uptime kuma to version 2 by @piscis in #7258
• fix(ui): change password visibility eye icon based on state by @murataslan1 in #7729
• feat(magic): add LOWERCASEUSER as magic variable by @webworkerJoshua in #6942
• feat(install): add postmarketos to the supported distributions by @manoedinata in #6909
• feat(ui): make git repository dropdown searchable by @favourch in #7064
• fix(service): remove command from unleash template by @himanshu-ntml in #7379
• feat(service): add healthchecks to evolution-api service by @desarrollonextpro in #6607
• fix(ui): images inside coolify changelog by @YaRissi in #7357
• update n8n with postgres to the latest stable version 2.0.x with all necessary changes by @mrj0b in #7703
• fix(deployment): use mainServer consistently instead of redundant original_server by @andrasbacsai in #7872
• feat(service): improve n8n and update n8n worker to v2 by @peaklabs-dev in #7874
• fix: make PgBouncer prepared statement disabling configurable by @andrasbacsai in #7876
• feat: improve validation patterns by @peaklabs-dev in #7875
• feat(service): add trailbase template by @imjlk in #6934
• feat(service): upgrade docker registry template by @YaRissi in #7034
• feat(service): add esphome template by @nicanordlc in #6532
• feat(service): add hatchet template by @imnotdev25 in #6711
• refactor(service): remove unused envs from hoppscotch by @GauthierPLM in #6513
• feat(service): add sftpgo template by @vincentbaeten in #6415
• fix(service): add instagram envs to postiz template by @jonas-klesen in #6424
• feat(service): add cloudreve template by @hassankhan2608 in #6774
• feat(service): add silverbullet template by @StellarRounin in #6425
• fix(service): use fqdn for server host in sequin template by @GauthierPLM in #6528
• fix(service): wireguard easy host to use fqdn by @nicanordlc in #7354
• chore(service): improve mosquitto template by @diogo24m in #6227
• fix(log): preserve leading whitespace in logs by @alwoodm in #7879
• fix: instance public ips initialization validation by @murataslan1 in #7762
• fix: cast docker version to int for proper comparison by @murataslan1 in #7760
• fix(docs): api docs for bulk env update response by @YaRissi in #7714
• fix: db public port instant save and simplify if condition by @peaklabs-dev in #7883
• fix(ui): empty network destinations when cloning a resource by @alexzvn in #7309
• feat(service): add nocobase template by @sarthaksavvy in #7347
• feat(api): allow to escape special characters in labels by @dan5py in #7886
• fix(env): custom environment variable sorting by @peaklabs-dev in #7887
• fix: GitLab webhook validation by @andrasbacsai in #7899
• feat(service): upgrade trigger template to v4 by @VictorCano in #7808
• feat(service): add redmine template by @vincentbaeten in #6429
• feat(service): add autobase template by @vitabaks in #6299
• fix(service): twenty template by @yanniksuess in #6996
• feat(service): add uptime kuma with mariadb template by @piscis in #7256
• feat(service): add calibre web automated with downloader template by @StellarRounin in #6419
• feat(service): improve matrix templates by @4www in #7560
• feat(service): add booklore template by @dgloukhman in #7838
• fix(docker): use dynamic OS ID for Docker repository URL by @andrasbacsai in #7907
• docs: remove git worktree symlink instructions from CLAUDE.md by @andrasbacsai in #7908
• feat(service): add seaweedfs template by @Christopher2K in #7617
• feat: add application logs link to preview deployments PR comment by @hendricius in #7906
• feat(api): add tag filtering on the applications list endpoint by @YassineBenh in #7360
• fix(service): signoz metrics env by @ShadowArcanist in #7927
• feat(service): update autobase to version 2.5 by @vitabaks in #7923
• fix(ui): hide already registered button when there are 0 users by @dominic-schmid in #7918
• fix(api): create service endpoint validation and docs by @peaklabs-dev in #7916
• fix(api): applications create and patch endpoints by @peaklabs-dev in #7917
• feat(service): add chibisafe template by @nktnet1 in #5808
• feat(ui): improve sidebar menu items styling by @dominic-schmid in #7928
• feat(template): add open archiver template by @wayneshn in #6593
• feat(service): add linkding template by @jeromegamez in #6651
• docs: add transcript lol link and logo to readme by @pkpio in #7331
• fix(api): encoding checks by @peaklabs-dev in #7944
• fix(ui): improve volume mount warning for compose applications by @ShadowArcanist in #7947
• feat(service): add glip template by @howardshand in #7937
• feat(templates): add Sessy docker compose template by @andrasbacsai in #7951
• feat(api): add url update support to services api by @peaklabs-dev in #7929
• fix(preview): docker compose preview URLs by @peaklabs-dev in #7959
• fix(api): application endpoint issues part 2 by @peaklabs-dev in #7948
• feat(notifications): add mattermost notifications by @peaklabs-dev in #7963
• v4.0.0-beta.461 by @andrasbacsai in #7849

New Contributors

• @goldflag made their first contribution in #7778
• @Luzefiru made their first contribution in #7799
• @Vadko made their first contribution in #7827
• @OZCAP made their first contribution in #7619
• @luojiyin1987 made their first contribution in #7854
• @Puxhkar made their first contribution in #7477
• @felipeyousoro made their first contribution in #7020
• @webworkerJoshua made their first contribution in #6942
• @himanshu-ntml made their first contribution in #7379
• @desarrollonextpro made their first contribution in #6607
• @mrj0b made their first contribution in #7703
• @imjlk made their first contribution in #6934
• @imnotdev25 made their first contribution in #6711
• @vincentbaeten made their first contribution in #6415
• @hassankhan2608 made their first contribution in #6774
• @alwoodm made their first contribution in #7879
• @sarthaksavvy made their first contribution in #7347
• @VictorCano made their first contribution in #7808
• @vitabaks made their first contribution in #6299
• @yanniksuess made their first contribution in #6996
• @4www made their first contribution in #7560
• @dgloukhman made their first contribution in #7838
• @Christopher2K made their first contribution in #7617
• @hendricius made their first contribution in #7906
• @YassineBenh made their first contribution in #7360
• @dominic-schmid made their first contribution in #7918
• @wayneshn made their first contribution in #6593
• @jeromegamez made their first contribution in #6651
• @pkpio made their first contribution in #7331

Full Changelog: v4.0.0-beta.460...v4.0.0-beta.461