Release history
runtipi releases
Runtipi is a homeserver for everyone! One command setup, one click installs for your favorites self-hosted apps.
All releases
10 shown
v4.9.3
New feature
⚠ Upgrade required
- For upgrades from version 3.x or lower, follow the migration guide: https://runtipi.io/docs/reference/breaking-updates#update-from-3xx-to-400
- Use `./runtipi-cli update v4.9.3` to perform the update
Notable features
- Trusted IP/CIDR configuration for forwarded headers enables Cloudflare tunnel and similar setups
Full changelog
Release notes
Improvements
- Add an option to add trusted IP/CIDRs for forwarded headers. This makes Cloudflare tunnels and other VPN setups possible when the link between the proxy and runtipi is not using the same protocol. Error:
Invalid request originSee docs
How to update
From the root folder of your runtipi install
./runtipi-cli update v4.9.3
If you are coming from version 3 or lower please follow the migration guide
v4.9.1
Breaking risk
Breaking changes
- Swagger API documentation no longer exposed in production
Notable features
- Sensitive value redaction from application logs
- Marketplace app image API throttling fix
Full changelog
Release notes
Improvements
- Sensitive values are now automatically redacted from application logs
- Swagger API documentation is no longer exposed in production environments, reducing unnecessary production surface area.
- Set
maxResponseBodySizein traefik forward auth middleware
Bug fixes
- Marketplace app images no longer count against API throttling limits. This should prevent app store images from failing to load or returning rate-limit errors when browsing many apps.
How to update
From the root folder of your runtipi install
./runtipi-cli update v4.9.1
If you are coming from version 3 or lower please follow the migration guide
v4.9.0
Bug fix
Notable features
- Safe HTML rendering in markdown descriptions
- Custom cron implementation avoiding daylight saving time bugs
- Dedicated Traefik forward-auth cookie for session isolation
Full changelog
Release notes
Improvements
- Markdown descriptions now render safe embedded HTML while sanitizing unsafe content, improving app description rendering without allowing scripts or unsafe links.
- Replaced our cron library with a custom implementation to avoid an upstream bug making the server crash during daylight saving time changes
- Protected apps behind Traefik now use a dedicated forward-auth cookie instead of reusing the dashboard session cookie, improving session isolation.
Bug fixes
- Fixed a race condition during first admin/operator registration that could allow multiple operators to be created concurrently.
- Fixed an issue cause by an outdated RabbitMQ configuration.
How to update
From the root folder of your runtipi install
./runtipi-cli update v4.9.0
If you are coming from version 3 or lower please follow the migration guide
v4.8.2
Bug fix
Fixed custom app compose editing to preserve Docker root-level sections like volumes and networks, corrected breadcrumb routing, fixed yaml serialization for empty volumes.
v4.8.1
Security relevant
Breaking changes
- Certificate endpoint now requires authentication
Security fixes
- GHSA-v6gf-frxm-567w - Authentication hardening and certificate protection
v4.8.0
Security relevant
Breaking changes
- Password reset now CLI-only
Notable features
- Full app customization
v4.7.2
Security relevant
Security fixes
- GHSA-mwg8-x997-cqw6 - Unauthenticated path traversal and RCE
v4.7.1
Bug fix
Fixed regression preventing UDP ports from being correctly included in generated Docker Compose files during app configuration.
v4.7.0
Security relevant
Security fixes
- GHSA-vrgf-rcj5-6gv9 - Authenticated RCE via backup filename
Notable features
- docker-compose.yml support