Sign in Subscribe
Catalog Updates

Elestio Catalog Updates: 8 Notable Releases This Week (April 26 - May 3, 2026)

Michael Soto

4 min read
Share
Elestio Catalog Updates: 8 Notable Releases This Week (April 26 - May 3, 2026)

A busy week across the catalog. Forgejo shipped patches across three release lines, Portainer landed a major STS with GitOps for Helm, Ollama wired Claude Desktop into its launch flow, and Nextcloud previewed version 34 alongside two stable maintenance drops. Eight notable updates below, with a security note up top.

Security Alerts

Paperless-ngx 2.20.15 (April 27) addresses a security issue around mail account enumeration on auth endpoints, plus four bug fixes covering custom field operators and API note validation. Patch immediately if you self-host Paperless behind a public URL.

No new catalog-service CVEs were disclosed this week beyond the cPanel CVE-2026-41940 storyline (already covered in last Friday's Self-Hosted Weekly). The Jellyfin advisories from April 14 (CVE-2026-35031, CVE-2026-35034) still warrant patching to 10.11.7 or later if you missed them.

Databases

  • ClickHouse 25.10.7.6-stable and 25.12.11.4-stable (April 30) ship simultaneous patches across both supported branches. The 25.12 line is where the 26.3-track work continues, while 25.10 LTS users get the long-tail fixes.

AI / GPU

  • Ollama 0.22.0, 0.22.1, 0.23.0 (April 28 to May 3). Three releases in one week. The headline: 0.23.0 lands Claude Desktop integration. Launching ollama from the desktop app now wires up to both Claude Cowork and Claude Code. 0.22.x added NVIDIA Nemotron 3 Omni and Poolside's Laguna XS.2 coding model, plus performance work on Gemma 4's reasoning and tool-use paths. Server-driven model recommendations now update independently of the Ollama version, which is a small but useful decoupling.

Development

  • n8n 2.18.5 (April 28, latest stable) and 1.123.38 (April 29, LTS branch). The stable line gets automatic cleanup of AI-created workflows that didn't get saved, dynamic OpenAI model selection for image-editing nodes, and Connect-table rows that now jump to related executions on click. The LTS branch picked up --include and --exclude flags for import:credentials and a fix for code-node hangs during idle-timer overlaps.
  • Strapi 5.44.0 (April 29) ships a "Deploy to cloud" homepage widget, an AGENTS.md guide for AI coding agents, fixes for Firefox keyboard shortcuts and self-referential relations, and the 5.0.0-02-created-document-id migration is now idempotent. 18 contributors on this one.
  • Forgejo 15.0.1, 14.0.5, and 11.0.13 (April 29) all dropped on the same day. The v15.0 LTS launched April 16 with token scoping and a web-UI runner registration flow; this is its first patch. v14 stable and v11 LTS got maintenance drops with full test-suite passes across SQLite, MySQL, and PostgreSQL.

Hosting & Infrastructure

  • Portainer 2.41.0 STS (April 29) is the headline release of the week. Helm chart edge stacks now deploy from Helm or Git repos, Kubernetes Manifest GitOps stacks are editable post-deploy, and there's a new GitOps Workflows page with RBAC awareness across environments. Web-console terminals now handle TUI applications. Under the hood: Go bumped to 1.26.2 (which closes multiple crypto/x509 and crypto/tls CVEs) and the Docker binary is now v29.4.1.One breaking change: CSRF protection now requires full URLs, including the scheme, for trusted origins. Bare hostnames are rejected. A legacy-csrf feature flag is available in 2.41 only as a migration window, after which it goes away.

Applications

  • Nextcloud 33.0.3 (April 30) is the latest stable. 32.0.9 (April 30) ships maintenance for the older branch. 34.0.0 beta1 and beta2 (April 28 / 30) preview the next major. If you're running 33.x in production, 33.0.3 is the no-brainer upgrade. Beta watchers can start kicking the tires on 34.

What Stood Out This Week

Portainer 2.41.0 is the most significant release. GitOps for Helm stacks closes a real gap, and the manifest-editing UX change ("you can change a deployed manifest without re-creating the stack") is the kind of quality-of-life fix that saves a few minutes every day across a team. The CSRF breaking change matters: read it before you upgrade, especially if your Portainer instance is behind a reverse proxy that rewrites Host headers.

Ollama 0.23.0's Claude Desktop integration is the small detail that signals where local-first AI is going. Six months ago, "use Claude Code with a local model" required a stack of glue. Now it's a launch-flow flag. If you're running a homelab inference box, this is the week to update.

Forgejo's three-line patch day is procedural news that matters more than it sounds. Maintaining v15, v14, and v11 LTS in parallel on the same day is what enterprises look for before they migrate. Expect to see Forgejo show up in more "we left GitHub" stories over the next quarter.

n8n 2.18.5's automatic cleanup of unsaved AI-created workflows is small but surprisingly impactful. The previous flow let abandoned AI drafts pile up in the workspace, which made workflow lists noisy. This one fixes a real annoyance.

Deploy any of these on Elestio

All eight services above are available on the Elestio catalog with one-click deploys, automated backups, SSL, and update windows you control. Skip the upgrade-Friday math and let the platform handle the patch dance for you.

Thanks for reading ❤️

See you next Sunday 👋

Sign up for more like this.

Enter your email
Subscribe