[0.16.0] - 2026-04-20

This version includes multiple breaking changes. If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.

Added

• Web UI rewritten from the ground up using the JMAP management API, featuring a refreshed design and addressing 76 enhancement requests and bug fixes.
• CLI rewritten from the ground up to use the JMAP management API.
• Security enhancements:
  • Password strength enforcement using the zxcvbn algorithm
  • Password expiration, rotation policies and IP address restrictions for user accounts
  • App Passwords with limited access (#1609), labels (#2255), IP address restrictions and expiration dates
  • API keys with limited access, labels, IP address restrictions and expiration dates
  • Auto-ban comments and details about the triggering event (#1321)
  • Auto-ban expiration after a configurable time period (#964)
• DNS Management:
  • Automatic DNS management of MX, TXT, CNAME, SRV, CAA and TLSA records (#463 #1017 #1419 #2438 #1370 #1406 #1371)
  • Automatic update of TLSA records when ACME certificates change (#1664)
  • RFC2136 SIG(0) support (#856)
  • Route53 provider support (contributed by @jimmystewpot)
  • Google Cloud DNS provider support (contributed by @jimmystewpot)
  • Bunny provider support (contributed by @angeloanan)
  • Porkbun provider support (contributed by @jeffesquivels)
  • DNSimple provider support (contributed by @NelsonVides)
  • Spaceship provider support (contributed by @matserix)
• DKIM:
  • Automatic DKIM key generation, rotation and DNS management (#368 #961)
  • Store DKIM keys in the database (#1264)
  • Ignore insecure signatures when verifying DKIM (#1068 #467)
• ACME/TLS:
  • DNS-PERSIST-01 ACME challenge support (#2837)
  • Renew certificates on demand, view certificate details (#675 #1162 #2566)
  • CAA record support (#468) with accounturi parameter (#1933)
  • TLSA records publishing restricted to 3 1 1 and 2 1 1 (#2193)
• OIDC and OAuth:
  • JWT token validation without requesting userinfo from the OIDC provider.
  • Audience (aud) claim (#2603) and scope validation support.
  • Groups support (#1448)
  • RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients
• LDAP:
  • Separate filter for groups (#1841)
  • Improve support for OpenLDAP schemas (#760)
  • Improve and simplify LDAP settings (#2194 #2174)
• Directory:
  • Masked email addresses for enhanced privacy (Enterprise)
  • Domain aliases (#583)
  • E-mail alias descriptions and option to disable aliases (#506)
  • Account archiving and un-deletion (#2767) (Enterprise)
  • Per-domain directory backends (Enterprise)
• Account configuration and discovery:
  • Automatic Configuration of Email, Calendar, and Contact Server Settings (draft-mailmaint-uaautoconf-04) (#2201)
  • MS Autodiscover V2 support (#679)
• Sieve: Allow deactivating scripts without deleting them (#1251).
• Tracing: Enable events only mode (#2276)
• Clustering:
  • Automatic cluster node ID generation and management.
  • Unified cluster management (#960)
  • Outbound MTA role (#1692)

Changed

• Replaced REST API with JMAP API (#2262 #959 #1480)
• Removed support for Authenticated Received Chain (ARC) sealing (learn more).
• Directory: Removed smtp, imap and memory directory backends.
• Use aws-lc for cryptographic operations instead of ring.
• Use rustls-platform-verifier for TLS certificate verification instead of webpki (#247).

Fixed

• Directory:
  • Cannot remove built-in "admin" role from user once it was assigned (#1467)
  • Delete associated records (#963)
  • Updated Role permissions not applied (#2038)
  • Recreated account cannot log in until server is restarted (#1469)
  • Subaddressing does not work for groups (#475)
  • New LDAP aliases are rejected (#1318).
  • Validate account and group names (#2209)
• MTA:
  • RCPT TO stage settings improvements (#2217 #394)
  • Relay to IP addresses (#838)
  • Duplicate delivery inverted check
  • SASL challenge responses include invalid Go ahead text
• JMAP:
  • Fix inMailboxOtherThan query logic.
  • Fix hasAttachment search field (#2778)
• IMAP:
  • Increment argument max length to 8000 bytes
  • ACL: Add RIGHTS capability (#2762)
  • ACL: Fix ACL SET permission override.
• WebDAV:
  • Return 304 NOT_MODIFIED on If-None-Match
  • Use RFC 2616 instead of RFC 1123 for date formatting
  • Fix ACL container/item mismatch in reports.
  • CalDAV: Allow organized properties to be present in PUT requests if they are equal to the existing ones.
  • CalDAV: Enforce cumulative iCalendar instances cap in CalDAV free-busy REPORT handler
• Configuration: Prefix parsing issues (#2495)
• OIDC: JWKS Exposes Symmetric Signing Key
• SQLite: Fix thread pool exhaustion.
• PostgreSQL: Use clean recycling method on connection pool
• Meilisearch: Make id sorteable.
• ACME: Fix wrong origin for subdomain updates (#2360)
• Spam filter: Skip invalid messages during training.
• Calendar: Include minutes in localized invite templates (#2828)
• HTTP: Fix 204 CORS preflight responses

---

Check binary attestation here

VIENNA, Austria – April 20, 2026 – Enterprise software developer Proxmox Server Solutions (henceforth "Proxmox") and Kasm Technologies, a leader in zero-trust cloud workspaces, today announced a strategic solution partnership. The collaboration expands the Proxmox ecosystem with a secure, web-native workspace streaming layer for Proxmox VE. This integration enables organizations to deliver virtual desktops, application streaming, and remote browser isolation through any modern browser – on any device and from any location.

Built on the foundation of Proxmox Virtual Environment, Kasm Workspaces adds a modern workspace delivery layer that allows IT and security teams to provision, manage, and isolate workloads across Windows, Linux, and macOS from a unified stack. Kasm’s containerized, zero-trust approach ensures that end-users never interact directly with sensitive data or endpoints, helping organizations reduce risk while simplifying secure remote access.

The Proxmox and Kasm integration provides a DevOps-enabled alternative to legacy VDI environments. The combined solution reduces operational overhead, eliminates proprietary licensing constraints, and delivers a verifiable security architecture that can scale from small deployments to global enterprise rollouts.

Short Quote Kasm Technologies:

“Great technology partnerships are built on shared principles, and Kasm Technologies and Proxmox are united by a common belief: organizations of all sizes deserve infrastructure that works for them,” said Justin Travis, CEO of Kasm Technologies. “Together, we offer a full-stack VDI solution, from the hypervisor layer to the end-user experience, built on the reliability and rapid innovation that Proxmox’s open-source ecosystem is known for delivering.”

Short Quote Proxmox:

“At Proxmox, we believe open-source infrastructure should give organizations more freedom, not more complexity,” said Tim Marx, COO of Proxmox Server Solutions. “Kasm extends Proxmox Virtual Environment with a modern, browser-based workspace experience that aligns with the needs of today’s IT and security teams. This partnership gives customers a flexible and secure path to deliver virtual desktops and applications without the constraints of legacy VDI platforms.”

Availability

Kasm Workspaces on Proxmox Virtual Environment is available immediately. For more information, please visit https://kasm.com/alliance-partnership/proxmox

 

###

About Kasm Technologies
Kasm Technologies is a leading provider of cloud workspaces, delivering zero-trust browser isolation, Desktop-as-a-Service, and application streaming through its open-source, web-native container streaming platform. Founded by cybersecurity experts with decades of experience defending U.S. federal and Department of Defense programs, Kasm enables organizations to securely deliver digital workspaces to any device, any network, anywhere in the world. Kasm Technologies is headquartered in McLean, Virginia. Learn more at https://www.kasm.com

About Proxmox Server Solutions
Proxmox provides powerful and user-friendly open-source server software. Enterprises of all sizes and industries use the Proxmox solutions to deploy efficient and simplified IT infrastructures, minimize total cost of ownership, and avoid vendor lock-in. Proxmox also offers commercial support, training services, and an extensive partner ecosystem to ensure business continuity for its customers. Proxmox Server Solutions GmbH was established in 2005 and is headquartered in Vienna, Austria. To learn more visit https://www.proxmox.com

Media contact: Michael Hiess, Proxmox Server Solutions GmbH, marketing@proxmox.com

Download de Windows-versie voor 5 clients.

2026-04-14

nginx-1.30.0 stable version has been released, incorporating new features and bug fixes from the 1.29.x mainline branch  — including Early Hints, HTTP/2 to backend and Encrypted ClientHello, sticky sessions support for upstreams, Multipath TCP support, the default proxy HTTP version set to HTTP/1.1 with keep-alive enabled, and more.

26.2 Snapshot 3 (known as 26.2-snapshot-3 in the launcher) is the third snapshot for Java Edition 26.2, released on April 14, 2026, which adds sulfur spikes and fixes bugs. Full changelog: https://minecraft.wiki/Java_Edition_26.2-snapshot-3

Download de Windows-versie voor 5 clients.

Download de Windows-versie voor 5 clients.

Fixes

• Fixed the upgrade modal to show the correct target version and cleared stale upgrade notifications when the instance was already up to date. (#7774, fixes #6039, #8707)
• Fixed user deletion cleanup so team-owned Git app sources were handled safely, while instance-wide sources were preserved for the root team. (#9435, fixes #8172)
• Fixed dashboard homepage add buttons so they remained visible in light mode. (#9456, fixes #9454)
• Fixed port mapping validation to accept protocol suffixes like /tcp, /udp, /sctp and IP-bound mappings. (#9503, fixes #9501, #9504)

Improvements

• Updated phpseclib/phpseclib to 3.0.51. (#9500)
• Updated axios to 1.15.0 for development dependencies. (#9515)
• Updated axios to 1.15.0 in coolify-realtime. (#9516)

What's Changed (Github)

• fix(ui): Initialize latestVersion in Upgrade component mount by @andrasbacsai in #7774
• fix(user-deletion): safely clean up team-owned Git app sources by @andrasbacsai in #9435
• fix(ui): dashboard homepage add buttons are invisible in light mode by @rosslh in #9456
• fix(validation): allow protocol suffix and ip in port mappings (/tcp, /udp, /sctp) by @ShadowArcanist in #9503
• build(deps): bump phpseclib/phpseclib from 3.0.50 to 3.0.51 by @dependabot[bot] in #9500
• build(deps-dev): bump axios from 1.13.2 to 1.15.0 by @dependabot[bot] in #9515
• build(deps): bump axios from 1.13.6 to 1.15.0 in /docker/coolify-realtime by @dependabot[bot] in #9516
• v4.0.0-beta.473 by @andrasbacsai in #9521

New Contributors

• @rosslh made their first contribution in #9456

Full Changelog: v4.0.0-beta.472...v4.0.0-beta.473

Download de Windows-versie voor 5 clients.

The Asterisk Development Team would like to announce
the release of asterisk-23.3.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.3.0
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.3.0

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-23.3.0

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 50
• Commit Authors: 21
• Issues Resolved: 34
• Security Advisories Resolved: 0

The Asterisk Development Team would like to announce
the release of asterisk-22.9.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.9.0
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.9.0

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-22.9.0

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 50
• Commit Authors: 21
• Issues Resolved: 34
• Security Advisories Resolved: 0

The Asterisk Development Team would like to announce
the release of asterisk-20.19.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.19.0
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.19.0

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-20.19.0

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 50
• Commit Authors: 21
• Issues Resolved: 34
• Security Advisories Resolved: 0

26.2 Snapshot 2 (known as 26.2-snapshot-2 in the launcher) is the second snapshot for Java Edition 26.2, released on April 9, 2026, which fixes several major issues found in the previous snapshot. Full changelog: https://minecraft.wiki/Java_Edition_26.2-snapshot-2

There is a new PHP release in town!

💾

💾

💾

There is a new PHP release in town!

💾

💾

💾

26.1.2 is a hotfix for Java Edition released on April 9, 2026, which tweaks UI checkboxes and fixes an exploit. It is compatible with 26.1 and 26.1.1 servers. Full changelog: https://minecraft.wiki/Java_Edition_26.1.2

What's Changed

Security & Fixes

• Allow quoted arguments in custom Docker run options (#9481, fixes #9343)
• Patched Alpine packages in helper, realtime, and development Docker images (#9437)
• Bumped Alexandrie images to address upstream security advisory (#9434)

New Services & Templates

• Added Grimmory one-click service, the successor to Booklore (#9109)
• Comprehensive Supabase template update to latest versions (#8316)
• Allow overriding GOTRUE_SITE_URL in Supabase for separate frontend domains (#9079, fixes #5581)
• Added sensible CORS defaults to Directus templates (#9081, fixes #5024)
• Updated Rivet template to v2.2.0 (#9378)
• Updated Convex to current latest version (#9392)
• Fixed LibreChat healthcheck and upgraded Meilisearch image (#9358)
• Fixed n8n task-runners health check (#9309, fixes #9306)
• Increased Nextcloud healthcheck interval to prevent worker exhaustion (#9440, fixes #9439)
• Updated Nextcloud healthcheck endpoint to /status.php (#9470)
• Fixed Netbird client volume path so settings persist across restarts (#9484)
• Corrected Minecraft template category to games (#9387)
• Corrected several template categories that were set incorrectly (#9449)

Improvements

• Removed Algora bounty program references from community docs and templates (#9436)

What's Changed (Github)

• fix(services): bump images of alexandrie to fix security issue by @Smaug6739 in #9434
• feat(service): update Convex to current latest version by @sebous in #9392
• fix(template): Minecraft was on wrong category by @Iisyourdad in #9387
• feat(service): update Rivet to v2.2.0 by @yipfram in #9378
• fix(service): fix librechat healthcheck and update dependencies by @GauthierPLM in #9358
• fix(service): n8n task-runners health check fails by @frank-netkey in #9309
• feat(service): add grimmory by @RickyWanga in #9109
• fix(service): directus cors not applied in preflight requests by @xidik12 in #9081
• feat(service): update Supabase to current latest versions by @Vadko in #8316
• fix(service): allow overriding GOTRUE_SITE_URL in Supabase template by @xidik12 in #9079
• fix(service): nextcloud workers exhaustion due to low interval healthcheck by @ShadowArcanist in #9440
• fix(docker): add apk upgrade to helper, realtime, and development Dockerfiles by @andrasbacsai in #9437
• chore(community): remove Algora bounty program references by @andrasbacsai in #9436
• chore(service): update nextcloud healthcheck endpoint by @ShadowArcanist in #9470
• fix(validation): allow quoted docker run options in custom config by @andrasbacsai in #9481
• build(deps-dev): bump vite from 7.3.0 to 7.3.2 by @dependabot[bot] in #9457
• fix(service): Several templates on wrong catagory. by @Iisyourdad in #9449
• fix(service): netbird-client wrong volume path by @iamimmanuelraj in #9484
• v4.0.0-beta.472 by @andrasbacsai in #9492

New Contributors

• @sebous made their first contribution in #9392
• @Iisyourdad made their first contribution in #9387
• @frank-netkey made their first contribution in #9309
• @RickyWanga made their first contribution in #9109
• @iamimmanuelraj made their first contribution in #9484

Full Changelog: v4.0.0-beta.471...v4.0.0-beta.472

What's Changed

Security & Fixes

• Harden model mass assignment protection across all models (#9282)
• Scope server and project queries to current team (#9230)
• Harden GetLogs component with locked properties and input validation (#9229)
• Add validation and escaping for Docker network names (#9228)
• Add URL validation for notification webhook fields (#9224)
• Use server-side config for password reset URL generation (#9193)
• Add input validation for install/build/start command fields (#9227)
• Add input validation for resource limit fields (#9238)
• Add IP validation for custom DNS servers input (#9239)
• Add URL validation for proxy redirect input (#9241)
• Add input validation for server advanced settings page (#9242)
• Add input validation for sentinel configuration (#9243)
• Add input validation for database backup timeout (#9245)
• Add input validation for emails configuration (#9259)
• Add input validation for database public port and proxy timeout
• Add validation to block unsafe webhook URLs
• Use random_int() for email change verification codes (#9226)
• Move admin route into middleware group (#9225)
• Enforce team-scoped project/env lookups in onboarding
• Add input validation for port exposes and port mappings fields

New Services & Templates

• Added ElectricSQL template (#8190)

Fixes

• Fix intermittent pre-deployment command failures (#9165, fixes #9076)
• Fix Grafana GF_SERVER_DOMAIN using FQDN instead of URL (#9080, fixes #5307)
• Fix listmonk db config env typo (#9250)
• Fix Langfuse by pinning ClickHouse version to avoid init errors
• Fix cloning persistent volumes with missing uuid (#9290, fixes #9270)
• Fix redirect value not persisting in setRedirect (#9279)
• Fix cloud subscription notification links (#9296)
• Fix slash branches in public repo URLs
• Fix shared env vars resolving on wrong server
• Fix database SSL/status state and clone writes
• Fix auto-generate missing CA cert on SSL regeneration
• Fix backup notification failures affecting backup status (fixes #9088)
• Fix backup retention enforcement and stale execution cleanup
• Fix password visibility toggle using Alpine state
• Fix GitHub branch state when refreshing repositories

Improvements

• Shared server environment variables (#7764)
• Refresh repos on private GitHub app (#8621)
• Support Docker image tags for preview deployments
• Add preserve repository option to deployment API (#8371)
• Implement exponential backoff for unreachable servers (#9184)
• Improve scheduled task single view UX (#9266)
• Add two-step confirmation to enable self-registration (#9277)
• Add public port timeout configuration for databases
• Make textarea monospace opt-in and improve multiline toggle

What's Changed (Github)

• fix(backup): prevent notification failures from affecting backup status by @andrasbacsai in #9162
• fix(preview-env): ensure auto-created preview env vars inherit runtime/buildtime flags by @andrasbacsai in #9164
• fix(api): validate server ownership in domains endpoint and scope activity lookups by @andrasbacsai in #9166
• fix(backup): validate MongoDB collection names in backup input by @andrasbacsai in #9168
• fix(terminal): apply authorization middleware to terminal bootstrap routes by @andrasbacsai in #9169
• fix(livewire): add Locked attributes and consolidate container name validation by @andrasbacsai in #9171
• fix(livewire): add input validation to unmanaged container operations by @andrasbacsai in #9172
• feat(deployment): add command_hidden flag to hide command text in logs by @andrasbacsai in #9167
• fix(deployment): normalize whitespace in pre/post deployment commands by @andrasbacsai in #9173
• fix(storage): consistent path validation and escaping for file volumes by @andrasbacsai in #9176
• fix(backup): use escapeshellarg for credentials in backup commands by @andrasbacsai in #9175
• fix(storage): use escapeshellarg for volume names in shell commands by @andrasbacsai in #9185
• refactor: simplify remote process chain and harden ActivityMonitor by @andrasbacsai in #9189
• Add URL validation for GitHub source fields by @andrasbacsai in #9190
• refactor: split invitation endpoint into GET/POST flow by @andrasbacsai in #9192
• fix: sanitize error output in server validation logs by @andrasbacsai in #9197
• fix: use server-side config for password reset URL generation by @andrasbacsai in #9193
• refactor: move admin route into middleware group by @andrasbacsai in #9225
• Add URL validation for notification webhook fields by @andrasbacsai in #9224
• refactor: use random_int() for email change verification codes by @andrasbacsai in #9226
• fix: add input validation for install/build/start command fields by @andrasbacsai in #9227
• refactor: scope server and project queries to current team by @andrasbacsai in #9230
• fix: add validation and escaping for Docker network names by @andrasbacsai in #9228
• fix(application): persist redirect value in setRedirect by @andrasbacsai in #9279
• fix: harden GetLogs Livewire component properties by @andrasbacsai in #9229
• feat(api): Add support for Preserve Repository During Deployment in API by @ahmadw13 in #8371
• fix(clone): exclude uuid when replicating persistent volumes by @andrasbacsai in #9290
• fix(notification): updated cloud subscription links to valid url by @ShadowArcanist in #9296
• feat(ui): add two step confirmation to enable self registration by @ShadowArcanist in #9277
• fix(service): listmonk db config env typo by @mxswd in #9250
• fix(service): pin clickhouse version on Langfuse service to avoid error during clickhouse init by @GauthierPLM in #9236
• fix(service): use FQDN instead of URL for Grafana GF_SERVER_DOMAIN by @xidik12 in #9080
• feat(service): Add ElectricSQL by @matfire in #8190
• refactor: define explicit fillable attributes on all Eloquent models by @andrasbacsai in #9282
• fix(validation): add input validation for database public port and proxy timeout by @ShadowArcanist in #9272
• feat(ui): improve schedule task single view for better UX by @ShadowArcanist in #9266
• fix(validation): add input validation for emails configuration by @ShadowArcanist in #9259
• fix(validation): add input validation for database backup timeout by @ShadowArcanist in #9245
• fix(validation): add input validation for sentinel configuration by @ShadowArcanist in #9243
• fix(validation): add input validation for server advanced settings page by @ShadowArcanist in #9242
• fix(validation): add URL validation for proxy redirect input by @ShadowArcanist in #9241
• fix(validation): add input validation for port exposes and port mappings fields by @ShadowArcanist in #9240
• fix(validation): add IP validation for custom DNS servers input by @ShadowArcanist in #9239
• fix(validation): add input validation for resource limit fields by @ShadowArcanist in #9238
• feat: refresh repos on private github app by @adiologydev in #8621
• feat: Shared server environment variables by @ShadowArcanist in #7764
• chore(deps): bump aws/aws-sdk-php from 3.371.3 to 3.374.2 by @dependabot[bot] in #9222
• chore(deps): bump picomatch by @dependabot[bot] in #9178
• build(deps): bump league/commonmark from 2.8.1 to 2.8.2 by @dependabot[bot] in #9047
• build(deps): bump phpseclib/phpseclib from 3.0.49 to 3.0.50 by @dependabot[bot] in #9044
• feat(jobs): implement exponential backoff for unreachable servers by @andrasbacsai in #9184
• fix(deployment): resolve intermittent pre-deployment command failures by @andrasbacsai in #9165
• v4.0.0-beta.471 by @andrasbacsai in #9206

New Contributors

• @mxswd made their first contribution in #9250
• @xidik12 made their first contribution in #9080
• @matfire made their first contribution in #8190

Full Changelog: v4.0.0-beta.470...v4.0.0-beta.471

No changelog found.

2026-04-07

nginx-1.29.8 mainline version has been released.

26.2-snapshot-1 (also known as 26.2 Snapshot 1) is the first snapshot for Java Edition 26.2, released on April 7, 2026, which adds the sulfur caves, sulfur cube, sulfur and cinnabar block sets, and an experimental Vulkan renderer. Full changelog: https://minecraft.wiki/Java_Edition_26.2-snapshot-1

Download de Windows-versie voor 5 clients.

The Asterisk Development Team would like to announce
release candidate 2 of asterisk-23.3.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.3.0-rc2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.3.0-rc2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-23.3.0-rc2

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 2
• Commit Authors: 2
• Issues Resolved: 3
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• George Joseph: (1)
• nappsoft: (1)

Issue and Commit Detail:

Closed Issues:

• 1844: [bug]: cdrel_custom isn't respecting the default time format for CEL records
• 1845: [bug]:res_cdrel_custom produces wrong float timestamps
• 1852: [bug]: res_cdrel_custom: connection to the sqlite3 database closes from time to time

Commits By Author:

• George Joseph (1):

  • res_cdrel_custom: Resolve several formatting issues.

• nappsoft (1):

  • res_cdrel_custom: do not free config when no new config was loaded

Commit List:

• res_cdrel_custom: do not free config when no new config was loaded
• res_cdrel_custom: Resolve several formatting issues.

Commit Details:

res_cdrel_custom: do not free config when no new config was loaded

Author: nappsoft
Date: 2026-04-02

When the res_cdrel_custom modules is reloaded and the config has not been changed asterisk should not free the old config. Otherwise the connection to the database will be closed and no new connection will be opened.

Resolves: #1852

res_cdrel_custom: Resolve several formatting issues.

Author: George Joseph
Date: 2026-03-31

Several issues are resolved:

• Internally, floats were used for timestamp values but this could result
  in wrapping so they've been changed to doubles.

• Historically, the default CEL eventtime format is <seconds>.<microseconds>
  with <microseconds> always being 6 digits. This should have continued to be
  the case but res_cdrel_custom wasn't checking the dateformat setting in
  cel.conf and was defaulting to %F %T. res_cdrel_custom now gets the default
  date format from cel.conf, which will be whatever the dateformat parameter
  is set to or <seconds>.<microseconds> if not set.

• The timeval field formatter for both CDR and CEL wasn't handling custom
  strftime format strings correctly. This is now fixed so you should be able
  to specifiy custom strftime format strings for the CEL eventtime and CDR
  start, answer and end fields. For example: eventtime(%FT%T%z).

Resolves: #1844
Resolves: #1845

The Asterisk Development Team would like to announce
release candidate 2 of asterisk-22.9.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.9.0-rc2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.9.0-rc2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-22.9.0-rc2

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 2
• Commit Authors: 2
• Issues Resolved: 3
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• George Joseph: (1)
• nappsoft: (1)

Issue and Commit Detail:

Closed Issues:

• 1844: [bug]: cdrel_custom isn't respecting the default time format for CEL records
• 1845: [bug]:res_cdrel_custom produces wrong float timestamps
• 1852: [bug]: res_cdrel_custom: connection to the sqlite3 database closes from time to time

Commits By Author:

• George Joseph (1):

  • res_cdrel_custom: Resolve several formatting issues.

• nappsoft (1):

  • res_cdrel_custom: do not free config when no new config was loaded

Commit List:

• res_cdrel_custom: do not free config when no new config was loaded
• res_cdrel_custom: Resolve several formatting issues.

Commit Details:

res_cdrel_custom: do not free config when no new config was loaded

Author: nappsoft
Date: 2026-04-02

When the res_cdrel_custom modules is reloaded and the config has not been changed asterisk should not free the old config. Otherwise the connection to the database will be closed and no new connection will be opened.

Resolves: #1852

res_cdrel_custom: Resolve several formatting issues.

Author: George Joseph
Date: 2026-03-31

Several issues are resolved:

• Internally, floats were used for timestamp values but this could result
  in wrapping so they've been changed to doubles.

• Historically, the default CEL eventtime format is <seconds>.<microseconds>
  with <microseconds> always being 6 digits. This should have continued to be
  the case but res_cdrel_custom wasn't checking the dateformat setting in
  cel.conf and was defaulting to %F %T. res_cdrel_custom now gets the default
  date format from cel.conf, which will be whatever the dateformat parameter
  is set to or <seconds>.<microseconds> if not set.

• The timeval field formatter for both CDR and CEL wasn't handling custom
  strftime format strings correctly. This is now fixed so you should be able
  to specifiy custom strftime format strings for the CEL eventtime and CDR
  start, answer and end fields. For example: eventtime(%FT%T%z).

Resolves: #1844
Resolves: #1845

The Asterisk Development Team would like to announce
release candidate 2 of asterisk-20.19.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.19.0-rc2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.19.0-rc2

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-20.19.0-rc2

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 2
• Commit Authors: 2
• Issues Resolved: 3
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• George Joseph: (1)
• nappsoft: (1)

Issue and Commit Detail:

Closed Issues:

• 1844: [bug]: cdrel_custom isn't respecting the default time format for CEL records
• 1845: [bug]:res_cdrel_custom produces wrong float timestamps
• 1852: [bug]: res_cdrel_custom: connection to the sqlite3 database closes from time to time

Commits By Author:

• George Joseph (1):

  • res_cdrel_custom: Resolve several formatting issues.

• nappsoft (1):

  • res_cdrel_custom: do not free config when no new config was loaded

Commit List:

• res_cdrel_custom: do not free config when no new config was loaded
• res_cdrel_custom: Resolve several formatting issues.

Commit Details:

res_cdrel_custom: do not free config when no new config was loaded

Author: nappsoft
Date: 2026-04-02

When the res_cdrel_custom modules is reloaded and the config has not been changed asterisk should not free the old config. Otherwise the connection to the database will be closed and no new connection will be opened.

Resolves: #1852

res_cdrel_custom: Resolve several formatting issues.

Author: George Joseph
Date: 2026-03-31

Several issues are resolved:

• Internally, floats were used for timestamp values but this could result
  in wrapping so they've been changed to doubles.

• Historically, the default CEL eventtime format is <seconds>.<microseconds>
  with <microseconds> always being 6 digits. This should have continued to be
  the case but res_cdrel_custom wasn't checking the dateformat setting in
  cel.conf and was defaulting to %F %T. res_cdrel_custom now gets the default
  date format from cel.conf, which will be whatever the dateformat parameter
  is set to or <seconds>.<microseconds> if not set.

• The timeval field formatter for both CDR and CEL wasn't handling custom
  strftime format strings correctly. This is now fixed so you should be able
  to specifiy custom strftime format strings for the CEL eventtime and CDR
  start, answer and end fields. For example: eventtime(%FT%T%z).

Resolves: #1844
Resolves: #1845

Download de Windows-versie voor 5 clients.

26w14a, supposedly the first and only snapshot for the "Herdcraft Update", is an April Fools' Day joke snapshot released on April 1, 2026. Similar to 22w13oneBlockAtATime, it disables many inventory features. Instead, the player can command "living blocks" using various tools in their hotbar. The blocks act as mobs, meaning they can be hurt, moved, and attacked. Full changelog: https://minecraft.wiki/Java_Edition_26w14a

26.1.1 is a hotfix for Java Edition released on April 1, 2026, which fixes an issue with chat reporting. It is compatible with 26.1 servers. Full changelog: https://minecraft.wiki/Java_Edition_26.1.1

26.1.1 Release Candidate 1 (known as 26.1.1-rc-1 in the launcher) is the first and only release candidate for Java Edition 26.1.1, released on March 31, 2026, which fixes a bug. Full changelog: https://minecraft.wiki/Java_Edition_26.1.1-rc-1

You can install pre-built binaries from https://repo.dovecot.org/

Docker images can be found at https://hub.docker.com/r/dovecot/dovecot

Please review https://doc.dovecot.org/2.4.3/installation/upgrade/2.3-to-2.4.html and https://doc.dovecot.org/2.4.3/installation/installation.html.

Important

There are experimental features in 2.4, one is enabled with --enable-experimental-mail-utf8, and another with --enable-experimental-imap4rev2, and you also need to set mail_utf8_extensions=yes and imap4rev2_enabled=yes to enable them in config.

Critical bug fixes

• CVE-2025-59028: Invalid base64 authentication can cause DoS for other
  logins.
• CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks
  and read unintended files during indexing. Fixed by dropping the script.
• CVE-2026-24031: SQL injection possible if auth_username_chars is
  configured empty. Fixed escaping to always happen. v2.4 regression.
• CVE-2026-27859: Excessive RFC 2231 MIME parameters in email would cause
  excessive CPU usage. Fixed by limiting number of parameters to process.
• CVE-2026-27860: LDAP query injection possible if auth_username_chars
  is configured empty. Fixed escaping to always happen. v2.4 regression.
• CVE-2026-27857: Sending excessive parenthesis causes imap-login to use
  excessive memory.
• CVE-2026-27856: Doveadm credentials were not checked using timing-safe
  checking function.
• CVE-2026-27855: OTP driver vulnerable to replay attack.

Changes

• Remove default service/*/service_extra_groups=$SET:default_internal_group.
  They are now replaced by default mail_access_groups=$SET:default_internal_group.
• The version file has been renamed as version.txt to avoid clash with
  C++ headers.
• auth: oauth2 - Do not export token automatically, must be exported using
  fields.
• config: Don't accept 0 as meaning unlimited anymore for
  last_valid_uid, last_valid_gid, mail_cache_max_headers_count,
  mail_cache_max_header_name_length, mail_vsize_bg_after_count,
  mail_sort_max_read_count, message_max_size, submission_max_recipients
  and quota_mail_size.
• imap, pop3: Don't autoexpunge if Dovecot is shutting down or process
  is killed.
• imap: LIST - Handle invalid mUTF-7 mailbox names as never matching anything
• lazy-expunge: Change lazy_expunge_only_last_instance default to yes.
• lda: Use EX_TEMPFAIL (75) if configuration is invalid instead of 89.
  v2.4 regression.
• lib-master: Increase ANVIL_DEFAULT_LOOKUP_TIMEOUT_MSECS from 5s to 30s
• lib: crc32 - Use zlib's built-in CRC32 function

New features

• Improve UTF-8 support for mail storage.
• auth: Add default auth-token UNIX socket for token-based authentication.
• doc: solr-config-9.xml - Make it compatible with Solr 9.8.0
• doveadm: dsync - Search mails when exporting to reduce number of mails
  exported by dsync-server.
• dovecot-sysreport: Add -D|--destdir support.
• imap, imap-hibernate: Use DOVECOT-TOKEN authentication for unhibernation.
  Default imap-master socket permissioms have been changed due to this.
• imap: Add APPENDLIMIT capability when configured with quota_mail_size.
• imap: Support STATUS (DELETED) for IMAP4rev2.
• imapc: Add support for SEARCH MIMEPART
• imapc: Improve error forwarding.
• imapc: Support SORT and ESORT extensions.
• imapc: Support STATUS (DELETED) for IMAP4rev2.
• lib-sql: Support parameterized queries.
• lib-test: Add new test-dir API for better temporary test directory
  handling.
• lmtp: Advertize SIZE capability when configured with quota_mail_size.
• lmtp: Support XCLIENT DESTADDR and DESTPORT
• pop3-login: proxy - Add support for XCLIENT DESTIP and DESTPORT
• submission-login: proxy - Add support for XCLIENT DESTIP and DESTPORT
• Various optimizations have been made to the code.

Bug fixes

• Fix building dovecot with BSD, Solaris and macOS.
• auth: Crash would occur if users were iterated but
  userdb_ldap_iterate_fields was not set.
• auth: Fix request leak when client authenticates with unsupported mechanism.
• auth: Some passdbs would default to PLAIN instead of CRYPT scheme.
• config: Section and setting names could have been intermixed, resulting
  in the setting being silently ignored.
• configure: Fix checking if BUILD_IMAP_HIBERNATE is set
• doveadm: dsync - -e parameter was handled wrong with dsync-server.
• fts-flatcurve: Mailbox leak would occur if mailbox failed to open.
• imap: Fix potential issues with unhibernation and process state handling.
• imapc: SEARCH failure handling was done wrong.
• imapc: UID STORE commands included extra comma in uidset.
• lib-auth-client: auth-master - Fix panic when reconnecting after
  handshake timeout.
• lib-compression: Lz4 algorithm would assert-crash with malicious data.
• lib-dcrypt: Fix digest algorithm handling.
• lib-dict: Escape username paths to prevent traversal issues with dict-fs.
• lib-http: Fix HTTP parsing edge cases and state handling.
• lib-iostream: Disallow empty ssl_min_protocol.
• lib-json: Fix incorrect character handling logic.
• lib-ldap: Fix various TLS related bugs.
• lib-mail: Fix charset translation and MIME parsing edge cases.
• lib-mail: Fix multiple bounds checks and parsing issues in message handling.
• lib-var-expand: Multiple fixes and improvements for expansion handling.
• lib: Fix punycode decoding out-of-bounds reads.
• lib: Fix unicode normalization edge cases causing crashes.
• lib-http: Chunked transfer trailer size was not limited.
• login-common: Improve logging and internal error handling.
• login-common: login_log_format_elements was split by spaces naively, which
  could break variable expansion. Use template aware splitting now.
• master: Dovecot would fail to start if listen directive was used and
  dovenull or dovecot user was missing.
• pop3c: Connection might've hung with SSL.
• util: Fix handling of environment variables containing control characters.
• Many other bugs have been fixed.