Skip Docker healthcheck configuration when standalone database health checks are disabled, and document default health check settings in the database API schema.
Add configurable health check settings for standalone databases and apply them to generated Docker Compose services. Allow disabling health checks and cover the behavior with feature tests.
Preserve self-hosted server IPs during unreachable cleanup and force-disable them instead. Keep cloud cleanup behavior overwriting the IP, with test coverage for both paths.
Strip leading port segments from scp-style GitLab repository URLs so manual webhook matching compares the repository path consistently. Cover both ported and unported SSH URL forms.
Ensure restart actions flow through StartService so pull-latest restarts can
avoid stopping the service before image pulls. Also raise the changelog modal
above the desktop sidebar toggle.
Add a profile appearance section for theme, page width, and zoom preferences.
Move changelog access into the sidebar and bump the Coolify version to 4.1.2.
Escape generated restore file paths before composing docker and shell cleanup commands so paths with spaces or metacharacters cannot break command execution. Update import form security coverage to target ImportForm directly.
Treat unknown server status separately from false so the unreachable badge is not shown until a server is confirmed unreachable. Add feature coverage for the badge rendering.
Extract the database import form into its own component and add realtime
status refresh components for application server badges and service resource
cards.
Cache destination lookups and skip empty resource queries during push
server updates. Add database indexes and Postgres storage tuning for
hot-update tables, and make the realtime entrypoint forward process
failures and signals reliably.
Ignore health status changes in Sentinel push deduplication when the container lifecycle state is unchanged.
Scope stale resource checks to Sentinel servers whose heartbeat is stale, and avoid refreshing resource last_online_at on unchanged statuses.
Self-hosted installations can now opt SafeFetch into private-network access after SSRF hardening. The default remains unchanged: private IP destinations are blocked unless the instance owner explicitly enables private-network requests with SAFE_FETCH_ALLOW_PRIVATE_NETWORK=true
This is a breaking change if you use latest tag and have evolution-api or similar deployed on coolify alongside chatwoot.
Use the shared GitHub app scope when listing and loading private apps so system-wide apps owned by another team remain available. Update coverage for mounting and loading repositories through those apps.
Create the root team before production seeding depends on it, reuse the
existing root team when creating root users, and cover the production seeder
flow with a feature test.
Andras Bacsai