Skip to content

dokploy

v0.29.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 23d Deployment Automation
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

backend backup databases deployment devops docker
+8 more
frontend mariadb mongodb mysql nextjs postgresql self-hosted vps

ReleasePort's take

Moderate signal
editorial:auto 13d

Patch Dokploy to version 0.29.3 and run the supplied script; replace the hard‑coded BETTER_AUTH_SECRET with Docker secret support.

Why it matters: Dokploy versions prior to 0.29.3 contain a security vulnerability that must be patched immediately, and using Docker secrets eliminates exposure of the static authentication secret.

Summary

AI summary

Security vulnerability patched and Docker secret replaces hard-coded BETTER_AUTH_SECRET.

Changes in this release

Security Medium

Return 401 when webhook signature header is missing.

Return 401 when webhook signature header is missing.

Source: llm_adapter@2026-05-21

Confidence: high
Security Medium

Patch security vulnerability in Dokploy; upgrade to 0.29.3 and run provided script.

Patch security vulnerability in Dokploy; upgrade to 0.29.3 and run provided script.

Source: llm_adapter@2026-05-21

Confidence: low
Security Medium

Replace hardcoded BETTER_AUTH_SECRET with Docker secret support.

Replace hardcoded BETTER_AUTH_SECRET with Docker secret support.

Source: llm_adapter@2026-05-21

Confidence: low
Feature Medium

Support isolated = false opt-out in template.toml.

Support isolated = false opt-out in template.toml.

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Add optional description field to schedules.

Add optional description field to schedules.

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Add copy button to AI log analysis result.

Add copy button to AI log analysis result.

Source: llm_adapter@2026-05-21

Confidence: low
Performance Medium

Reduce healthcheck frequency to lower memory pressure.

Reduce healthcheck frequency to lower memory pressure.

Source: llm_adapter@2026-05-21

Confidence: high
Performance Medium

Replace traefik.me with sslip.io for auto-generated domains.

Replace traefik.me with sslip.io for auto-generated domains.

Source: llm_adapter@2026-05-21

Confidence: high
Performance Medium

Improve UI responsiveness for mobile, tab, and desktop screens.

Improve UI responsiveness for mobile, tab, and desktop screens.

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Enforce 255-character max length on forgot password email field.

Enforce 255-character max length on forgot password email field.

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Use temporary redirects for auth checks in getServerSideProps.

Use temporary redirects for auth checks in getServerSideProps.

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Remove leftover debug console.log statements.

Remove leftover debug console.log statements.

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Align card footers to bottom on project and service cards.

Align card footers to bottom on project and service cards.

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Close mobile sidebar on navigation.

Close mobile sidebar on navigation.

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

Add fetch timeout and handle network errors gracefully in templates.

Add fetch timeout and handle network errors gracefully in templates.

Source: llm_adapter@2026-05-21

Confidence: low
Full changelog

Security

A security vulnerability was identified in Dokploy. To patch your self-hosted instance, before you run this command please upgrade your instance to 0.29.3 and then run the following command:

curl -sSL https://dokploy.com/security/0.29.3.sh | bash

What's Changed

  • fix: enforce 255-char max length on forgot password email field by @Siumauricio in https://github.com/Dokploy/dokploy/pull/4323
  • fix: reduce healthcheck frequency to lower memory pressure by @Siumauricio in https://github.com/Dokploy/dokploy/pull/4325
  • fix(webhook): return 401 when signature header is missing by @mixelburg in https://github.com/Dokploy/dokploy/pull/4278
  • fix: use temporary redirects for auth checks in getServerSideProps by @Siumauricio in https://github.com/Dokploy/dokploy/pull/4335
  • fix(templates): add fetch timeout and handle network errors gracefully by @Siumauricio in https://github.com/Dokploy/dokploy/pull/4336
  • fix(sidebar): close mobile sidebar on navigation by @Siumauricio in https://github.com/Dokploy/dokploy/pull/4341
  • fix: align card footers to bottom on project and service cards by @amit-y11 in https://github.com/Dokploy/dokploy/pull/4345
  • feat: add copy button to AI log analysis result by @berkay-digital in https://github.com/Dokploy/dokploy/pull/4294
  • fix: remove leftover debug console.log statements by @BradPerbs in https://github.com/Dokploy/dokploy/pull/4338
  • fix: UI Responsiveness for both mobile, Tab and desktop Screens by @nhridoy in https://github.com/Dokploy/dokploy/pull/4358
  • fix: replace traefik.me with sslip.io for auto-generated domains by @Siumauricio in https://github.com/Dokploy/dokploy/pull/4368
  • feat(templates): support isolated = false opt-out in template.toml by @Siumauricio in https://github.com/Dokploy/dokploy/pull/4370
  • feat(schedules): add optional description field by @Siumauricio in https://github.com/Dokploy/dokploy/pull/4371
  • fix(security): replace hardcoded BETTER_AUTH_SECRET with Docker secret support by @Siumauricio in https://github.com/Dokploy/dokploy/pull/4374

New Contributors

  • @amit-y11 made their first contribution in https://github.com/Dokploy/dokploy/pull/4345
  • @berkay-digital made their first contribution in https://github.com/Dokploy/dokploy/pull/4294
  • @BradPerbs made their first contribution in https://github.com/Dokploy/dokploy/pull/4338
  • @nhridoy made their first contribution in https://github.com/Dokploy/dokploy/pull/4358

Full Changelog: https://github.com/Dokploy/dokploy/compare/v0.29.2...v0.29.3

Breaking Changes

  • Replace hardcoded BETTER_AUTH_SECRET with Docker secret support

Security Fixes

  • CVE not specified — security vulnerability patched in Dokploy v0.29.3, requires upgrade and script execution
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track dokploy

Get notified when new releases ship.

Sign up free

About dokploy

Open Source Alternative to Vercel, Netlify and Heroku.

All releases →

Related context

Beta — feedback welcome: [email protected]