❌

Normale weergave

Ontvangen β€” 7 April 2026 ⏭ Servers

Minecraft 26.2-snapshot-1 (snapshot) Released

βœ‡Minecraft
7 April 2026 om 13:52
26.2-snapshot-1 (also known as 26.2 Snapshot 1) is the first snapshot for Java Edition 26.2, released on April 7, 2026, which adds the sulfur caves, sulfur cube, sulfur and cinnabar block sets, and an experimental Vulkan renderer. Full changelog: https://minecraft.wiki/Java_Edition_26.2-snapshot-1
  •  
  • ↗️
Ontvangen β€” 2 April 2026 ⏭ Servers

Asterisk Release 23.3.0-rc2

βœ‡Asterisk
Door: asteriskteam
2 April 2026 om 19:03

The Asterisk Development Team would like to announce
release candidate 2 of asterisk-23.3.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.3.0-rc2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.3.0-rc2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-23.3.0-rc2

Links:

Summary:

  • Commits: 2
  • Commit Authors: 2
  • Issues Resolved: 3
  • Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

  • George Joseph: (1)
  • nappsoft: (1)

Issue and Commit Detail:

Closed Issues:

  • 1844: [bug]: cdrel_custom isn't respecting the default time format for CEL records
  • 1845: [bug]:res_cdrel_custom produces wrong float timestamps
  • 1852: [bug]: res_cdrel_custom: connection to the sqlite3 database closes from time to time

Commits By Author:

  • George Joseph (1):

    • res_cdrel_custom: Resolve several formatting issues.

  • nappsoft (1):

    • res_cdrel_custom: do not free config when no new config was loaded

Commit List:

  • res_cdrel_custom: do not free config when no new config was loaded
  • res_cdrel_custom: Resolve several formatting issues.

Commit Details:

res_cdrel_custom: do not free config when no new config was loaded

Author: nappsoft
Date: 2026-04-02

When the res_cdrel_custom modules is reloaded and the config has not been changed asterisk should not free the old config. Otherwise the connection to the database will be closed and no new connection will be opened.

Resolves: #1852

res_cdrel_custom: Resolve several formatting issues.

Author: George Joseph
Date: 2026-03-31

Several issues are resolved:

  • Internally, floats were used for timestamp values but this could result
    in wrapping so they've been changed to doubles.

  • Historically, the default CEL eventtime format is <seconds>.<microseconds>
    with <microseconds> always being 6 digits. This should have continued to be
    the case but res_cdrel_custom wasn't checking the dateformat setting in
    cel.conf and was defaulting to %F %T. res_cdrel_custom now gets the default
    date format from cel.conf, which will be whatever the dateformat parameter
    is set to or <seconds>.<microseconds> if not set.

  • The timeval field formatter for both CDR and CEL wasn't handling custom
    strftime format strings correctly. This is now fixed so you should be able
    to specifiy custom strftime format strings for the CEL eventtime and CDR
    start, answer and end fields. For example: eventtime(%FT%T%z).

Resolves: #1844
Resolves: #1845

  •  
  • ↗️

Asterisk Release 22.9.0-rc2

βœ‡Asterisk
Door: asteriskteam
2 April 2026 om 18:52

The Asterisk Development Team would like to announce
release candidate 2 of asterisk-22.9.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.9.0-rc2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.9.0-rc2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-22.9.0-rc2

Links:

Summary:

  • Commits: 2
  • Commit Authors: 2
  • Issues Resolved: 3
  • Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

  • George Joseph: (1)
  • nappsoft: (1)

Issue and Commit Detail:

Closed Issues:

  • 1844: [bug]: cdrel_custom isn't respecting the default time format for CEL records
  • 1845: [bug]:res_cdrel_custom produces wrong float timestamps
  • 1852: [bug]: res_cdrel_custom: connection to the sqlite3 database closes from time to time

Commits By Author:

  • George Joseph (1):

    • res_cdrel_custom: Resolve several formatting issues.

  • nappsoft (1):

    • res_cdrel_custom: do not free config when no new config was loaded

Commit List:

  • res_cdrel_custom: do not free config when no new config was loaded
  • res_cdrel_custom: Resolve several formatting issues.

Commit Details:

res_cdrel_custom: do not free config when no new config was loaded

Author: nappsoft
Date: 2026-04-02

When the res_cdrel_custom modules is reloaded and the config has not been changed asterisk should not free the old config. Otherwise the connection to the database will be closed and no new connection will be opened.

Resolves: #1852

res_cdrel_custom: Resolve several formatting issues.

Author: George Joseph
Date: 2026-03-31

Several issues are resolved:

  • Internally, floats were used for timestamp values but this could result
    in wrapping so they've been changed to doubles.

  • Historically, the default CEL eventtime format is <seconds>.<microseconds>
    with <microseconds> always being 6 digits. This should have continued to be
    the case but res_cdrel_custom wasn't checking the dateformat setting in
    cel.conf and was defaulting to %F %T. res_cdrel_custom now gets the default
    date format from cel.conf, which will be whatever the dateformat parameter
    is set to or <seconds>.<microseconds> if not set.

  • The timeval field formatter for both CDR and CEL wasn't handling custom
    strftime format strings correctly. This is now fixed so you should be able
    to specifiy custom strftime format strings for the CEL eventtime and CDR
    start, answer and end fields. For example: eventtime(%FT%T%z).

Resolves: #1844
Resolves: #1845

  •  
  • ↗️

Asterisk Release 20.19.0-rc2

βœ‡Asterisk
Door: asteriskteam
2 April 2026 om 18:41

The Asterisk Development Team would like to announce
release candidate 2 of asterisk-20.19.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.19.0-rc2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.19.0-rc2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-20.19.0-rc2

Links:

Summary:

  • Commits: 2
  • Commit Authors: 2
  • Issues Resolved: 3
  • Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

  • George Joseph: (1)
  • nappsoft: (1)

Issue and Commit Detail:

Closed Issues:

  • 1844: [bug]: cdrel_custom isn't respecting the default time format for CEL records
  • 1845: [bug]:res_cdrel_custom produces wrong float timestamps
  • 1852: [bug]: res_cdrel_custom: connection to the sqlite3 database closes from time to time

Commits By Author:

  • George Joseph (1):

    • res_cdrel_custom: Resolve several formatting issues.

  • nappsoft (1):

    • res_cdrel_custom: do not free config when no new config was loaded

Commit List:

  • res_cdrel_custom: do not free config when no new config was loaded
  • res_cdrel_custom: Resolve several formatting issues.

Commit Details:

res_cdrel_custom: do not free config when no new config was loaded

Author: nappsoft
Date: 2026-04-02

When the res_cdrel_custom modules is reloaded and the config has not been changed asterisk should not free the old config. Otherwise the connection to the database will be closed and no new connection will be opened.

Resolves: #1852

res_cdrel_custom: Resolve several formatting issues.

Author: George Joseph
Date: 2026-03-31

Several issues are resolved:

  • Internally, floats were used for timestamp values but this could result
    in wrapping so they've been changed to doubles.

  • Historically, the default CEL eventtime format is <seconds>.<microseconds>
    with <microseconds> always being 6 digits. This should have continued to be
    the case but res_cdrel_custom wasn't checking the dateformat setting in
    cel.conf and was defaulting to %F %T. res_cdrel_custom now gets the default
    date format from cel.conf, which will be whatever the dateformat parameter
    is set to or <seconds>.<microseconds> if not set.

  • The timeval field formatter for both CDR and CEL wasn't handling custom
    strftime format strings correctly. This is now fixed so you should be able
    to specifiy custom strftime format strings for the CEL eventtime and CDR
    start, answer and end fields. For example: eventtime(%FT%T%z).

Resolves: #1844
Resolves: #1845

  •  
  • ↗️
Ontvangen β€” 1 April 2026 ⏭ Servers

Minecraft 26w14a (snapshot) Released

βœ‡Minecraft
1 April 2026 om 14:13
26w14a, supposedly the first and only snapshot for the "Herdcraft Update", is an April Fools' Day joke snapshot released on April 1, 2026. Similar to 22w13oneBlockAtATime, it disables many inventory features. Instead, the player can command "living blocks" using various tools in their hotbar. The blocks act as mobs, meaning they can be hurt, moved, and attacked. Full changelog: https://minecraft.wiki/Java_Edition_26w14a
  •  
  • ↗️

Minecraft 26.1.1 (stable) Released

βœ‡Minecraft
1 April 2026 om 11:06
26.1.1 is a hotfix for Java Edition released on April 1, 2026, which fixes an issue with chat reporting. It is compatible with 26.1 servers. Full changelog: https://minecraft.wiki/Java_Edition_26.1.1
  •  
  • ↗️
Ontvangen β€” 31 Maart 2026 ⏭ Servers

Minecraft 26.1.1-rc-1 (snapshot) Released

βœ‡Minecraft
31 Maart 2026 om 12:07
26.1.1 Release Candidate 1 (known as 26.1.1-rc-1 in the launcher) is the first and only release candidate for Java Edition 26.1.1, released on March 31, 2026, which fixes a bug. Full changelog: https://minecraft.wiki/Java_Edition_26.1.1-rc-1
  •  
  • ↗️
Ontvangen β€” 27 Maart 2026 ⏭ Servers

Release v2.4.3

βœ‡Dovecot
Door: cmouse
27 Maart 2026 om 08:58

You can install pre-built binaries from https://repo.dovecot.org/

Docker images can be found at https://hub.docker.com/r/dovecot/dovecot

Please review https://doc.dovecot.org/2.4.3/installation/upgrade/2.3-to-2.4.html and https://doc.dovecot.org/2.4.3/installation/installation.html.

Important

There are experimental features in 2.4, one is enabled with --enable-experimental-mail-utf8, and another with --enable-experimental-imap4rev2, and you also need to set mail_utf8_extensions=yes and imap4rev2_enabled=yes to enable them in config.

Critical bug fixes

  • CVE-2025-59028: Invalid base64 authentication can cause DoS for other
    logins.
  • CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks
    and read unintended files during indexing. Fixed by dropping the script.
  • CVE-2026-24031: SQL injection possible if auth_username_chars is
    configured empty. Fixed escaping to always happen. v2.4 regression.
  • CVE-2026-27859: Excessive RFC 2231 MIME parameters in email would cause
    excessive CPU usage. Fixed by limiting number of parameters to process.
  • CVE-2026-27860: LDAP query injection possible if auth_username_chars
    is configured empty. Fixed escaping to always happen. v2.4 regression.
  • CVE-2026-27857: Sending excessive parenthesis causes imap-login to use
    excessive memory.
  • CVE-2026-27856: Doveadm credentials were not checked using timing-safe
    checking function.
  • CVE-2026-27855: OTP driver vulnerable to replay attack.

Changes

  • Remove default service/*/service_extra_groups=$SET:default_internal_group.
    They are now replaced by default mail_access_groups=$SET:default_internal_group.
  • The version file has been renamed as version.txt to avoid clash with
    C++ headers.
  • auth: oauth2 - Do not export token automatically, must be exported using
    fields.
  • config: Don't accept 0 as meaning unlimited anymore for
    last_valid_uid, last_valid_gid, mail_cache_max_headers_count,
    mail_cache_max_header_name_length, mail_vsize_bg_after_count,
    mail_sort_max_read_count, message_max_size, submission_max_recipients
    and quota_mail_size.
  • imap, pop3: Don't autoexpunge if Dovecot is shutting down or process
    is killed.
  • imap: LIST - Handle invalid mUTF-7 mailbox names as never matching anything
  • lazy-expunge: Change lazy_expunge_only_last_instance default to yes.
  • lda: Use EX_TEMPFAIL (75) if configuration is invalid instead of 89.
    v2.4 regression.
  • lib-master: Increase ANVIL_DEFAULT_LOOKUP_TIMEOUT_MSECS from 5s to 30s
  • lib: crc32 - Use zlib's built-in CRC32 function

New features

  • Improve UTF-8 support for mail storage.
  • auth: Add default auth-token UNIX socket for token-based authentication.
  • doc: solr-config-9.xml - Make it compatible with Solr 9.8.0
  • doveadm: dsync - Search mails when exporting to reduce number of mails
    exported by dsync-server.
  • dovecot-sysreport: Add -D|--destdir support.
  • imap, imap-hibernate: Use DOVECOT-TOKEN authentication for unhibernation.
    Default imap-master socket permissioms have been changed due to this.
  • imap: Add APPENDLIMIT capability when configured with quota_mail_size.
  • imap: Support STATUS (DELETED) for IMAP4rev2.
  • imapc: Add support for SEARCH MIMEPART
  • imapc: Improve error forwarding.
  • imapc: Support SORT and ESORT extensions.
  • imapc: Support STATUS (DELETED) for IMAP4rev2.
  • lib-sql: Support parameterized queries.
  • lib-test: Add new test-dir API for better temporary test directory
    handling.
  • lmtp: Advertize SIZE capability when configured with quota_mail_size.
  • lmtp: Support XCLIENT DESTADDR and DESTPORT
  • pop3-login: proxy - Add support for XCLIENT DESTIP and DESTPORT
  • submission-login: proxy - Add support for XCLIENT DESTIP and DESTPORT
  • Various optimizations have been made to the code.

Bug fixes

  • Fix building dovecot with BSD, Solaris and macOS.
  • auth: Crash would occur if users were iterated but
    userdb_ldap_iterate_fields was not set.
  • auth: Fix request leak when client authenticates with unsupported mechanism.
  • auth: Some passdbs would default to PLAIN instead of CRYPT scheme.
  • config: Section and setting names could have been intermixed, resulting
    in the setting being silently ignored.
  • configure: Fix checking if BUILD_IMAP_HIBERNATE is set
  • doveadm: dsync - -e parameter was handled wrong with dsync-server.
  • fts-flatcurve: Mailbox leak would occur if mailbox failed to open.
  • imap: Fix potential issues with unhibernation and process state handling.
  • imapc: SEARCH failure handling was done wrong.
  • imapc: UID STORE commands included extra comma in uidset.
  • lib-auth-client: auth-master - Fix panic when reconnecting after
    handshake timeout.
  • lib-compression: Lz4 algorithm would assert-crash with malicious data.
  • lib-dcrypt: Fix digest algorithm handling.
  • lib-dict: Escape username paths to prevent traversal issues with dict-fs.
  • lib-http: Fix HTTP parsing edge cases and state handling.
  • lib-iostream: Disallow empty ssl_min_protocol.
  • lib-json: Fix incorrect character handling logic.
  • lib-ldap: Fix various TLS related bugs.
  • lib-mail: Fix charset translation and MIME parsing edge cases.
  • lib-mail: Fix multiple bounds checks and parsing issues in message handling.
  • lib-var-expand: Multiple fixes and improvements for expansion handling.
  • lib: Fix punycode decoding out-of-bounds reads.
  • lib: Fix unicode normalization edge cases causing crashes.
  • lib-http: Chunked transfer trailer size was not limited.
  • login-common: Improve logging and internal error handling.
  • login-common: login_log_format_elements was split by spaces naively, which
    could break variable expansion. Use template aware splitting now.
  • master: Dovecot would fail to start if listen directive was used and
    dovenull or dovecot user was missing.
  • pop3c: Connection might've hung with SSL.
  • util: Fix handling of environment variables containing control characters.
  • Many other bugs have been fixed.

  •  
  • ↗️
Ontvangen β€” 26 Maart 2026 ⏭ Servers

Asterisk Release certified-22.8-cert2

βœ‡Asterisk
Door: asteriskteam
26 Maart 2026 om 21:11

The Asterisk Development Team would like to announce
the release of Certified asterisk-22.8-cert2.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-22.8-cert2
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-22.8-cert2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-certified-22.8-cert2

Links:

Summary:

  • Commits: 1
  • Commit Authors: 1
  • Issues Resolved: 1
  • Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

  • Mike Bradeen: (1)

Issue and Commit Detail:

Closed Issues:

  • 1833: [bug]: Address security vulnerabilities in pjproject

Commits By Author:

  • Mike Bradeen (1):

    • res_pjsip: Address pjproject security vulnerabilities

Commit List:

  • res_pjsip: Address pjproject security vulnerabilities

Commit Details:

res_pjsip: Address pjproject security vulnerabilities

Author: Mike Bradeen
Date: 2026-03-25

Address the following pjproject security vulnerabilities

GHSA-j29p-pvh2-pvqp - Buffer overflow in ICE with long username
GHSA-8fj4-fv9f-hjpc - Heap use-after-free in PJSIP presense subscription termination header
GHSA-g88q-c2hm-q7p7 - ICE session use-after-free race conditions
GHSA-x5pq-qrp4-fmrj - Out-of-bounds read in SIP multipart parsing

Resolves: #1833

  •  
  • ↗️

Asterisk Release certified-20.7-cert10

βœ‡Asterisk
Door: asteriskteam
26 Maart 2026 om 21:09

The Asterisk Development Team would like to announce
the release of Certified asterisk-20.7-cert10.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert10
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-20.7-cert10

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-certified-20.7-cert10

Links:

Summary:

  • Commits: 1
  • Commit Authors: 1
  • Issues Resolved: 1
  • Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

  • Mike Bradeen: (1)

Issue and Commit Detail:

Closed Issues:

  • 1833: [bug]: Address security vulnerabilities in pjproject

Commits By Author:

  • Mike Bradeen (1):

    • res_pjsip: Address pjproject security vulnerabilities

Commit List:

  • res_pjsip: Address pjproject security vulnerabilities

Commit Details:

res_pjsip: Address pjproject security vulnerabilities

Author: Mike Bradeen
Date: 2026-03-24

Address the following pjproject security vulnerabilities

GHSA-j29p-pvh2-pvqp - Buffer overflow in ICE with long username
GHSA-8fj4-fv9f-hjpc - Heap use-after-free in PJSIP presense subscription termination header
GHSA-g88q-c2hm-q7p7 - ICE session use-after-free race conditions
GHSA-x5pq-qrp4-fmrj - Out-of-bounds read in SIP multipart parsing

Resolves: #1833

  •  
  • ↗️

Asterisk Release 21.12.2

βœ‡Asterisk
Door: asteriskteam
26 Maart 2026 om 20:54

The Asterisk Development Team would like to announce
the release of asterisk-21.12.2.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.12.2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 21.12.2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-21.12.2

Links:

Summary:

  • Commits: 1
  • Commit Authors: 1
  • Issues Resolved: 1
  • Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

  • Mike Bradeen: (1)

Issue and Commit Detail:

Closed Issues:

  • 1833: [bug]: Address security vulnerabilities in pjproject

Commits By Author:

  • Mike Bradeen (1):

    • res_pjsip: Address pjproject security vulnerabilities

Commit List:

  • res_pjsip: Address pjproject security vulnerabilities

Commit Details:

res_pjsip: Address pjproject security vulnerabilities

Author: Mike Bradeen
Date: 2026-03-25

Address the following pjproject security vulnerabilities

GHSA-j29p-pvh2-pvqp - Buffer overflow in ICE with long username
GHSA-8fj4-fv9f-hjpc - Heap use-after-free in PJSIP presense subscription termination header
GHSA-g88q-c2hm-q7p7 - ICE session use-after-free race conditions
GHSA-x5pq-qrp4-fmrj - Out-of-bounds read in SIP multipart parsing

Resolves: #1833

  •  
  • ↗️

Asterisk Release 22.9.0-rc1

βœ‡Asterisk
Door: asteriskteam
26 Maart 2026 om 20:39

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-22.9.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.9.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.9.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-22.9.0-rc1

Links:

Summary:

  • Commits: 48
  • Commit Authors: 20
  • Issues Resolved: 31
  • Security Advisories Resolved: 0

  •  
  • ↗️

Asterisk Release 23.3.0-rc1

βœ‡Asterisk
Door: asteriskteam
26 Maart 2026 om 20:31

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-23.3.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.3.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.3.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-23.3.0-rc1

Links:

Summary:

  • Commits: 48
  • Commit Authors: 20
  • Issues Resolved: 31
  • Security Advisories Resolved: 0

  •  
  • ↗️

Asterisk Release 20.19.0-rc1

βœ‡Asterisk
Door: asteriskteam
26 Maart 2026 om 20:31

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-20.19.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.19.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.19.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-20.19.0-rc1

Links:

Summary:

  • Commits: 48
  • Commit Authors: 20
  • Issues Resolved: 31
  • Security Advisories Resolved: 0

  •  
  • ↗️

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default proxy HTTP version to HTTP/1.1 with keep-alive enabled.

βœ‡nginx
23 Maart 2026 om 22:00
2026-03-24

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default proxy HTTP version to HTTP/1.1 with keep-alive enabled.

  •  
  • ↗️

uNmINeD 0.19.60-dev

βœ‡Unmined
Door: megasys
26 Maart 2026 om 00:12

New uNmINeD development snapshot is available for download!

Changes:

  • (GUI) Datapack and mod load errors are now ignored when opening a world
  • (GUI) The log now include a stack trace of errors that occur when opening the world
  • Improved handling of broken mods/datapacks
  •  
  • ↗️
Ontvangen β€” 25 Maart 2026 ⏭ Servers

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default HTTP version to HTTP/1.1 with keep-alive enabled.

βœ‡nginx
23 Maart 2026 om 22:00
2026-03-24

nginx-1.28.3 stable and nginx-1.29.7 mainline versions have been released, with fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755). Additionally, nginx-1.29.7 mainline version introduces support for Multipath TCP and upgrades the default HTTP version to HTTP/1.1 with keep-alive enabled.

  •  
  • ↗️
Ontvangen β€” 24 Maart 2026 ⏭ Servers

uNmINeD 0.19.59-dev

βœ‡Unmined
Door: megasys
24 Maart 2026 om 22:48

New uNmINeD development snapshot is available for download!

Changes:

  • (Hytale) Added texture average color calculation for vanilla blocks from the latest installed game assets
  • (Hytale) Added texture average color calculation for custom blocks added by mods
  • (Hytale) Updated vanilla stylesheet to version 2026-03-23
  • (Minecraft) Fixed an issue where the Bedrock vanilla resource pack would not load in some cases
  • (GUI) Fixed a zoom glitch when a map marker was under the mouse cursor
  •  
  • ↗️

v4.0.0-beta.470

βœ‡Coolify
Door: andrasbacsai
24 Maart 2026 om 22:00

What's Changed

Security & Fixes

  • Fixed proxy config validation to ensure stored config matches the current proxy type (#9146, fixes #9127)
  • Fixed environment variables being incorrectly resolved in compose files instead of preserving ${VAR} references (#9147, fixes #9136)
  • Fixed deployment issues with shell argument escaping in nixpacks commands (#9122, fixes #9042)
  • Fixed GitHub webhook errors for unsupported event types (#9119, fixes #9090)
  • Fixed server limit checks when using API tokens (#9123, fixes #9116)
  • Fixed hostname validation to be case-insensitive and allow more characters (#9134, fixes #9131)
  • Fixed duplicate subscription creation
  • Fixed environment variable refresh when variables are missing or stale
  • Fixed Docker cleanup logging when server is unreachable

New Services & Templates

  • Added EspoCRM one-click service template (#8658)

Improvements

  • Improved mobile responsiveness for confirmation modals
  • Simplified Docker installation process
  • Added storage API endpoints with UUID support for databases and services
  • Added Nightwatch monitoring support
  • Disabled Booklore service template (#9105)
  • Bumped Sentinel and Traefik versions

What's Changed (Github)

New Contributors

Full Changelog: v4.0.0-beta.469...v4.0.0-beta.470

  •  
  • ↗️

Minecraft 26.1 (stable) Released

βœ‡Minecraft
24 Maart 2026 om 13:11
26.1, the release of Tiny Takeover, is a game drop for Java Edition released on March 24, 2026, which adds new textures and models for every baby mob that did not already have a unique model, adds the golden dandelion, makes name tags craftable, makes technical changes, and fixes bugs. Full changelog: https://minecraft.wiki/Java_Edition_26.1
  •  
  • ↗️

MariaDB 13.0 Preview Now Available

βœ‡MariaDB
Door: FrΓ©dΓ©ric Descamps
24 Maart 2026 om 13:49

We are pleased to announce the availability of a preview of the MariaDB 13.0 series. MariaDB 13.0 is a preview rolling release, published on 23 March 2026, and it continues the work started in 12.3 while adding a solid set of entirely new features. …

Continue reading \"MariaDB 13.0 Preview Now Available\"

The post MariaDB 13.0 Preview Now Available appeared first on MariaDB.org.

  •  
  • ↗️
Ontvangen β€” 23 Maart 2026 ⏭ Servers

v4.0.0-beta.469

βœ‡Coolify
Door: andrasbacsai
20 Maart 2026 om 16:39

What's Changed

Security & Fixes

  • Fixed sporadic SSH "permission denied" errors during key rotation (#8990, fixes #7724)
  • Fixed deployment failures when build server is enabled during restart operations (#9045, fixes #9013)
  • Fixed breadcrumb queries causing out-of-memory crashes (#9048, fixes #9009)
  • Fixed GitHub App webhook endpoint defaulting to IPv4 instead of instance domain (#8948)
  • Fixed Hoppscotch service failing to start due to database health check (#8949)
  • Fixed Docker Compose not respecting preserveRepository for project directory (#8956, fixes #8953)
  • Fixed backup error when S3 storage is missing or deleted (#9038, fixes #9035)
  • Fixed Stripe subscription error handling and resilience (#9030)
  • Fixed Heyform template configuration (#8747)
  • Fixed API resource UUID extraction from route parameters
  • Fixed Docker cleanup stale container warning on cloud instances
  • Fixed Compose file-not-found error now includes git branch info

New Services & Templates

  • Added LibreSpeed service for self-hosted speed testing (#8626)
  • Added imgcompress service for offline image processing (#8763)
  • Updated Databasus to v3.16.2 (#8586)
  • Updated n8n with Postgres and Worker to v2.10.4 (#8807)
  • Updated SeaweedFS images to v4.13 (#8738)
  • Fixed Castopod service port from 8000 to 8080 (#8817)

Improvements

  • Added per-volume control of PR suffix in preview deployments (#9006, fixes #7802, fixes #7343)
  • Added auto-population of FQDN from docker_compose_domains for compose previews (#8963, fixes #8958)
  • Added force deletion option for servers with existing resources (#8962)
  • Added auto-fetch of server metadata after validation (#8964)
  • Added container label escape control to services API (#8955, fixes #8954)
  • Added database environment variable management API endpoints
  • Added storage management API endpoints for applications and backup schedules
  • Added support for comments in bulk environment variable API endpoints
  • Added placeholder hints for magic environment variables
  • Added next billing date and billing interval display for subscriptions
  • Added cache-based deduplication for delayed cron execution
  • Simplified environment variable settings by removing buildtime/runtime options

What's Changed (Github)

  • fix(git): GitHub App webhook endpoint defaults to IPv4 instead of the instance domain by @ShadowArcanist in #8948
  • feat(service): update n8n-with-postgres-and-worker to 2.10.4 by @michachan in #8807
  • Change Castopod service port from 8000 to 8080 by @SeriousM in #8817
  • fix(service): hoppscotch fails to start due to db unhealthy by @ShadowArcanist in #8949
  • fix(api): allow is_container_label_escape_enabled in service operations by @andrasbacsai in #8955
  • fix(docker-compose): respect preserveRepository when injecting --project-directory by @andrasbacsai in #8956
  • feat(server): allow force deletion of servers with resources by @andrasbacsai in #8962
  • feat(compose-preview): populate fqdn from docker_compose_domains by @andrasbacsai in #8963
  • feat(server): auto-fetch server metadata after validation by @andrasbacsai in #8964
  • feat(templates): Add imgcompress service, for offline image processing by @ariqpradipa in #8763
  • fix(template): fix heyform template by @iMuFeng in #8747
  • chore(service): Update SeaweedFS images to version 4.13 by @FabioHAraujo in #8738
  • feat(service): Add librespeed by @diogo24m in #8626
  • feat(service): update databasus to v3.16.2 by @Luzefiru in #8586
  • fix(preview): enable per-volume control of PR suffix in preview deployments by @andrasbacsai in #9006
  • fix: prevent sporadic SSH permission denied on key rotation by @pannous in #8990
  • fix(stripe): add error handling and resilience to subscription operations by @andrasbacsai in #9030
  • fix(backup): throw explicit error when S3 storage missing or deleted by @andrasbacsai in #9038
  • perf(breadcrumb): optimize queries and simplify navigation to fix OOM by @andrasbacsai in #9048
  • fix(deployment): disable build server during restart operations by @andrasbacsai in #9045
  • v4.0.0-beta.469 by @andrasbacsai in #9007

New Contributors

Full Changelog: v4.0.0-beta.468...v4.0.0-beta.469

  •  
  • ↗️

v4.0.0-beta.468

βœ‡Coolify
Door: andrasbacsai
12 Maart 2026 om 14:28

What's Changed

Security & Fixes

  • Fixed SSH connection retry failures during deployments (#8927, fixes #8926)
  • Fixed deployment type selection when using GitHub/GitLab Apps (#8934, fixes #8917)
  • Fixed deployment authorization endpoint returning incorrect 404 errors (#8931, fixes #8925)
  • Fixed shared variables not resolving in Docker Compose environments (#8930, fixes #8918)
  • Fixed SSH keys not being used for git submodule and LFS operations (#8933, fixes #8895)
  • Added support for scoped npm packages in file path validation (#8928, fixes #8924)

Improvements

  • Added log filtering capability based on log level in deployment logs (#8784)

What's Changed (Github)

Full Changelog: v4.0.0-beta.467...v4.0.0-beta.468

  •  
  • ↗️

v4.0.0-beta.467

βœ‡Coolify
Door: andrasbacsai
11 Maart 2026 om 18:23

What's Changed

Security & Fixes

  • Fixed command injection vulnerability in health check commands (#8898)
  • Added path validation to prevent command injection in file locations
  • Fixed environment variables being overwritten when changing service domains (#8915, fixes #8912)
  • Fixed Nixpacks deployment failures when application has no domain set (#8902, fixes #6830)
  • Fixed resource deletion failing silently in the danger zone (#8909, fixes #8836)
  • Fixed scheduled task input fields losing focus while editing (#8654, fixes #8647)
  • Added docker_cleanup parameter to API stop endpoints (#8899, fixes #7758)

Improvements

  • Added GitLab source integration with SSH deploy keys and HTTP basic auth (#8910, fixes #5295)
  • Added database-backed proxy config storage with automatic recovery and versioned backups (#8905, fixes #7178)
  • Added server metadata collection and display

What's Changed

  • fix(security): sanitize newlines in health check commands to prevent RCE by @andrasbacsai in #8898
  • fix: prevent scheduled task input fields from losing focus by @sharkcreep87 in #8654
  • fix(api): add docker_cleanup parameter to stop endpoints by @andrasbacsai in #8899
  • fix(deployment): filter null and empty environment variables from nixpacks plan by @andrasbacsai in #8902
  • feat(proxy): add database-backed config storage with disk backups by @andrasbacsai in #8905
  • fix(livewire): add error handling and selectedActions to delete methods by @andrasbacsai in #8909
  • feat(git-sources): add GitLab integration and URL encode credentials by @andrasbacsai in #8910
  • fix(parsers): use firstOrCreate instead of updateOrCreate for environment variables by @andrasbacsai in #8915
  • v4.0.0-beta.467 by @andrasbacsai in #8911

New Contributors

Full Changelog: v4.0.0-beta.466...v4.0.0-beta.467

  •  
  • ↗️

v4.0.0-beta.466

βœ‡Coolify
Door: andrasbacsai
11 Maart 2026 om 07:34

What's Changed

Security & Fixes

  • Prevent command injection via base64-encoding log drain environment variables
  • Prevent command injection via git reference validation
  • Add sentinel token validation to prevent command injection
  • Require write permission for API validation endpoints
  • Prevent false container exits on failed docker queries (#8860)
  • Track last_online_at and reset database restart state
  • Preserve user-saved environment variables on Docker Compose redeploy (#8894)
  • Fix build-time environment variables breaking Next.js (#8890)
  • Prevent command injection in developer view shared variables (#8889)
  • Make confirmation modal close after dispatching Livewire actions (#8892)
  • Respect keep for rollback setting for Nixpacks build images (#8859)

Dependencies

  • Bump rollup from 4.57.1 to 4.59.0 (#8691)
  • Bump league/commonmark from 2.8.0 to 2.8.1 (#8793)

What's Changed

Full Changelog: v4.0.0-beta.465...v4.0.0-beta.466

  •  
  • ↗️

v4.0.0-beta.465

βœ‡Coolify
Door: andrasbacsai
10 Maart 2026 om 21:18

What's Changed

Security & Fixes

  • Fixed WebSocket connection and host authorization issues in terminal (#8862, fixes #8856)
  • Fixed environment variable parser capturing trailing braces in bash-style defaults (#8855, fixes #8851)
  • Fixed confirmation modal staying open after database import/restore (#8697, fixes #8689)
  • Fixed nginx.conf mounting error in development mode (#8662)
  • Fixed docker-compose deployment with custom start commands and preserveRepository setting (#8848, fixes #8417)
  • Fixed preview deployment page visibility for deploy key applications (#8579)

Improvements

  • Added configurable timeout for public database TCP proxy connections (#8673, fixes #7743)

What's Changed

  • fix: enable preview deployment page for deploy key applications by @mauritsderuiter95 in #8579
  • fix(docker-compose): respect preserveRepository setting when executing start command by @andrasbacsai in #8848
  • fix(proxy): mounting error for nginx.conf in dev by @Cinzya in #8662
  • feat: add configurable proxy timeout for public database TCP proxy by @brendanlim in #8673
  • fix(database): close confirmation modal after database import/restore by @devrim-1283 in #8697
  • fix(env-parser): capture clean variable names without trailing braces in bash-style defaults by @andrasbacsai in #8855
  • fix(terminal): resolve WebSocket connection and host authorization issues by @andrasbacsai in #8862
  • v4.0.0-beta.465 by @andrasbacsai in #8853

New Contributors

Full Changelog: v4.0.0-beta.464...v4.0.0-beta.465

  •  
  • ↗️
❌