Release history

Wallos releases

Wallos: Open-source, self-hostable personal subscription tracker. Visualize your recurring expenses, manage your budget, and save money.

Back to tool Latest release

All releases

15 shown

No immediate action

v4.9.3 Maintenance 7d

Routine maintenance and dependency updates.

Open

No immediate action

v4.9.2 Maintenance 7d

Routine maintenance and dependency updates.

Open

Upgrade now

v4.9.1 Bug fix 7d

Auth

Subscription zero‑price fix

Open

No immediate action

v4.9.0 Bug fix 18d

NTFY notification fix

Open

v4.8.4 Bug fix 1mo

Minor fixes and improvements.

Full changelog

4.8.4 (2026-04-27)

Bug Fixes

improve date formatting with IntlDateFormatter fallback (b2c565f) (#1048) (8d43623)
missing year for subscription next payment display (ca5823d) (8d43623)

View release on GitHub

v4.8.3 Security relevant 1mo

Security fixes

Self-XSS vulnerability on private endpoints

Full changelog

4.8.3 (2026-04-26)

Bug Fixes

cases on private endpoints where self-xss was possible (#1045) (d4725f3)

View release on GitHub

v4.8.2 Bug fix 1mo

## 4.8.2 (2026-04-18) ### Bug Fixes * logo cut on registration page

Full changelog

4.8.2 (2026-04-18)

Bug Fixes

logo cut on registration page (#1040) (a95aaad)

View release on GitHub

v4.8.1 Security relevant 1mo

Security fixes

DNS rebinding vulnerability
CSRF validation bypass by admin user
SSRF vulnerability in subscription handling

Full changelog

4.8.1 (2026-04-18)

Bug Fixes

dns rebinding vulnerability (e79f28b)
only allow to use internal urls csrf validation bypass by admin user (e79f28b)
ssrf vultenaribility on add subscription (#1038) (e79f28b)

View release on GitHub

v4.8.0 New feature 2mo

Notable features

OpenAI compatible AI host
Scheduled AI recommendations
Dashboard update banner

View release on GitHub

v4.7.3 Bug fix 2mo

Fixed image search save functionality and PWA session expiration issues on Android.

View release on GitHub

v4.7.2 Security relevant 2mo

Security fixes

Password reset token expiration after 60 minutes
2FA bypass vulnerability (#1021)

View release on GitHub

v4.7.1 Bug fix 2mo

Fixed headers already sent error in languages.php.

View release on GitHub

v4.7.0 Security relevant 2mo

Security fixes

SSRF vulnerabilities on several endpoints
XSS on payment method rename
httponly login cookie

Notable features

Romanian translations
AI API key masking

View release on GitHub

v4.6.2 Security relevant 3mo

Security fixes

SSRF on test notifications endpoint
Unauthorized avatar deletion
XSS on password reset page

View release on GitHub

v4.6.1 Security relevant 3mo

Security fixes

Add subscription endpoint vulnerability (#991)

View release on GitHub