coolify releases

Finally releasing v4.0. It was a LONG overdue, because we are not beta for a long time. Thousands of companies and people are using Coolify in production for 1-2 years.

Ofc, this does not mean it has no bugs, it has a lot but we fix them everyday.

Also v5 is coming together as well. The biggest feature would be full scalability in the core, so you will have like a cloud infrastructure, but with out own servers.

Doing v5 does not mean we won't do v4. We just want to push what is capable with servers and automations.

Thank you everyone who help us, me to reach this point 💜

Make cool stuffs! 🫰

So the release notes:

What's Changed

Security & Fixes

• Fixed Rallly service environment variable defaults (#9041, fixes #9615)
• Fixed Logto upgrade failure caused by missing database migration step (#9376)
• Fixed Jitsi Meet not working — rebuilt template with stable image and proper UDP/secrets (#9594, fixes #4813)
• Fixed Twenty deployment failure from unhealthy worker dependency (#9603, fixes #9574)
• Fixed mobile info popup not opening on tap and bubbling clicks to parent (#9809, closes #4834)
• Fixed SPA navigation race conditions causing stale state, broken buttons, and unsaved changes (#9742, closes #9732)

New Services & Templates

• Added Cap captcha service template (#9729)
• Re-enabled Plane service with updated docker-compose (#9641, fixes #8338)
• Updated Beszel and Beszel Agent to 0.18.7 (#9775)
• Disabled Cal.com template — project went closed source (#9776)

Improvements

• Added healthcheck to Langfuse worker (#9772)

What's Changed (Github)

• fix(navigation): replace wire:navigate.hover with wire:navigate by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9742
• fix(helper): stop info icon click from propagating to parent on mobile by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9809
• feat(service): disable calcom by @ShadowArcanist in https://github.com/coollabsio/coolify/pull/9776
• chore(service): update beszel to 0.18.7 by @ShadowArcanist in https://github.com/coollabsio/coolify/pull/9775
• feat(service): add healthcheck to langfuse-worker by @GauthierPLM in https://github.com/coollabsio/coolify/pull/9772
• feat(services): add Cap to templates by @tiagozip in https://github.com/coollabsio/coolify/pull/9729
• feat(service): enable plane by @DarkMaper in https://github.com/coollabsio/coolify/pull/9641
• fix(service): twenty fails to deploy due to dependency unhealthy by @ShadowArcanist in https://github.com/coollabsio/coolify/pull/9603
• fix(service): Jitsi Meet doesn't work by @miqonee in https://github.com/coollabsio/coolify/pull/9594
• fix(service): add missing database alteration step for Logto latest image by @FabioHAraujo in https://github.com/coollabsio/coolify/pull/9376
• fix(service): rally invalid next public url by @zupolgec in https://github.com/coollabsio/coolify/pull/9041
• v4.0.0 by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9818

New Contributors

• @tiagozip made their first contribution in https://github.com/coollabsio/coolify/pull/9729
• @DarkMaper made their first contribution in https://github.com/coollabsio/coolify/pull/9641
• @miqonee made their first contribution in https://github.com/coollabsio/coolify/pull/9594
• @zupolgec made their first contribution in https://github.com/coollabsio/coolify/pull/9041

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.474...v4.0.0

What's Changed

Security & Fixes

• Prevent data loss when persistent containers (databases, apps, services) are accidentally pruned during service deletion (#9654, fixes #9582)
• Fix S3 storage backup endpoints returning 500 in API context (#9655, fixes #9581)
• Encrypt manual webhook secrets and strengthen HMAC signature verification (#9652)
• Fix Rocky Linux installer to use correct RHEL Docker repository (#9541, fixes #8730)
• Harden authentication: upgrade email verification hash and fix invitation link login (#9672)
• Validate and rate-limit feedback endpoint (#9653)
• Tighten volume name and path validation with shell argument escaping (#9666)
• Validate backup upload file type and size limits (#9667)
• Tighten S3 endpoint URL validation (#9668)
• Harden dev helper version validation and build argument escaping (#9670)
• Strengthen team scoping across resource creation flows (#9651)
• Fix SSH repository URLs with custom ports being mangled (#9425)
• Fix healthcheck path validation rejecting commas and semicolons (#9223)
• Fix database credential validation and shell escaping across Postgres, MySQL, MariaDB (#9674, #9676, #9681, #9682)
• Improve shell command tokenization for install, build, and start commands (#9684)
• Return stable generic error messages for API 5xx responses (#9669)

Improvements

• Add optional expiration for API tokens with advance notification warning before expiry (#9677)
• Add DELETE API endpoint to remove preview deployments by pull request ID (#9614)
• Mark Docker Swarm support as deprecated ahead of v5 removal (#9621)
• Categorize application advanced settings into logical sections (#9234)
• Improve service settings layout with dedicated advanced page and clearer headings (#9027)
• Display memory limit fields in a single row (#9232)
• Add info callout to clone resource section listing excluded items (#9233)
• Add architecture warning for service templates with platform limitations (#8390)
• Improve domain port+path format documentation in the UI (#8331)

What's Changed (Github)

• fix(installer): use RHEL Docker repo for Rocky Linux by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9541
• fix(dev): add Docker volume path mapping to testing-host for database deployments by @cyface in https://github.com/coollabsio/coolify/pull/9534
• feat(ui): categorize application advanced settings into logical sections by @ShadowArcanist in https://github.com/coollabsio/coolify/pull/9234
• feat(ui): add info callout to clone resource section about excluded items by @ShadowArcanist in https://github.com/coollabsio/coolify/pull/9233
• feat(ui): display memory limit fields in single row by @ShadowArcanist in https://github.com/coollabsio/coolify/pull/9232
• fix(healthcheck): user input is rejected if path contains comma and semicolon by @ShadowArcanist in https://github.com/coollabsio/coolify/pull/9223
• feat(ui): improve service settings UX, headings, and helper text for clarity by @ShadowArcanist in https://github.com/coollabsio/coolify/pull/9027
• feat(services): add architecture warning by @Cinzya in https://github.com/coollabsio/coolify/pull/8390
• Added extra documentation on format for port+path for domains by @JamesPeters98 in https://github.com/coollabsio/coolify/pull/8331
• fix(git): preserve ssh scheme URLs with custom ports by @Iisyourdad in https://github.com/coollabsio/coolify/pull/9425
• refactor: tighten team scoping on resource creation and admin nav by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9651
• build(deps-dev): bump follow-redirects from 1.15.11 to 1.16.0 by @dependabot[bot] in https://github.com/coollabsio/coolify/pull/9580
• refactor(webhook): encrypt manual webhook secrets and tighten HMAC verification by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9652
• feat(api): add DELETE endpoint for preview deployments by PR id by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9614
• refactor(api): validate and throttle feedback endpoint by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9653
• fix(server): exclude persistent resources from container prune by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9654
• fix(api): use explicit team ID for S3 storage lookup in backup endpoints by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9655
• refactor(volumes): validate input and escape shell args by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9666
• refactor(backup): validate database backup upload file type and size by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9667
• refactor(storage): tighten S3 endpoint URL validation by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9668
• refactor(settings): harden dev_helper_version validation and escape build args by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9670
• refactor(api): return stable generic error messages for 5xx responses by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9669
• [v5.x] chore: mark v4 docker swarm support as deprecated by @peaklabs-dev in https://github.com/coollabsio/coolify/pull/9621
• refactor: harden auth, CLI input, and scheduled-log viewer by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9672
• fix(database): mount guard, healthcheck CMD exec-form, port input layout by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9674
• fix(database): credential format validation with dirty-value escape hatch by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9676
• feat(security): add expiration support for API tokens by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9677
• fix(database): tighten Postgres init script filename handling by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9681
• refactor(database): align Postgres SSL chown escaping with MySQL by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9682
• refactor(validation): tokenize shell-safe command pattern by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9684
• v4.0.0-beta.474 by @andrasbacsai in https://github.com/coollabsio/coolify/pull/9542

New Contributors

• @cyface made their first contribution in https://github.com/coollabsio/coolify/pull/9534
• @JamesPeters98 made their first contribution in https://github.com/coollabsio/coolify/pull/8331

Full Changelog: https://github.com/coollabsio/coolify/compare/v4.0.0-beta.473...v4.0.0-beta.474