add AI-Policy and Contributing and agents.md files to the repo

Signed-off-by: Simon L. <szaimen@e.mail.de>
fix(apache): send X-Forwarded-Prefix for EuroOffice SDK assets (#8290 )
2026-06-10 16:38:18 +00:00 · 2026-06-10 12:55:30 +02:00 · 2026-06-09 17:51:02 +02:00 · 2026-06-09 16:19:41 +02:00 · 2026-06-09 16:19:41 +02:00 · 2026-06-09 15:17:08 +02:00
92 changed files with 1130 additions and 391 deletions
@@ -31,12 +31,12 @@ updates:
    - "/Containers/collabora"
    - "/Containers/docker-socket-proxy"
    - "/Containers/domaincheck"
    - "/Containers/eurooffice"
    - "/Containers/fulltextsearch"
    - "/Containers/imaginary"
    - "/Containers/mastercontainer"
    - "/Containers/nextcloud"
    - "/Containers/notify-push"
    - "/Containers/onlyoffice"
    - "/Containers/postgresql"
    - "/Containers/redis"
    - "/Containers/talk"
@@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - name: Check spelling
        uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
        with:
@@ -10,7 +10,7 @@ jobs:
    name: update collabora
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
    - name: Run collabora-profile-update
      run: |
        rm -f php/cool-seccomp-profile.json
@@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - name: Validate structure
        run: |
          CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
@@ -10,7 +10,7 @@ jobs:
    name: Run dependency update script
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
    - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
      with:
        php-version: 8.5
@@ -25,7 +25,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - name: Install hadolint
        run: |
@@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - name: Turnstyle
        uses: softprops/turnstyle@e15e934b3f69ee283ba389ea05c8886baa656d93 # v2
@@ -10,7 +10,7 @@ jobs:
    name: update to latest imaginary commit on master branch
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
    - name: Run imaginary-update
      run: |
        # Imaginary
@@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - name: Validate Json
        run: |
          sudo apt-get update
@@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
        with:
          fetch-depth: 0
@@ -36,7 +36,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
        with:
          persist-credentials: false
@@ -24,7 +24,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.1
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.1
        with:
          persist-credentials: false
@@ -11,7 +11,7 @@ jobs:
    name: Run nextcloud-update script
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
    - name: Run nextcloud-update script
      run: |
        # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
@@ -16,7 +16,7 @@ jobs:
    name: PHP Deprecation Detector
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - name: Set up php
        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
        with:
@@ -28,13 +28,101 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version: 24.15.0
      - name: Install dependencies
        run: cd php/tests && npm ci
      - name: Install Playwright Browsers
        run: cd php/tests && npx playwright install --with-deps chromium
      - name: Set up php 8.5
        uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0
        with:
          extensions: apcu
          php-version: 8.5
          coverage: none
          ini-file: development
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Adjust some things and fix permissions
        run: |
          cd php
          rm -r ./data
          rm -r ./session
          composer install --no-dev
          composer clear-cache
          sudo chmod 777 -R ../
      - name: Start fresh development server
        run: |
          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
          docker pull ghcr.io/nextcloud-releases/all-in-one:develop
          docker run \
            -d \
            --init \
            --name nextcloud-aio-mastercontainer \
            --restart always \
            --publish 8080:8080 \
            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
            --volume ./php:/var/www/docker-aio/php \
            --volume ./Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile \
            --volume ./Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile \
            --volume ./Containers/mastercontainer/start.sh:/start.sh \
            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
            --env SKIP_DOMAIN_VALIDATION=true \
            --env APACHE_PORT=11000 \
            ghcr.io/nextcloud-releases/all-in-one:develop
          echo Waiting for 10 seconds for the development container to start ...
          sleep 10
      - name: Run Playwright tests for initial setup
-        run: ./php/tests/run.sh ./tests/initial-setup.spec.js
+        run: |
          cd php/tests
          export DEBUG=pw:api
          if ! npx playwright test tests/initial-setup.spec.js; then
            docker logs nextcloud-aio-mastercontainer
            docker logs nextcloud-aio-borgbackup
            exit 1
          fi
      - name: Start fresh development server
        run: |
          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
          docker run \
            -d \
            --init \
            --name nextcloud-aio-mastercontainer \
            --restart always \
            --publish 8080:8080 \
            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
            --volume ./php:/var/www/docker-aio/php \
            --volume ./Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile \
            --volume ./Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile \
            --volume ./Containers/mastercontainer/start.sh:/start.sh \
            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
            --env SKIP_DOMAIN_VALIDATION=false \
            --env APACHE_PORT=11000 \
            ghcr.io/nextcloud-releases/all-in-one:develop
          echo Waiting for 10 seconds for the development container to start ...
          sleep 10
      - name: Run Playwright tests for backup restore
-        run: ./php/tests/run.sh ./tests/restore-instance.spec.js
+        run: |
          cd php/tests 
          export DEBUG=pw:api
          if ! npx playwright test tests/restore-instance.spec.js; then
            docker logs nextcloud-aio-mastercontainer
            docker logs nextcloud-aio-borgbackup
            exit 1
          fi
      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        if: ${{ !cancelled() }}
@@ -13,17 +13,74 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version: 24.15.0
      - name: Install dependencies
        run: cd php/tests && npm ci
      - name: Install Playwright Browsers
        run: cd php/tests && npx playwright install --with-deps chromium
      - name: Start fresh development server
        run: |
          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
          docker pull ghcr.io/nextcloud-releases/all-in-one:develop
          docker run \
            -d \
            --init \
            --name nextcloud-aio-mastercontainer \
            --restart always \
            --publish 8080:8080 \
            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
            --env SKIP_DOMAIN_VALIDATION=true \
            --env APACHE_PORT=11000 \
            ghcr.io/nextcloud-releases/all-in-one:develop
          echo Waiting for 10 seconds for the development container to start ...
          sleep 10
      - name: Run Playwright tests for initial setup
-        env:
+        run: |
-          TEST_CODE_FROM_IMAGE: yes
+          cd php/tests
-        run: ./run.sh ./tests/initial-setup.spec.js
+          export DEBUG=pw:api
          if ! npx playwright test tests/initial-setup.spec.js; then
            docker logs nextcloud-aio-mastercontainer
            docker logs nextcloud-aio-borgbackup
            exit 1
          fi
      - name: Start fresh development server
        run: |
          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
          docker run \
            -d \
            --init \
            --name nextcloud-aio-mastercontainer \
            --restart always \
            --publish 8080:8080 \
            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
            --env SKIP_DOMAIN_VALIDATION=false \
            --env APACHE_PORT=11000 \
            ghcr.io/nextcloud-releases/all-in-one:develop
          echo Waiting for 10 seconds for the development container to start ...
          sleep 10
      - name: Run Playwright tests for backup restore
-        env:
+        run: |
-          TEST_CODE_FROM_IMAGE: yes
+          cd php/tests 
-        run: ./php/tests/run.sh ./tests/restore-instance.spec.js
+          export DEBUG=pw:api
          if ! npx playwright test tests/restore-instance.spec.js; then
            docker logs nextcloud-aio-mastercontainer
            docker logs nextcloud-aio-borgbackup
            exit 1
          fi
      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        if: ${{ !cancelled() }}
@@ -10,7 +10,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - name: Set up php
        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
@@ -32,7 +32,7 @@ jobs:
    name: static-psalm-analysis
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
        with:
          persist-credentials: false
@@ -15,7 +15,7 @@ jobs:
    name: Check Shell
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
    - name: Run Shellcheck
      uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
      with:
@@ -42,14 +42,14 @@ jobs:
          require: admin
      - name: Checkout workflow repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
        with:
          persist-credentials: false
          path: source
          repository: nextcloud/.github
      - name: Checkout app
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
        with:
          persist-credentials: false
          path: target
@@ -10,7 +10,7 @@ jobs:
    name: update talk
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
    - name: Run talk-container-update
      run: |
        # Recording
@@ -24,7 +24,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - name: Set up php ${{ matrix.php-versions }}
        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
@@ -8,4 +8,4 @@ jobs:
    name: update copyright
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
@@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - name: update helm chart
        run: |
          set -x
@@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
      - name: update yaml files
        run: |
          sudo bash manual-install/update-yaml.sh
@@ -10,7 +10,7 @@ jobs:
    name: update watchtower
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
    - name: Run watchtower-container-update
      run: |
        # Watchtower
@@ -0,0 +1,112 @@
 <!--
  - SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
  - SPDX-License-Identifier: AGPL-3.0-or-later
 -->
 # Agent Guidelines for Nextcloud All-in-one
 This file provides instructions for AI coding agents (Claude Code, GitHub Copilot, Cursor, Windsurf, and others) operating on this repository. Read it before generating any code, commits, or pull requests.
 ---
 ## Nextcloud Contribution Policy
 All contributions generated or assisted by this agent must fully comply with:
 - **[AI Contribution Policy](https://github.com/nextcloud/.github/blob/master/AI_POLICY.md)** - the primary reference for AI-specific rules, covering disclosure, author accountability, communication, security, licensing, code quality, and autonomous agent behavior.
 - **[Contribution Guidelines](https://github.com/nextcloud/.github/blob/master/CONTRIBUTING.md)** - covering testing requirements, the Developer Certificate of Origin (DCO), license headers, conventional commits, and translations. These apply in full to all contributions regardless of how they were produced.
 ### What this agent must always do
 - Add an `Assisted-by: AGENT_NAME:MODEL_VERSION` git trailer to every commit containing AI-assisted content.
 - Ensure every pull request includes a disclosure of AI tool use in the PR description.
 - Produce focused, scoped pull requests that address exactly one concern. Do not touch unrelated files or introduce incidental refactors.
 - Verify all dependencies against actual package registries before suggesting them. Do not use hallucinated or unverified package names.
 - Explicitly inform the contributor when any action they are about to take, or have taken, would violate the AI Contribution Policy or the Contribution Guidelines. Do not silently proceed. State which rule is at risk and what the contributor should do instead.
 - Warn the contributor if a pull request is growing too large. A PR approaching several thousand lines of changed code is a signal that it should be split into smaller, focused PRs. Suggest a logical split before the PR is opened, not after.
 - Recommend opening a ticket for discussion before starting implementation whenever a feature or change is sufficiently complex - for example when it touches multiple subsystems, requires architectural decisions, or the right approach is not yet clear. A ticket allows maintainers and the contributor to align on direction before code is written, avoiding wasted effort on a PR that may be rejected or require fundamental rework.
 ### What this agent must never do
 - Open issues, submit pull requests, post review comments, or send security reports autonomously. Every contribution must be reviewed and submitted by a human.
 - Add `Signed-off-by` tags to commits. Only the human contributor can certify the Developer Certificate of Origin.
 - Generate or submit security reports without independent human verification. Report verified vulnerabilities via [HackerOne](https://hackerone.com/nextcloud), not as GitHub issues.
 - Write PR descriptions, review comments, or issue reports on behalf of the contributor. These must be in the contributor's own words.
 - Submit code that has not been reviewed and cleaned up by the contributor. Dead code, redundant logic, excessive comments, and unrelated changes must be removed before submission.
 ---
 ## Repository-Specific Requirements
 ### Commit format
 Use [Conventional Commits](https://www.conventionalcommits.org) for all commit messages:
 ```
 <type>(<scope>): <short description>
 [optional body]
 Assisted-by: AGENT_NAME:MODEL_VERSION
 ```
 Common types: `feat`, `fix`, `refactor`, `test`, `docs`, `chore`, `perf`, `build`, `ci`.  
 The scope should match the affected component or app (e.g. `files_sharing`, `core`, `encryption`).
 Example:
 ```
 feat(files_sharing): allow sharing with contacts
 Assisted-by: ClaudeCode:claude-sonnet-4-6
 ```
 ### Tests
 - Every changed or added code segment must be covered by unit tests. Pull requests without tests for new or modified logic will not be accepted.
 - In areas where unit testing is currently difficult, refactoring to enable testability is encouraged alongside the bug fix.
 - New features must be manually tested on a live Nextcloud instance by the human contributor before submission. Providing test steps for an agent to execute is not a substitute.
 ### Developer Certificate of Origin (DCO)
 The project uses the DCO as an additional safeguard. Only the human contributor may add the `Signed-off-by` trailer - agents must not add it:
 ```
 Signed-off-by: Random J Developer <random@developer.example.org>
 ```
 Contributors can sign automatically with `git commit -s` after configuring `user.name` and `user.email`.
 ### License headers
 Every new file must include the correct SPDX license header. For AGPL-3.0-or-later (the default for this repository):
 ```php
 /**
 * SPDX-FileCopyrightText: <year> <name>
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
 ```
 See [HowToApplyALicense.md](https://github.com/nextcloud/server/blob/master/contribute/HowToApplyALicense.md) for details on per-language formats. AI-generated code must not include material from sources incompatible with AGPL-3.0-or-later.
 ### Security
 - Do not open GitHub issues for potential vulnerabilities. Report them via [HackerOne](https://hackerone.com/nextcloud) following the [security policy](https://nextcloud.com/security/).
 - AI-generated security reports must be independently verified by the human contributor before submission.
 - Manually verify all access control logic, authentication patterns, and dependency names - AI tools are known to hallucinate package names and reproduce vulnerable patterns.
 ### Scope of this repository
 This repository covers the Nextcloud all-in-one and all its included containers and features. Issues and changes for other components belong in their respective repositories under the [Nextcloud GitHub organization](https://github.com/nextcloud/).
 ---
 ## Further Reading
 - [Local CONTRIBUTING.md](CONTRIBUTING.md)
 - [Nextcloud Contribution Guidelines](https://github.com/nextcloud/all-in-one/blob/main/CONTRIBUTING.md)
 - [AI Contribution Policy](https://github.com/nextcloud/all-in-one/blob/main/AI_POLICY.md)
 - [Developer Certificate of Origin](https://github.com/nextcloud/server/blob/master/contribute/developer-certificate-of-origin)
 - [How to Apply a License](https://github.com/nextcloud/server/blob/master/contribute/HowToApplyALicense.md)
 - [Developer Manual](https://github.com/nextcloud/all-in-one/blob/main/develop.md)
 - [Security Vulnerability Reporting (HackerOne)](https://hackerone.com/nextcloud)
@@ -0,0 +1,91 @@
 <!--
  - SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
  - SPDX-License-Identifier: MIT
 -->
 # AI Contribution Policy
 This document provides guidance for AI tools and developers using AI assistance when contributing to Nextcloud. It applies to all repositories under the [Nextcloud GitHub organization](https://github.com/nextcloud/), including the server, clients, apps, and the community app ecosystem.
 This policy complements the existing [Contribution Guidelines](CONTRIBUTING.md). The requirements around testing, the Developer Certificate of Origin, license headers, and security reporting described there continue to apply in full - this document addresses how they extend to AI-assisted contributions.
 ---
 ## Requirements
 ### Disclosure
 Every pull request containing AI-assisted code, documentation, or tests must declare this in the PR description. PRs found to have undisclosed AI use might be closed.
 For full traceability at the commit level, each commit containing AI-assisted content must include an `Assisted-by:` git trailer:
 ```
 Assisted-by: AGENT_NAME:MODEL_VERSION
 ```
 The agent name and model version identify the AI tool. Basic development tools such as git, compilers, editors, and static analyzers are not listed - these are standard parts of any development workflow regardless of AI involvement.
 The PR description disclosure explains how AI was used; the commit trailer ensures that provenance is permanently recorded in version history and available to future contributors, auditors, and tooling.
 Examples:
 ```
 Assisted-by: Devstral:devstral-small-2507
 Assisted-by: ClaudeCode:claude-sonnet-4-6
 Assisted-by: Qwen:qwen3-coder-32b
 Assisted-by: Copilot:gpt-4o
 ```
 ### Author Accountability
 The contributor is the legal and moral author of every line they submit. If a reviewer asks "why does this work this way?" and the answer is "the AI wrote it," the PR will be closed. This applies to code, comments, documentation, and tests alike. You must be able to explain, defend, and modify any content you submit.
 ### Human-Written Communication
 Issues, PR descriptions, and review comments must be in the contributor's own words. Translation assistance and grammar/spelling help are acceptable exceptions and do not need to be disclosed - the intent of this rule is to ensure that the ideas, reasoning, and decisions in community communication come from the contributor.
 This requirement extends through the entire review process. Contributors must respond to reviewer questions and implement requested changes themselves. Passing maintainer feedback into an AI and posting whatever comes out is not an acceptable substitute for genuine engagement. If a contributor cannot explain or implement a requested change because they do not understand their own submission, the PR will be closed.
 ### Security and Dependency Scrutiny
 AI tools hallucinate package names, produce subtly broken access controls, and may reproduce vulnerable patterns from their training data. Contributors must manually verify all dependencies, access control logic, authentication patterns, and security implications in AI-generated code before submitting - the risk of undetected errors is higher than with hand-written code and warrants extra care.
 For general security requirements applicable to all contributions, see the [Contribution Guidelines](CONTRIBUTING.md). Security vulnerabilities must be reported via [HackerOne](https://hackerone.com/nextcloud) following Nextcloud's [security policy](https://nextcloud.com/security/), not via public issues. AI-generated security reports must be independently verified before submission; unverified reports might be closed without response.
 ### No Autonomous Agent Submissions
 AI agents must not open issues, submit pull requests, post review comments, or send security reports autonomously. Every contribution must be composed, reviewed, and submitted by a human. This includes agentic workflows where an AI browses the codebase, plans changes across multiple files, and generates commits - the human contributor remains responsible for reviewing all output before anything is submitted.
 AI agents must not add `Signed-off-by` tags: only humans can legally certify the [Developer Certificate of Origin](https://github.com/nextcloud/server/blob/master/contribute/developer-certificate-of-origin).
 ### Licensing and Copyright Compliance
 Contributors must ensure AI-generated code contains no material from sources incompatible with the license of the repository or app they are contributing to. Each Nextcloud repository and app carries its own license - contributors are responsible for knowing which applies. For guidance on license headers, see [HowToApplyALicense.md](https://github.com/nextcloud/server/blob/master/contribute/HowToApplyALicense.md).
 The applicable test has three parts: the AI tool's terms must permit open-source use of its output; no third-party copyrighted material may be reproduced; and any included material must use a compatible open-source license. If generated code appears identical or suspiciously similar to code from an incompatible source, it must be removed or replaced with an original implementation. Ignorance of AI-generated provenance is not a defense.
 ### Code Quality and Cleanup
 AI output must be cleaned before submission. Dead code, redundant logic, excessive comments, inconsistent style, unused variables, structural drift, and unrelated file changes must all be removed. Submitting large AI code blobs without meaningful oversight - sometimes called "vibe coding" or "prompt dumping" - is prohibited.
 Signs of a disallowed submission include: large unreviewed AI blobs; obvious mechanical mistakes a human would fix in minutes; code that has clearly never been executed; and pull requests that shift debugging and cleanup work onto maintainers rather than the contributor. As required by the [Contribution Guidelines](CONTRIBUTING.md), all changed and added code must be unit tested - AI-generated code is not exempt from this requirement.
 New features must be tested on a live Nextcloud instance by the contributor before submission. Providing test instructions for an AI agent to execute is not a substitute for human testing.
 ---
 ## Guidelines
 ### Focused and Scoped Pull Requests
 A pull request should address exactly one thing. AI-generated code frequently drifts in scope due to imprecise prompting, touching unrelated files or introducing incidental refactors. If a PR description does not match its diff, that is a signal the contributor did not review their own changes. Large changes must be broken into multiple focused commits or separate PRs.
 ### Maintainer Discretion
 Maintainers have unreviewable authority to close AI-assisted contributions for quality, complexity, scope, or community-fit reasons. A contribution that costs reviewers more time than it returns value to the project is extractive and will be closed, regardless of how many rounds of review it has already received. The golden rule applies: a contribution should be worth more to the project than the time it takes to review.
 ---
 ## Scope and Updates
 This policy applies to all contributions to repositories and apps under the Nextcloud GitHub organization, by all contributors. It will be reviewed and updated as AI tooling, open-source best practices, and applicable law evolve. Suggested changes are welcome via pull requests.
@@ -0,0 +1,76 @@
 <!--
 SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
 SPDX-License-Identifier: MIT
 -->
 ## Submitting issues
 If you have questions about how to install or use Nextcloud, please direct these to our [forum][forum].
 ### Guidelines
 * Please search the existing issues first, it's likely that your issue was already reported or even fixed.
  - Go to one of the repositories, click "issues" and type any word in the top search/command bar.
  - More info on [search syntax within github](https://help.github.com/articles/searching-issues)
 * __SECURITY__: Report any potential security bug to us via [our HackerOne page](https://hackerone.com/nextcloud) following our [security policy](https://nextcloud.com/security/) instead of filing an issue in our bug tracker.
 * The issues in other components should be reported in their respective repositories: You will find them in our [GitHub Organization](https://github.com/nextcloud/)
 * Report the issue using one of our templates, they include all the information we need to track down the issue.
 Help us to maximize the effort we can spend fixing issues and adding new features, by not reporting duplicate issues.
 [forum]: https://help.nextcloud.com/
 ## Contributing to Source Code
 Thanks for wanting to contribute source code to Nextcloud. That's great!
 Please read the [Developer Manuals][devmanual] to learn how to create your first application or how to test the Nextcloud code.
 ### AI-assisted contributions
 Nextcloud allows contributions made with the help of AI tools. You are the author of everything you submit - AI assistance does not change that responsibility.
 * **Disclosure:** Declare AI tool use in the PR description and add an `Assisted-by: AGENT_NAME:MODEL_VERSION` git trailer to each affected commit.
 * **Accountability:** You must be able to explain, defend, and modify every line you submit. If a reviewer asks why something works a certain way, "the AI wrote it" is not an answer.
 * **Communication:** PR descriptions, review comments, and issue reports must be written in your own words. This applies throughout the review process - passing reviewer feedback to an AI and posting whatever comes out is not acceptable.
 * **Quality:** AI output must be quality assured by the human, i.e. reviewed, cleaned up, and tested before submission. New features must be tested on a live instance by you, not by an agent. Code that has never been executed, or that shifts debugging work onto maintainers, will not be accepted.
 * **Licensing:** Ensure AI-generated code contains no material incompatible with the license of the repository you are contributing to.
 For the full policy including autonomous agent rules, security reports, and beginner issues, read the [AI Contribution Policy][aipolicy].
 ### Tests
 In order to constantly increase the quality of our software we can no longer accept pull request which submit un-tested code.
 It is a must have that changed and added code segments are unit tested.
 In some areas unit testing is hard (aka almost impossible) as of today - in these areas refactoring WHILE fixing a bug is encouraged to enable unit testing.
 ### Sign your work
 We use the Developer Certificate of Origin (DCO) as a additional safeguard
 for the Nextcloud project. This is a well established and widely used
 mechanism to assure contributors have confirmed their right to license
 their contribution under the project's license.
 Please read [contribute/developer-certificate-of-origin][dcofile].
 If you can certify it, then just add a line to every git commit message:
 ````
  Signed-off-by: Random J Developer <random@developer.example.org>
 ````
 Use your real name (sorry, no pseudonyms or anonymous contributions).
 If you set your `user.name` and `user.email` git configs, you can sign your
 commit automatically with `git commit -s`. You can also use git [aliases](https://git-scm.com/book/tr/v2/Git-Basics-Git-Aliases)
 like `git config --global alias.ci 'commit -s'`. Now you can commit with
 `git ci` and the commit will be signed.
 ### Apply a license
 In case you are not sure how to add or update the license header correctly please have a look at [contribute/HowToApplyALicense.md][applyalicense]
 [devmanual]: https://github.com/nextcloud/all-in-one/blob/main/develop.md
 [dcofile]: https://github.com/nextcloud/server/blob/master/contribute/developer-certificate-of-origin
 [applyalicense]: https://github.com/nextcloud/server/blob/master/contribute/HowToApplyALicense.md
 [aipolicy]: https://github.com/nextcloud/all-in-one/blob/main/AI_POLICY.md
@@ -47,7 +47,14 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req
        uri strip_prefix /onlyoffice
        reverse_proxy {$ONLYOFFICE_HOST}:80 {
            header_up X-Forwarded-Host {http.request.hostport}/onlyoffice
-            header_up X-Forwarded-Proto https
+        }
    }
    # EuroOffice
    route /eurooffice/* {
        uri strip_prefix /eurooffice
        reverse_proxy {$EUROOFFICE_HOST}:80 {
            header_up X-Forwarded-Prefix /eurooffice
        }
    }
@@ -1,8 +1,8 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.11.3-alpine AS caddy
+FROM caddy:2.11.4-alpine AS caddy
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.67-alpine3.23
+FROM httpd:2.4.68-alpine3.23
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.10.3.1
+FROM collabora/code:26.04.1.4.1
 USER root
 ARG DEBIAN_FRONTEND=noninteractive
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.3.10-alpine
+FROM haproxy:3.4.0-alpine
 # hadolint ignore=DL3002
 USER root
@@ -0,0 +1,17 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/euro-office/documentserver:v9.3.1-beta.1
 # USER root is probably used
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="EuroOffice for Nextcloud AIO" \
    org.opencontainers.image.description="EuroOffice Document Server for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.vendor="Nextcloud" \
    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
@@ -0,0 +1,7 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z 127.0.0.1 80 || exit 1
@@ -4,4 +4,4 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
-curl -fs -u "elastic:$FULLTEXTSEARCH_PASSWORD" "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1
+curl -fs -u "elastic:$ELASTIC_PASSWORD" "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.26.3-alpine3.23 AS go
+FROM golang:1.26.4-alpine3.23 AS go
 ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
@@ -1,17 +1,17 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.5.2-cli AS docker
+FROM docker:29.5.3-cli AS docker
 ARG CADDY_REMOTE_HOST_HASH=e80a9931765a8dbcbb47db415863387f0df0e1b3
 # Caddy is a requirement
-FROM caddy:2.11.3-builder-alpine AS caddy
+FROM caddy:2.11.4-builder-alpine AS caddy
 RUN set -ex; \
    xcaddy build --with github.com/muety/caddy-remote-host@"$CADDY_REMOTE_HOST_HASH"; \
    /usr/bin/caddy list-modules
 # From https://github.com/docker-library/php/blob/master/8.5/alpine3.23/fpm/Dockerfile
-FROM php:8.5.6-fpm-alpine3.23
+FROM php:8.5.7-fpm-alpine3.23
 EXPOSE 80
 EXPOSE 8080
@@ -2,4 +2,5 @@
 $CONFIG = array (
  'one-click-instance' => true,
  'one-click-instance.user-limit' => 100,
  'update_channel' => 'stable',
 );
@@ -419,41 +419,12 @@ EOF
 # AIO update to latest start # Do not remove or change this line!
            if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
-                php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
+                if ! bash /upgrade-latest-major.sh; then
-                INSTALLED_AT="$(php /var/www/html/occ config:app:get core installedat)"
+                    echo "Upgrade to latest major version failed! Check the output above for details."
                if [ -n "${INSTALLED_AT}" ]; then
                    # Set the installdat to 00 which will allow to skip staging and install the next major directly
                    # shellcheck disable=SC2001
                    INSTALLED_AT="$(echo "${INSTALLED_AT}" | sed "s|[0-9][0-9]$|00|")"
                    php /var/www/html/occ config:app:set core installedat --value="${INSTALLED_AT}" 
                fi
                php /var/www/html/updater/updater.phar --no-interaction --no-backup
                if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                    echo "Installation of Nextcloud failed!"
                    touch "$NEXTCLOUD_DATA_DIR/install.failed"
                    exit 1
                fi
                # shellcheck disable=SC2016
                installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                INSTALLED_MAJOR="${installed_version%%.*}"
                IMAGE_MAJOR="${image_version%%.*}"
                # If a valid upgrade path, trigger the Nextcloud built-in Updater
                if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
                    php /var/www/html/updater/updater.phar --no-interaction --no-backup
                    if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                        echo "Installation of Nextcloud failed!"
                        # TODO: Add a hint here about what to do / where to look / updater.log? 
                        touch "$NEXTCLOUD_DATA_DIR/install.failed"
                        exit 1
                    fi
                    # shellcheck disable=SC2016
                    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                fi
                php /var/www/html/occ config:system:set updatechecker --type=bool --value=true
                php /var/www/html/occ app:enable nextcloud-aio --force
                php /var/www/html/occ db:add-missing-columns
                php /var/www/html/occ db:add-missing-primary-keys
                yes | php /var/www/html/occ db:convert-filecache-bigint
            fi
 # AIO update to latest end # Do not remove or change this line!
@@ -896,6 +867,58 @@ else
    fi
 fi
 # EuroOffice
 if [ "$EUROOFFICE_ENABLED" = 'yes' ]; then
    # Determine EuroOffice port based on host pattern
    if echo "$EUROOFFICE_HOST" | grep -q "nextcloud-.*-eurooffice"; then
        EUROOFFICE_PORT=80
    else
        EUROOFFICE_PORT=443
    fi
    count=0
    while ! nc -z "$EUROOFFICE_HOST" "$EUROOFFICE_PORT" && [ "$count" -lt 90 ]; do
        echo "Waiting for EuroOffice to become available..."
        count=$((count+5))
        sleep 5
    done
    if [ "$count" -ge 90 ]; then
        bash /notify.sh "EuroOffice did not start in time!" "Skipping initialization and disabling eurooffice app."
        php /var/www/html/occ app:disable eurooffice
    else
        # Install or enable EuroOffice app as needed
        if ! [ -d "/var/www/html/custom_apps/eurooffice" ]; then
            php /var/www/html/occ app:install eurooffice
        elif [ "$(php /var/www/html/occ config:app:get eurooffice enabled)" != "yes" ]; then
            php /var/www/html/occ app:enable eurooffice
        elif [ "$SKIP_UPDATE" != 1 ]; then
            php /var/www/html/occ app:update eurooffice
        fi
        # Set EuroOffice configuration
        php /var/www/html/occ config:system:set eurooffice editors_check_interval --value="0" --type=integer 
        php /var/www/html/occ config:system:set eurooffice jwt_secret --value="$EUROOFFICE_SECRET"
        php /var/www/html/occ config:app:set eurooffice jwt_secret --value="$EUROOFFICE_SECRET"
        php /var/www/html/occ config:system:set eurooffice jwt_header --value="AuthorizationJwt"
        # Adjust the EuroOffice host if using internal pattern
        if echo "$EUROOFFICE_HOST" | grep -q "nextcloud-.*-eurooffice"; then
            EUROOFFICE_HOST="$NC_DOMAIN/eurooffice"
            export EUROOFFICE_HOST
        fi
        php /var/www/html/occ config:app:set eurooffice DocumentServerUrl --value="https://$EUROOFFICE_HOST"
    fi
 else
    # Remove EuroOffice app if disabled and removal is requested
    if [ "$REMOVE_DISABLED_APPS" = yes ] && \
       [ -d "/var/www/html/custom_apps/eurooffice" ] && \
       [ -n "$EUROOFFICE_SECRET" ] && \
       [ "$(php /var/www/html/occ config:system:get eurooffice jwt_secret)" = "$EUROOFFICE_SECRET" ]; then
        php /var/www/html/occ app:remove eurooffice
    fi
 fi
 # Talk
 if [ "$TALK_ENABLED" = 'yes' ]; then
    set -x
@@ -0,0 +1,43 @@
 #!/bin/bash
 PHP_CLI="php"
 if [[ "$EUID" = 0 ]]; then
    PHP_CLI="sudo -u www-data -E $PHP_CLI"
 fi
 # shellcheck disable=SC2016
 image_version="$($PHP_CLI -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 export IMAGE_MAJOR="${image_version%%.*}"
 $PHP_CLI /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
 INSTALLED_AT="$($PHP_CLI /var/www/html/occ config:app:get core installedat)"
 if [ -n "${INSTALLED_AT}" ]; then
    # Set the installedat to 00 which will allow to skip staging and install the next major directly
    # shellcheck disable=SC2001
    INSTALLED_AT="$(echo "${INSTALLED_AT}" | sed "s|[0-9][0-9]$|00|")"
    $PHP_CLI /var/www/html/occ config:app:set core installedat --value="${INSTALLED_AT}"
 fi
 $PHP_CLI /var/www/html/updater/updater.phar --no-interaction --no-backup
 if ! $PHP_CLI /var/www/html/occ -V || $PHP_CLI /var/www/html/occ status | grep maintenance | grep -q 'true'; then
    echo "Installation of Nextcloud failed!"
    touch "$NEXTCLOUD_DATA_DIR/install.failed"
    exit 1
 fi
 # shellcheck disable=SC2016
 installed_version="$($PHP_CLI -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 export INSTALLED_MAJOR="${installed_version%%.*}"
 # If a valid upgrade path, trigger the Nextcloud built-in Updater
 if ! $PHP_CLI -r "version_compare(getenv('INSTALLED_MAJOR'), getenv('IMAGE_MAJOR'), '>') || exit(1);"; then
    $PHP_CLI /var/www/html/updater/updater.phar --no-interaction --no-backup
    if ! $PHP_CLI /var/www/html/occ -V || $PHP_CLI /var/www/html/occ status | grep maintenance | grep -q 'true'; then
        echo "Installation of Nextcloud failed!"
        # TODO: Add a hint here about what to do / where to look / updater.log?
        touch "$NEXTCLOUD_DATA_DIR/install.failed"
        exit 1
    fi
 fi
 $PHP_CLI /var/www/html/occ config:system:set updatechecker --type=bool --value=true
 $PHP_CLI /var/www/html/occ app:enable nextcloud-aio --force
 $PHP_CLI /var/www/html/occ db:add-missing-columns
 $PHP_CLI /var/www/html/occ db:add-missing-primary-keys
 yes | $PHP_CLI /var/www/html/occ db:convert-filecache-bigint
@@ -13,6 +13,8 @@ esac)"
 export POSTGRES_LOG_MIN_MESSAGES
 # Variables
 GREP_STRING='Name: oc_appconfig; Type: TABLE; Schema: public; Owner:'
 export GREP_STRING
 DATADIR="/var/lib/postgresql/data"
 export DUMP_DIR="/mnt/data"
 DUMP_FILE="$DUMP_DIR/database-dump.sql"
@@ -103,7 +105,6 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
    done
    # Check if the line we grep for later on is there
    GREP_STRING='Name: oc_appconfig; Type: TABLE; Schema: public; Owner:'
    if ! grep -qa "$GREP_STRING" "$DUMP_FILE"; then
        echo "The needed oc_appconfig line is not there which is unexpected."
        echo "Please report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
@@ -239,6 +240,12 @@ do_database_dump() {
        rm -f "$DUMP_FILE"
        mv "$DUMP_FILE.temp" "$DUMP_FILE"
        pg_ctl stop -m fast
        if ! grep -qa "$GREP_STRING" "$DUMP_FILE"; then
            echo "Database dump was successful but the expected grep string does not exist."
            echo "This is not expected!"
            echo "Please report this to https://github.com/nextcloud/all-in-one/issues."
            exit 1
        fi
        rm "$DUMP_DIR/export.failed"
        echo 'Database dump successful!'
        if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
@@ -4,4 +4,4 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
-nc -z 127.0.0.1 1234 || nc -z ::1 1234 || exit 1
+nc -z 127.0.0.1 1234 || exit 1
@@ -58,21 +58,13 @@ extensionaudio = .m4a
 extensionvideo = .mp4"
 fi
 # Detect IPv6 availability to choose the right listen address
 RECORDING_LISTEN="0.0.0.0:1234"
 if ! grep -q "1" /sys/module/ipv6/parameters/disable 2>/dev/null \
 && ! grep -q "1" /proc/sys/net/ipv6/conf/all/disable_ipv6 2>/dev/null \
 && ! grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6 2>/dev/null; then
    RECORDING_LISTEN="[::]:1234"
 fi
 cat << RECORDING_CONF > "/conf/recording.conf"
 [logs]
 # 30 means Warning
 level = ${TALK_RECORDING_LOG_LEVEL}
 [http]
-listen = ${RECORDING_LISTEN}
+listen = 0.0.0.0:1234
 [backend]
 allowall = ${ALLOW_ALL}
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.14.1-scratch AS nats
+FROM nats:2.14.2-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
 FROM alpine:3.23.4 AS janus
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.26.3-alpine3.23 AS go
+FROM golang:1.26.4-alpine3.23 AS go
 ENV WATCHTOWER_COMMIT_HASH=9d0048403a7242943084bede951f6f966f7691ba	
@@ -37,6 +37,9 @@
                    "writeable": false
                }
            ],
            "cap_add": [
                "SYS_RAWIO"
            ],
            "environment": [
                "TZ=%TIMEZONE%",
                "SECURE_CONNECTION=1",
@@ -4,6 +4,9 @@ services:
      nextcloud-aio-onlyoffice:
        condition: service_started
        required: false
      nextcloud-aio-eurooffice:
        condition: service_started
        required: false
      nextcloud-aio-collabora:
        condition: service_started
        required: false
@@ -41,6 +44,7 @@ services:
      - APACHE_PORT
      - AIO_LOG_LEVEL
      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
      - EUROOFFICE_HOST=nextcloud-aio-eurooffice
      - TZ=${TIMEZONE}
      - APACHE_MAX_SIZE
      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
@@ -150,15 +154,18 @@ services:
      - TURN_SECRET
      - SIGNALING_SECRET
      - ONLYOFFICE_SECRET
      - EUROOFFICE_SECRET
      - AIO_LOG_LEVEL
      - NEXTCLOUD_MOUNT
      - CLAMAV_ENABLED
      - CLAMAV_HOST=nextcloud-aio-clamav
      - ONLYOFFICE_ENABLED
      - EUROOFFICE_ENABLED
      - COLLABORA_ENABLED
      - COLLABORA_HOST=nextcloud-aio-collabora
      - TALK_ENABLED
      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
      - EUROOFFICE_HOST=nextcloud-aio-eurooffice
      - UPDATE_NEXTCLOUD_APPS
      - TZ=${TIMEZONE}
      - TALK_PORT
@@ -406,6 +413,33 @@ services:
    cap_drop:
      - NET_RAW
  nextcloud-aio-eurooffice:
    image: ghcr.io/nextcloud-releases/aio-eurooffice:latest
    init: true
    healthcheck:
      start_period: 60s
      test: /healthcheck.sh
      interval: 30s
      timeout: 30s
      start_interval: 5s
      retries: 9
    expose:
      - "80"
    environment:
      - AIO_LOG_LEVEL
      - LOG_LEVEL=${AIO_LOG_LEVEL}
      - TZ=${TIMEZONE}
      - JWT_ENABLED=true
      - JWT_HEADER=AuthorizationJwt
      - JWT_SECRET=${EUROOFFICE_SECRET}
    volumes:
      - nextcloud_aio_eurooffice:/var/lib/euro-office:rw
    restart: unless-stopped
    profiles:
      - eurooffice
    cap_drop:
      - NET_RAW
  nextcloud-aio-imaginary:
    image: ghcr.io/nextcloud-releases/aio-imaginary:latest
    user: "65534"
@@ -455,11 +489,13 @@ services:
      - discovery.type=single-node
      - http.port=9200
      - xpack.license.self_generated.type=basic
-      - xpack.security.enabled=false
+      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=false
      - xpack.security.transport.ssl.enabled=false
      - indices.fielddata.cache.size=20%
      - indices.memory.index_buffer_size=20%
      - thread_pool.write.queue_size=1000
-      - FULLTEXTSEARCH_PASSWORD
+      - ELASTIC_PASSWORD=${FULLTEXTSEARCH_PASSWORD}
    volumes:
      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
    restart: unless-stopped
@@ -511,6 +547,8 @@ volumes:
    name: nextcloud_aio_database_dump
  nextcloud_aio_elasticsearch:
    name: nextcloud_aio_elasticsearch
  nextcloud_aio_eurooffice:
    name: nextcloud_aio_eurooffice
  nextcloud_aio_nextcloud:
    name: nextcloud_aio_nextcloud
  nextcloud_aio_onlyoffice:
@@ -1,4 +1,5 @@
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
 EUROOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_PASSWORD=          # TODO! This needs to be a unique and good password!
 IMAGINARY_SECRET=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
@@ -14,6 +15,7 @@ WHITEBOARD_SECRET=          # TODO! This needs to be a unique and good password!
 CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 EUROOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 FULLTEXTSEARCH_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 13.1.0
+version: 13.2.1
 apiVersion: v2
 keywords:
  - latest
@@ -49,6 +49,8 @@ spec:
              value: "{{ .Values.APACHE_PORT }}"
            - name: COLLABORA_HOST
              value: nextcloud-aio-collabora
            - name: EUROOFFICE_HOST
              value: nextcloud-aio-eurooffice
            - name: NC_DOMAIN
              value: "{{ .Values.NC_DOMAIN }}"
            - name: NEXTCLOUD_HOST
@@ -63,7 +65,7 @@ spec:
              value: "{{ .Values.TIMEZONE }}"
            - name: WHITEBOARD_HOST
              value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-apache:20260609_115915
          readinessProbe:
            exec:
              command:
@@ -36,7 +36,7 @@ spec:
        {{- end }}
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260609_115915
          command:
            - mkdir
            - "-p"
@@ -61,7 +61,7 @@ spec:
              value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260609_115915
          readinessProbe:
            exec:
              command:
@@ -38,9 +38,9 @@ spec:
            - name: server_name
              value: "{{ .Values.NC_DOMAIN }}"
          {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260609_115915
          {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260609_115915
          {{- end }}
          readinessProbe:
            exec:
@@ -35,7 +35,7 @@ spec:
        {{- end }}
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260609_115915
          command:
            - mkdir
            - "-p"
@@ -66,7 +66,7 @@ spec:
              value: nextcloud
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260609_115915
          readinessProbe:
            exec:
              command:
@@ -0,0 +1,77 @@
 {{- if eq .Values.EUROOFFICE_ENABLED "yes" }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
    kompose.version: 1.38.0 (a8f5d1cbd)
  labels:
    io.kompose.service: nextcloud-aio-eurooffice
  name: nextcloud-aio-eurooffice
  namespace: "{{ .Values.NAMESPACE }}"
 spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: nextcloud-aio-eurooffice
  strategy:
    type: Recreate
  template:
    metadata:
      annotations:
        kompose.version: 1.38.0 (a8f5d1cbd)
      labels:
        io.kompose.service: nextcloud-aio-eurooffice
    spec:
      initContainers:
        - name: init-volumes
          image: ghcr.io/nextcloud-releases/aio-alpine:20260609_115915
          command:
            - chmod
            - "777"
            - /nextcloud-aio-eurooffice
          volumeMounts:
            - name: nextcloud-aio-eurooffice
              mountPath: /nextcloud-aio-eurooffice
      containers:
        - env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: JWT_ENABLED
              value: "true"
            - name: JWT_HEADER
              value: AuthorizationJwt
            - name: JWT_SECRET
              value: "{{ .Values.EUROOFFICE_SECRET }}"
            - name: LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
          image: ghcr.io/nextcloud-releases/aio-eurooffice:20260609_115915
          readinessProbe:
            exec:
              command:
                - /healthcheck.sh
            failureThreshold: 9
            initialDelaySeconds: 60
            periodSeconds: 30
            timeoutSeconds: 30
          livenessProbe:
            exec:
              command:
                - /healthcheck.sh
            failureThreshold: 9
            initialDelaySeconds: 60
            periodSeconds: 30
            timeoutSeconds: 30
          name: nextcloud-aio-eurooffice
          ports:
            - containerPort: 80
              protocol: TCP
          volumeMounts:
            - mountPath: /var/lib/euro-office
              name: nextcloud-aio-eurooffice
      volumes:
        - name: nextcloud-aio-eurooffice
          persistentVolumeClaim:
            claimName: nextcloud-aio-eurooffice
 {{- end }}
@@ -0,0 +1,18 @@
 {{- if eq .Values.EUROOFFICE_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  labels:
    io.kompose.service: nextcloud-aio-eurooffice
  name: nextcloud-aio-eurooffice
  namespace: "{{ .Values.NAMESPACE }}"
 spec:
  {{- if .Values.STORAGE_CLASS }}
  storageClassName: {{ .Values.STORAGE_CLASS }}
  {{- end }}
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: {{ .Values.EUROOFFICE_STORAGE_SIZE }}
 {{- end }}
@@ -0,0 +1,19 @@
 {{- if eq .Values.EUROOFFICE_ENABLED "yes" }}
 apiVersion: v1
 kind: Service
 metadata:
  annotations:
    kompose.version: 1.38.0 (a8f5d1cbd)
  labels:
    io.kompose.service: nextcloud-aio-eurooffice
  name: nextcloud-aio-eurooffice
  namespace: "{{ .Values.NAMESPACE }}"
 spec:
  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "80"
      port: 80
      targetPort: 80
  selector:
    io.kompose.service: nextcloud-aio-eurooffice
 {{- end }}
@@ -24,7 +24,7 @@ spec:
    spec:
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260609_115915
          command:
            - chmod
            - "777"
@@ -36,10 +36,10 @@ spec:
        - env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: ELASTIC_PASSWORD
              value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
            - name: ES_JAVA_OPTS
              value: "{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}"
            - name: FULLTEXTSEARCH_PASSWORD
              value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
            - name: bootstrap.memory_lock
@@ -59,8 +59,12 @@ spec:
            - name: xpack.license.self_generated.type
              value: basic
            - name: xpack.security.enabled
              value: "true"
            - name: xpack.security.http.ssl.enabled
              value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260527_140826
+            - name: xpack.security.transport.ssl.enabled
              value: "false"
          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260609_115915
          readinessProbe:
            exec:
              command:
@@ -40,7 +40,7 @@ spec:
              value: "{{ .Values.IMAGINARY_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260609_115915
          readinessProbe:
            exec:
              command:
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260609_115915
          command:
            - chmod
            - "777"
@@ -106,6 +106,12 @@ spec:
              value: "{{ .Values.COLLABORA_ENABLED }}"
            - name: COLLABORA_HOST
              value: nextcloud-aio-collabora
            - name: EUROOFFICE_ENABLED
              value: "{{ .Values.EUROOFFICE_ENABLED }}"
            - name: EUROOFFICE_HOST
              value: nextcloud-aio-eurooffice
            - name: EUROOFFICE_SECRET
              value: "{{ .Values.EUROOFFICE_SECRET }}"
            - name: FULLTEXTSEARCH_ENABLED
              value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}"
            - name: FULLTEXTSEARCH_HOST
@@ -192,7 +198,7 @@ spec:
              value: "{{ .Values.WHITEBOARD_ENABLED }}"
            - name: WHITEBOARD_SECRET
              value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260609_115915
          {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
          securityContext:
            # The items below only work in container context
@@ -41,7 +41,7 @@ spec:
              value: nextcloud-aio-nextcloud
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260609_115915
          readinessProbe:
            exec:
              command:
@@ -24,7 +24,7 @@ spec:
    spec:
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260609_115915
          command:
            - chmod
            - "777"
@@ -46,7 +46,7 @@ spec:
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260609_115915
          readinessProbe:
            exec:
              command:
@@ -41,7 +41,7 @@ spec:
              value: "{{ .Values.REDIS_PASSWORD }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-redis:20260609_115915
          readinessProbe:
            exec:
              command:
@@ -56,7 +56,7 @@ spec:
              value: "{{ .Values.TURN_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-talk:20260609_115915
          readinessProbe:
            exec:
              command:
@@ -46,7 +46,7 @@ spec:
              value: "{{ .Values.RECORDING_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260609_115915
          readinessProbe:
            exec:
              command:
@@ -52,7 +52,7 @@ spec:
              value: redis
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260609_115915
          readinessProbe:
            exec:
              command:
@@ -133,7 +133,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
            sed -i "/^    spec:/r /tmp/initcontainers.clamav" "$variable"
        elif echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
            sed -i "/^    spec:/r /tmp/initcontainers.nextcloud" "$variable"
-        elif echo "$variable" | grep -q "fulltextsearch" || echo "$variable" | grep -q "onlyoffice" || echo "$variable" | grep -q "collabora"; then
+        elif echo "$variable" | grep -q "fulltextsearch" || echo "$variable" | grep -q "onlyoffice" || echo "$variable" | grep -q "eurooffice" || echo "$variable" | grep -q "collabora"; then
            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
        fi
        volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
@@ -499,7 +499,7 @@ cat << EOL > /tmp/security.conf
              {{- end }}
 EOL
 # shellcheck disable=SC1083
-find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*apache-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
+find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*apache-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -not -name '*eurooffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*collabora-deployment.yaml*' -exec sed -i "/ADDITIONAL_COLLABORA_OPTIONS_PLACEHOLDER/d" \{} \;
@@ -1,4 +1,5 @@
 DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
 EUROOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_PASSWORD:           # TODO! This needs to be a unique and good password!
 IMAGINARY_SECRET:           # TODO! This needs to be a unique and good password!
 NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
@@ -14,6 +15,7 @@ WHITEBOARD_SECRET:           # TODO! This needs to be a unique and good password
 CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 EUROOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
@@ -46,6 +48,7 @@ CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume th
 DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value
 DATABASE_DUMP_STORAGE_SIZE: 1Gi       # You can change the size of the database-dump volume that default to 1Gi with this value
 ELASTICSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the elasticsearch volume that default to 1Gi with this value
 EUROOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the eurooffice volume that default to 1Gi with this value
 NEXTCLOUD_STORAGE_SIZE: 5Gi       # You can change the size of the nextcloud volume that default to 1Gi with this value
 NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi       # You can change the size of the nextcloud-data volume that default to 1Gi with this value
 NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
@@ -64,16 +64,16 @@
        },
        {
            "name": "guzzlehttp/guzzle",
-            "version": "7.11.0",
+            "version": "7.11.1",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "c987f8ce84b8434fa430795eca0f3430663da72b"
+                "reference": "5af96f374e0ab4ebd747b8310888c99d3adb0a8c"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/c987f8ce84b8434fa430795eca0f3430663da72b",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/5af96f374e0ab4ebd747b8310888c99d3adb0a8c",
-                "reference": "c987f8ce84b8434fa430795eca0f3430663da72b",
+                "reference": "5af96f374e0ab4ebd747b8310888c99d3adb0a8c",
                "shasum": ""
            },
            "require": {
@@ -92,7 +92,7 @@
                "bamarni/composer-bin-plugin": "^1.8.2",
                "ext-curl": "*",
                "guzzle/client-integration-tests": "3.0.2",
-                "guzzlehttp/test-server": "^0.4",
+                "guzzlehttp/test-server": "^0.5",
                "php-http/message-factory": "^1.1",
                "phpunit/phpunit": "^8.5.52 || ^9.6.34",
                "psr/log": "^1.1 || ^2.0 || ^3.0"
@@ -172,7 +172,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.11.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.11.1"
            },
            "funding": [
                {
@@ -188,7 +188,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-06-02T12:40:51+00:00"
+            "time": "2026-06-07T22:54:06+00:00"
        },
        {
            "name": "guzzlehttp/promises",
@@ -1624,16 +1624,16 @@
        },
        {
            "name": "symfony/polyfill-mbstring",
-            "version": "v1.38.1",
+            "version": "v1.38.2",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "14c5439eec4ccff081ac14eca2dc57feb2a66d92"
+                "reference": "d3d318bad5e7a1bfbd026009c8bfb8d8f99ae6b6"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/14c5439eec4ccff081ac14eca2dc57feb2a66d92",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/d3d318bad5e7a1bfbd026009c8bfb8d8f99ae6b6",
-                "reference": "14c5439eec4ccff081ac14eca2dc57feb2a66d92",
+                "reference": "d3d318bad5e7a1bfbd026009c8bfb8d8f99ae6b6",
                "shasum": ""
            },
            "require": {
@@ -1685,7 +1685,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.38.1"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.38.2"
            },
            "funding": [
                {
@@ -1705,7 +1705,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-26T12:51:13+00:00"
+            "time": "2026-05-27T06:59:30+00:00"
        },
        {
            "name": "symfony/polyfill-php80",
@@ -6,6 +6,7 @@
      "documentation": "https://github.com/nextcloud/all-in-one/discussions/2105",
      "depends_on": [
        "nextcloud-aio-onlyoffice",
        "nextcloud-aio-eurooffice",
        "nextcloud-aio-collabora",
        "nextcloud-aio-talk",
        "nextcloud-aio-notify-push",
@@ -47,6 +48,7 @@
        "APACHE_PORT=%APACHE_PORT%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
        "EUROOFFICE_HOST=nextcloud-aio-eurooffice",
        "TZ=%TIMEZONE%",
        "APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",
        "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
@@ -223,6 +225,7 @@
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
        "ONLYOFFICE_SECRET=%ONLYOFFICE_SECRET%",
        "EUROOFFICE_SECRET=%EUROOFFICE_SECRET%",
        "AIO_URL=%AIO_URL%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "NC_AIO_VERSION=v%AIO_VERSION%",
@@ -230,10 +233,12 @@
        "CLAMAV_ENABLED=%CLAMAV_ENABLED%",
        "CLAMAV_HOST=nextcloud-aio-clamav",
        "ONLYOFFICE_ENABLED=%ONLYOFFICE_ENABLED%",
        "EUROOFFICE_ENABLED=%EUROOFFICE_ENABLED%",
        "COLLABORA_ENABLED=%COLLABORA_ENABLED%",
        "COLLABORA_HOST=nextcloud-aio-collabora",
        "TALK_ENABLED=%TALK_ENABLED%",
        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
        "EUROOFFICE_HOST=nextcloud-aio-eurooffice",
        "UPDATE_NEXTCLOUD_APPS=%UPDATE_NEXTCLOUD_APPS%",
        "TZ=%TIMEZONE%",
        "TALK_PORT=%TALK_PORT%",
@@ -357,6 +362,7 @@
      "secrets": [
        "REDIS_PASSWORD",
        "ONLYOFFICE_SECRET",
        "EUROOFFICE_SECRET",
        "RECORDING_SECRET"
      ],
      "restart": "unless-stopped",
@@ -717,7 +723,7 @@
    {
      "container_name": "nextcloud-aio-onlyoffice",
      "image_tag": "%AIO_CHANNEL%",
-      "display_name": "OnlyOffice",
+      "display_name": "OnlyOffice (deprecated)",
      "image": "ghcr.io/nextcloud-releases/aio-onlyoffice",
      "init": true,
      "healthcheck": {
@@ -758,6 +764,50 @@
        "NET_RAW"
      ]
    },
    {
      "container_name": "nextcloud-aio-eurooffice",
      "image_tag": "%AIO_CHANNEL%",
      "display_name": "EuroOffice",
      "image": "ghcr.io/nextcloud-releases/aio-eurooffice",
      "init": true,
      "healthcheck": {
        "start_period": "60s",
        "test": "/healthcheck.sh",
        "interval": "30s",
        "timeout": "30s",
        "start_interval": "5s",
        "retries": 9
      },
      "expose": [
        "80"
      ],
      "internal_port": "80",
      "environment": [
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%",
        "JWT_ENABLED=true",
        "JWT_HEADER=AuthorizationJwt",
        "JWT_SECRET=%EUROOFFICE_SECRET%"
      ],
      "volumes": [
        {
          "source": "nextcloud_aio_eurooffice",
          "destination": "/var/lib/euro-office",
          "writeable": true
        }
      ],
      "secrets": [
        "EUROOFFICE_SECRET"
      ],
      "restart": "unless-stopped",
      "profiles": [
        "eurooffice"
      ],
      "cap_drop": [
        "NET_RAW"
      ]
    },
    {
      "container_name": "nextcloud-aio-imaginary",
      "image_tag": "%AIO_CHANNEL%",
@@ -22,9 +22,11 @@ document.addEventListener("DOMContentLoaded", function () {
    // Office suite radio buttons
    const collaboraRadio = document.getElementById('office-collabora');
    const onlyofficeRadio = document.getElementById('office-onlyoffice');
    const euroofficeRadio = document.getElementById('office-eurooffice');
    const noneRadio = document.getElementById('office-none');
    const collaboraHidden = document.getElementById('collabora');
    const onlyofficeHidden = document.getElementById('onlyoffice');
    const euroofficeHidden = document.getElementById('eurooffice');
    let initialOfficeSelection = null;
    optionsContainersCheckboxes.forEach(checkbox => {
@@ -36,11 +38,13 @@ document.addEventListener("DOMContentLoaded", function () {
    });
    // Store initial office suite selection
-    if (collaboraRadio && onlyofficeRadio && noneRadio) {
+    if (collaboraRadio && onlyofficeRadio && euroofficeRadio && noneRadio) {
        if (collaboraRadio.checked) {
            initialOfficeSelection = 'collabora';
        } else if (onlyofficeRadio.checked) {
            initialOfficeSelection = 'onlyoffice';
        } else if (euroofficeRadio.checked) {
            initialOfficeSelection = 'eurooffice';
        } else {
            initialOfficeSelection = 'none';
        }
@@ -57,20 +61,28 @@ document.addEventListener("DOMContentLoaded", function () {
        });
        // Check office suite changes and sync to hidden inputs
-        if (collaboraRadio && onlyofficeRadio && noneRadio && collaboraHidden && onlyofficeHidden) {
+        if (collaboraRadio && onlyofficeRadio && euroofficeRadio && noneRadio && collaboraHidden && onlyofficeHidden && euroofficeHidden) {
            let currentOfficeSelection = null;
            if (collaboraRadio.checked) {
                currentOfficeSelection = 'collabora';
                collaboraHidden.value = 'on';
                onlyofficeHidden.value = '';
                euroofficeHidden.value = '';
            } else if (onlyofficeRadio.checked) {
                currentOfficeSelection = 'onlyoffice';
                collaboraHidden.value = '';
                onlyofficeHidden.value = 'on';
                euroofficeHidden.value = '';
            } else if (euroofficeRadio.checked) {
                currentOfficeSelection = 'eurooffice';
                collaboraHidden.value = '';
                onlyofficeHidden.value = '';
                euroofficeHidden.value = 'on';
            } else {
                currentOfficeSelection = 'none';
                collaboraHidden.value = '';
                onlyofficeHidden.value = '';
                euroofficeHidden.value = '';
            }
            if (currentOfficeSelection !== initialOfficeSelection) {
@@ -144,9 +156,10 @@ document.addEventListener("DOMContentLoaded", function () {
    handleTalkVisibility();  // Ensure talk-recording is correctly initialized
    // Add event listeners for office suite radio buttons
-    if (collaboraRadio && onlyofficeRadio && noneRadio) {
+    if (collaboraRadio && onlyofficeRadio && euroofficeRadio && noneRadio) {
        collaboraRadio.addEventListener('change', checkForOptionContainerChanges);
        onlyofficeRadio.addEventListener('change', checkForOptionContainerChanges);
        euroofficeRadio.addEventListener('change', checkForOptionContainerChanges);
        noneRadio.addEventListener('change', checkForOptionContainerChanges);
    }
@@ -27,6 +27,12 @@ document.addEventListener("DOMContentLoaded", function(event) {
    const onlyoffice = document.getElementById("office-onlyoffice");
    onlyoffice.disabled = true;
    // EuroOffice
    const eurooffice = document.getElementById("office-eurooffice");
    if (eurooffice) {
        eurooffice.disabled = true;
    }
    // Imaginary
    let imaginary = document.getElementById("imaginary");
    imaginary.disabled = true;
@@ -104,6 +104,7 @@ $app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . '
 $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
 $app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
 $app->post('/api/docker/backup-reset-location', AIO\Controller\DockerController::class . ':DeleteBorgBackupConfig');
 $app->post('/api/docker/nextcloud-upgrade-to-latest-major', AIO\Controller\DockerController::class . ':RunNextcloudUpgradeToLatestMajor');
 $app->post('/api/docker/prune', AIO\Controller\DockerController::class . ':SystemPrune');
 $app->get('/api/docker/logs', AIO\Controller\DockerController::class . ':GetLogs');
 $app->post('/api/auth/login', AIO\Controller\LoginController::class . ':TryLogin');
@@ -152,6 +153,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
        'current_channel' => $dockerActionManager->GetCurrentChannel(),
        'is_clamav_enabled' => $configurationManager->isClamavEnabled,
        'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled,
        'is_eurooffice_enabled' => $configurationManager->isEuroofficeEnabled,
        'is_collabora_enabled' => $configurationManager->isCollaboraEnabled,
        'is_talk_enabled' => $configurationManager->isTalkEnabled,
        'borg_restore_password' => $configurationManager->borgRestorePassword,
@@ -483,14 +483,16 @@ input[type="checkbox"]:disabled:not(:checked) + label {
    visibility: hidden;
    opacity: 0;
    align-self: start;
-    width: min(700px, calc(100vw - 4rem));
+    width: min(600px, calc(100vw - 4rem));
    height: min(400px, calc(100vh - 14rem));
    border-radius: var(--border-radius-large);
    border: solid thin rgb(192, 192, 192);
    background-color: var(--color-main-background);
 }
 .overlay-iframe {
    padding: 1rem;
    font-family: monospace, system-ui, -apple-system, 'Segoe UI', Roboto, Oxygen-Sans, Cantarell, Ubuntu, 'Helvetica Neue', 'Noto Sans', 'Liberation Sans', Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
 }
 .loader {
@@ -606,13 +608,15 @@ input[type="checkbox"]:disabled:not(:checked) + label {
 }
 #office-collabora:checked + .office-card,
-#office-onlyoffice:checked + .office-card {
+#office-onlyoffice:checked + .office-card,
 #office-eurooffice:checked + .office-card {
    border-color: var(--color-nextcloud-blue);
    background: linear-gradient(135deg, rgba(0, 130, 201, 0.08) 0%, rgba(0, 130, 201, 0.02) 100%);
 }
 [data-theme="dark"] #office-collabora:checked + .office-card,
-[data-theme="dark"] #office-onlyoffice:checked + .office-card {
+[data-theme="dark"] #office-onlyoffice:checked + .office-card,
 [data-theme="dark"] #office-eurooffice:checked + .office-card {
    background: linear-gradient(135deg, rgba(0, 145, 242, 0.15) 0%, rgba(0, 145, 242, 0.03) 100%);
 }
@@ -631,13 +635,21 @@ input[type="checkbox"]:disabled:not(:checked) + label {
    color: var(--color-main-text);
 }
 .office-powered-by {
    margin: 4px 0 0;
    font-size: 13px;
    color: var(--color-main-text);
    opacity: 0.7;
 }
 .office-checkmark {
    flex-shrink: 0;
    display: none;
 }
 #office-collabora:checked + .office-card .office-checkmark,
-#office-onlyoffice:checked + .office-card .office-checkmark {
+#office-onlyoffice:checked + .office-card .office-checkmark,
 #office-eurooffice:checked + .office-card .office-checkmark {
    display: block;
 }
@@ -78,6 +78,10 @@ readonly class ContainerDefinitionFetcher {
                if (!$this->configurationManager->isOnlyofficeEnabled) {
                    continue;
                }
            } elseif ($entry['container_name'] === 'nextcloud-aio-eurooffice') {
                if (!$this->configurationManager->isEuroofficeEnabled) {
                    continue;
                }
            } elseif ($entry['container_name'] === 'nextcloud-aio-collabora') {
                if (!$this->configurationManager->isCollaboraEnabled) {
                    continue;
@@ -194,6 +198,10 @@ readonly class ContainerDefinitionFetcher {
                        if (!$this->configurationManager->isOnlyofficeEnabled) {
                            continue;
                        }
                    } elseif ($value === 'nextcloud-aio-eurooffice') {
                        if (!$this->configurationManager->isEuroofficeEnabled) {
                            continue;
                        }
                    } elseif ($value === 'nextcloud-aio-collabora') {
                        if (!$this->configurationManager->isCollaboraEnabled) {
                            continue;
@@ -81,12 +81,19 @@ readonly class ConfigurationController {
                if ($officeSuiteChoice === 'collabora') {
                    $this->configurationManager->isCollaboraEnabled = true;
                    $this->configurationManager->isOnlyofficeEnabled = false;
                    $this->configurationManager->isEuroofficeEnabled = false;
                } elseif ($officeSuiteChoice === 'onlyoffice') {
                    $this->configurationManager->isCollaboraEnabled = false;
                    $this->configurationManager->isOnlyofficeEnabled = true;
                    $this->configurationManager->isEuroofficeEnabled = false;
                } elseif ($officeSuiteChoice === 'eurooffice') {
                    $this->configurationManager->isCollaboraEnabled = false;
                    $this->configurationManager->isOnlyofficeEnabled = false;
                    $this->configurationManager->isEuroofficeEnabled = true;
                } else {
                    $this->configurationManager->isCollaboraEnabled = false;
                    $this->configurationManager->isOnlyofficeEnabled = false;
                    $this->configurationManager->isEuroofficeEnabled = false;
                }
                $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']);
                $this->configurationManager->isTalkEnabled = isset($request->getParsedBody()['talk']);
@@ -14,6 +14,7 @@ use Slim\Psr7\NonBufferedBody;
 readonly class DockerController {
    private const string TOP_CONTAINER = 'nextcloud-aio-apache';
    private const string LATEST_MAJOR_VERSION = '34';
    public function __construct(
        private DockerActionManager           $dockerActionManager,
@@ -221,7 +222,7 @@ readonly class DockerController {
        }
        if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = '34';
+            $installLatestMajor = self::LATEST_MAJOR_VERSION;
        } else {
            $installLatestMajor = '';
        }
@@ -298,7 +299,7 @@ readonly class DockerController {
        }
        if ($addToStreamingResponseBody !== null) {
-            $addToStreamingResponseBody($container, "Stopping container");
+            $addToStreamingResponseBody("Stopping container", $container);
        }
        // Stop itself first and then all the dependencies
@@ -333,14 +334,30 @@ readonly class DockerController {
        return $response->withStatus(201)->withHeader('Location', '.');
    }
    public function RunNextcloudUpgradeToLatestMajor(Request $request, Response $response, array $args) : Response {
        $this->configurationManager->installLatestMajor = self::LATEST_MAJOR_VERSION;
        // Get streaming response start and closure
        $nonbufResp = $this->startStreamingResponse($response);
        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
        $this->dockerActionManager->RunNextcloudUpgradeToLatestMajor($addToStreamingResponseBody);
        // We automatically reload after 10s so that the output can be read or copied if necessary 
        $addToStreamingResponseBody("Automatically reloading the page after 10s."); 
        sleep(10); 
        // End streaming response
        $this->finalizeStreamingResponse($nonbufResp);
        return $nonbufResp;
    }
    public function SystemPrune(Request $request, Response $response, array $args) : Response {
        // Get streaming response start and closure
        $nonbufResp = $this->startStreamingResponse($response);
        $body = $nonbufResp->getBody();
-        $addToStreamingResponseBody = function (string $message) use ($body) : void {
+        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
            $body->write("<div>$message</div>");
        };
        $this->dockerActionManager->SystemPrune($addToStreamingResponseBody);
@@ -401,7 +418,7 @@ readonly class DockerController {
        <!DOCTYPE html>
        <html lang="en" class="overlay-iframe">
            <head>
-                <link rel="stylesheet" href="../../style.css?v9" media="all" />
+                <link rel="stylesheet" href="../../style.css?v12" media="all" />
                <script type="text/javascript" src="../../apply-theme.js?v1"></script>
                <script type="text/javascript" src="../../scroll-into-view.js"></script>
            </head>
@@ -426,12 +443,17 @@ readonly class DockerController {
        return $nonbufResp;
    }
-    private function getAddToStreamingResponseBody(Response $nonbufResp) : ?\Closure {
+    private function getAddToStreamingResponseBody(Response $nonbufResp) : \Closure {
        // Create a closure to pass around to the code, which should to the logging (because it e.g. decides
        // if it'll actually pull an image), but which should not need to know anything about the
        // wanted markup or formatting.
-        $addToStreamingResponseBody = function (Container $container, string $message) use ($nonbufResp) : void {
+        $addToStreamingResponseBody = function (string $message, ?Container $container = null) use ($nonbufResp) : void {
-            $nonbufResp->getBody()->write("<div>{$container->displayName}: {$message}</div>");
+            // Strip ANSI codes.
            $message = preg_replace('/\e[[][A-Za-z0-9];?[0-9]*m?/', '', $message);
            if ($container) {
                $message = "{$container->displayName}: {$message}";
            }
            $nonbufResp->getBody()->write("<div>" . htmlspecialchars("{$message}", ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8') . "</div>");
        };
        return $addToStreamingResponseBody;
@@ -99,6 +99,11 @@ class ConfigurationManager
        set { $this->set('isOnlyofficeEnabled', $value); }
    }
    public bool $isEuroofficeEnabled {
        get => $this->get('isEuroofficeEnabled', false);
        set { $this->set('isEuroofficeEnabled', $value); }
    }
    public bool $isCollaboraEnabled {
        // Type-cast because old configs could have 1/0 for this key.
        get => (bool) $this->get('isCollaboraEnabled', true);
@@ -1087,6 +1092,7 @@ class ConfigurationManager
            'CLAMAV_ENABLED' => $this->isClamavEnabled ? 'yes' : '',
            'TALK_RECORDING_ENABLED' => $this->isTalkRecordingEnabled ? 'yes' : '',
            'ONLYOFFICE_ENABLED' => $this->isOnlyofficeEnabled ? 'yes' : '',
            'EUROOFFICE_ENABLED' => $this->isEuroofficeEnabled ? 'yes' : '',
            'COLLABORA_ENABLED' => $this->isCollaboraEnabled ? 'yes' : '',
            'TALK_ENABLED' => $this->isTalkEnabled ? 'yes' : '',
            'UPDATE_NEXTCLOUD_APPS' => ($this->isDailyBackupRunning() && $this->areAutomaticUpdatesEnabled()) ? 'yes' : '',
@@ -12,6 +12,7 @@ use AIO\Data\DataConst;
 use AIO\Helper\NetworkHelper;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\RequestException;
 use GuzzleHttp\Psr7\Utils;
 use http\Env\Response;
 readonly class DockerActionManager {
@@ -48,7 +49,7 @@ readonly class DockerActionManager {
    public function GetContainerRunningState(Container $container): ContainerState {
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->identifier)));
        try {
-            $response = $this->guzzleClient->get($url);
+            $response = $this->sendHttpRequest('GET', $url);
        } catch (RequestException $e) {
            if ($e->getCode() === 404) {
                return ContainerState::ImageDoesNotExist;
@@ -68,7 +69,7 @@ readonly class DockerActionManager {
    public function GetContainerRestartingState(Container $container): ContainerState {
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->identifier)));
        try {
-            $response = $this->guzzleClient->get($url);
+            $response = $this->sendHttpRequest('GET', $url);
        } catch (RequestException $e) {
            if ($e->getCode() === 404) {
                return ContainerState::ImageDoesNotExist;
@@ -138,7 +139,7 @@ readonly class DockerActionManager {
    public function DeleteContainer(Container $container): void {
        $url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->identifier)));
        try {
-            $this->guzzleClient->delete($url);
+            $this->sendHttpRequest('DELETE', $url);
        } catch (RequestException $e) {
            if ($e->getCode() !== 404) {
                throw $e;
@@ -155,7 +156,7 @@ readonly class DockerActionManager {
        // Delete the borg cache volume
        $url = $this->BuildApiUrl('volumes/nextcloud_aio_backup_cache');
        try {
-            $this->guzzleClient->delete($url);
+            $this->sendHttpRequest('DELETE', $url);
            error_log('nextcloud_aio_backup_cache volume deleted successfully.');
        } catch (RequestException $e) {
            if ($e->getCode() !== 404) {
@@ -174,7 +175,7 @@ readonly class DockerActionManager {
                urlencode($id),
                $since
            ));
-        $responseBody = (string)$this->guzzleClient->get($url)->getBody();
+        $responseBody = (string)$this->sendHttpRequest('GET', $url)->getBody();
        $response = "";
        $separator = "\r\n";
@@ -194,9 +195,9 @@ readonly class DockerActionManager {
        $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->identifier)));
        try {
            if ($addToStreamingResponseBody !== null) {
-                $addToStreamingResponseBody($container, "Starting container");
+                $addToStreamingResponseBody("Starting container", $container);
            }
-            $this->guzzleClient->post($url);
+            $this->sendHttpRequest('POST', $url);
        } catch (RequestException $e) {
            throw new \Exception("Could not start container " . $container->identifier . ": " . $e->getResponse()?->getBody()->getContents());
        }
@@ -215,7 +216,7 @@ readonly class DockerActionManager {
            $firstChar = substr($volume->name, 0, 1);
            if (!in_array($firstChar, $forbiddenChars)) {
-                $this->guzzleClient->request(
+                $this->sendHttpRequest(
                    'POST',
                    $url,
                    [
@@ -477,6 +478,14 @@ readonly class DockerActionManager {
                $regEx = '/\s+(?=--o:)/';
                $requestBody['Cmd'] = preg_split($regEx, rtrim($this->configurationManager->collaboraAdditionalOptions));
            }
        // Special things for the scrutiny container which should not be exposed in the containers.json
        } elseif ($container->identifier === 'nextcloud-aio-scrutiny') {
            // Allow it to access block devices
            $requestBody['HostConfig']['DeviceCgroupRules'] = ["b *:* rmw"];
        // Special things for the makemkv container which should not be exposed in the containers.json
        } elseif ($container->identifier === 'nextcloud-aio-makemkv') {
            // Allow it to access block devices
            $requestBody['HostConfig']['DeviceCgroupRules'] = ["b 11:* rmw", "c 21:* rmw"];
        }
        if (count($mounts) > 0) {
@@ -494,7 +503,7 @@ readonly class DockerActionManager {
        $url = $this->BuildApiUrl('containers/create?name=' . $container->identifier);
        try {
-            $this->guzzleClient->request(
+            $this->sendHttpRequest(
                'POST',
                $url,
                [
@@ -551,10 +560,10 @@ readonly class DockerActionManager {
        $imageIsThere = true;
        try {
            if ($addToStreamingResponseBody) {
-                $addToStreamingResponseBody($container, "Pulling image");
+                $addToStreamingResponseBody("Pulling image", $container);
            }
            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $encodedImageName));
-            $this->guzzleClient->get($imageUrl)->getBody()->getContents();
+            $this->sendHttpRequest('GET', $imageUrl)->getBody()->getContents();
        } catch (\Throwable $e) {
            $imageIsThere = false;
        }
@@ -562,7 +571,7 @@ readonly class DockerActionManager {
        $maxRetries = 3;
        for ($attempt = 1; $attempt <= $maxRetries; $attempt++) {
            try {
-                $this->guzzleClient->post($url);
+                $this->sendHttpRequest('POST', $url);
                break;
            } catch (RequestException $e) {
                $message = "Could not pull image " . $imageName . " (attempt $attempt/$maxRetries): " . $e->getResponse()?->getBody()->getContents();
@@ -647,11 +656,11 @@ readonly class DockerActionManager {
    private function GetRepoDigestsOfContainer(string $containerName): ?array {
        try {
            $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
-            $containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
+            $containerOutput = json_decode($this->sendHttpRequest('GET', $containerUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
            $imageName = $containerOutput['Image'];
            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
-            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
+            $imageOutput = json_decode($this->sendHttpRequest('GET', $imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
            if (!isset($imageOutput['RepoDigests'])) {
                error_log('RepoDigests is not set of container ' . $containerName);
@@ -695,7 +704,7 @@ readonly class DockerActionManager {
        $containerName = 'nextcloud-aio-mastercontainer';
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
        try {
-            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
+            $output = json_decode($this->sendHttpRequest('GET', $url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
            $imageNameArray = explode(':', $output['Config']['Image']);
            if (count($imageNameArray) === 2) {
                $imageName = $imageNameArray[0];
@@ -722,7 +731,7 @@ readonly class DockerActionManager {
        $containerName = 'nextcloud-aio-mastercontainer';
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
        try {
-            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
+            $output = json_decode($this->sendHttpRequest('GET', $url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
            $tagArray = explode(':', $output['Config']['Image']);
            if (count($tagArray) === 2) {
                $tag = $tagArray[1];
@@ -763,48 +772,69 @@ readonly class DockerActionManager {
    }
    public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh'): void {
-        if ($this->GetContainerStartingState($container) === ContainerState::Running) {
+        $this->execCommandInContainer($container, ['bash', $file, $subject, $message]);
    }
-            $containerName = $container->identifier;
+    public function execCommandInContainer(Container $container, array $cmd, ?\Closure $outputCallback = null): void {
        if ($cmd === []) {
            throw new \InvalidArgumentException('$cmd must not be empty.');
        }
        foreach ($cmd as $arg) {
            if (!is_string($arg) || $arg === '') {
                throw new \InvalidArgumentException('Every element of $cmd must be a non-empty string.');
            }
        }
-            // schedule the exec
+        if ($this->GetContainerStartingState($container) !== ContainerState::Running) {
-            $url = $this->BuildApiUrl(sprintf('containers/%s/exec', urlencode($containerName)));
+            return;
-            $response = json_decode(
+        }
                $this->guzzleClient->request(
                    'POST',
                    $url,
                    [
                        'json' => [
                            'AttachStdout' => true,
                            'Tty' => true,
                            'Cmd' => [
                                'bash',
                                $file,
                                $subject,
                                $message
                            ],
                        ],
                    ]
                )->getBody()->getContents(),
                true,
                512,
                JSON_THROW_ON_ERROR,
            );
-            $id = $response['Id'];
+        $containerName = $container->identifier;
-            // start the exec
+        // Create exec instance
-            $url = $this->BuildApiUrl(sprintf('exec/%s/start', $id));
+        $url = $this->BuildApiUrl(sprintf('containers/%s/exec', urlencode($containerName)));
-            $this->guzzleClient->request(
+        $response = json_decode(
            $this->sendHttpRequest(
                'POST',
                $url,
                [
                    'json' => [
-                        'Detach' => false,
+                        'AttachStdout' => true,
                        'AttachStderr' => true,
                        'Tty' => true,
                        'Cmd' => $cmd,
                    ],
                ]
-            );
+            )->getBody()->getContents(),
            true,
            512,
            JSON_THROW_ON_ERROR,
        );
        $execId = $response['Id'];
        // Start exec
        $url = $this->BuildApiUrl(sprintf('exec/%s/start', $execId));
        $requestOptions = [
            'json' => [
                'Detach' => false,
                'Tty' => true,
            ],
        ];
        if ($outputCallback !== null) {
            $requestOptions['stream'] = true;
        }
        $startResponse = $this->sendHttpRequest('POST', $url, $requestOptions);
        if ($outputCallback !== null) {
            $body = $startResponse->getBody();
            while (!$body->eof()) {
                $line = rtrim(Utils::readLine($body), "\r");;
                if ($line !== '') {
                    $outputCallback($line);
                }
            }
        }
    }
@@ -815,7 +845,7 @@ readonly class DockerActionManager {
        );
        try {
-            $this->guzzleClient->request(
+            $this->sendHttpRequest(
                'POST',
                $url,
                [
@@ -836,7 +866,7 @@ readonly class DockerActionManager {
        if ($createNetwork) {
            $url = $this->BuildApiUrl('networks/create');
            try {
-                $this->guzzleClient->request(
+                $this->sendHttpRequest(
                    'POST',
                    $url,
                    [
@@ -865,7 +895,7 @@ readonly class DockerActionManager {
        }
        try {
-            $this->guzzleClient->request(
+            $this->sendHttpRequest(
                'POST',
                $url,
                [
@@ -910,7 +940,7 @@ readonly class DockerActionManager {
        }
        $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->identifier), $maxShutDownTime));
        try {
-            $this->guzzleClient->post($url);
+            $this->sendHttpRequest('POST', $url);
        } catch (RequestException $e) {
            if ($e->getCode() !== 404 && $e->getCode() !== 304) {
                throw $e;
@@ -922,7 +952,7 @@ readonly class DockerActionManager {
        $containerName = 'nextcloud-aio-borgbackup';
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName)));
        try {
-            $response = $this->guzzleClient->get($url);
+            $response = $this->sendHttpRequest('GET', $url);
        } catch (RequestException $e) {
            if ($e->getCode() === 404) {
                return -1;
@@ -944,7 +974,7 @@ readonly class DockerActionManager {
        $containerName = 'nextcloud-aio-database';
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName)));
        try {
-            $response = $this->guzzleClient->get($url);
+            $response = $this->sendHttpRequest('GET', $url);
        } catch (RequestException $e) {
            if ($e->getCode() === 404) {
                return -1;
@@ -984,7 +1014,7 @@ readonly class DockerActionManager {
        $imageName = $imageName . ':' . $this->GetCurrentChannel();
        try {
            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
-            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
+            $imageOutput = json_decode($this->sendHttpRequest('GET', $imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
            if (!isset($imageOutput['Created'])) {
                error_log('Created is not set of image ' . $imageName);
@@ -1029,6 +1059,11 @@ readonly class DockerActionManager {
        }
    }
    public function RunNextcloudUpgradeToLatestMajor(\Closure $addToStreamingResponseBody): void {
        $container = $this->containerDefinitionFetcher->GetContainerById('nextcloud-aio-nextcloud');
        $this->execCommandInContainer($container, ['bash', '/upgrade-latest-major.sh'], $addToStreamingResponseBody);
    }
    public function SystemPrune(?\Closure $addToStreamingResponseBody = null): void {
        $endpoints = [
            // Remove stopped containers
@@ -1057,7 +1092,7 @@ readonly class DockerActionManager {
            }
            try {
-                $response = $this->guzzleClient->post($url);
+                $response = $this->sendHttpRequest('POST', $url);
                if ($addToStreamingResponseBody !== null) {
                    $data = json_decode((string)$response->getBody(), true);
                    $deleted = 0;
@@ -1095,4 +1130,12 @@ readonly class DockerActionManager {
            sleep(10);
        }
    }
    protected function sendHttpRequest(string $httpMethod, string $url, array $requestOptions = []): \Psr\Http\Message\ResponseInterface {
        if (($requestOptions['stream'] ?? null) === true) {
            $requestOptions['proxy'] = 'unix:///var/run/docker.sock';
        }
        return $this->guzzleClient->request($httpMethod, $url, $requestOptions);
    }
 }
@@ -27,7 +27,7 @@
            <script type="text/javascript" src="timezone.js?v1"></script>
            {# js for optional containers and additional containers forms #}
-            <script type="text/javascript" src="containers-form-submit.js?v7"></script>
+            <script type="text/javascript" src="containers-form-submit.js?v8"></script>
            {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
            {% set isAnyRunning = false %}
@@ -298,7 +298,12 @@
                                {% if newMajorVersionString != '' and isAnyRunning == true and isApacheStarting != true %}
                                    <details>
                                    <summary>Note about <strong>Nextcloud Hub {{ newMajorVersionString }}</strong></summary>
-                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersionString }} yet and want to do that now, feel free to follow <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/8223">this documentation</a></strong></p>
+<p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersionString }} yet and want to do that now, feel free to click the button below. ⚠️ Warning: make sure to create a backup before clicking the button as the update can go wrong and will leave your instance in a broken state!</p>
                                        <form method="POST" action="api/docker/nextcloud-upgrade-to-latest-major" target="overlay-log">
                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                            <input type="submit" value="Upgrade to Nextcloud Hub {{ newMajorVersionString }}" data-confirm="Upgrade to Nextcloud Hub {{ newMajorVersionString }}? You should consider creating a backup first." />
                                        </form>
                                    </details>
                                {% endif %}
                            {% endif %}
@@ -1 +1 @@
-13.1.0
+13.2.1
@@ -14,6 +14,42 @@
        <p>Choose your preferred office suite. Only one can be enabled at a time.</p>
    {% endif %}
    <div class="office-suite-cards">
        <input
            type="radio"
            id="office-eurooffice"
            name="office_suite_choice"
            value="eurooffice"
            class="office-radio"
            {% if is_eurooffice_enabled == true %}
                checked="checked"
            {% endif %}
        >
        <label class="office-card{{ isAnyRunning ? ' office-card-disabled' : '' }}" for="office-eurooffice">
            <div class="office-card-header">
                <div>
                    <h4>Nextcloud Office</h4>
                    <p class="office-powered-by">powered by Euro-Office</p>
                </div>
                <svg class="office-checkmark" width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
                    <circle cx="12" cy="12" r="10" fill="var(--color-nextcloud-blue)"/>
                    <path d="M7 12L10.5 15.5L17 9" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
                </svg>
            </div>
            <ul class="office-features">
                <li>Good Nextcloud integration</li>
                <li>Open source</li>
                <li>Best performance</li>
                <li>Limited ODF compatibility</li>
                <li>Best Microsoft compatibility</li>
                <li>Good security</li>
            </ul>
            {% if isAnyRunning == false %}
                <a href="https://github.com/Euro-Office" target="_blank" class="office-learn-more" data-stop-event-propagation="true">
                    Learn more
                </a>
            {% endif %}
        </label>
        <input type="hidden" id="eurooffice" name="eurooffice" value="" data-initial-state="{% if is_eurooffice_enabled == true %}true{% else %}false{% endif %}">
        <input
            type="radio"
            id="office-collabora"
@@ -26,7 +62,10 @@
        >
        <label class="office-card{{ isAnyRunning ? ' office-card-disabled' : '' }}" for="office-collabora">
            <div class="office-card-header">
-                <h4>Nextcloud Office</h4>
+                <div>
                    <h4>Nextcloud Office</h4>
                    <p class="office-powered-by">powered by Collabora Online</p>
                </div>
                <svg class="office-checkmark" width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
                    <circle cx="12" cy="12" r="10" fill="var(--color-nextcloud-blue)"/>
                    <path d="M7 12L10.5 15.5L17 9" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
@@ -36,9 +75,9 @@
                <li>Best Nextcloud integration</li>
                <li>Open source</li>
                <li>Good performance</li>
                <li>Best security: documents never leave your server</li>
                <li>Best ODF compatibility</li>
                <li>Best support for legacy files</li>
                <li>Best security: documents never leave your server</li>
            </ul>
            {% if isAnyRunning == false %}
                <a href="https://www.collaboraoffice.com/code/" target="_blank" class="office-learn-more" data-stop-event-propagation="true">
@@ -60,18 +99,22 @@
        >
        <label class="office-card{{ isAnyRunning ? ' office-card-disabled' : '' }}" for="office-onlyoffice">
            <div class="office-card-header">
-                <h4>OnlyOffice</h4>
+                <div>
                    <h4>ONLYOFFICE (deprecated)</h4>
                    <p class="office-powered-by">by Ascensio System SIA</p>
                </div>
                <svg class="office-checkmark" width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
                    <circle cx="12" cy="12" r="10" fill="var(--color-nextcloud-blue)"/>
                    <path d="M7 12L10.5 15.5L17 9" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
                </svg>
            </div>
            <ul class="office-features">
-                <li>Good Nextcloud integration</li>
+                <li>OK Nextcloud integration</li>
-                <li>Open core</li>
+                <li>Open Core</li>
                <li>Best performance</li>
                <li>Best Microsoft compatibility</li>
                <li>Limited ODF compatibility</li>
                <li>Best Microsoft compatibility</li>
                <li>Good security</li>
            </ul>
            {% if isAnyRunning == false %}
                <a href="https://www.onlyoffice.com/" target="_blank" class="office-learn-more" data-stop-event-propagation="true">
@@ -90,7 +133,7 @@
                name="office_suite_choice"
                value=""
                class="office-radio"
-                {% if is_collabora_enabled == false and is_onlyoffice_enabled == false %}
+                {% if is_collabora_enabled == false and is_onlyoffice_enabled == false and is_eurooffice_enabled == false %}
                    checked="checked"
                {% endif %}
            >
@@ -224,7 +267,7 @@
 </form>
 <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
 {% if isAnyRunning == true %}
-    <script type="text/javascript" src="disable-containers.js"></script>
+    <script type="text/javascript" src="disable-containers.js?v1"></script>
 {% endif %}
 {% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %}
@@ -2,7 +2,7 @@
 <html lang="en">
    <head>
        <title>AIO</title>
-        <link rel="stylesheet" href="style.css?v10" media="all" />
+        <link rel="stylesheet" href="style.css?v12" media="all" />
        <link rel="icon" href="img/favicon.png">
        <script type="text/javascript" src="forms.js?v2"></script>
        <script type="text/javascript" src="toggle-dark-mode.js?v2"></script>
@@ -2,7 +2,7 @@
    <head>
        <title>AIO</title>
        <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-        <link rel="stylesheet" href="style.css?v1">
+        <link rel="stylesheet" href="style.css?v12">
        <link rel="stylesheet" href="logs.css?v1">
        <link rel="icon" href="img/favicon.png">
        <script src="apply-theme.js?v1"></script>
@@ -1,4 +0,0 @@
 FROM docker.io/library/composer:latest
 RUN pecl bundle -d /usr/src/php/ext apcu \
 && docker-php-ext-install apcu
@@ -1,107 +0,0 @@
 # This setup expects that you run the services via profiles!
 # Usage: docker compose --profile local-code up
 #    or: docker compose --profile code-from-image up
 name: nextcloud-aio
 services:
  composer:
    image: localhost/composer:latest
    build: Containers/composer
    pull_policy: never
    volumes:
      - ..:/app
    working_dir: /app
    command: |-
      bash -c '
        test -d ./data && rm -r ./data
        test -d ./session && rm -r ./session
        composer install --no-dev
        composer clear-cache
      '
  app-base:
    image: ghcr.io/nextcloud-releases/all-in-one:develop${ARM64_SUFFIX-}
    pull_policy: always # Always pull so we don't risk to run into the "Update for mastercontainer" page.
    init: true
    restart: always
    network_mode: bridge
    ports:
      - "8080:8080"
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - backup_vol:/mnt/test
    profiles:
      - none
    environment:
      SKIP_DOMAIN_VALIDATION: ${SKIP_DOMAIN_VALIDATION-true}
      APACHE_PORT: 11000
    entrypoint: bash /start.sh
  app-code-from-image:
    extends: app-base
    container_name: nextcloud-aio-mastercontainer
    profiles:
      - code-from-image
  app-local-code:
    extends: app-base
    container_name: nextcloud-aio-mastercontainer
    depends_on:
      composer:
        condition: service_completed_successfully
    volumes:
      - ..:/var/www/docker-aio/php
      - ../../Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile
      - ../../Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile
      - ../../Containers/mastercontainer/start.sh:/start.sh
    profiles:
      - local-code
  test-runner-base:
    image: mcr.microsoft.com/playwright:v1.56.1
    volumes:
      - ..:/app
    working_dir: /app
    extra_hosts:
      - "host.docker.internal:host-gateway"
    ports:
      - '9323:9323' # to view test reports
    profiles:
      - none
    environment:
      BASE_URL: "https://host.docker.internal:8080"
      DEBUG: "pw:api"
    command: |-
      bash -c "
        cd tests
        # Install dependencies
        npm ci
        # Run the initial setup tests
        npx playwright test "${TESTS_FILE-}"
        exit $?
      "
  test-runner-code-from-image:
    extends: test-runner-base
    container_name: test-runner
    profiles:
      - code-from-image
    depends_on:
      app:
        condition: service_healthy
  test-runner-local-code:
    extends: test-runner-base
    container_name: test-runner
    profiles:
      - local-code
    depends_on:
      app-local-code:
        condition: service_healthy
 volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer
  backup_vol:
@@ -1,62 +0,0 @@
 #!/usr/bin/env bash
 if [[ "$1" = -* ]]; then
    echo "Usage $(basename $0) [PLAYWRIGHT_TESTS_FILE]"
    exit 1
 fi
 cd $(dirname $0)/../..
 DOCO="docker compose -f ./php/tests/compose.yaml"
 if [[ $(uname -m) = 'arm64' ]]; then
    export ARM64_SUFFIX='-arm64'
 fi
 run_tests() {
    export TESTS_FILE="$1"
    export SKIP_DOMAIN_VALIDATION
    if [[ -n "$TEST_CODE_FROM_IMAGE" ]]; then
        profile="code-from-image"
    else
        profile="local-code"
    fi
    # Clean up old containers and volumes
    docker container rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} > /dev/null 2>&1
    docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} > /dev/null 2>&1
    $DOCO --profile $profile down -v
    sleep 1
    echo -e "\n 📣  Running playwright tests for ${TESTS_FILE}\n"
    if ! $DOCO --profile $profile run --remove-orphans test-runner-$profile; then
        for container in nextcloud-aio-{mastercontainer,borgbackup}; do
            if docker container list --format="{{ .Names }}" | grep -q "$container"; then
                echo -e "\n 📣  Log output from container ${container}:\n"
                docker logs nextcloud-aio-mastercontainer 
            fi
        done
    fi
 }
 if [[ -n "$1" ]]; then
    if [[ ! -f "$1" ]]; then
        echo "Error: file '$1' does not exist."
        exit 1
    fi
    # Not using coreutil's `realpath --relative-to` here since that is not available on BSD/mac systems.
    fullpath="$(realpath "$1")"
    prefix="$(realpath ./php/tests)"
    relpath="${fullpath#"$prefix"/}"
    : ${SKIP_DOMAIN_VALIDATION:-false}
    run_tests "$relpath"
 else
    SKIP_DOMAIN_VALIDATION=true
    run_tests tests/initial-setup.spec.js
    sleep 1
    SKIP_DOMAIN_VALIDATION=false
    run_tests tests/restore-instance.spec.js
 fi
@@ -69,7 +69,7 @@ test('Initial setup', async ({ page: setupPage }) => {
  const initialNextcloudPassword = await containersPage.locator('#initial-nextcloud-password').innerText();
  // Set backup location and create backup
-  const borgBackupLocation = `/tmp/test/aio-${Math.floor(Math.random() * 2147483647)}`
+  const borgBackupLocation = `/mnt/test/aio-${Math.floor(Math.random() * 2147483647)}`
  await containersPage.locator('#borg_backup_host_location').click();
  await containersPage.locator('#borg_backup_host_location').fill(borgBackupLocation);
  await containersPage.getByRole('button', { name: 'Submit backup location' }).click();
@@ -32,7 +32,7 @@ test('Restore instance', async ({ page: setupPage }) => {
  // Reject invalid backup location
  await containersPage.locator('#borg_restore_host_location').click();
-  await containersPage.locator('#borg_restore_host_location').fill('/tmp/test/aio-incorrect-path');
+  await containersPage.locator('#borg_restore_host_location').fill('/mnt/test/aio-incorrect-path');
  await containersPage.locator('#borg_restore_password').click();
  await containersPage.locator('#borg_restore_password').fill(borgBackupPassword);
  await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click()
@@ -118,6 +118,7 @@ flowchart TB
        subgraph OPT["  🧩  Optional Built-in Containers  (enable in AIO interface)  "]
            COLLA(["📄 Nextcloud Office"]):::opt
            OO(["📄 OnlyOffice\nDocument Server"]):::opt
            EO(["📄 EuroOffice\nDocument Server"]):::opt
            TALK(["🎙️ Talk\nVideo & Voice calls"]):::opt
            TALKREC(["🎬 Talk Recording"]):::opt
            FTS(["🔎 Full-text Search\n(Elasticsearch)"]):::opt
@@ -523,6 +523,7 @@ server {
    location / {
        proxy_pass http://127.0.0.1:11000$request_uri; # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Scheme $scheme;
@@ -13,7 +13,7 @@ For the below to work, it is important that you have a domain that you point ont
 - [ ] Below that you should see a section `Optional addons` which shows a checkbox list with addons that can be enabled or disabled.
    - [ ] Collabora, Imaginary, Talk and Whiteboard should be enabled, the rest disabled
    - [ ] Unchecking/Checking any of these should insert a button that allows to save the set config
-    - [ ] Checking OnlyOffice and Collabora at the same time should show a warning that this is not supported and should  not saving the new config
+    - [ ] Only one of Collabora, OnlyOffice and EuroOffice should be selectable at the same time
    - [ ] Recommended is to uncheck all options now
    - [ ] Clicking on the save button should reload the page and activate the new config
 - [ ] Clickig on the `Start containers` button should finally reveal a big spinning wheel that should block all elements on the side of being clicked.
Author	SHA1	Message	Date
Simon L.	b5db690518	add AI-Policy and Contributing and agents.md files to the repo Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-10 12:55:30 +02:00
Simon L.	9b981918b0	fix(apache): send X-Forwarded-Prefix for EuroOffice SDK assets (#8290 )	2026-06-09 17:51:02 +02:00
James Manuel	4bbd561aba	🐛 fix(apache): remove redundant X-Forwarded-Host header Caddy sets X-Forwarded-Host by default in reverse_proxy blocks. The explicit header_up is unnecessary. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: James Manuel <moodyjmz@users.noreply.github.com>	2026-06-09 16:19:41 +02:00
James Manuel	aa56b603ab	🐛 fix(apache): send X-Forwarded-Prefix for EuroOffice SDK assets EuroOffice nginx maps $http_x_forwarded_prefix to construct SDK asset URLs (e.g. /eurooffice/sdkjs/...). Without this header the prefix is empty and the browser requests /sdkjs/... which Caddy routes to Nextcloud → 404. Send X-Forwarded-Prefix as a separate header instead of appending the path to X-Forwarded-Host (as the OnlyOffice block does), matching EuroOffice nginx expectations. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: James Manuel <moodyjmz@users.noreply.github.com>	2026-06-09 16:19:41 +02:00
Simon L.	4a35fda9d2	make database dump logic even more failure proof (#8286 )	2026-06-09 15:17:08 +02:00
Simon L.	3a6ffcd9e9	make database dump logic even more failure proof Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-09 15:13:41 +02:00
Simon L.	e659d3e047	PHP dependency updates (#8284 )	2026-06-09 14:58:24 +02:00
szaimen	7c2d0128ff	php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-06-09 12:54:58 +00:00
Simon L.	3de2d79cd6	aio-interface: mark Onlyoffice as deprecated (#8283 )	2026-06-09 14:47:43 +02:00
Simon L.	5b17e9368e	makemkv: allow it to access the necessary devices (#8276 )	2026-06-09 14:45:19 +02:00
Simon L.	f22ed12c4b	aio-interface: add background to log overlay and use monospace font (#8271 )	2026-06-09 14:42:10 +02:00
Simon L.	e30f416d55	makemkv: allow it to access the necessary devices Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-09 14:33:34 +02:00
Simon L.	0ca4307bcb	allow scrutiny to access all block devices (#8275 )	2026-06-09 14:32:48 +02:00
Simon L.	313c39d2bc	Apply suggestion from @szaimen Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-09 14:31:23 +02:00
Simon L.	f7f107a3e5	aio-interface: mark Onlyoffice as deprecated Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-09 14:25:48 +02:00
Simon L.	fe1ad77a45	build(deps): bump actions/checkout from 6.0.2 to 6.0.3 in /.github/workflows (#8281 )	2026-06-09 14:22:31 +02:00
Simon L.	8018fc9802	build(deps): bump httpd from 2.4.67-alpine3.23 to 2.4.68-alpine3.23 in /Containers/apache (#8280 )	2026-06-09 14:22:17 +02:00
Simon L.	0c80e3071e	build(deps): bump guzzlehttp/guzzle from 7.11.0 to 7.11.1 in /php (#8277 )	2026-06-09 14:21:54 +02:00
Simon L.	bec4f533cb	build(deps): bump php from 8.5.6-fpm-alpine3.23 to 8.5.7-fpm-alpine3.23 in /Containers/mastercontainer (#8270 )	2026-06-09 14:21:39 +02:00
Simon L.	d6c6601b29	build(deps): bump collabora/code from 26.04.1.3.1 to 26.04.1.4.1 in /Containers/collabora (#8269 )	2026-06-09 14:21:23 +02:00
Simon L.	851cc26663	build(deps): bump docker from 29.5.2-cli to 29.5.3-cli in /Containers/mastercontainer (#8261 )	2026-06-09 14:20:55 +02:00
Simon L.	d6644fd6a3	Helm Chart updates (#8282 )	2026-06-09 14:09:17 +02:00
szaimen	4c998aff73	Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-06-09 12:05:08 +00:00
dependabot[bot]	99b5c181b1	build(deps): bump actions/checkout in /.github/workflows Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-09 12:04:47 +00:00
Simon L.	bc5ca59675	Yaml updates (#8213 )	2026-06-09 14:03:31 +02:00
dependabot[bot]	5a7f543754	build(deps): bump httpd in /Containers/apache Bumps httpd from 2.4.67-alpine3.23 to 2.4.68-alpine3.23. --- updated-dependencies: - dependency-name: httpd dependency-version: 2.4.68-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-09 04:08:13 +00:00
szaimen	e2380aa521	Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-06-08 13:30:58 +00:00
dependabot[bot]	39f4808376	build(deps): bump guzzlehttp/guzzle from 7.11.0 to 7.11.1 in /php Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.11.0 to 7.11.1. - [Release notes](https://github.com/guzzle/guzzle/releases) - [Changelog](https://github.com/guzzle/guzzle/blob/7.11/CHANGELOG.md) - [Commits](https://github.com/guzzle/guzzle/compare/7.11.0...7.11.1) --- updated-dependencies: - dependency-name: guzzlehttp/guzzle dependency-version: 7.11.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-08 12:05:10 +00:00
Simon L.	aadadf4460	allow scrutiny to access all block devices Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-08 11:49:54 +02:00
Simon L.	52f8dc9043	increase to 13.2.1 Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-08 10:18:48 +02:00
Simon L.	e96f5b43fa	fulltextsearch: fix healthcheck (#8267 )	2026-06-08 10:16:39 +02:00
copilot-swe-agent[bot]	1f91919dca	fix(overlay): add background to log overlay and use monospace font Fixes two issues from #8089: - Add background-color to overlay-log so the container is visible before text starts appearing - Use monospace font in overlay iframe content for better log readability - Bump CSS cache version to v12	2026-06-08 08:11:59 +00:00
dependabot[bot]	9c276df668	build(deps): bump php in /Containers/mastercontainer Bumps php from 8.5.6-fpm-alpine3.23 to 8.5.7-fpm-alpine3.23. --- updated-dependencies: - dependency-name: php dependency-version: 8.5.7-fpm-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-08 04:07:45 +00:00
dependabot[bot]	95f1691352	build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 26.04.1.3.1 to 26.04.1.4.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 26.04.1.4.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-08 04:07:28 +00:00
Simon L.	6cbf5eeefb	fulltextsearch: fix healthcheck Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-06 22:24:52 +02:00
dependabot[bot]	25c7b8f7ef	build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.5.2-cli to 29.5.3-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.5.3-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-05 04:06:24 +00:00
Simon L.	5393ffbb81	doc: add missing proxy header in reverse-proxy.md (#8260 )	2026-06-04 22:15:38 +02:00
Clément Pivot	3cee8b2dda	Update reverse-proxy.md fix: add missing nginx proxy header Signed-off-by: Clément Pivot <8830707+Clement-Pivot@users.noreply.github.com>	2026-06-04 20:45:56 +02:00
Copilot	6375921282	add eurooffice (#8052 )	2026-06-04 12:42:02 +02:00
Simon L.	792549c904	build(deps): bump golang from 1.26.3-alpine3.23 to 1.26.4-alpine3.23 in /Containers/watchtower (#8254 )	2026-06-04 10:07:30 +02:00
Simon L.	50eea8421b	build(deps): bump nats from 2.14.1-scratch to 2.14.2-scratch in /Containers/talk (#8253 )	2026-06-04 10:07:05 +02:00
Simon L.	9ea710ba0e	build(deps): bump caddy from 2.11.3-builder-alpine to 2.11.4-builder-alpine in /Containers/mastercontainer (#8252 )	2026-06-04 10:06:29 +02:00
Simon L.	4940ece62a	build(deps): bump golang from 1.26.3-alpine3.23 to 1.26.4-alpine3.23 in /Containers/imaginary (#8251 )	2026-06-04 10:06:04 +02:00
Simon L.	eed6c74e0c	build(deps): bump haproxy from 3.3.10-alpine to 3.4.0-alpine in /Containers/docker-socket-proxy (#8250 )	2026-06-04 10:05:25 +02:00
Simon L.	ee7d639a0e	build(deps): bump caddy from 2.11.3-alpine to 2.11.4-alpine in /Containers/apache (#8249 )	2026-06-04 10:04:47 +02:00
Simon L.	7fc2a134b7	build(deps): bump collabora/code from 25.04.10.3.1 to 26.04.1.3.1 in /Containers/collabora (#8255 )	2026-06-04 10:03:04 +02:00
dependabot[bot]	bd1d52b220	build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.10.3.1 to 26.04.1.3.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 26.04.1.3.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-04 04:34:29 +00:00
dependabot[bot]	d8e42d2fd8	build(deps): bump golang in /Containers/watchtower Bumps golang from 1.26.3-alpine3.23 to 1.26.4-alpine3.23. --- updated-dependencies: - dependency-name: golang dependency-version: 1.26.4-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-03 21:58:33 +00:00
dependabot[bot]	8b6ff83c19	build(deps): bump nats in /Containers/talk Bumps nats from 2.14.1-scratch to 2.14.2-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.14.2-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-03 21:58:17 +00:00
dependabot[bot]	82f2e9dca1	build(deps): bump caddy in /Containers/mastercontainer Bumps caddy from 2.11.3-builder-alpine to 2.11.4-builder-alpine. --- updated-dependencies: - dependency-name: caddy dependency-version: 2.11.4-builder-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-03 21:57:41 +00:00
dependabot[bot]	414ef03706	build(deps): bump golang in /Containers/imaginary Bumps golang from 1.26.3-alpine3.23 to 1.26.4-alpine3.23. --- updated-dependencies: - dependency-name: golang dependency-version: 1.26.4-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-03 21:57:30 +00:00
dependabot[bot]	f668767765	build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.3.10-alpine to 3.4.0-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.4.0-alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-03 21:57:25 +00:00
dependabot[bot]	2b8de735dc	build(deps): bump caddy in /Containers/apache Bumps caddy from 2.11.3-alpine to 2.11.4-alpine. --- updated-dependencies: - dependency-name: caddy dependency-version: 2.11.4-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-03 21:56:07 +00:00
Simon L.	21250f8ea8	talk-recording: adjust listen address back to 0.0.0.0 as talk-recording listen address does not officially support ipv6 yet (#8246 )	2026-06-03 13:34:42 +02:00
Simon L.	dc69f69e74	talk-recording: adjust listen address back to 0.0.0.0 as talk-recording listen address does not officially support ipv6 yet Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-03 13:32:04 +02:00
Simon L.	f28b2a7c1e	overlay-log: make it a bit less wide Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-03 12:59:57 +02:00
Simon L.	1b1a15edba	increase to v13.2.0 Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-03 12:42:21 +02:00
Copilot	1f94bc8af0	aio-interface: extract Nextcloud latest-major upgrade logic to dedicated script and add UI trigger button (#7988 ) * Extract Nextcloud major upgrade logic to script and add UI button Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/8cd11b09-5073-4e27-8e59-9afffaf96c1f Rename sendNotification to execCommandInContainer and reuse for upgrade method Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/88744552-9d64-4de2-9f64-5a98a5e3b200 Add $cmd array validation to execCommandInContainer Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/45d5228c-7834-404e-ba54-90b5c8c207c8 Apply suggestion from @szaimen Signed-off-by: Simon L. <szaimen@e.mail.de> Apply suggestion from @szaimen Signed-off-by: Simon L. <szaimen@e.mail.de> Apply suggestion from @szaimen Signed-off-by: Simon L. <szaimen@e.mail.de> Apply suggestion from @szaimen Signed-off-by: Simon L. <szaimen@e.mail.de> Set installLatestMajor when upgrade-to-latest-major button is clicked Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/7b977c85-9b74-4027-a536-152e49a01976 Extract getLatestMajorVersion() to avoid duplicating the version string Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/d5ec921f-8629-4f6e-949a-e8f89f1eb85f Address PR review comments and hardcode updater channel to stable Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/c40941ff-2bf8-4a57-82be-2a0bd22b19a2 Restore sendNotification(), update cron files, extract getPlainStreamingCallback() Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/a5b6cd86-d278-4771-8a11-976c4a862966 Remove getPlainStreamingCallback, unify on getAddToStreamingResponseBody Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/15a4b815-076b-469f-95b2-c61df688a28d Revert "Remove getPlainStreamingCallback, unify on getAddToStreamingResponseBody" This reverts commit 6846c3a99549703121461f910cc26e6c116e0dc4. * Refactor creating and using addToStreamingResponseBody() This way we stick to having one implementation of the function, not three. Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Read streamed output line by line, not via buffer This way the code doesn't wait for a buffer to be filled, and we don't need to implement logic ourselves that is provided by a present library already. Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Ensure all HTTP requests are proxied, even with streaming When requesting a streamed response, Guzzle apparently doesn't use curl, and thus we have to specify the unix socket proxy differently. We can't specify it when creating the client, though (Guzzle complains). Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Fix syntax errors Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Remove broken code Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Fix readline line from streaming response Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Strip ANSI codes from command output before sending it to the browser Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Run PHP commands as www-data Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Properly compare version numbers Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Fix using memory limits from env Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Fix return type spec This method always returns a closure, never null. Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Use more general return type Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Avoid psalm complaint Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Fix namespace of return type Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> * Apply suggestion from @szaimen Signed-off-by: Simon L. <szaimen@e.mail.de> --------- Signed-off-by: Pablo Zmdl <pablo@nextcloud.com> Signed-off-by: Simon L. <szaimen@e.mail.de> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Pablo Zmdl <pablo@nextcloud.com> Co-authored-by: Simon L. <szaimen@e.mail.de>	2026-06-03 12:38:50 +02:00