❌

Normale weergave

Ontvangen β€” 21 April 2026 ⏭ Servers

Minecraft 26.2-snapshot-4 (snapshot) Released

βœ‡Minecraft
21 April 2026 om 14:05
26.2 Snapshot 4 (known as 26.2-snapshot-4 in the launcher) is the fourth snapshot for Java Edition 26.2, released on April 21, 2026, which adds two new languages, makes technical changes, and fixes some bugs and issues. Full changelog: https://minecraft.wiki/Java_Edition_26.2-snapshot-4
  •  
  • ↗️

v4.0.0-beta.474

βœ‡Coolify
Door: andrasbacsai
21 April 2026 om 12:31

What's Changed

Security & Fixes

  • Prevent data loss when persistent containers (databases, apps, services) are accidentally pruned during service deletion (#9654, fixes #9582)
  • Fix S3 storage backup endpoints returning 500 in API context (#9655, fixes #9581)
  • Encrypt manual webhook secrets and strengthen HMAC signature verification (#9652)
  • Fix Rocky Linux installer to use correct RHEL Docker repository (#9541, fixes #8730)
  • Harden authentication: upgrade email verification hash and fix invitation link login (#9672)
  • Validate and rate-limit feedback endpoint (#9653)
  • Tighten volume name and path validation with shell argument escaping (#9666)
  • Validate backup upload file type and size limits (#9667)
  • Tighten S3 endpoint URL validation (#9668)
  • Harden dev helper version validation and build argument escaping (#9670)
  • Strengthen team scoping across resource creation flows (#9651)
  • Fix SSH repository URLs with custom ports being mangled (#9425)
  • Fix healthcheck path validation rejecting commas and semicolons (#9223)
  • Fix database credential validation and shell escaping across Postgres, MySQL, MariaDB (#9674, #9676, #9681, #9682)
  • Improve shell command tokenization for install, build, and start commands (#9684)
  • Return stable generic error messages for API 5xx responses (#9669)

Improvements

  • Add optional expiration for API tokens with advance notification warning before expiry (#9677)
  • Add DELETE API endpoint to remove preview deployments by pull request ID (#9614)
  • Mark Docker Swarm support as deprecated ahead of v5 removal (#9621)
  • Categorize application advanced settings into logical sections (#9234)
  • Improve service settings layout with dedicated advanced page and clearer headings (#9027)
  • Display memory limit fields in a single row (#9232)
  • Add info callout to clone resource section listing excluded items (#9233)
  • Add architecture warning for service templates with platform limitations (#8390)
  • Improve domain port+path format documentation in the UI (#8331)

What's Changed (Github)

  • fix(installer): use RHEL Docker repo for Rocky Linux by @andrasbacsai in #9541
  • fix(dev): add Docker volume path mapping to testing-host for database deployments by @cyface in #9534
  • feat(ui): categorize application advanced settings into logical sections by @ShadowArcanist in #9234
  • feat(ui): add info callout to clone resource section about excluded items by @ShadowArcanist in #9233
  • feat(ui): display memory limit fields in single row by @ShadowArcanist in #9232
  • fix(healthcheck): user input is rejected if path contains comma and semicolon by @ShadowArcanist in #9223
  • feat(ui): improve service settings UX, headings, and helper text for clarity by @ShadowArcanist in #9027
  • feat(services): add architecture warning by @Cinzya in #8390
  • Added extra documentation on format for port+path for domains by @JamesPeters98 in #8331
  • fix(git): preserve ssh scheme URLs with custom ports by @Iisyourdad in #9425
  • refactor: tighten team scoping on resource creation and admin nav by @andrasbacsai in #9651
  • build(deps-dev): bump follow-redirects from 1.15.11 to 1.16.0 by @dependabot[bot] in #9580
  • refactor(webhook): encrypt manual webhook secrets and tighten HMAC verification by @andrasbacsai in #9652
  • feat(api): add DELETE endpoint for preview deployments by PR id by @andrasbacsai in #9614
  • refactor(api): validate and throttle feedback endpoint by @andrasbacsai in #9653
  • fix(server): exclude persistent resources from container prune by @andrasbacsai in #9654
  • fix(api): use explicit team ID for S3 storage lookup in backup endpoints by @andrasbacsai in #9655
  • refactor(volumes): validate input and escape shell args by @andrasbacsai in #9666
  • refactor(backup): validate database backup upload file type and size by @andrasbacsai in #9667
  • refactor(storage): tighten S3 endpoint URL validation by @andrasbacsai in #9668
  • refactor(settings): harden dev_helper_version validation and escape build args by @andrasbacsai in #9670
  • refactor(api): return stable generic error messages for 5xx responses by @andrasbacsai in #9669
  • [v5.x] chore: mark v4 docker swarm support as deprecated by @peaklabs-dev in #9621
  • refactor: harden auth, CLI input, and scheduled-log viewer by @andrasbacsai in #9672
  • fix(database): mount guard, healthcheck CMD exec-form, port input layout by @andrasbacsai in #9674
  • fix(database): credential format validation with dirty-value escape hatch by @andrasbacsai in #9676
  • feat(security): add expiration support for API tokens by @andrasbacsai in #9677
  • fix(database): tighten Postgres init script filename handling by @andrasbacsai in #9681
  • refactor(database): align Postgres SSL chown escaping with MySQL by @andrasbacsai in #9682
  • refactor(validation): tokenize shell-safe command pattern by @andrasbacsai in #9684
  • v4.0.0-beta.474 by @andrasbacsai in #9542

New Contributors

Full Changelog: v4.0.0-beta.473...v4.0.0-beta.474

  •  
  • ↗️
❌