Changelog.

Latest releases from the GitHub repository .

v4.0.0-beta.473

Fixes

  • Fixed the upgrade modal to show the correct target version and cleared stale upgrade notifications when the instance was already up to date. (#7774, fixes #6039, #8707)
  • Fixed user deletion cleanup so team-owned Git app sources were handled safely, while instance-wide sources were preserved for the root team. (#9435, fixes #8172)
  • Fixed dashboard homepage add buttons so they remained visible in light mode. (#9456, fixes #9454)
  • Fixed port mapping validation to accept protocol suffixes like /tcp, /udp, /sctp and IP-bound mappings. (#9503, fixes #9501, #9504)

Improvements

  • Updated phpseclib/phpseclib to 3.0.51. (#9500)
  • Updated axios to 1.15.0 for development dependencies. (#9515)
  • Updated axios to 1.15.0 in coolify-realtime. (#9516)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.472...v4.0.0-beta.473

v4.0.0-beta.472

What's Changed

Security & Fixes

  • Allow quoted arguments in custom Docker run options (#9481, fixes #9343)
  • Patched Alpine packages in helper, realtime, and development Docker images (#9437)
  • Bumped Alexandrie images to address upstream security advisory (#9434)

New Services & Templates

  • Added Grimmory one-click service, the successor to Booklore (#9109)
  • Comprehensive Supabase template update to latest versions (#8316)
  • Allow overriding GOTRUE_SITE_URL in Supabase for separate frontend domains (#9079, fixes #5581)
  • Added sensible CORS defaults to Directus templates (#9081, fixes #5024)
  • Updated Rivet template to v2.2.0 (#9378)
  • Updated Convex to current latest version (#9392)
  • Fixed LibreChat healthcheck and upgraded Meilisearch image (#9358)
  • Fixed n8n task-runners health check (#9309, fixes #9306)
  • Increased Nextcloud healthcheck interval to prevent worker exhaustion (#9440, fixes #9439)
  • Updated Nextcloud healthcheck endpoint to /status.php (#9470)
  • Fixed Netbird client volume path so settings persist across restarts (#9484)
  • Corrected Minecraft template category to games (#9387)
  • Corrected several template categories that were set incorrectly (#9449)

Improvements

  • Removed Algora bounty program references from community docs and templates (#9436)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.471...v4.0.0-beta.472

v4.0.0-beta.471

What's Changed

Security & Fixes

  • Harden model mass assignment protection across all models (#9282)
  • Scope server and project queries to current team (#9230)
  • Harden GetLogs component with locked properties and input validation (#9229)
  • Add validation and escaping for Docker network names (#9228)
  • Add URL validation for notification webhook fields (#9224)
  • Use server-side config for password reset URL generation (#9193)
  • Add input validation for install/build/start command fields (#9227)
  • Add input validation for resource limit fields (#9238)
  • Add IP validation for custom DNS servers input (#9239)
  • Add URL validation for proxy redirect input (#9241)
  • Add input validation for server advanced settings page (#9242)
  • Add input validation for sentinel configuration (#9243)
  • Add input validation for database backup timeout (#9245)
  • Add input validation for emails configuration (#9259)
  • Add input validation for database public port and proxy timeout
  • Add validation to block unsafe webhook URLs
  • Use random_int() for email change verification codes (#9226)
  • Move admin route into middleware group (#9225)
  • Enforce team-scoped project/env lookups in onboarding
  • Add input validation for port exposes and port mappings fields

New Services & Templates

  • Added ElectricSQL template (#8190)

Fixes

  • Fix intermittent pre-deployment command failures (#9165, fixes #9076)
  • Fix Grafana GF_SERVER_DOMAIN using FQDN instead of URL (#9080, fixes #5307)
  • Fix listmonk db config env typo (#9250)
  • Fix Langfuse by pinning ClickHouse version to avoid init errors
  • Fix cloning persistent volumes with missing uuid (#9290, fixes #9270)
  • Fix redirect value not persisting in setRedirect (#9279)
  • Fix cloud subscription notification links (#9296)
  • Fix slash branches in public repo URLs
  • Fix shared env vars resolving on wrong server
  • Fix database SSL/status state and clone writes
  • Fix auto-generate missing CA cert on SSL regeneration
  • Fix backup notification failures affecting backup status (fixes #9088)
  • Fix backup retention enforcement and stale execution cleanup
  • Fix password visibility toggle using Alpine state
  • Fix GitHub branch state when refreshing repositories

Improvements

  • Shared server environment variables (#7764)
  • Refresh repos on private GitHub app (#8621)
  • Support Docker image tags for preview deployments
  • Add preserve repository option to deployment API (#8371)
  • Implement exponential backoff for unreachable servers (#9184)
  • Improve scheduled task single view UX (#9266)
  • Add two-step confirmation to enable self-registration (#9277)
  • Add public port timeout configuration for databases
  • Make textarea monospace opt-in and improve multiline toggle

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.470...v4.0.0-beta.471

v4.0.0-beta.470

What's Changed

Security & Fixes

  • Fixed proxy config validation to ensure stored config matches the current proxy type (#9146, fixes #9127)
  • Fixed environment variables being incorrectly resolved in compose files instead of preserving ${VAR} references (#9147, fixes #9136)
  • Fixed deployment issues with shell argument escaping in nixpacks commands (#9122, fixes #9042)
  • Fixed GitHub webhook errors for unsupported event types (#9119, fixes #9090)
  • Fixed server limit checks when using API tokens (#9123, fixes #9116)
  • Fixed hostname validation to be case-insensitive and allow more characters (#9134, fixes #9131)
  • Fixed duplicate subscription creation
  • Fixed environment variable refresh when variables are missing or stale
  • Fixed Docker cleanup logging when server is unreachable

New Services & Templates

  • Added EspoCRM one-click service template (#8658)

Improvements

  • Improved mobile responsiveness for confirmation modals
  • Simplified Docker installation process
  • Added storage API endpoints with UUID support for databases and services
  • Added Nightwatch monitoring support
  • Disabled Booklore service template (#9105)
  • Bumped Sentinel and Traefik versions

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.469...v4.0.0-beta.470

v4.0.0-beta.469

What's Changed

Security & Fixes

  • Fixed sporadic SSH "permission denied" errors during key rotation (#8990, fixes #7724)
  • Fixed deployment failures when build server is enabled during restart operations (#9045, fixes #9013)
  • Fixed breadcrumb queries causing out-of-memory crashes (#9048, fixes #9009)
  • Fixed GitHub App webhook endpoint defaulting to IPv4 instead of instance domain (#8948)
  • Fixed Hoppscotch service failing to start due to database health check (#8949)
  • Fixed Docker Compose not respecting preserveRepository for project directory (#8956, fixes #8953)
  • Fixed backup error when S3 storage is missing or deleted (#9038, fixes #9035)
  • Fixed Stripe subscription error handling and resilience (#9030)
  • Fixed Heyform template configuration (#8747)
  • Fixed API resource UUID extraction from route parameters
  • Fixed Docker cleanup stale container warning on cloud instances
  • Fixed Compose file-not-found error now includes git branch info

New Services & Templates

  • Added LibreSpeed service for self-hosted speed testing (#8626)
  • Added imgcompress service for offline image processing (#8763)
  • Updated Databasus to v3.16.2 (#8586)
  • Updated n8n with Postgres and Worker to v2.10.4 (#8807)
  • Updated SeaweedFS images to v4.13 (#8738)
  • Fixed Castopod service port from 8000 to 8080 (#8817)

Improvements

  • Added per-volume control of PR suffix in preview deployments (#9006, fixes #7802, fixes #7343)
  • Added auto-population of FQDN from docker_compose_domains for compose previews (#8963, fixes #8958)
  • Added force deletion option for servers with existing resources (#8962)
  • Added auto-fetch of server metadata after validation (#8964)
  • Added container label escape control to services API (#8955, fixes #8954)
  • Added database environment variable management API endpoints
  • Added storage management API endpoints for applications and backup schedules
  • Added support for comments in bulk environment variable API endpoints
  • Added placeholder hints for magic environment variables
  • Added next billing date and billing interval display for subscriptions
  • Added cache-based deduplication for delayed cron execution
  • Simplified environment variable settings by removing buildtime/runtime options

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.468...v4.0.0-beta.469

v4.0.0-beta.468

What's Changed

Security & Fixes

  • Fixed SSH connection retry failures during deployments (#8927, fixes #8926)
  • Fixed deployment type selection when using GitHub/GitLab Apps (#8934, fixes #8917)
  • Fixed deployment authorization endpoint returning incorrect 404 errors (#8931, fixes #8925)
  • Fixed shared variables not resolving in Docker Compose environments (#8930, fixes #8918)
  • Fixed SSH keys not being used for git submodule and LFS operations (#8933, fixes #8895)
  • Added support for scoped npm packages in file path validation (#8928, fixes #8924)

Improvements

  • Added log filtering capability based on log level in deployment logs (#8784)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.467...v4.0.0-beta.468

v4.0.0-beta.467

What's Changed

Security & Fixes

  • Fixed command injection vulnerability in health check commands (#8898)
  • Added path validation to prevent command injection in file locations
  • Fixed environment variables being overwritten when changing service domains (#8915, fixes #8912)
  • Fixed Nixpacks deployment failures when application has no domain set (#8902, fixes #6830)
  • Fixed resource deletion failing silently in the danger zone (#8909, fixes #8836)
  • Fixed scheduled task input fields losing focus while editing (#8654, fixes #8647)
  • Added docker_cleanup parameter to API stop endpoints (#8899, fixes #7758)

Improvements

  • Added GitLab source integration with SSH deploy keys and HTTP basic auth (#8910, fixes #5295)
  • Added database-backed proxy config storage with automatic recovery and versioned backups (#8905, fixes #7178)
  • Added server metadata collection and display

What's Changed

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.466...v4.0.0-beta.467

v4.0.0-beta.466

What's Changed

Security & Fixes

  • Prevent command injection via base64-encoding log drain environment variables
  • Prevent command injection via git reference validation
  • Add sentinel token validation to prevent command injection
  • Require write permission for API validation endpoints
  • Prevent false container exits on failed docker queries (#8860)
  • Track last_online_at and reset database restart state
  • Preserve user-saved environment variables on Docker Compose redeploy (#8894)
  • Fix build-time environment variables breaking Next.js (#8890)
  • Prevent command injection in developer view shared variables (#8889)
  • Make confirmation modal close after dispatching Livewire actions (#8892)
  • Respect keep for rollback setting for Nixpacks build images (#8859)

Dependencies

  • Bump rollup from 4.57.1 to 4.59.0 (#8691)
  • Bump league/commonmark from 2.8.0 to 2.8.1 (#8793)

What's Changed

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.465...v4.0.0-beta.466

v4.0.0-beta.465

What's Changed

Security & Fixes

  • Fixed WebSocket connection and host authorization issues in terminal (#8862, fixes #8856)
  • Fixed environment variable parser capturing trailing braces in bash-style defaults (#8855, fixes #8851)
  • Fixed confirmation modal staying open after database import/restore (#8697, fixes #8689)
  • Fixed nginx.conf mounting error in development mode (#8662)
  • Fixed docker-compose deployment with custom start commands and preserveRepository setting (#8848, fixes #8417)
  • Fixed preview deployment page visibility for deploy key applications (#8579)

Improvements

  • Added configurable timeout for public database TCP proxy connections (#8673, fixes #7743)

What's Changed

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.464...v4.0.0-beta.465

v4.0.0-beta.464

What's Changed

Security & Fixes

  • Fixed SSH command injection vulnerability (#8748)
  • Resolved 419 session errors with Cloudflare Tunnels and domain-based access (#8749, fixes #5404)
  • Fixed SSH directory permission issues during upgrades (#8635, resolves #6621)
  • Added SSH directory permission auto-fix for new installations (#8635)
  • Prevented command injection in certificate handling via base64 encoding (#8617)
  • Hardened Docker command execution with centralized escaping (#8615)
  • Prevented command injection in health check commands (#8611)
  • Fixed cross-tenant IDOR vulnerability in resource cloning (#8613)
  • Added IPv6 CIDR support for API access IP allowlist (#8750, fixes #8729)
  • Fixed proxy initialization with IPv6 networks on Docker 25+ (#8703, fixes #8649)
  • Fixed CSRF redirect loop during 2FA authentication (#8596)
  • Corrected API permission requirements for POST endpoints (#8600)
  • Added team authorization checks to domains_by_server API (#8616)
  • Fixed Cloudreve service data persistence across restarts (#8740)
  • Fixed Ente Photos join link configuration (#8727)
  • Fixed application rollback to use correct commit SHA (#8576)
  • Fixed deployment detection for BuildKit and secrets (#8565)
  • Resolved team lookup for service relationships (#8559, fix #8431)
  • Added webhook notification status validation (#8557, fix #8448)
  • Fixed deploy key handling when private_key_id is zero (#8563, fixes #8562)
  • Fixed Redis/KeyDB config permissions with custom configurations (#8561, fix #8539)
  • Fixed password field UI flash before Alpine.js initialization (#8599, closes #8592)
  • Fixed GlitchTip webdashboard loading issue (#8249)
  • Fixed Grist service template configuration (#8384)
  • Fixed API documentation schema references (#8239, closes #8229)

New Services & Templates

  • Added Pydio Cells service (#8323)
  • Added Sure service (#8157)
  • Added Spacebot service with custom logo support (#8427)
  • Updated N8N templates to 2.10.2 (#8679)
  • Upgraded Beszel and Beszel Agent to v0.18 (#8513)
  • Disabled Plane service in template suite (#8580)
  • Disabled Pterodactyl Panel and Wings from service templates (#8512)
  • Disabled Minio Community Edition from service templates (#8686)
  • Disabled Maybe service in template suite (#8167)

Features & Improvements

  • Added refund and cancellation management for subscriptions (#8637)
  • Added comment field support to environment variables (#7269, fix #7239)
  • Added command-based health check support for services (#8612)
  • Added scheduled job monitoring dashboard (#8433)
  • Added scheduled tasks CRUD API with authentication and validation (#8428)
  • Made Horizon max time configurable (#8560, fix #8435)
  • Fixed Soketi host binding for IPv6 support (#8619, closes #8584)
  • Fixed scheduler self-healing for stale Redis locks with UI detection (#8618, fixes #8327)
  • Fixed Traefik service label handling for force HTTPS (#8550)
  • Improved security by hardening deployment paths and deploy abilities (#8549)
  • Fixed queue timeout handling in Horizon gracefully (#8360)
  • Fixed missing status variable in Hetzner status checks (#8359)
  • Fixed container filtering in push server job (#8361)
  • Improved proxy error handling on port allocation failure (#8362)
  • Enhanced SSH error tracking with proper Sentry scoping (#8363)

UI & Developer Experience

  • Added container labels header to UI (#8752)
  • Improved project heading navigation spacing (#8564)
  • Fixed datalist border color and added repository selection watcher (#8240)
  • Fixed Docker Compose force HTTPS preference behavior (#8424)
  • Migrated test suite to SQLite in-memory with Pest browser testing (#8364)
v4.0.0-beta.463

Changes

  • feat(database): add official postgres 18 and pgvector 18 support -> You could always change the database image and volume mount path manually and achieve unofficial support that is why this was not added faster
  • feat(ui): add postgres 16 to the UI
  • feat(ui): improve global search with uuid and pr support
  • feat(installer): add tencentos as a supported os
  • feat(service): upgrade checkmate to v3 with all the necessary changes
  • feat(service): upgrade listmonk to v6 with all the necessary changes
  • feat(service): upgrade formbricks to v4 with all the necessary changes
  • feat(service): update pterodactyl version
  • fix(backup): postgres restore arithmetic syntax error
  • fix(validation): add @, / and & support to names and descriptions
  • fix(api): infinite loop with github app with many repos
  • fix(parser): replace dashes and dots in auto generated envs
  • fix(labels): make sure name is slugified
  • fix(ui): make tooltips a bit wider
  • fix(ui): modal issues
    • tooltips can not extend outside the modal causing a scrollbar to appear
    • modals are to wide
    • remove unused minWidth and maxWidth props
  • fix(ui): horizontal overflow on application and service headings
  • fix(validation): enforce url validation for instance domain
  • fix(service): autobase database is not persisted correctly
  • fix(service): supabase studio settings redirect loop
  • fix(service): disable supabase kong response buffering and increase timeouts which fixes large file downloads
  • fix(service): reactive-resume template
  • fix(service): allowed hosts and image version problems with strapi
    • automatically generate vite.config.js with the strapi FQDN
  • fix(service): bluesky pds invite code doesn't generate
  • fix(service): bugsink login fails due to cors
  • fix(service): forgejo login failure
  • fix(service): rocketchat fails to start due to database version incompatibility
  • fix(service): kimai fails to start due to the healthcheck ip not being in the trusted hosts
  • fix(service): activepieces postgres 18 volume mount
  • fix(service): users unable to create their first ente account without SMTP
  • fix(service): seaweedfs logo
  • fix(service): soju svg
  • chore(service): use major version for openpanel
  • build: upgrade postgres client to fix build error
  • refactor(services): improve some service slogans
  • docs(api): improve compose app endpoint deprecation description

New Services

  • added openclaw template
  • added langflow template
  • added bento-pdf
  • added alexandrie template
  • added goatcounter template
  • added satisfactory game server
  • added back soketi-app-manager

Issues

What's Changed (by Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.462...v4.0.0-beta.463

v4.0.0-beta.462

Optimize queries, views with caches and prevent N+1 queries.

tldr: some views are faster

v4.0.0-beta.461

Changes

  • feat(service): add service database restore/import support
  • feat(api): add url update support to services api
  • feat(api): add more allowed fields to application api endpoints
    • added dockerfile_location as it is needed for Dockerfile deployments to work properly
    • added is_spa which can be used together with is_static
    • added is_auto_deploy_enabled and is_force_https_enabled
  • feat(api): allow to escape special characters in labels
  • feat(api): add tag filtering on the applications list endpoint
  • feat(api): improve docker_compose_domains with conflict checking and force_domain_override support
  • feat(notifications): add mattermost notifications (an open source slack alternative)
  • feat: add application logs link to preview deployments PR comment
  • feat(magic): add LOWERCASEUSER as magic variable which are sometimes required e.g. as docker registry username
  • feat(ui): show server name on resource card
  • feat(ui): improve sidebar menu items styling
  • feat(install): add postmarketos to the supported distributions
  • feat(ui): make git repository dropdown searchable
  • feat(service): upgrade n8n template to v2 with all the necessary changes
  • feat(service): upgrade trigger.dev template to v4 with all the necessary changes
  • feat(service): upgrade uptime kuma to version 2 with all the necessary changes
  • feat(service): upgrade docker registry template to v3 with all the necessary changes
  • feat(service): upgrade postgresus to databasus
  • feat(service): improve matrix templates by adding postgres and improving naming
  • feat(service): add healthchecks to evolution-api service
  • feat(services): update authentik
  • feat: allow more characters specifically Unicode alpha-numeric characters contained in \p{L}, \p{M}, \p{N} when validating while still not allowing any unsafe characters
  • feat(lang): add missing chinese translation keys
  • feat(lang): update portuguese language keys
  • feat(ui): add port mapping format to helper and fix typo
  • perf: optimize destinationsByServer query
  • fix(env): environment variable sorting not working
  • fix(git): trigger deployments when watch paths is empty and not just when they are null
  • fix(backup): database restores with custom db name with backup all databases not working
  • fix(logdrain): use deployment server and not build server settings
  • fix(service): twenty template and enable it again
  • fix(docker): use dynamic OS ID for ubuntu based OSs to use the correct Docker repository URL
  • fix: instance public ips initialization validation
  • fix: cast docker version to int for proper comparison
  • fix: making the db public does not instant save the port
  • fix(log): preserve leading whitespace in logs
  • fix(logs): remove hardcoded 2000 line limit
  • fix(api): remove incorrect uuid format from cuid2 parameters in openapi spec
  • fix(api): applications post and patch endpoints
    • remove docker_compose_raw from post and patch endpoints, as the compose file is sourced from git and should not be manually settable via the api
    • improve the documentation for docker_compose_domains (URLs)
    • enhanced array validation for docker_compose_domains by validating each array field and verifying which fields are allowed
    • set a custom array validation error message, as the default message is not really clear
    • show an error if the user attempts to set domains when the build pack is dockercompose
    • validate that the domains in docker_compose_domains are proper URLs and include a valid scheme (http or https)
  • fix(api): include docker_compose_domains in domain conflict check via Application::ownedByCurrentTeamAPI
  • fix(api): is_static and connect_to_docker_network fields where not updating on some endpoints
  • fix(api): if domains field is empty clear the fqdn column which allows to remove all URLs from the domains field
  • fix(api): check for domain conflicts within the current request
  • fix(api): deprecate application create compose endpoint as it is an unstable duplicate of the services endpoint
  • fix(api): one click service name and description cannot be set during creation
  • fix(api): create service endpoint validation and docs
    • if service type and docker_compose_raw is filled show an error
    • if service type is not valid show an error with all valid service types
    • remove enum from service type docs as it always gets outdated
  • fix(api): encoding checks for compose files, nginx configurations, dockerfiles, database configs and labels
    • switch from ASCII to UTF-8 to allow special characters, emojis and more
  • fix(api): remove environments from projects API endpoint docs
  • fix(api): docs for bulk env update response
  • fix: APP_NAME env in development
    • using a different APP_NAME for development might seem like a good idea but it is annoying and causes issues when debugging, especially with Redis as it is used as the key prefix
  • fix(preview): docker compose preview URLs
  • fix: 404 on /settings for root user on cloud instance
  • fix(ui): empty network destinations when cloning a resource
  • fix(ui): instance public ips ui validation
  • fix(ui): images inside coolify changelog
  • fix(ui): domain input whitespace trimming in instance settings
  • fix(ui): change password visibility eye icon based on state
  • fix(ui): hide Already registered? button from the /register page when there are 0 users as clicking on it would just redirect you back to /register
  • fix(ui): improve volume mount warning for compose applications
  • fix(service): remove start command from unleash template
  • fix(service): add instagram envs to postiz template
  • fix(service): budibase worker envs
  • fix(service): correct POSTGRES_HOST in freshrss
  • fix(service): use fqdn for server host in sequin template
  • fix(service): wireguard easy host to use fqdn
  • fix(service): signoz metrics env
  • chore(deps): update composer and node dependencies
  • chore(docker): add healthchecks to dev services
  • chore(service): update weblate service
  • chore(service): update rybbit service
  • chore(service): improve mosquitto template
  • refactor(service): remove unused envs from hoppscotch
  • refactor(api): remove old stale domains update code from services endpoints
  • refactor(api): update application create endpoints docs to specify that Dockerfile and Docker Image deployment type are without git
  • refactor(api): application urls (domains) validation
    • rename fqdn to urls as that is what it actually is
    • improve URL validation to allow urls without a TLD
    • improve error messages to make it clear that URLs are needed
    • improve code by combining some actions
  • docs(api): improve domains API docs
  • docs(api): make docker_compose_raw description more clear

Security Fixes

  • fix(env): only cat .env file in development to not expose all ENVs in deployment logs
  • fix(env): only show final nixpacks plan variables section in development to not expose all ENVs in deployment logs

New Services

  • added seaweedfs template
  • added uptime kuma v2 with mariadb and mysql
  • added autobase template
  • added sftpgo template
  • added esphome template
  • added linkding and linkding plus template
  • added open archiver template
  • added cloudreve template
  • added booklore template
  • added sessy template
  • added chibisafe template
  • added mage-ai template
  • added TrailBase template
  • added calibre web automated with downloader template
  • added silverbullet template
  • added nocobase template
  • added hatchet template
  • added redmine template
  • added glpi template

Issues

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.460...v4.0.0-beta.461

v4.0.0-beta.460

What's Changed

Fixes

  • Fix back navigation in global search resource selection (#7798, fixes #7739)
  • Fix restart count not resetting when manually stopping resources (#7784)
  • Fix Traefik proxy UI refresh timing issue after version update (#7783, fixes #7732)
  • Fix build pack UI reactivity when switching between build packs (#7780)
  • Fix upgrade modal loading indicators visibility in light mode (#7770)
  • Fix broken hyperlinks to Sentinel page on metrics pages (#7752)
  • Fix terminal sudo access for non-root users to access Docker socket
  • Fix Keydb and Redis configuration using base64 encoding instead of temp files
  • Fix 30-day metrics interval page freeze with data downsampling (#7787)

Improvements

  • Add SPA navigation helper for smoother page transitions
  • Refactor application general settings view for improved maintainability

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.459...v4.0.0-beta.460

v4.0.0-beta.459

What's Changed

Security & Fixes

  • Fixed security vulnerability in Supabase Studio (React2shell CVE-2025-55182) (#7711)
  • Fixed duplicate notifications when toggling Sentinel settings (#7749)
  • Fixed builder container cleanup causing redundant docker rm commands (#7698, fixes #7566)

New Services & Templates

  • Updated Superset template to v6.0.0 with PostgreSQL v18 (#7662)
  • Added persistent storage for Dolibarr documents and custom modules (#7684, fixes #5950)

Improvements

  • Added manual Stripe subscription sync command for cloud instance (#7706)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.458...v4.0.0-beta.459

v4.0.0-beta.457

What's Changed

Security & Fixes

  • Fix deployment logs flickering during polling updates (#7689)
  • Fix HTML entity encoding in deployment and runtime logs (#7689)
  • Remove redundant docker rm commands that caused error messages (#7688)

Improvements

  • Move Swarm and Sentinel to dedicated sidebar menu items for better navigation (#7687)
  • Add Hetzner server ID matching for server linking with private IPs (#7687)
  • Simplify cloud provider token button labels (#7686)
  • Shorten timestamp display in runtime logs for cleaner output (#7689)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.456...v4.0.0-beta.457

v4.0.0-beta.456

What's Changed

Security & Fixes

  • Updated Umami to v3.0.3 to patch Next.js CVE-2025-55183 & CVE-2025-55184 (#7671)
  • Automatic PII/secret sanitization in logs for GitHub, GitLab, AWS tokens and URL passwords (#7670)
  • Fix server resources tab 500 error with mixed model types (#7674, fixes #7666)
  • Fix preview deployment port and path preservation in URLs (#7677, fixes #2184)
  • Fix PostgreSQL version selection when using global search (#7664)
  • Fix database "restarting" status flickering with restart tracking (#7665)
  • Fix Outline template URL environment variable (#7650)

New Services & Templates

  • Added AppFlowy collaborative workspace template (#6492, fixes #4458)
  • Added Soju IRC bouncer with Gamja web client template (#7532)

Improvements

  • Improved logging view performance to prevent browser freezing (#7682)
  • Added copy logs button for deployment and runtime logs (#7676)
  • Added copy logs button with automatic secret sanitization (#7648)
  • Added toggleable SPA navigation with prefetching for faster page loads (#7661)
  • Updated ClickHouse to official image with migration support (#7392, fixes #7110)
  • Updated OpenPanel to v2 (#7653)
  • Updated Infisical to v0.154.6 (#7641)
  • Improved upgrade popup with progress simulation in dev mode (#7660)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.455...v4.0.0-beta.456

v4.0.0-beta.455

What's Changed

Security & Fixes

  • Update Umami to v3.0.2 to address CVE-2025-66478 security vulnerability (#7459)
  • Fix S3 credential whitespace causing backup failures (#7638, fixes #7469, #7594)
  • Fix double deployments when multiple GitHub Apps access the same repository (#7604, fixes #2315)
  • Fix 419 "Page Expired" login errors by changing default session driver (#7652)
  • Fix migration failures blocking upgrades with idempotency guards (#7637, fixes #7606, #7625)
  • Fix Docker container race condition during upgrades (#7603)
  • Fix OAuth users being incorrectly prompted for password confirmation (#7608, fixes #4457)
  • Fix read-only volume detection for Docker Compose long-form syntax (#7588)
  • Fix CSRF login issues for Paperless service (#7450)
  • Fix Postiz service failing due to outdated Node.js version (#7595)
  • Fix test emails failing when sent to non-team email addresses (#7600)
  • Fix execution time tooltip showing incorrect maximum value (#7593)

New Services & Templates

  • Added Terraria game server template (#7323)
  • Added Penpot with S3 storage template (#7407)
  • Added Beszel Agent standalone template for multi-server monitoring (#7412)
  • Updated Beszel to v0.16.1 (#7409)
  • Updated Penpot to use Valkey instead of deprecated Redis (#7415)
  • Updated Pterodactyl + Wings template to expose SFTP port (#7315)
  • Redis Insight now connects to predefined networks by default (#7416)
  • Added STORE_MODEL_IN_DB variable to LiteLLM template (#7440)

Improvements

  • Real-time upgrade progress tracking with step-by-step visibility (#7609)
  • Improved breadcrumb navigation with quick-switch dropdowns (#6360, fixes #4117)
  • Link manually-added servers to Hetzner Cloud for power controls (#7592)
  • Prioritize main/master branches in branch selection dropdown (#7520)
  • Escape key now exits fullscreen logs view (#7632)
  • Text selection no longer clears when deployment logs refresh (#7636)
  • Optimized server status updates for better performance (#7639)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.454...v4.0.0-beta.455

v4.0.0-beta.454

What's Changed

Security & Fixes

  • Fix concurrent builds being ignored and add deployment queue limit protection (#7488, fixes #6708)
  • Fix deployments incorrectly marked as failed after healthy container rolling update (#7583)
  • Fix Docker container race condition during upgrades (#7565, fixes #7481)
  • Fix deployment logs stopping unexpectedly mid-deployment (#7579)
  • Fix deployment logs overlap with deployments indicator (#7580)
  • Fix empty logs display and fullscreen coverage in logs viewer (#7564)
  • Fix restart counter persistence and race condition (#7582)
  • Prevent Coolify infrastructure images from being pruned during cleanup (#7586)
  • Fix API response to return fqdn instead of non-existent domains attribute (#7546)
  • Fix user token session not being set correctly for team
  • Add proxy config filename validation to prevent path traversal (#7544)

Improvements

  • Add Hetzner server provisioning API endpoints (#7562)
  • Add autogenerate_domain API parameter for applications (#7515)
  • Add Retry-After header to 429 rate limit responses
  • Always show "Allow Public PR Deployments" option for better discoverability (#7587)
  • Improve OpenAPI spec and add rate limit handling for Hetzner
  • Remove dead server filtering code from scheduler for better performance (#7585)
  • Remove duplicate getArchDockerInstallCommand() method (#7581)

Developer Experience

  • Add deterministic UUIDs to development seeders for easier API testing (#7584)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.453...v4.0.0-beta.454

v4.0.0-beta.453

What's Changed

Security & Fixes

  • Terminal stays connected when browser tab loses focus (#7538)
  • Preview deployments now properly cleaned up on GitLab, Bitbucket, and Gitea (#7537, fixes #2610)
  • Fixed SSH conflicts during concurrent scheduled tasks (#7503, fixes #6736)
  • Fixed Nixpacks failing with null environment variables (#7493, fixes #6830)
  • Deployment status now shows "In Progress" immediately when queued (#7487, fixes #6708)
  • Fixed cleanup errors incorrectly marking successful deployments as failed (#7460, fixes #7439)
  • Fixed service status stuck at "Starting" after stop (#7479)
  • Fixed backup timeout not being applied during remote execution (#7476)
  • Fixed Traefik warning not clearing after proxy restart (#7466)
  • Fixed container "Restarting" status not displaying correctly (#7463)
  • Fixed degraded sub-resource and mixed status states (#7461)
  • Fixed Traefik email notifications with clickable server links (#7452)
  • Fixed PostgREST showing in wrong category and empty Domains section (#7442)
  • Fixed base directory path validation issues (#7437)
  • Fixed port validation blocking advanced checkbox saves (#7435)
  • Fixed Docker build args not working with service names (#7433)
  • Fixed preview URL port template variable (#7527)
  • Fixed logs not loading for single container services (#7509)
  • Fixed Garage service TOML config and healthcheck (#7510)

New Services & Templates

  • Added Garage (S3-compatible distributed storage) (#7508)
  • Added RustFS (S3-compatible storage) (#7486)
  • Added Fizzy (feedback widget) (#7468)

Improvements

  • Added Arch Linux server support (#7531, #7408, fixes #4523)
  • Added Docker image retention for application rollback support (#7504)
  • Added colorized log levels with toggle (#7502)
  • Added log search, download, and collapsible sections (#7484)
  • Added collapsible option to logs component (#7495)
  • Added runtime/buildtime properties to environment variables (#7470)
  • Proxy restart now runs as background job with real-time logs (#7475)
  • Dashboard performance improved with request-level caching (#7533)
  • Renamed "unsend" to "usesend" in email configuration (#7526, fixes #7189)
  • Renamed DOCKER_TOKEN/USERNAME to DOCKERHUB_TOKEN/USERNAME (#7432)
  • Improved Advanced Settings helper text clarity (#7453)
  • Improved PostgreSQL type docs link styling (#7494)
  • Improved Sentinel update check scheduling (#7491)
  • Decoupled storage check from Sentinel sync (#7454)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.452...v4.0.0-beta.453

v4.0.0-beta.452

What's Changed

Security & Fixes

  • Fixed Traefik proxy startup issues with null versions and network filtering (#7400)
  • Fixed service name parsing issues when using hyphens (#7399)
  • Fixed version downgrade prevention with improved cache validation (#7396)
  • Fixed webhook notification settings migration conflict (#7393)
  • Fixed Docker database start commands compatibility across versions (#7390, #6807)
  • Fixed duplicate environment variables in buildtime.env and Nixpacks plan overrides (#7373)
  • Fixed incorrect Caddy proxy config file path display (#6722)
  • Fixed Livewire snapshot error during database restore (#7385, fixes #7335)
  • Fixed Beszel realtime monitoring feature (#7366)
  • Fixed Appwrite too many redirects error (#7364)

Improvements

  • Improved manual update process with better user feedback (#7398)
  • Improved new resource page UI layout and styling (#7291)
  • Added color-coded log highlighting based on log level (#7288)
  • Added Postgresus to predefined Docker networks by default (#7367)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.451...v4.0.0-beta.452

v4.0.0-beta.451

What's Changed

Security & Fixes

  • Enhanced security by validating and escaping database names, file paths, and proxy configuration filenames to prevent command injection (#7375)
  • Fixed Docker command failures on non-root servers and proxy network race conditions (#7368, fixes #7362)
  • Fixed path duplication in SERVICE_FQDN and SERVICE_URL when updating service FQDN (#7370, fixes #7363)
  • Fixed configuration change detection for build settings to properly show restart notification (#7371)

Improvements

  • Enhanced environment variable handling with better password field support and shared variable management
  • Improved build time variable checkbox behavior based on environment type
  • Reduced excessive logging in cleanup commands for cleaner output (#7356)
  • Improved version release automation workflow with GitHub sync functionality
  • Better error handling and output capturing during Git operations

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.450...v4.0.0-beta.451

v4.0.0-beta.450

What's Changed

Security & Fixes

  • Fixed database restore modal not closing properly after backup operations (#7345, fixes #7335)
  • Fixed installation failures caused by CDN redirect handling in curl commands (#7349, fixes #7348)
  • Fixed proxy startup failures due to bash syntax errors in control structures (#7353, fixes #7346)

Improvements

  • Added Docker build cache preservation toggles to optimize build performance (#7352, fixes #7040)
    • New option to skip automatic Dockerfile ARG injection
    • New option to exclude SOURCE_COMMIT from build context
    • Applies to both Dockerfile and Docker Compose buildpacks

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.449...v4.0.0-beta.450

v4.0.0-beta.449

What's Changed

Fixes

  • Preserve Docker build cache by excluding dynamic variables (#7339, fixes #7040)
  • Show shared env scopes dropdown even when no variables exist (#7342)
  • Add authorization checks for environment and project views

New Features

  • Developer view for shared environment variables (#7091)
  • Custom docker entrypoint support (#7097)

Improvements

  • Improved variable scope handling in docker entrypoint parsing (#7341)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.448...v4.0.0-beta.449

v4.0.0-beta.447

What's Changed

New Features

  • Restore database backups directly from S3 storage (#7085)
  • Environment variable autocomplete with {{ scope.variable }} syntax (#7282)

Fixes

  • Correct webhook notification settings migration and model schema (#7333)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.446...v4.0.0-beta.447

v4.0.0-beta.445

What's Changed

Security & Fixes

  • Fixed environment variables not passing to Docker Compose build commands (#7271, fixes #7120)
  • Fixed Docker Compose service URL and domain handling for all service templates (#7275, fixes #7243)
  • Fixed buildpack cleanup when switching build methods (#7268, fixes #7192)
  • Fixed exited containers incorrectly showing health status (#7317)
  • Fixed container health status for services with monitoring disabled (#7283)
  • Fixed SERVICE_FQDN error when using database services (#7299)
  • Fixed database restart removing and re-downloading images unnecessarily (#7293)
  • Fixed duplicate migration conflicts during startup (#7254)
  • Fixed deployment error logs appearing multiple times (#7247)
  • Fixed modal input fields expanding to full width (#7267)
  • Fixed form input border shifting content on focus (#7300)
  • Fixed queue job failures after deserialization (#7275)
  • Fixed Codimd service docker-compose configuration (#7096, fixes #7095)
  • Fixed Mosquitto service template (#7129)
  • Fixed Documenso deployments stuck in pending status (#7145, fixes #1767)
  • Fixed Redis Insight default template (#7176, fixes #7166)

New Services & Templates

  • Added Opnform template (#5875)
  • Added newt-pangolin template (#6259)

Improvements

  • Enhanced Traefik version notifications with minor upgrade detection (#7247)
  • Added Docker Compose reload button and raw/deployable view toggle (#7294)
  • Added prerequisite validation during server setup (#7297)
  • Added modal width controls for better spacing (#7227)
  • Reduced excessive helper image pull jobs across servers (#7229)
  • Auto-create MinIO bucket in development environment (#7273)
  • Improved README structure and clarity (#6994)

Documentation

  • Consolidated AI documentation into centralized directory (#7274)

Github changes in details

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.444...v4.0.0-beta.445