Changelog.

Latest releases from the GitHub repository .

v4.0.0

Finally releasing v4.0.

It was long overdue because we have been in beta for a long time. Thousands of companies and people have been using Coolify in production for 1-2 years.

Of course, this does not mean it has no bugs, it has many, but we fix them every day.

v5 is coming together, but we are not rushing it.

The biggest feature will be full scalability in the core, so you will have cloud infrastructure, but with your own servers.

I already have a working solution for the core and it is soo cool. Can't wait to start showing them to you.

By the way, doing v5 does not mean we won't continue to support v4. We just want to push what is possible with servers and automations.

Thank you to everyone who helped me reach this point 💜

Let's make cool stuff! 🫰

So the release notes:

What's Changed

Security & Fixes

  • Fixed Rallly service environment variable defaults (#9041, fixes #9615)
  • Fixed Logto upgrade failure caused by missing database migration step (#9376)
  • Fixed Jitsi Meet not working — rebuilt template with stable image and proper UDP/secrets (#9594, fixes #4813)
  • Fixed Twenty deployment failure from unhealthy worker dependency (#9603, fixes #9574)
  • Fixed mobile info popup not opening on tap and bubbling clicks to parent (#9809, closes #4834)
  • Fixed SPA navigation race conditions causing stale state, broken buttons, and unsaved changes (#9742, closes #9732)

New Services & Templates

  • Added Cap captcha service template (#9729)
  • Re-enabled Plane service with updated docker-compose (#9641, fixes #8338)
  • Updated Beszel and Beszel Agent to 0.18.7 (#9775)
  • Disabled Cal.com template — project went closed source (#9776)

Improvements

  • Added healthcheck to Langfuse worker (#9772)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.474...v4.0.0

v4.0.0-beta.474

What's Changed

Security & Fixes

  • Prevent data loss when persistent containers (databases, apps, services) are accidentally pruned during service deletion (#9654, fixes #9582)
  • Fix S3 storage backup endpoints returning 500 in API context (#9655, fixes #9581)
  • Encrypt manual webhook secrets and strengthen HMAC signature verification (#9652)
  • Fix Rocky Linux installer to use correct RHEL Docker repository (#9541, fixes #8730)
  • Harden authentication: upgrade email verification hash and fix invitation link login (#9672)
  • Validate and rate-limit feedback endpoint (#9653)
  • Tighten volume name and path validation with shell argument escaping (#9666)
  • Validate backup upload file type and size limits (#9667)
  • Tighten S3 endpoint URL validation (#9668)
  • Harden dev helper version validation and build argument escaping (#9670)
  • Strengthen team scoping across resource creation flows (#9651)
  • Fix SSH repository URLs with custom ports being mangled (#9425)
  • Fix healthcheck path validation rejecting commas and semicolons (#9223)
  • Fix database credential validation and shell escaping across Postgres, MySQL, MariaDB (#9674, #9676, #9681, #9682)
  • Improve shell command tokenization for install, build, and start commands (#9684)
  • Return stable generic error messages for API 5xx responses (#9669)

Improvements

  • Add optional expiration for API tokens with advance notification warning before expiry (#9677)
  • Add DELETE API endpoint to remove preview deployments by pull request ID (#9614)
  • Mark Docker Swarm support as deprecated ahead of v5 removal (#9621)
  • Categorize application advanced settings into logical sections (#9234)
  • Improve service settings layout with dedicated advanced page and clearer headings (#9027)
  • Display memory limit fields in a single row (#9232)
  • Add info callout to clone resource section listing excluded items (#9233)
  • Add architecture warning for service templates with platform limitations (#8390)
  • Improve domain port+path format documentation in the UI (#8331)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.473...v4.0.0-beta.474

v4.0.0-beta.473

Fixes

  • Fixed the upgrade modal to show the correct target version and cleared stale upgrade notifications when the instance was already up to date. (#7774, fixes #6039, #8707)
  • Fixed user deletion cleanup so team-owned Git app sources were handled safely, while instance-wide sources were preserved for the root team. (#9435, fixes #8172)
  • Fixed dashboard homepage add buttons so they remained visible in light mode. (#9456, fixes #9454)
  • Fixed port mapping validation to accept protocol suffixes like /tcp, /udp, /sctp and IP-bound mappings. (#9503, fixes #9501, #9504)

Improvements

  • Updated phpseclib/phpseclib to 3.0.51. (#9500)
  • Updated axios to 1.15.0 for development dependencies. (#9515)
  • Updated axios to 1.15.0 in coolify-realtime. (#9516)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.472...v4.0.0-beta.473

v4.0.0-beta.472

What's Changed

Security & Fixes

  • Allow quoted arguments in custom Docker run options (#9481, fixes #9343)
  • Patched Alpine packages in helper, realtime, and development Docker images (#9437)
  • Bumped Alexandrie images to address upstream security advisory (#9434)

New Services & Templates

  • Added Grimmory one-click service, the successor to Booklore (#9109)
  • Comprehensive Supabase template update to latest versions (#8316)
  • Allow overriding GOTRUE_SITE_URL in Supabase for separate frontend domains (#9079, fixes #5581)
  • Added sensible CORS defaults to Directus templates (#9081, fixes #5024)
  • Updated Rivet template to v2.2.0 (#9378)
  • Updated Convex to current latest version (#9392)
  • Fixed LibreChat healthcheck and upgraded Meilisearch image (#9358)
  • Fixed n8n task-runners health check (#9309, fixes #9306)
  • Increased Nextcloud healthcheck interval to prevent worker exhaustion (#9440, fixes #9439)
  • Updated Nextcloud healthcheck endpoint to /status.php (#9470)
  • Fixed Netbird client volume path so settings persist across restarts (#9484)
  • Corrected Minecraft template category to games (#9387)
  • Corrected several template categories that were set incorrectly (#9449)

Improvements

  • Removed Algora bounty program references from community docs and templates (#9436)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.471...v4.0.0-beta.472

v4.0.0-beta.471

What's Changed

Security & Fixes

  • Harden model mass assignment protection across all models (#9282)
  • Scope server and project queries to current team (#9230)
  • Harden GetLogs component with locked properties and input validation (#9229)
  • Add validation and escaping for Docker network names (#9228)
  • Add URL validation for notification webhook fields (#9224)
  • Use server-side config for password reset URL generation (#9193)
  • Add input validation for install/build/start command fields (#9227)
  • Add input validation for resource limit fields (#9238)
  • Add IP validation for custom DNS servers input (#9239)
  • Add URL validation for proxy redirect input (#9241)
  • Add input validation for server advanced settings page (#9242)
  • Add input validation for sentinel configuration (#9243)
  • Add input validation for database backup timeout (#9245)
  • Add input validation for emails configuration (#9259)
  • Add input validation for database public port and proxy timeout
  • Add validation to block unsafe webhook URLs
  • Use random_int() for email change verification codes (#9226)
  • Move admin route into middleware group (#9225)
  • Enforce team-scoped project/env lookups in onboarding
  • Add input validation for port exposes and port mappings fields

New Services & Templates

  • Added ElectricSQL template (#8190)

Fixes

  • Fix intermittent pre-deployment command failures (#9165, fixes #9076)
  • Fix Grafana GF_SERVER_DOMAIN using FQDN instead of URL (#9080, fixes #5307)
  • Fix listmonk db config env typo (#9250)
  • Fix Langfuse by pinning ClickHouse version to avoid init errors
  • Fix cloning persistent volumes with missing uuid (#9290, fixes #9270)
  • Fix redirect value not persisting in setRedirect (#9279)
  • Fix cloud subscription notification links (#9296)
  • Fix slash branches in public repo URLs
  • Fix shared env vars resolving on wrong server
  • Fix database SSL/status state and clone writes
  • Fix auto-generate missing CA cert on SSL regeneration
  • Fix backup notification failures affecting backup status (fixes #9088)
  • Fix backup retention enforcement and stale execution cleanup
  • Fix password visibility toggle using Alpine state
  • Fix GitHub branch state when refreshing repositories

Improvements

  • Shared server environment variables (#7764)
  • Refresh repos on private GitHub app (#8621)
  • Support Docker image tags for preview deployments
  • Add preserve repository option to deployment API (#8371)
  • Implement exponential backoff for unreachable servers (#9184)
  • Improve scheduled task single view UX (#9266)
  • Add two-step confirmation to enable self-registration (#9277)
  • Add public port timeout configuration for databases
  • Make textarea monospace opt-in and improve multiline toggle

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.470...v4.0.0-beta.471

v4.0.0-beta.470

What's Changed

Security & Fixes

  • Fixed proxy config validation to ensure stored config matches the current proxy type (#9146, fixes #9127)
  • Fixed environment variables being incorrectly resolved in compose files instead of preserving ${VAR} references (#9147, fixes #9136)
  • Fixed deployment issues with shell argument escaping in nixpacks commands (#9122, fixes #9042)
  • Fixed GitHub webhook errors for unsupported event types (#9119, fixes #9090)
  • Fixed server limit checks when using API tokens (#9123, fixes #9116)
  • Fixed hostname validation to be case-insensitive and allow more characters (#9134, fixes #9131)
  • Fixed duplicate subscription creation
  • Fixed environment variable refresh when variables are missing or stale
  • Fixed Docker cleanup logging when server is unreachable

New Services & Templates

  • Added EspoCRM one-click service template (#8658)

Improvements

  • Improved mobile responsiveness for confirmation modals
  • Simplified Docker installation process
  • Added storage API endpoints with UUID support for databases and services
  • Added Nightwatch monitoring support
  • Disabled Booklore service template (#9105)
  • Bumped Sentinel and Traefik versions

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.469...v4.0.0-beta.470

v4.0.0-beta.469

What's Changed

Security & Fixes

  • Fixed sporadic SSH "permission denied" errors during key rotation (#8990, fixes #7724)
  • Fixed deployment failures when build server is enabled during restart operations (#9045, fixes #9013)
  • Fixed breadcrumb queries causing out-of-memory crashes (#9048, fixes #9009)
  • Fixed GitHub App webhook endpoint defaulting to IPv4 instead of instance domain (#8948)
  • Fixed Hoppscotch service failing to start due to database health check (#8949)
  • Fixed Docker Compose not respecting preserveRepository for project directory (#8956, fixes #8953)
  • Fixed backup error when S3 storage is missing or deleted (#9038, fixes #9035)
  • Fixed Stripe subscription error handling and resilience (#9030)
  • Fixed Heyform template configuration (#8747)
  • Fixed API resource UUID extraction from route parameters
  • Fixed Docker cleanup stale container warning on cloud instances
  • Fixed Compose file-not-found error now includes git branch info

New Services & Templates

  • Added LibreSpeed service for self-hosted speed testing (#8626)
  • Added imgcompress service for offline image processing (#8763)
  • Updated Databasus to v3.16.2 (#8586)
  • Updated n8n with Postgres and Worker to v2.10.4 (#8807)
  • Updated SeaweedFS images to v4.13 (#8738)
  • Fixed Castopod service port from 8000 to 8080 (#8817)

Improvements

  • Added per-volume control of PR suffix in preview deployments (#9006, fixes #7802, fixes #7343)
  • Added auto-population of FQDN from docker_compose_domains for compose previews (#8963, fixes #8958)
  • Added force deletion option for servers with existing resources (#8962)
  • Added auto-fetch of server metadata after validation (#8964)
  • Added container label escape control to services API (#8955, fixes #8954)
  • Added database environment variable management API endpoints
  • Added storage management API endpoints for applications and backup schedules
  • Added support for comments in bulk environment variable API endpoints
  • Added placeholder hints for magic environment variables
  • Added next billing date and billing interval display for subscriptions
  • Added cache-based deduplication for delayed cron execution
  • Simplified environment variable settings by removing buildtime/runtime options

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.468...v4.0.0-beta.469

v4.0.0-beta.468

What's Changed

Security & Fixes

  • Fixed SSH connection retry failures during deployments (#8927, fixes #8926)
  • Fixed deployment type selection when using GitHub/GitLab Apps (#8934, fixes #8917)
  • Fixed deployment authorization endpoint returning incorrect 404 errors (#8931, fixes #8925)
  • Fixed shared variables not resolving in Docker Compose environments (#8930, fixes #8918)
  • Fixed SSH keys not being used for git submodule and LFS operations (#8933, fixes #8895)
  • Added support for scoped npm packages in file path validation (#8928, fixes #8924)

Improvements

  • Added log filtering capability based on log level in deployment logs (#8784)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.467...v4.0.0-beta.468

v4.0.0-beta.467

What's Changed

Security & Fixes

  • Fixed command injection vulnerability in health check commands (#8898)
  • Added path validation to prevent command injection in file locations
  • Fixed environment variables being overwritten when changing service domains (#8915, fixes #8912)
  • Fixed Nixpacks deployment failures when application has no domain set (#8902, fixes #6830)
  • Fixed resource deletion failing silently in the danger zone (#8909, fixes #8836)
  • Fixed scheduled task input fields losing focus while editing (#8654, fixes #8647)
  • Added docker_cleanup parameter to API stop endpoints (#8899, fixes #7758)

Improvements

  • Added GitLab source integration with SSH deploy keys and HTTP basic auth (#8910, fixes #5295)
  • Added database-backed proxy config storage with automatic recovery and versioned backups (#8905, fixes #7178)
  • Added server metadata collection and display

What's Changed

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.466...v4.0.0-beta.467

v4.0.0-beta.466

What's Changed

Security & Fixes

  • Prevent command injection via base64-encoding log drain environment variables
  • Prevent command injection via git reference validation
  • Add sentinel token validation to prevent command injection
  • Require write permission for API validation endpoints
  • Prevent false container exits on failed docker queries (#8860)
  • Track last_online_at and reset database restart state
  • Preserve user-saved environment variables on Docker Compose redeploy (#8894)
  • Fix build-time environment variables breaking Next.js (#8890)
  • Prevent command injection in developer view shared variables (#8889)
  • Make confirmation modal close after dispatching Livewire actions (#8892)
  • Respect keep for rollback setting for Nixpacks build images (#8859)

Dependencies

  • Bump rollup from 4.57.1 to 4.59.0 (#8691)
  • Bump league/commonmark from 2.8.0 to 2.8.1 (#8793)

What's Changed

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.465...v4.0.0-beta.466

v4.0.0-beta.465

What's Changed

Security & Fixes

  • Fixed WebSocket connection and host authorization issues in terminal (#8862, fixes #8856)
  • Fixed environment variable parser capturing trailing braces in bash-style defaults (#8855, fixes #8851)
  • Fixed confirmation modal staying open after database import/restore (#8697, fixes #8689)
  • Fixed nginx.conf mounting error in development mode (#8662)
  • Fixed docker-compose deployment with custom start commands and preserveRepository setting (#8848, fixes #8417)
  • Fixed preview deployment page visibility for deploy key applications (#8579)

Improvements

  • Added configurable timeout for public database TCP proxy connections (#8673, fixes #7743)

What's Changed

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.464...v4.0.0-beta.465

v4.0.0-beta.464

What's Changed

Security & Fixes

  • Fixed SSH command injection vulnerability (#8748)
  • Resolved 419 session errors with Cloudflare Tunnels and domain-based access (#8749, fixes #5404)
  • Fixed SSH directory permission issues during upgrades (#8635, resolves #6621)
  • Added SSH directory permission auto-fix for new installations (#8635)
  • Prevented command injection in certificate handling via base64 encoding (#8617)
  • Hardened Docker command execution with centralized escaping (#8615)
  • Prevented command injection in health check commands (#8611)
  • Fixed cross-tenant IDOR vulnerability in resource cloning (#8613)
  • Added IPv6 CIDR support for API access IP allowlist (#8750, fixes #8729)
  • Fixed proxy initialization with IPv6 networks on Docker 25+ (#8703, fixes #8649)
  • Fixed CSRF redirect loop during 2FA authentication (#8596)
  • Corrected API permission requirements for POST endpoints (#8600)
  • Added team authorization checks to domains_by_server API (#8616)
  • Fixed Cloudreve service data persistence across restarts (#8740)
  • Fixed Ente Photos join link configuration (#8727)
  • Fixed application rollback to use correct commit SHA (#8576)
  • Fixed deployment detection for BuildKit and secrets (#8565)
  • Resolved team lookup for service relationships (#8559, fix #8431)
  • Added webhook notification status validation (#8557, fix #8448)
  • Fixed deploy key handling when private_key_id is zero (#8563, fixes #8562)
  • Fixed Redis/KeyDB config permissions with custom configurations (#8561, fix #8539)
  • Fixed password field UI flash before Alpine.js initialization (#8599, closes #8592)
  • Fixed GlitchTip webdashboard loading issue (#8249)
  • Fixed Grist service template configuration (#8384)
  • Fixed API documentation schema references (#8239, closes #8229)

New Services & Templates

  • Added Pydio Cells service (#8323)
  • Added Sure service (#8157)
  • Added Spacebot service with custom logo support (#8427)
  • Updated N8N templates to 2.10.2 (#8679)
  • Upgraded Beszel and Beszel Agent to v0.18 (#8513)
  • Disabled Plane service in template suite (#8580)
  • Disabled Pterodactyl Panel and Wings from service templates (#8512)
  • Disabled Minio Community Edition from service templates (#8686)
  • Disabled Maybe service in template suite (#8167)

Features & Improvements

  • Added refund and cancellation management for subscriptions (#8637)
  • Added comment field support to environment variables (#7269, fix #7239)
  • Added command-based health check support for services (#8612)
  • Added scheduled job monitoring dashboard (#8433)
  • Added scheduled tasks CRUD API with authentication and validation (#8428)
  • Made Horizon max time configurable (#8560, fix #8435)
  • Fixed Soketi host binding for IPv6 support (#8619, closes #8584)
  • Fixed scheduler self-healing for stale Redis locks with UI detection (#8618, fixes #8327)
  • Fixed Traefik service label handling for force HTTPS (#8550)
  • Improved security by hardening deployment paths and deploy abilities (#8549)
  • Fixed queue timeout handling in Horizon gracefully (#8360)
  • Fixed missing status variable in Hetzner status checks (#8359)
  • Fixed container filtering in push server job (#8361)
  • Improved proxy error handling on port allocation failure (#8362)
  • Enhanced SSH error tracking with proper Sentry scoping (#8363)

UI & Developer Experience

  • Added container labels header to UI (#8752)
  • Improved project heading navigation spacing (#8564)
  • Fixed datalist border color and added repository selection watcher (#8240)
  • Fixed Docker Compose force HTTPS preference behavior (#8424)
  • Migrated test suite to SQLite in-memory with Pest browser testing (#8364)
v4.0.0-beta.463

Changes

  • feat(database): add official postgres 18 and pgvector 18 support -> You could always change the database image and volume mount path manually and achieve unofficial support that is why this was not added faster
  • feat(ui): add postgres 16 to the UI
  • feat(ui): improve global search with uuid and pr support
  • feat(installer): add tencentos as a supported os
  • feat(service): upgrade checkmate to v3 with all the necessary changes
  • feat(service): upgrade listmonk to v6 with all the necessary changes
  • feat(service): upgrade formbricks to v4 with all the necessary changes
  • feat(service): update pterodactyl version
  • fix(backup): postgres restore arithmetic syntax error
  • fix(validation): add @, / and & support to names and descriptions
  • fix(api): infinite loop with github app with many repos
  • fix(parser): replace dashes and dots in auto generated envs
  • fix(labels): make sure name is slugified
  • fix(ui): make tooltips a bit wider
  • fix(ui): modal issues
    • tooltips can not extend outside the modal causing a scrollbar to appear
    • modals are to wide
    • remove unused minWidth and maxWidth props
  • fix(ui): horizontal overflow on application and service headings
  • fix(validation): enforce url validation for instance domain
  • fix(service): autobase database is not persisted correctly
  • fix(service): supabase studio settings redirect loop
  • fix(service): disable supabase kong response buffering and increase timeouts which fixes large file downloads
  • fix(service): reactive-resume template
  • fix(service): allowed hosts and image version problems with strapi
    • automatically generate vite.config.js with the strapi FQDN
  • fix(service): bluesky pds invite code doesn't generate
  • fix(service): bugsink login fails due to cors
  • fix(service): forgejo login failure
  • fix(service): rocketchat fails to start due to database version incompatibility
  • fix(service): kimai fails to start due to the healthcheck ip not being in the trusted hosts
  • fix(service): activepieces postgres 18 volume mount
  • fix(service): users unable to create their first ente account without SMTP
  • fix(service): seaweedfs logo
  • fix(service): soju svg
  • chore(service): use major version for openpanel
  • build: upgrade postgres client to fix build error
  • refactor(services): improve some service slogans
  • docs(api): improve compose app endpoint deprecation description

New Services

  • added openclaw template
  • added langflow template
  • added bento-pdf
  • added alexandrie template
  • added goatcounter template
  • added satisfactory game server
  • added back soketi-app-manager

Issues

What's Changed (by Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.462...v4.0.0-beta.463

v4.0.0-beta.462

Optimize queries, views with caches and prevent N+1 queries.

tldr: some views are faster

v4.0.0-beta.461

Changes

  • feat(service): add service database restore/import support
  • feat(api): add url update support to services api
  • feat(api): add more allowed fields to application api endpoints
    • added dockerfile_location as it is needed for Dockerfile deployments to work properly
    • added is_spa which can be used together with is_static
    • added is_auto_deploy_enabled and is_force_https_enabled
  • feat(api): allow to escape special characters in labels
  • feat(api): add tag filtering on the applications list endpoint
  • feat(api): improve docker_compose_domains with conflict checking and force_domain_override support
  • feat(notifications): add mattermost notifications (an open source slack alternative)
  • feat: add application logs link to preview deployments PR comment
  • feat(magic): add LOWERCASEUSER as magic variable which are sometimes required e.g. as docker registry username
  • feat(ui): show server name on resource card
  • feat(ui): improve sidebar menu items styling
  • feat(install): add postmarketos to the supported distributions
  • feat(ui): make git repository dropdown searchable
  • feat(service): upgrade n8n template to v2 with all the necessary changes
  • feat(service): upgrade trigger.dev template to v4 with all the necessary changes
  • feat(service): upgrade uptime kuma to version 2 with all the necessary changes
  • feat(service): upgrade docker registry template to v3 with all the necessary changes
  • feat(service): upgrade postgresus to databasus
  • feat(service): improve matrix templates by adding postgres and improving naming
  • feat(service): add healthchecks to evolution-api service
  • feat(services): update authentik
  • feat: allow more characters specifically Unicode alpha-numeric characters contained in \p{L}, \p{M}, \p{N} when validating while still not allowing any unsafe characters
  • feat(lang): add missing chinese translation keys
  • feat(lang): update portuguese language keys
  • feat(ui): add port mapping format to helper and fix typo
  • perf: optimize destinationsByServer query
  • fix(env): environment variable sorting not working
  • fix(git): trigger deployments when watch paths is empty and not just when they are null
  • fix(backup): database restores with custom db name with backup all databases not working
  • fix(logdrain): use deployment server and not build server settings
  • fix(service): twenty template and enable it again
  • fix(docker): use dynamic OS ID for ubuntu based OSs to use the correct Docker repository URL
  • fix: instance public ips initialization validation
  • fix: cast docker version to int for proper comparison
  • fix: making the db public does not instant save the port
  • fix(log): preserve leading whitespace in logs
  • fix(logs): remove hardcoded 2000 line limit
  • fix(api): remove incorrect uuid format from cuid2 parameters in openapi spec
  • fix(api): applications post and patch endpoints
    • remove docker_compose_raw from post and patch endpoints, as the compose file is sourced from git and should not be manually settable via the api
    • improve the documentation for docker_compose_domains (URLs)
    • enhanced array validation for docker_compose_domains by validating each array field and verifying which fields are allowed
    • set a custom array validation error message, as the default message is not really clear
    • show an error if the user attempts to set domains when the build pack is dockercompose
    • validate that the domains in docker_compose_domains are proper URLs and include a valid scheme (http or https)
  • fix(api): include docker_compose_domains in domain conflict check via Application::ownedByCurrentTeamAPI
  • fix(api): is_static and connect_to_docker_network fields where not updating on some endpoints
  • fix(api): if domains field is empty clear the fqdn column which allows to remove all URLs from the domains field
  • fix(api): check for domain conflicts within the current request
  • fix(api): deprecate application create compose endpoint as it is an unstable duplicate of the services endpoint
  • fix(api): one click service name and description cannot be set during creation
  • fix(api): create service endpoint validation and docs
    • if service type and docker_compose_raw is filled show an error
    • if service type is not valid show an error with all valid service types
    • remove enum from service type docs as it always gets outdated
  • fix(api): encoding checks for compose files, nginx configurations, dockerfiles, database configs and labels
    • switch from ASCII to UTF-8 to allow special characters, emojis and more
  • fix(api): remove environments from projects API endpoint docs
  • fix(api): docs for bulk env update response
  • fix: APP_NAME env in development
    • using a different APP_NAME for development might seem like a good idea but it is annoying and causes issues when debugging, especially with Redis as it is used as the key prefix
  • fix(preview): docker compose preview URLs
  • fix: 404 on /settings for root user on cloud instance
  • fix(ui): empty network destinations when cloning a resource
  • fix(ui): instance public ips ui validation
  • fix(ui): images inside coolify changelog
  • fix(ui): domain input whitespace trimming in instance settings
  • fix(ui): change password visibility eye icon based on state
  • fix(ui): hide Already registered? button from the /register page when there are 0 users as clicking on it would just redirect you back to /register
  • fix(ui): improve volume mount warning for compose applications
  • fix(service): remove start command from unleash template
  • fix(service): add instagram envs to postiz template
  • fix(service): budibase worker envs
  • fix(service): correct POSTGRES_HOST in freshrss
  • fix(service): use fqdn for server host in sequin template
  • fix(service): wireguard easy host to use fqdn
  • fix(service): signoz metrics env
  • chore(deps): update composer and node dependencies
  • chore(docker): add healthchecks to dev services
  • chore(service): update weblate service
  • chore(service): update rybbit service
  • chore(service): improve mosquitto template
  • refactor(service): remove unused envs from hoppscotch
  • refactor(api): remove old stale domains update code from services endpoints
  • refactor(api): update application create endpoints docs to specify that Dockerfile and Docker Image deployment type are without git
  • refactor(api): application urls (domains) validation
    • rename fqdn to urls as that is what it actually is
    • improve URL validation to allow urls without a TLD
    • improve error messages to make it clear that URLs are needed
    • improve code by combining some actions
  • docs(api): improve domains API docs
  • docs(api): make docker_compose_raw description more clear

Security Fixes

  • fix(env): only cat .env file in development to not expose all ENVs in deployment logs
  • fix(env): only show final nixpacks plan variables section in development to not expose all ENVs in deployment logs

New Services

  • added seaweedfs template
  • added uptime kuma v2 with mariadb and mysql
  • added autobase template
  • added sftpgo template
  • added esphome template
  • added linkding and linkding plus template
  • added open archiver template
  • added cloudreve template
  • added booklore template
  • added sessy template
  • added chibisafe template
  • added mage-ai template
  • added TrailBase template
  • added calibre web automated with downloader template
  • added silverbullet template
  • added nocobase template
  • added hatchet template
  • added redmine template
  • added glpi template

Issues

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.460...v4.0.0-beta.461

v4.0.0-beta.460

What's Changed

Fixes

  • Fix back navigation in global search resource selection (#7798, fixes #7739)
  • Fix restart count not resetting when manually stopping resources (#7784)
  • Fix Traefik proxy UI refresh timing issue after version update (#7783, fixes #7732)
  • Fix build pack UI reactivity when switching between build packs (#7780)
  • Fix upgrade modal loading indicators visibility in light mode (#7770)
  • Fix broken hyperlinks to Sentinel page on metrics pages (#7752)
  • Fix terminal sudo access for non-root users to access Docker socket
  • Fix Keydb and Redis configuration using base64 encoding instead of temp files
  • Fix 30-day metrics interval page freeze with data downsampling (#7787)

Improvements

  • Add SPA navigation helper for smoother page transitions
  • Refactor application general settings view for improved maintainability

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.459...v4.0.0-beta.460

v4.0.0-beta.459

What's Changed

Security & Fixes

  • Fixed security vulnerability in Supabase Studio (React2shell CVE-2025-55182) (#7711)
  • Fixed duplicate notifications when toggling Sentinel settings (#7749)
  • Fixed builder container cleanup causing redundant docker rm commands (#7698, fixes #7566)

New Services & Templates

  • Updated Superset template to v6.0.0 with PostgreSQL v18 (#7662)
  • Added persistent storage for Dolibarr documents and custom modules (#7684, fixes #5950)

Improvements

  • Added manual Stripe subscription sync command for cloud instance (#7706)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.458...v4.0.0-beta.459

v4.0.0-beta.457

What's Changed

Security & Fixes

  • Fix deployment logs flickering during polling updates (#7689)
  • Fix HTML entity encoding in deployment and runtime logs (#7689)
  • Remove redundant docker rm commands that caused error messages (#7688)

Improvements

  • Move Swarm and Sentinel to dedicated sidebar menu items for better navigation (#7687)
  • Add Hetzner server ID matching for server linking with private IPs (#7687)
  • Simplify cloud provider token button labels (#7686)
  • Shorten timestamp display in runtime logs for cleaner output (#7689)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.456...v4.0.0-beta.457

v4.0.0-beta.456

What's Changed

Security & Fixes

  • Updated Umami to v3.0.3 to patch Next.js CVE-2025-55183 & CVE-2025-55184 (#7671)
  • Automatic PII/secret sanitization in logs for GitHub, GitLab, AWS tokens and URL passwords (#7670)
  • Fix server resources tab 500 error with mixed model types (#7674, fixes #7666)
  • Fix preview deployment port and path preservation in URLs (#7677, fixes #2184)
  • Fix PostgreSQL version selection when using global search (#7664)
  • Fix database "restarting" status flickering with restart tracking (#7665)
  • Fix Outline template URL environment variable (#7650)

New Services & Templates

  • Added AppFlowy collaborative workspace template (#6492, fixes #4458)
  • Added Soju IRC bouncer with Gamja web client template (#7532)

Improvements

  • Improved logging view performance to prevent browser freezing (#7682)
  • Added copy logs button for deployment and runtime logs (#7676)
  • Added copy logs button with automatic secret sanitization (#7648)
  • Added toggleable SPA navigation with prefetching for faster page loads (#7661)
  • Updated ClickHouse to official image with migration support (#7392, fixes #7110)
  • Updated OpenPanel to v2 (#7653)
  • Updated Infisical to v0.154.6 (#7641)
  • Improved upgrade popup with progress simulation in dev mode (#7660)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.455...v4.0.0-beta.456

v4.0.0-beta.455

What's Changed

Security & Fixes

  • Update Umami to v3.0.2 to address CVE-2025-66478 security vulnerability (#7459)
  • Fix S3 credential whitespace causing backup failures (#7638, fixes #7469, #7594)
  • Fix double deployments when multiple GitHub Apps access the same repository (#7604, fixes #2315)
  • Fix 419 "Page Expired" login errors by changing default session driver (#7652)
  • Fix migration failures blocking upgrades with idempotency guards (#7637, fixes #7606, #7625)
  • Fix Docker container race condition during upgrades (#7603)
  • Fix OAuth users being incorrectly prompted for password confirmation (#7608, fixes #4457)
  • Fix read-only volume detection for Docker Compose long-form syntax (#7588)
  • Fix CSRF login issues for Paperless service (#7450)
  • Fix Postiz service failing due to outdated Node.js version (#7595)
  • Fix test emails failing when sent to non-team email addresses (#7600)
  • Fix execution time tooltip showing incorrect maximum value (#7593)

New Services & Templates

  • Added Terraria game server template (#7323)
  • Added Penpot with S3 storage template (#7407)
  • Added Beszel Agent standalone template for multi-server monitoring (#7412)
  • Updated Beszel to v0.16.1 (#7409)
  • Updated Penpot to use Valkey instead of deprecated Redis (#7415)
  • Updated Pterodactyl + Wings template to expose SFTP port (#7315)
  • Redis Insight now connects to predefined networks by default (#7416)
  • Added STORE_MODEL_IN_DB variable to LiteLLM template (#7440)

Improvements

  • Real-time upgrade progress tracking with step-by-step visibility (#7609)
  • Improved breadcrumb navigation with quick-switch dropdowns (#6360, fixes #4117)
  • Link manually-added servers to Hetzner Cloud for power controls (#7592)
  • Prioritize main/master branches in branch selection dropdown (#7520)
  • Escape key now exits fullscreen logs view (#7632)
  • Text selection no longer clears when deployment logs refresh (#7636)
  • Optimized server status updates for better performance (#7639)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.454...v4.0.0-beta.455

v4.0.0-beta.454

What's Changed

Security & Fixes

  • Fix concurrent builds being ignored and add deployment queue limit protection (#7488, fixes #6708)
  • Fix deployments incorrectly marked as failed after healthy container rolling update (#7583)
  • Fix Docker container race condition during upgrades (#7565, fixes #7481)
  • Fix deployment logs stopping unexpectedly mid-deployment (#7579)
  • Fix deployment logs overlap with deployments indicator (#7580)
  • Fix empty logs display and fullscreen coverage in logs viewer (#7564)
  • Fix restart counter persistence and race condition (#7582)
  • Prevent Coolify infrastructure images from being pruned during cleanup (#7586)
  • Fix API response to return fqdn instead of non-existent domains attribute (#7546)
  • Fix user token session not being set correctly for team
  • Add proxy config filename validation to prevent path traversal (#7544)

Improvements

  • Add Hetzner server provisioning API endpoints (#7562)
  • Add autogenerate_domain API parameter for applications (#7515)
  • Add Retry-After header to 429 rate limit responses
  • Always show "Allow Public PR Deployments" option for better discoverability (#7587)
  • Improve OpenAPI spec and add rate limit handling for Hetzner
  • Remove dead server filtering code from scheduler for better performance (#7585)
  • Remove duplicate getArchDockerInstallCommand() method (#7581)

Developer Experience

  • Add deterministic UUIDs to development seeders for easier API testing (#7584)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.453...v4.0.0-beta.454

v4.0.0-beta.453

What's Changed

Security & Fixes

  • Terminal stays connected when browser tab loses focus (#7538)
  • Preview deployments now properly cleaned up on GitLab, Bitbucket, and Gitea (#7537, fixes #2610)
  • Fixed SSH conflicts during concurrent scheduled tasks (#7503, fixes #6736)
  • Fixed Nixpacks failing with null environment variables (#7493, fixes #6830)
  • Deployment status now shows "In Progress" immediately when queued (#7487, fixes #6708)
  • Fixed cleanup errors incorrectly marking successful deployments as failed (#7460, fixes #7439)
  • Fixed service status stuck at "Starting" after stop (#7479)
  • Fixed backup timeout not being applied during remote execution (#7476)
  • Fixed Traefik warning not clearing after proxy restart (#7466)
  • Fixed container "Restarting" status not displaying correctly (#7463)
  • Fixed degraded sub-resource and mixed status states (#7461)
  • Fixed Traefik email notifications with clickable server links (#7452)
  • Fixed PostgREST showing in wrong category and empty Domains section (#7442)
  • Fixed base directory path validation issues (#7437)
  • Fixed port validation blocking advanced checkbox saves (#7435)
  • Fixed Docker build args not working with service names (#7433)
  • Fixed preview URL port template variable (#7527)
  • Fixed logs not loading for single container services (#7509)
  • Fixed Garage service TOML config and healthcheck (#7510)

New Services & Templates

  • Added Garage (S3-compatible distributed storage) (#7508)
  • Added RustFS (S3-compatible storage) (#7486)
  • Added Fizzy (feedback widget) (#7468)

Improvements

  • Added Arch Linux server support (#7531, #7408, fixes #4523)
  • Added Docker image retention for application rollback support (#7504)
  • Added colorized log levels with toggle (#7502)
  • Added log search, download, and collapsible sections (#7484)
  • Added collapsible option to logs component (#7495)
  • Added runtime/buildtime properties to environment variables (#7470)
  • Proxy restart now runs as background job with real-time logs (#7475)
  • Dashboard performance improved with request-level caching (#7533)
  • Renamed "unsend" to "usesend" in email configuration (#7526, fixes #7189)
  • Renamed DOCKER_TOKEN/USERNAME to DOCKERHUB_TOKEN/USERNAME (#7432)
  • Improved Advanced Settings helper text clarity (#7453)
  • Improved PostgreSQL type docs link styling (#7494)
  • Improved Sentinel update check scheduling (#7491)
  • Decoupled storage check from Sentinel sync (#7454)

What's Changed (Github)

New Contributors

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.452...v4.0.0-beta.453

v4.0.0-beta.452

What's Changed

Security & Fixes

  • Fixed Traefik proxy startup issues with null versions and network filtering (#7400)
  • Fixed service name parsing issues when using hyphens (#7399)
  • Fixed version downgrade prevention with improved cache validation (#7396)
  • Fixed webhook notification settings migration conflict (#7393)
  • Fixed Docker database start commands compatibility across versions (#7390, #6807)
  • Fixed duplicate environment variables in buildtime.env and Nixpacks plan overrides (#7373)
  • Fixed incorrect Caddy proxy config file path display (#6722)
  • Fixed Livewire snapshot error during database restore (#7385, fixes #7335)
  • Fixed Beszel realtime monitoring feature (#7366)
  • Fixed Appwrite too many redirects error (#7364)

Improvements

  • Improved manual update process with better user feedback (#7398)
  • Improved new resource page UI layout and styling (#7291)
  • Added color-coded log highlighting based on log level (#7288)
  • Added Postgresus to predefined Docker networks by default (#7367)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.451...v4.0.0-beta.452

v4.0.0-beta.451

What's Changed

Security & Fixes

  • Enhanced security by validating and escaping database names, file paths, and proxy configuration filenames to prevent command injection (#7375)
  • Fixed Docker command failures on non-root servers and proxy network race conditions (#7368, fixes #7362)
  • Fixed path duplication in SERVICE_FQDN and SERVICE_URL when updating service FQDN (#7370, fixes #7363)
  • Fixed configuration change detection for build settings to properly show restart notification (#7371)

Improvements

  • Enhanced environment variable handling with better password field support and shared variable management
  • Improved build time variable checkbox behavior based on environment type
  • Reduced excessive logging in cleanup commands for cleaner output (#7356)
  • Improved version release automation workflow with GitHub sync functionality
  • Better error handling and output capturing during Git operations

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.450...v4.0.0-beta.451

v4.0.0-beta.450

What's Changed

Security & Fixes

  • Fixed database restore modal not closing properly after backup operations (#7345, fixes #7335)
  • Fixed installation failures caused by CDN redirect handling in curl commands (#7349, fixes #7348)
  • Fixed proxy startup failures due to bash syntax errors in control structures (#7353, fixes #7346)

Improvements

  • Added Docker build cache preservation toggles to optimize build performance (#7352, fixes #7040)
    • New option to skip automatic Dockerfile ARG injection
    • New option to exclude SOURCE_COMMIT from build context
    • Applies to both Dockerfile and Docker Compose buildpacks

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.449...v4.0.0-beta.450

v4.0.0-beta.449

What's Changed

Fixes

  • Preserve Docker build cache by excluding dynamic variables (#7339, fixes #7040)
  • Show shared env scopes dropdown even when no variables exist (#7342)
  • Add authorization checks for environment and project views

New Features

  • Developer view for shared environment variables (#7091)
  • Custom docker entrypoint support (#7097)

Improvements

  • Improved variable scope handling in docker entrypoint parsing (#7341)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.448...v4.0.0-beta.449

v4.0.0-beta.447

What's Changed

New Features

  • Restore database backups directly from S3 storage (#7085)
  • Environment variable autocomplete with {{ scope.variable }} syntax (#7282)

Fixes

  • Correct webhook notification settings migration and model schema (#7333)

What's Changed (Github)

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.446...v4.0.0-beta.447