Restrict mass-assignable attributes across user/team/redis models and
switch privileged root/team creation paths to forceFill/forceCreate.
Encrypt legacy ClickHouse admin passwords via migration and cast the
correct ClickHouse password field as encrypted.
Tighten API and runtime exposure by removing sensitive team fields from
responses and sanitizing Git/compose error messages.
Expand security-focused feature coverage for command-injection and mass
assignment protections.
Add full GitLab application source support for git operations:
- Implement SSH-based authentication using private keys with configurable ports
- Support HTTP basic auth for HTTPS GitLab URLs (with or without deploy keys)
- Handle private key setup and SSH command configuration in both Docker and local modes
- Support merge request checkouts for GitLab with SSH authentication
Improvements to credential handling:
- URL-encode GitHub access tokens to handle special characters properly
- Update log sanitization to redact passwords from HTTPS/HTTP URLs
- Extend convertGitUrl() type hints to support GitlabApp sources
Add test coverage and seed data:
- New GitlabSourceCommandsTest with tests for private key and public repo scenarios
- Test for HTTPS basic auth password sanitization in logs
- Seed data for GitLab deploy key and public example applications
- Move restart counter reset from Livewire to ApplicationDeploymentJob to prevent race conditions with GetContainersStatus
- Remove artificial restart_type=manual tracking (never used in codebase)
- Add Crash Loop Example in seeder for testing restart tracking UI
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add a separate minio-init container that automatically creates the 'local'
bucket when MinIO starts in development. Mark the seeded S3Storage as usable
by default so developers can use MinIO without manual validation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add automated Traefik version checking job running weekly on Sundays
- Implement version detection from running containers and comparison with versions.json
- Add notifications across all channels (Email, Discord, Slack, Telegram, Pushover, Webhook) for outdated versions
- Create dismissible callout component with localStorage persistence
- Display cross-branch upgrade warnings (e.g., v3.5 -> v3.6) with changelog links
- Show patch update notifications within same branch
- Add warning icon that appears when callouts are dismissed
- Prevent duplicate notifications during proxy restart by adding restarting parameter
- Fix notification spam with transition-based logic for status changes
- Enable system email settings by default in development mode
- Track last saved/applied proxy settings to detect configuration drift
- API is now enabled by default when running in development mode
- Production instances keep API disabled by default (existing behavior)
- Uses isDev() helper to determine environment
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* chore(version): update coolify-realtime to version 1.0.9 in docker-compose and versions files
* feat(migration): add is_sentinel_enabled column to server_settings with default true
* fix(migration): update default value handling for is_sentinel_enabled column in server_settings
* feat(seeder): dispatch StartProxy action for each server in ProductionSeeder
* feat(seeder): add CheckAndStartSentinelJob dispatch for each server in ProductionSeeder
* fix(seeder): conditionally dispatch CheckAndStartSentinelJob based on server's sentinel status
* feat(seeder): conditionally dispatch StartProxy action based on proxy check result
* refactor(ui): terminal
* refactor(ui): remove terminal header from execute-container-command view
* refactor(ui): remove unnecessary padding from deployment, backup, and logs sections
* fix(service): disable healthcheck logging for Gotenberg (#6005)
* fix(service): Joplin volume name (#5930)
* chore(version): update coolify version to 4.0.0-beta.420 and nightly version to 4.0.0-beta.421
* fix(server): update sentinelUpdatedAt assignment to use server's sentinel_updated_at property
* feat(service): update Changedetection template (#5937)
* chore(service): changedetection remove unused code
* fix(service): audiobookshelf healthcheck command (#5993)
* refactor(service): update Hoarder to their new name karakeep (#5964)
* fix(service): downgrade Evolution API phone version (#5977)
* feat(service): add Miniflux service (#5843)
* refactor(service): karakeep naming and formatting
* refactor(service): improve miniflux
- improve DB url
- add depends_on
- formatting, naming & order
* feat(service): add Pingvin Share service (#5969)
* fix(service): pingvinshare-with-clamav
- add platform to make clamav work
- formatting
* feat(auth): Add Discord OAuth Provider (#5552)
* feat(auth): Add Clerk OAuth Provider (#5553)
* feat(auth): add Zitadel OAuth Provider (#5490)
* Update composer.lock
* fix(ssh): scp requires square brackets for ipv6 (#6001)
* refactor(core): rename API rate limit ENV
* refactor(ui): simplify container selection form in execute-container-command view
* chore(service): Update Evolution API image to the official one (#6031)
* chore(versions): bump coolify versions to v4.0.0-beta.420 and v4.0.0-beta.421
* fix(github): changing github app breaks the webhook. it does not anymore
* feat(service): enhance service status handling and UI updates
* fix(parser): improve FQDN generation and update environment variable handling
* fix(ui): enhance status refresh buttons with loading indicators
* fix(ui): update confirmation button text for stopping database and service
* fix(routes): update middleware for deploy route to use 'api.ability:deploy'
* fix(ui): refine API token creation form and update helper text for clarity
* fix(ui): adjust layout of deployments section for improved alignment
* chore(dependencies): update composer dependencies to latest versions including resend-laravel to ^0.19.0 and aws-sdk-php to 3.347.0
* refactor(email): streamline SMTP and resend settings logic for improved clarity
* fix(ui): adjust project grid layout and refine server border styling for better visibility
* fix(ui): update border styling for consistency across components and enhance loading indicators
* feat(cleanup): add functionality to delete teams with no members or servers in CleanupStuckedResources command
* refactor(invitation): rename methods for consistency and enhance invitation deletion logic
* refactor(user): streamline user deletion process and enhance team management logic
* fix(ui): add padding to section headers in settings views for improved spacing
* fix(ui): reduce gap between input fields in email settings for better alignment
* fix(docker): conditionally enable gzip compression in Traefik labels based on configuration
* fix(parser): enable gzip compression conditionally for Pocketbase images and streamline service creation logic
* fix(ui): update padding for trademarks policy and enhance spacing in advanced settings section
* feat(ui): add heart icon and enhance popup messaging for sponsorship support
* feat(settings): add sponsorship popup toggle and corresponding database migration
* fix(ui): correct closing tag for sponsorship link in layout popups
* fix(ui): refine wording in sponsorship donation prompt in layout popups
* fix(ui): update navbar icon color and enhance popup layout for sponsorship support
* Update resources/views/livewire/project/shared/health-checks.blade.php
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update app/Livewire/Subscription/Index.php
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix(ui): add target="_blank" to sponsorship links in layout popups for improved user experience
* fix(models): refine comment wording in User model for clarity on user deletion criteria
* Update app/Providers/RouteServiceProvider.php
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix(models): improve user deletion logic in User model to handle team member roles and prevent deletion if user is alone in root team
* fix(ui): update wording in sponsorship prompt for clarity and engagement
---------
Co-authored-by: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Co-authored-by: Khiet Tam Nguyen <86177399+nktnet1@users.noreply.github.com>
Co-authored-by: Carsten <BanditsBacon@users.noreply.github.com>
Co-authored-by: Alberto Rizzi <48057685+albertorizzi@users.noreply.github.com>
Co-authored-by: Jonas Klesen <deklesen@gmail.com>
Co-authored-by: Stew Night. <22344601+stewnight@users.noreply.github.com>
Co-authored-by: Jeffer Marcelino <jeffersunde72@gmail.com>
Co-authored-by: Lucas Eduardo <lucas59356@gmail.com>
Co-authored-by: CrazyTim71 <118295691+CrazyTim71@users.noreply.github.com>
Co-authored-by: Yassir Elmarissi <yassir.elmarissi@hm.edu>
Co-authored-by: Hauke Schnau <hauke@schnau-lilienthal.de>
Co-authored-by: Darren Sisson <74752850+djsisson@users.noreply.github.com>
Co-authored-by: Alkesh Das <67038642+smad-bro@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* chore(version): update coolify-realtime to version 1.0.9 in docker-compose and versions files
* feat(migration): add is_sentinel_enabled column to server_settings with default true
* fix(migration): update default value handling for is_sentinel_enabled column in server_settings
* feat(seeder): dispatch StartProxy action for each server in ProductionSeeder
* feat(seeder): add CheckAndStartSentinelJob dispatch for each server in ProductionSeeder
* fix(seeder): conditionally dispatch CheckAndStartSentinelJob based on server's sentinel status
* feat(seeder): conditionally dispatch StartProxy action based on proxy check result
* refactor(ui): terminal
* refactor(ui): remove terminal header from execute-container-command view
* refactor(ui): remove unnecessary padding from deployment, backup, and logs sections
* chore(version): update coolify-realtime to version 1.0.9 in docker-compose and versions files
* feat(migration): add is_sentinel_enabled column to server_settings with default true
* fix(migration): update default value handling for is_sentinel_enabled column in server_settings
* feat(seeder): dispatch StartProxy action for each server in ProductionSeeder
* feat(seeder): add CheckAndStartSentinelJob dispatch for each server in ProductionSeeder
* feat(README): add InterviewPal sponsorship link and corresponding SVG icon
* chore(versions): update coolify version to 4.0.0-beta.413 and nightly version to 4.0.0-beta.414 in configuration files
* fix(terminal): enhance WebSocket client verification with authorized IPs in terminal server
* chore(versions): update realtime version to 1.0.8 in versions.json
* chore(versions): update realtime version to 1.0.8 in versions.json
* chore(docker): update soketi image version to 1.0.8 in production configuration files
* chore(versions): update coolify version to 4.0.0-beta.414 and nightly version to 4.0.0-beta.415 in configuration files
* fix(ApplicationDeploymentJob): ensure source is an object before checking GitHub app properties
* fix(ui): Disable livewire navigate feature (causing spam of setInterval())
* fix(ui): Remove required attribute from image input in service application view
* fix(ui): Change application image validation to be nullable in service application view
* fix(Server): Correct proxy path formatting for Traefik proxy type
* chore(versions): update coolify version to 4.0.0-beta.416 and nightly version to 4.0.0-beta.417 in configuration files; fix links in deployment view
* feat(Service): Add functionality to convert between applications and databases in docker-compose based applications
fix(ui): Fix service layout refresh on compose change
* fix(service): graceful shutdown of old container (#5731)
* refactor(Database): streamline container shutdown process and reduce timeout duration
* fix(ServerCheck): enhance proxy container check to ensure it is running before proceeding
* chore(seeder): update git branch from 'main' to 'v4.x' for multiple examples in ApplicationSeeder
* fix(applications): include pull_request_id in deployment queue check to prevent duplicate deployments
* refactor(core): streamline container stopping process and reduce timeout duration; update related methods for consistency
* fix(database): update label for image input field to improve clarity
* feat(migration): add 'is_migrated' and 'custom_type' columns to service_applications and service_databases tables
* feat(backup): implement custom database type selection and enhance scheduled backups management
* fix(ServerCheck): set default proxy status to 'exited' to handle missing container state
* fix(database): reduce container stop timeout from 300 to 30 seconds for improved responsiveness
* refactor(database): update DB facade usage for consistency across service files
* Update app/Livewire/Project/Service/Database.php
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* refactor(database): enhance application conversion logic and add existence checks for databases and applications
* refactor(actions): standardize method naming for network and configuration deletion across application and service classes
* refactor(logdrain): consolidate log drain stopping logic to reduce redundancy
* refactor(StandaloneMariadb): add type hint for destination method to improve code clarity
* refactor(DeleteResourceJob): streamline resource deletion logic and improve conditional checks for database types
* refactor(jobs): update middleware to prevent job release after expiration for CleanupInstanceStuffsJob, RestartProxyJob, and ServerCheckJob
* fix(ui): system theming for charts (#5740)
* chore(deps-dev): bump vite from 6.2.6 to 6.3.4 (#5743)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.2.6 to 6.3.4.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.3.4/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 6.3.4
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix(dev): mount points?!
* fix(dev): proxy mount point
* fix(ui): allow adding scheduled backups for non-migrated databases
* fix(DatabaseBackupJob): escape PostgreSQL password in backup command (#5759)
* fix(ui): correct closing div tag in service index view
* Revert "fix(dev): mount points?!"
This reverts commit 365bf3cbf0.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Jérémy <jeremy.derdaele@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Best Codes <106822363+The-Best-Codes@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: busybox <29630035+busybox11@users.noreply.github.com>
