add githubstatus check also to deploying to beta instructions

Signed-off-by: Simon L. <szaimen@e.mail.de>

.github/pull_request_template.md

@@ -3,6 +3,3 @@
   -
   - Before sending a pull request that fixes a security issue please report it via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/). This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
 -->
-
-* Resolves: # <!-- related github issue -->
-* [Sign-off message](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md) is added to all commits

.github/workflows/lint-yaml.yml

@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
+        uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

Containers/apache/Dockerfile

@@ -79,7 +79,8 @@ RUN set -ex; \
     chmod 777 -R /usr/local/apache2/logs; \
     rm -rf /usr/local/apache2/cgi-bin/; \
     \
-    echo "root:$(openssl rand -base64 12)" | chpasswd
+    echo "root:$(openssl rand -base64 12)" | chpasswd; \
+    apk --no-cache del openssl
 
 USER 33
 

Containers/collabora/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.8.2.1
+FROM collabora/code:25.04.8.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

Containers/docker-socket-proxy/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.3.2-alpine
+FROM haproxy:3.3.3-alpine
 
 # hadolint ignore=DL3002
 USER root

Containers/fulltextsearch/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.10
+FROM elasticsearch:8.19.11
 
 USER root
 

Containers/imaginary/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.6-alpine3.23 AS go
+FROM golang:1.26.0-alpine3.23 AS go
 
 ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 

Containers/mastercontainer/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.2.0-cli AS docker
+FROM docker:29.2.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.2-alpine AS caddy

Containers/mastercontainer/start.sh

@@ -166,7 +166,7 @@ elif ! sudo -E -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nex
     print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
 Using a different name is not supported since the built-in backup solution will not work in that case!"
     exit 1
-elif ! sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer --format '{{.Mounts}}' | grep -q " nextcloud_aio_mastercontainer "; then
+elif ! sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
     print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
 This is not supported since the built-in backup solution will not work in that case!"
     exit 1

Containers/nextcloud/Dockerfile

@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.5
+ENV NEXTCLOUD_VERSION=32.0.6
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

Containers/postgresql/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/17/alpine3.23/Dockerfile
-FROM postgres:17.7-alpine
+FROM postgres:17.8-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/redis/Dockerfile

@@ -10,6 +10,7 @@ RUN set -ex; \
     \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
+    apk --no-cache del openssl; \
     \
 # Get rid of unused binaries
     rm -f /usr/local/bin/gosu;

Containers/talk-recording/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.14.2-alpine3.23
+FROM python:3.14.3-alpine3.23
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/talk/Dockerfile

@@ -1,10 +1,10 @@
 # syntax=docker/dockerfile:latest
 FROM nats:2.12.4-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
+FROM strukturag/nextcloud-spreed-signaling:2.1.0 AS signaling
 FROM alpine:3.23.3 AS janus
 
-ARG JANUS_VERSION=v1.3.3
+ARG JANUS_VERSION=v1.4.0
 WORKDIR /src
 RUN set -ex; \
     apk upgrade --no-cache -a; \

Containers/talk/server.conf.in

@@ -25,7 +25,9 @@ certificate = /etc/nginx/ssl/server.crt
 key = /etc/nginx/ssl/server.key
 
 [app]
-# Set to "true" to install pprof debug handlers.
+# Set to "true" to install pprof debug handlers. Access will only be possible
+# from IPs allowed through the "allowed_ips" option below.
+#
 # See "https://golang.org/pkg/net/http/pprof/" for further information.
 debug = false
 
@@ -270,8 +272,9 @@ connectionsperhost = 8
 #SA = NA
 
 [stats]
-# Comma-separated list of IP addresses that are allowed to access the stats
-# endpoint. Leave empty (or commented) to only allow access from "127.0.0.1".
+# Comma-separated list of IP addresses that are allowed to access the debug,
+# stats and metrics endpoints.
+# Leave empty (or commented) to only allow access from localhost.
 #allowed_ips =
 
 [etcd]

Containers/watchtower/Dockerfile

@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.25.6-alpine3.23 AS go
+FROM golang:1.26.0-alpine3.23 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=f522ce27e1fbe4618da54833025a95be62aa838a	
+ENV WATCHTOWER_COMMIT_HASH=b09b3a5c5e1094b746575a19a7fc0135c8908c9d	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.0
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.1
 
 FROM alpine:3.23.3
 

Containers/whiteboard/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.4
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.6
 
 USER root
 RUN set -ex; \

develop.md

@@ -33,6 +33,7 @@ There is a testing-VM available for the maintainer of AIO that allows for some f
 Additionally, there are now E2E tests available that can be run via https://github.com/nextcloud/all-in-one/actions/workflows/playwright.yml
 
 ## How to promote builds from develop to beta
+1. Verify that GitHub Services are running correctly: https://www.githubstatus.com/
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml, click on `Run workflow`.
 

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.5.0
+version: 12.6.1
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-apache:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260211_141900
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -36,9 +36,9 @@ spec:
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260211_141900
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260211_141900
           {{- end }}
           readinessProbe:
             exec:

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260211_141900
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260211_141900
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260211_141900
           command:
             - chmod
             - "777"
@@ -190,7 +190,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260211_141900
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml

@@ -57,7 +57,7 @@ spec:
               value: "6379"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260211_141900
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-redis:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-talk:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml

@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml

@@ -50,7 +50,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260122_105751
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/update-helm.sh

@@ -407,7 +407,7 @@ rm latest.yml
 mv latest.yml.backup latest.yml
 
 # Get version of AIO
-AIO_VERSION="$(grep 'Nextcloud AIO ' ../php/templates/includes/aio-version.twig | grep -oP '[0-9]+.[0-9]+.[0-9]+')"
+AIO_VERSION="$(grep -oP '[0-9]+.[0-9]+.[0-9]+' ../php/templates/includes/aio-version.twig)"
 sed -i "s|^version:.*|version: $AIO_VERSION|" ../helm-chart/Chart.yaml
 
 # Conversion of sample.conf

php/composer.lock

@@ -391,27 +391,27 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.8",
+            "version": "v2.0.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b"
+                "reference": "8f631589ab07b7b52fead814965f5a800459cb3e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/7581a4407012f5f53365e11bafc520fd7f36bc9b",
-                "reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/8f631589ab07b7b52fead814965f5a800459cb3e",
+                "reference": "8f631589ab07b7b52fead814965f5a800459cb3e",
                 "shasum": ""
             },
             "require": {
                 "php": "^8.1"
             },
             "require-dev": {
-                "illuminate/support": "^10.0|^11.0|^12.0",
+                "illuminate/support": "^10.0|^11.0|^12.0|^13.0",
                 "nesbot/carbon": "^2.67|^3.0",
                 "pestphp/pest": "^2.36|^3.0|^4.0",
                 "phpstan/phpstan": "^2.0",
-                "symfony/var-dumper": "^6.2.0|^7.0.0"
+                "symfony/var-dumper": "^6.2.0|^7.0.0|^8.0.0"
             },
             "type": "library",
             "extra": {
@@ -448,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2026-01-08T16:22:46+00:00"
+            "time": "2026-02-03T06:55:34+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -2888,29 +2888,29 @@
         },
         {
             "name": "doctrine/deprecations",
-            "version": "1.1.5",
+            "version": "1.1.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/doctrine/deprecations.git",
-                "reference": "459c2f5dd3d6a4633d3b5f46ee2b1c40f57d3f38"
+                "reference": "d4fe3e6fd9bb9e72557a19674f44d8ac7db4c6ca"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/doctrine/deprecations/zipball/459c2f5dd3d6a4633d3b5f46ee2b1c40f57d3f38",
-                "reference": "459c2f5dd3d6a4633d3b5f46ee2b1c40f57d3f38",
+                "url": "https://api.github.com/repos/doctrine/deprecations/zipball/d4fe3e6fd9bb9e72557a19674f44d8ac7db4c6ca",
+                "reference": "d4fe3e6fd9bb9e72557a19674f44d8ac7db4c6ca",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.1 || ^8.0"
             },
             "conflict": {
-                "phpunit/phpunit": "<=7.5 || >=13"
+                "phpunit/phpunit": "<=7.5 || >=14"
             },
             "require-dev": {
-                "doctrine/coding-standard": "^9 || ^12 || ^13",
-                "phpstan/phpstan": "1.4.10 || 2.1.11",
+                "doctrine/coding-standard": "^9 || ^12 || ^14",
+                "phpstan/phpstan": "1.4.10 || 2.1.30",
                 "phpstan/phpstan-phpunit": "^1.0 || ^2",
-                "phpunit/phpunit": "^7.5 || ^8.5 || ^9.6 || ^10.5 || ^11.5 || ^12",
+                "phpunit/phpunit": "^7.5 || ^8.5 || ^9.6 || ^10.5 || ^11.5 || ^12.4 || ^13.0",
                 "psr/log": "^1 || ^2 || ^3"
             },
             "suggest": {
@@ -2930,9 +2930,9 @@
             "homepage": "https://www.doctrine-project.org/",
             "support": {
                 "issues": "https://github.com/doctrine/deprecations/issues",
-                "source": "https://github.com/doctrine/deprecations/tree/1.1.5"
+                "source": "https://github.com/doctrine/deprecations/tree/1.1.6"
             },
-            "time": "2025-04-07T20:06:18+00:00"
+            "time": "2026-02-07T07:09:04+00:00"
         },
         {
             "name": "felixfbecker/language-server-protocol",
@@ -3697,29 +3697,29 @@
         },
         {
             "name": "sebastian/diff",
-            "version": "7.0.0",
+            "version": "8.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/diff.git",
-                "reference": "7ab1ea946c012266ca32390913653d844ecd085f"
+                "reference": "a2b6d09d7729ee87d605a439469f9dcc39be5ea3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/7ab1ea946c012266ca32390913653d844ecd085f",
-                "reference": "7ab1ea946c012266ca32390913653d844ecd085f",
+                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/a2b6d09d7729ee87d605a439469f9dcc39be5ea3",
+                "reference": "a2b6d09d7729ee87d605a439469f9dcc39be5ea3",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.3"
+                "php": ">=8.4"
             },
             "require-dev": {
-                "phpunit/phpunit": "^12.0",
+                "phpunit/phpunit": "^13.0",
                 "symfony/process": "^7.2"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "7.0-dev"
+                    "dev-main": "8.0-dev"
                 }
             },
             "autoload": {
@@ -3752,15 +3752,27 @@
             "support": {
                 "issues": "https://github.com/sebastianbergmann/diff/issues",
                 "security": "https://github.com/sebastianbergmann/diff/security/policy",
-                "source": "https://github.com/sebastianbergmann/diff/tree/7.0.0"
+                "source": "https://github.com/sebastianbergmann/diff/tree/8.0.0"
             },
             "funding": [
                 {
                     "url": "https://github.com/sebastianbergmann",
                     "type": "github"
+                },
+                {
+                    "url": "https://liberapay.com/sebastianbergmann",
+                    "type": "liberapay"
+                },
+                {
+                    "url": "https://thanks.dev/u/gh/sebastianbergmann",
+                    "type": "thanks_dev"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/sebastian/diff",
+                    "type": "tidelift"
                 }
             ],
-            "time": "2025-02-07T04:55:46+00:00"
+            "time": "2026-02-06T04:42:27+00:00"
         },
         {
             "name": "spatie/array-to-xml",
@@ -4551,16 +4563,16 @@
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.14.3",
+            "version": "6.15.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "d0b040a91f280f071c1abcb1b77ce3822058725a"
+                "reference": "28dc127af1b5aecd52314f6f645bafc10d0e11f9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/d0b040a91f280f071c1abcb1b77ce3822058725a",
-                "reference": "d0b040a91f280f071c1abcb1b77ce3822058725a",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/28dc127af1b5aecd52314f6f645bafc10d0e11f9",
+                "reference": "28dc127af1b5aecd52314f6f645bafc10d0e11f9",
                 "shasum": ""
             },
             "require": {
@@ -4584,7 +4596,7 @@
                 "netresearch/jsonmapper": "^5.0",
                 "nikic/php-parser": "^5.0.0",
                 "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3 || ~8.5.0",
-                "sebastian/diff": "^4.0 || ^5.0 || ^6.0 || ^7.0",
+                "sebastian/diff": "^4.0 || ^5.0 || ^6.0 || ^7.0 || ^8.0",
                 "spatie/array-to-xml": "^2.17.0 || ^3.0",
                 "symfony/console": "^6.0 || ^7.0 || ^8.0",
                 "symfony/filesystem": "~6.3.12 || ~6.4.3 || ^7.0.3 || ^8.0",
@@ -4665,7 +4677,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-12-23T15:36:48+00:00"
+            "time": "2026-02-07T19:27:16+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

php/domain-validator.php

@@ -1,6 +1,10 @@
 <?php
+declare(strict_types=1);
 
-$domain = $_GET['domain'] ?? '';
+$domain = '';
+if (isset($_GET['domain']) && is_string($_GET['domain'])) {
+    $domain = $_GET['domain'];
+}
 
 if (!str_contains($domain, '.')) { 
     http_response_code(400); 

php/psalm-baseline.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.14.3@d0b040a91f280f071c1abcb1b77ce3822058725a"/>
+<files psalm-version="6.15.1@28dc127af1b5aecd52314f6f645bafc10d0e11f9"/>

php/public/index.php

@@ -20,9 +20,7 @@ use Psr\Http\Message\ServerRequestInterface as Request;
 
 require __DIR__ . '/../vendor/autoload.php';
 
-/** @var \DI\Container */
 $container = \AIO\DependencyInjection::GetContainer();
-/** @var \AIO\Data\DataConst */
 $dataConst = $container->get(\AIO\Data\DataConst::class);
 ini_set('session.save_path', $dataConst->GetSessionDirectory());
 

php/src/Auth/AuthManager.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Auth;
 

php/src/Auth/PasswordGenerator.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Auth;
 

php/src/Container/AioVariables.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Container;
 

php/src/Container/Container.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Container;
 

php/src/Container/ContainerEnvironmentVariables.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Container;
 

php/src/Container/ContainerPort.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Container;
 

php/src/Container/ContainerPorts.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Container;
 

php/src/Container/ContainerState.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Container;
 

php/src/Container/ContainerVolume.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Container;
 

php/src/Container/ContainerVolumes.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Container;
 

php/src/Container/VersionState.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Container;
 

php/src/ContainerDefinitionFetcher.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO;
 
@@ -22,10 +23,8 @@ readonly class ContainerDefinitionFetcher {
 
     public function GetContainerById(string $id): Container
     {
-        /** @var array */
         $containers = $this->FetchDefinition();
 
-        /** @psalm-var \AIO\Container\Container $container */
         foreach ($containers as $container) {
             if ($container->identifier === $id) {
                 return $container;
@@ -40,26 +39,22 @@ readonly class ContainerDefinitionFetcher {
      */
     private function GetDefinition(): array
     {
-        /** @psalm-var array $data */
         $data = json_decode((string)file_get_contents(DataConst::GetContainersDefinitionPath()), true, 512, JSON_THROW_ON_ERROR);
 
         $additionalContainerNames = [];
-        /** @psalm-var string $communityContainer */
         foreach ($this->configurationManager->aioCommunityContainers as $communityContainer) {
             if ($communityContainer !== '') {
                 $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json';
-                /** @psalm-var array $additionalData */
                 $additionalData = json_decode((string)file_get_contents($path), true, 512, JSON_THROW_ON_ERROR);
                 $data = array_merge_recursive($data, $additionalData);
                 if (isset($additionalData['aio_services_v1'][0]['display_name']) && $additionalData['aio_services_v1'][0]['display_name'] !== '') {
                     // Store container_name of community containers in variable for later
-                    $additionalContainerNames[] = (string) $additionalData['aio_services_v1'][0]['container_name'];
+                    $additionalContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];
                 }
             }
         }
 
         $containers = [];
-        /** @psalm-var array $entry */
         foreach ($data['aio_services_v1'] as $entry) {
             if ($entry['container_name'] === 'nextcloud-aio-clamav') {
                 if (!$this->configurationManager->isClamavEnabled) {
@@ -104,7 +99,6 @@ readonly class ContainerDefinitionFetcher {
 
             $ports = new ContainerPorts();
             if (isset($entry['ports'])) {
-                /** @psalm-var array $value */
                 foreach ($entry['ports'] as $value) {
                     $ports->AddPort(
                         new ContainerPort(
@@ -118,7 +112,6 @@ readonly class ContainerDefinitionFetcher {
 
             $volumes = new ContainerVolumes();
             if (isset($entry['volumes'])) {
-                /** @psalm-var array $value */
                 foreach ($entry['volumes'] as $value) {
                     if($value['source'] === '%BORGBACKUP_HOST_LOCATION%') {
                         $value['source'] = $this->configurationManager->borgBackupHostLocation;
@@ -165,18 +158,15 @@ readonly class ContainerDefinitionFetcher {
 
             $dependsOn = [];
             if (isset($entry['depends_on'])) {
-                /** @var array */
                 $valueDependsOn = $entry['depends_on'];
                 if ($entry['container_name'] === 'nextcloud-aio-apache') {
                     // Add community containers first and default ones last so that aio_variables works correctly
                     $valueDependsOnTemp = [];
-                    /** @psalm-var string $containerName */
                     foreach ($additionalContainerNames as $containerName) {
                         $valueDependsOnTemp[] = $containerName;
                     }
                     $valueDependsOn = array_merge_recursive($valueDependsOnTemp, $valueDependsOn);
                 }
-                /** @psalm-var string $value */
                 foreach ($valueDependsOn as $value) {
                     if ($value === 'nextcloud-aio-clamav') {
                         if (!$this->configurationManager->isClamavEnabled) {
@@ -221,7 +211,6 @@ readonly class ContainerDefinitionFetcher {
 
             $variables = new ContainerEnvironmentVariables();
             if (isset($entry['environment'])) {
-                /** @psalm-var string $value */
                 foreach ($entry['environment'] as $value) {
                     $variables->AddVariable($value);
                 }
@@ -229,7 +218,6 @@ readonly class ContainerDefinitionFetcher {
 
             $aioVariables = new AioVariables();
             if (isset($entry['aio_variables'])) {
-                /** @psalm-var string $value */
                 foreach ($entry['aio_variables'] as $value) {
                     $aioVariables->AddVariable($value);
                 }
@@ -237,28 +225,27 @@ readonly class ContainerDefinitionFetcher {
 
             $displayName = '';
             if (isset($entry['display_name'])) {
-                $displayName = (string) $entry['display_name'];
+                $displayName = $entry['display_name'];
             }
 
             $restartPolicy = '';
             if (isset($entry['restart'])) {
-                $restartPolicy = (string) $entry['restart'];
+                $restartPolicy = $entry['restart'];
             }
 
             $maxShutdownTime = 10;
             if (isset($entry['stop_grace_period'])) {
-                $maxShutdownTime = (int) $entry['stop_grace_period'];
+                $maxShutdownTime = $entry['stop_grace_period'];
             }
 
             $internalPort = '';
             if (isset($entry['internal_port'])) {
-                $internalPort = (string) $entry['internal_port'];
+                $internalPort = $entry['internal_port'];
             }
 
             if (isset($entry['secrets'])) {
                 // All secrets are registered with the configuration when they 
                 // are discovered so they can be later generated at time-of-use.
-                /** @psalm-var string $secret */
                 foreach ($entry['secrets'] as $secret) {
                     $this->configurationManager->registerSecret($secret);
                 }
@@ -266,72 +253,67 @@ readonly class ContainerDefinitionFetcher {
 
             $uiSecret = '';
             if (isset($entry['ui_secret'])) {
-                $uiSecret = (string) $entry['ui_secret'];
+                $uiSecret = $entry['ui_secret'];
             }
 
             $devices = [];
             if (isset($entry['devices'])) {
-                /** @var array */
                 $devices = $entry['devices'];
             }
 
             $enableNvidiaGpu = false;
             if (isset($entry['enable_nvidia_gpu'])) {
-                $enableNvidiaGpu = (bool) $entry['enable_nvidia_gpu'];
+                $enableNvidiaGpu = $entry['enable_nvidia_gpu'];
             }
 
             $capAdd = [];
             if (isset($entry['cap_add'])) {
-                /** @var array */
                 $capAdd = $entry['cap_add'];
             }
 
             $shmSize = -1;
             if (isset($entry['shm_size'])) {
-                $shmSize = (int) $entry['shm_size'];
+                $shmSize = $entry['shm_size'];
             }
 
             $apparmorUnconfined = false;
             if (isset($entry['apparmor_unconfined'])) {
-                $apparmorUnconfined = (bool) $entry['apparmor_unconfined'];
+                $apparmorUnconfined = $entry['apparmor_unconfined'];
             }
 
             $backupVolumes = [];
             if (isset($entry['backup_volumes'])) {
-                /** @var array */
                 $backupVolumes = $entry['backup_volumes'];
             }
 
             $nextcloudExecCommands = [];
             if (isset($entry['nextcloud_exec_commands'])) {
-                /** @var array */
                 $nextcloudExecCommands = $entry['nextcloud_exec_commands'];
             }
 
             $readOnlyRootFs = false;
             if (isset($entry['read_only'])) {
-                $readOnlyRootFs = (bool) $entry['read_only'];
+                $readOnlyRootFs = $entry['read_only'];
             }
 
             $tmpfs = [];
             if (isset($entry['tmpfs'])) {
-                /** @var array */
                 $tmpfs = $entry['tmpfs'];
             }
 
             $init = true;
             if (isset($entry['init'])) {
-                $init = (bool) $entry['init'];
+                $init = $entry['init'];
             }
 
             $imageTag = '%AIO_CHANNEL%';
             if (isset($entry['image_tag'])) {
-                $imageTag = (string) $entry['image_tag'];
+                $imageTag = $entry['image_tag'];
             }
 
             $documentation = '';
             if (isset($entry['documentation'])) {
-                $documentation = (string) $entry['documentation'];
+                $documentation = $entry['documentation'];
             }
 
             $containers[] = new Container(

php/src/Controller/ConfigurationController.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Controller;
 
@@ -19,34 +20,26 @@ readonly class ConfigurationController {
         try {
             $this->configurationManager->startTransaction();
             if (isset($request->getParsedBody()['domain'])) {
-                /** @var string */
                 $domain = $request->getParsedBody()['domain'] ?? '';
                 $skipDomainValidation = isset($request->getParsedBody()['skip_domain_validation']);
                 $this->configurationManager->setDomain($domain, $skipDomainValidation);
             }
 
             if (isset($request->getParsedBody()['current-master-password']) || isset($request->getParsedBody()['new-master-password'])) {
-                /** @var string */
                 $currentMasterPassword = $request->getParsedBody()['current-master-password'] ?? '';
-                /** @var string */
                 $newMasterPassword = $request->getParsedBody()['new-master-password'] ?? '';
                 $this->configurationManager->changeMasterPassword($currentMasterPassword, $newMasterPassword);
             }
 
             if (isset($request->getParsedBody()['borg_backup_host_location']) || isset($request->getParsedBody()['borg_remote_repo'])) {
-                /** @var string */
                 $location = $request->getParsedBody()['borg_backup_host_location'] ?? '';
-                /** @var string */
                 $borgRemoteRepo = $request->getParsedBody()['borg_remote_repo'] ?? '';
                 $this->configurationManager->setBorgLocationVars($location, $borgRemoteRepo);
             }
 
             if (isset($request->getParsedBody()['borg_restore_host_location']) || isset($request->getParsedBody()['borg_restore_remote_repo']) || isset($request->getParsedBody()['borg_restore_password'])) {
-                /** @var string */
                 $restoreLocation = $request->getParsedBody()['borg_restore_host_location'] ?? '';
-                /** @var string */
                 $borgRemoteRepo = $request->getParsedBody()['borg_restore_remote_repo'] ?? '';
-                /** @var string */
                 $borgPassword = $request->getParsedBody()['borg_restore_password'] ?? '';
                 $this->configurationManager->setBorgRestoreLocationVarsAndPassword($restoreLocation, $borgRemoteRepo, $borgPassword);
             }
@@ -62,7 +55,6 @@ readonly class ConfigurationController {
                 } else {
                     $successNotification = false;
                 }
-                /** @var string */
                 $dailyBackupTime = $request->getParsedBody()['daily_backup_time'] ?? '';
                 $this->configurationManager->setDailyBackupTime($dailyBackupTime, $enableAutomaticUpdates, $successNotification);
             }
@@ -72,7 +64,6 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['additional_backup_directories'])) {
-                /** @var string */
                 $additionalBackupDirectories = $request->getParsedBody()['additional_backup_directories'] ?? '';
                 $this->configurationManager->setAdditionalBackupDirectories($additionalBackupDirectories);
             }
@@ -82,13 +73,11 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['timezone'])) {
-                /** @var string */
                 $timezone = $request->getParsedBody()['timezone'] ?? '';
                 $this->configurationManager->timezone = $timezone;
             }
 
             if (isset($request->getParsedBody()['options-form'])) {
-                /** @var string */
                 $officeSuiteChoice = $request->getParsedBody()['office_suite_choice'] ?? '';
                 
                 if ($officeSuiteChoice === 'collabora') {
@@ -115,7 +104,6 @@ readonly class ConfigurationController {
                 $enabledCC = [];
                 /**
                  * @psalm-suppress PossiblyNullIterator
-                 * @psalm-var string $item
                  */
                 foreach ($request->getParsedBody() as $item) {
                     if (array_key_exists($item , $cc)) {
@@ -130,7 +118,6 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['collabora_dictionaries'])) {
-                /** @var string */
                 $collaboraDictionaries = $request->getParsedBody()['collabora_dictionaries'] ?? '';
                 $this->configurationManager->collaboraDictionaries = $collaboraDictionaries;
             }
@@ -140,7 +127,6 @@ readonly class ConfigurationController {
             }
 
             if (isset($request->getParsedBody()['collabora_additional_options'])) {
-                /** @var string */
                 $additionalCollaboraOptions = $request->getParsedBody()['collabora_additional_options'] ?? '';
                 $this->configurationManager->collaboraAdditionalOptions = $additionalCollaboraOptions;
             }

php/src/Controller/DockerController.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Controller;
 
@@ -125,7 +126,6 @@ readonly class DockerController {
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
         $this->configurationManager->startTransaction();
         $this->configurationManager->backupMode = 'restore';
-        /** @var string */
         $this->configurationManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? '';
         $this->configurationManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']);
         $this->configurationManager->commitTransaction();
@@ -172,7 +172,6 @@ readonly class DockerController {
         $uri = $request->getUri();
         $host = $uri->getHost();
         $port = $uri->getPort();
-        /** @var string */
         $path = $request->getParsedBody()['base_path'] ?? '';
         if ($port === 8000) {
             error_log('The AIO_URL-port was discovered to be 8000 which is not expected. It is now set to 443.');
@@ -180,7 +179,7 @@ readonly class DockerController {
         }
 
         if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = '32';
+            $installLatestMajor = '33';
         } else {
             $installLatestMajor = '';
         }
@@ -286,7 +285,6 @@ readonly class DockerController {
             return;
         // Don't start if domaincheck is already running
         } elseif ($domaincheckContainer->GetRunningState() === ContainerState::Running) {
-            /** @psalm-var mixed $domaincheckWasStarted */
             $domaincheckWasStarted = apcu_fetch($cacheKey);
             // Start domaincheck again when 10 minutes are over by not returning here
             if($domaincheckWasStarted !== false && is_string($domaincheckWasStarted)) {

php/src/Controller/LoginController.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Controller;
 
@@ -21,7 +22,6 @@ readonly class LoginController {
             $response->getBody()->write("The login is blocked since Nextcloud is running.");
             return $response->withHeader('Location', '.')->withStatus(422);
         }
-        /** @var string */
         $password = $request->getParsedBody()['password'] ?? '';
         if($this->authManager->CheckCredentials($password)) {
             $this->authManager->SetAuthState(true);
@@ -33,7 +33,6 @@ readonly class LoginController {
     }
 
     public function GetTryLogin(Request $request, Response $response, array $args) : Response {
-        /** @var string */
         $token = $request->getQueryParams()['token'] ?? '';
         if($this->authManager->CheckToken($token)) {
             $this->authManager->SetAuthState(true);

php/src/Data/ConfigurationManager.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Data;
 
@@ -114,7 +115,7 @@ class ConfigurationManager
         // Type-cast because old configs could have 1/0 for this key.
         get => (bool) $this->get('isFulltextsearchEnabled', false);
         // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
-        set { $this->set('isFulltextsearchEnabled', ($this->collaboraSeccompDisabled && $value)); }
+        set { $this->set('isFulltextsearchEnabled', (!$this->collaboraSeccompDisabled && $value)); }
     }
 
     public string $domain {
@@ -288,7 +289,6 @@ class ConfigurationManager
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
         {
             $configContent = (string)file_get_contents(DataConst::GetConfigFile());
-            /** @var array */
             $this->config = json_decode($configContent, true, 512, JSON_THROW_ON_ERROR);
         }
 
@@ -333,7 +333,6 @@ class ConfigurationManager
             return '';
         }
 
-        /** @var array */
         $secrets = $this->get('secrets', []);
         if (!isset($secrets[$secretId])) {
             $secrets[$secretId] = bin2hex(random_bytes(24));
@@ -468,17 +467,15 @@ class ConfigurationManager
         if ($this->shouldDomainValidationBeSkipped($skipDomainValidation)) {
             error_log('Skipping domain validation');
         } else {
-            /** @var string */
             $dnsRecordIP = gethostbyname($domain);
             if ($dnsRecordIP === $domain) {
                 $dnsRecordIP = '';
             }
 
             if (empty($dnsRecordIP)) {
-                /** @var array */
                 $record = dns_get_record($domain, DNS_AAAA);
                 if (isset($record[0]['ipv6']) && !empty($record[0]['ipv6'])) {
-                    $dnsRecordIP = (string) $record[0]['ipv6'];
+                    $dnsRecordIP = $record[0]['ipv6'];
                 }
             }
 
@@ -698,7 +695,6 @@ class ConfigurationManager
 
     private function getEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string {
         $envVariableOutput = getenv($envVariableName);
-        /** @var mixed */
         $configValue = $this->get($configName, '');
         if ($envVariableOutput === false) {
             if ($configValue === '') {
@@ -924,7 +920,6 @@ class ConfigurationManager
         $dir = array_diff($dir, array('..', '.', 'readme.md'));
         foreach ($dir as $id) {
             $filePath = DataConst::GetCommunityContainersDirectory() . '/' . $id . '/' . $id . '.json';
-            /** @psalm-var mixed $fileContents */
             $fileContents = apcu_fetch($filePath);
             if (!is_string($fileContents)) {
                 $fileContents = file_get_contents($filePath);
@@ -932,11 +927,8 @@ class ConfigurationManager
                     apcu_add($filePath, $fileContents);
                 }
             } 
-
-            /** @psalm-var array $json */
             $json = is_string($fileContents) ? json_decode($fileContents, true, 512, JSON_THROW_ON_ERROR) : false;
-            if(isset($json['aio_services_v1']) && is_array($json['aio_services_v1'])) {
-                /** @psalm-var array $service */
+            if(is_array($json) && is_array($json['aio_services_v1'])) {
                 foreach ($json['aio_services_v1'] as $service) {
                     $documentation = is_string($service['documentation']) ? $service['documentation'] : '';
                     if (is_string($service['display_name'])) {
@@ -969,9 +961,8 @@ class ConfigurationManager
             return;
         }
         $this->startTransaction();
-        /** @psalm-var string $variable */
         foreach ($input as $variable) {
-            if (!str_contains($variable, '=')) {
+            if (!is_string($variable) || !str_contains($variable, '=')) {
                 error_log("Invalid input: '$variable' is not a string or does not contain an equal sign ('=')");
                 continue;
             }

php/src/Data/DataConst.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Data;
 

php/src/Data/Setup.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Data;
 

php/src/DependencyInjection.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO;
 

php/src/Docker/DockerActionManager.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Docker;
 
@@ -54,7 +55,6 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        /** @var array */
         $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
         if ($responseBody['State']['Running'] === true) {
@@ -75,7 +75,6 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        /** @var array */
         $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
         if ($responseBody['State']['Restarting'] === true) {
@@ -100,7 +99,6 @@ readonly class DockerActionManager {
             return VersionState::Equal;
         }
 
-        /** @psalm-var string $runningDigest */
         foreach ($runningDigests as $runningDigest) {
             if ($runningDigest === $remoteDigest) {
                 return VersionState::Equal;
@@ -337,7 +335,6 @@ readonly class DockerActionManager {
         }
 
         $tmpfs = [];
-        /** @psalm-var string $tmp */
         foreach ($container->tmpfs as $tmp) {
             $mode = "";
             if (str_contains($tmp, ':')) {
@@ -378,7 +375,6 @@ readonly class DockerActionManager {
         // Special things for the backup container which should not be exposed in the containers.json
         if (str_starts_with($container->identifier, 'nextcloud-aio-borgbackup')) {
             // Additional backup directories
-            /** @psalm-var string $additionalBackupVolumes */
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {
                     $mounts[] = ["Type" => "volume", "Source" => $additionalBackupVolumes, "Target" => "/nextcloud_aio_volumes/" . $additionalBackupVolumes, "ReadOnly" => false];
@@ -388,7 +384,6 @@ readonly class DockerActionManager {
             // Make volumes read only in case of borgbackup container. The viewer makes them writeable
             $isReadOnly = $container->identifier === 'nextcloud-aio-borgbackup';
 
-            /** @psalm-var string $additionalBackupDirectories */
             foreach ($this->configurationManager->getAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
                 if ($additionalBackupDirectories !== '') {
                     if (!str_starts_with($additionalBackupDirectories, '/')) {
@@ -584,7 +579,6 @@ readonly class DockerActionManager {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         $nextcloudExecCommands = '';
-        /** @psalm-var string $execCommand */
         foreach ($container->nextcloudExecCommands as $execCommand) {
             $nextcloudExecCommands .= $execCommand . PHP_EOL;
         }
@@ -602,12 +596,10 @@ readonly class DockerActionManager {
     private function GetRepoDigestsOfContainer(string $containerName): ?array {
         try {
             $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
-            /** @var array */
             $containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
-            $imageName = (string) $containerOutput['Image'];
+            $imageName = $containerOutput['Image'];
 
             $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
-            /** @var array */
             $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
 
             if (!isset($imageOutput['RepoDigests'])) {
@@ -622,7 +614,6 @@ readonly class DockerActionManager {
 
             $repoDigestArray = [];
             $oneDigestGiven = false;
-            /** @psalm-var string $repoDigest */
             foreach ($imageOutput['RepoDigests'] as $repoDigest) {
                 $digestPosition = strpos($repoDigest, '@');
                 if ($digestPosition === false) {
@@ -645,7 +636,6 @@ readonly class DockerActionManager {
 
     private function GetCurrentImageName(): string {
         $cacheKey = 'aio-image-name';
-        /** @psalm-var mixed $imageName */
         $imageName = apcu_fetch($cacheKey);
         if ($imageName !== false && is_string($imageName)) {
             return $imageName;
@@ -654,14 +644,13 @@ readonly class DockerActionManager {
         $containerName = 'nextcloud-aio-mastercontainer';
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
         try {
-            /** @var array */
             $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
             $imageNameArray = explode(':', $output['Config']['Image']);
             if (count($imageNameArray) === 2) {
                 $imageName = $imageNameArray[0];
             } else {
                 error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the imageName to the default " . $output['Config']['Image']);
-                $imageName = (string) $output['Config']['Image'];
+                $imageName = $output['Config']['Image'];
             }
             apcu_add($cacheKey, $imageName);
             return $imageName;
@@ -674,7 +663,6 @@ readonly class DockerActionManager {
 
     public function GetCurrentChannel(): string {
         $cacheKey = 'aio-ChannelName';
-        /** @psalm-var mixed $channelName */
         $channelName = apcu_fetch($cacheKey);
         if ($channelName !== false && is_string($channelName)) {
             return $channelName;
@@ -683,7 +671,6 @@ readonly class DockerActionManager {
         $containerName = 'nextcloud-aio-mastercontainer';
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
         try {
-            /** @var array */
             $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
             $tagArray = explode(':', $output['Config']['Image']);
             if (count($tagArray) === 2) {
@@ -716,7 +703,6 @@ readonly class DockerActionManager {
             return false;
         }
 
-        /** @psalm-var string $runningDigest */
         foreach ($runningDigests as $runningDigest) {
             if ($remoteDigest === $runningDigest) {
                 return false;
@@ -732,7 +718,6 @@ readonly class DockerActionManager {
 
             // schedule the exec
             $url = $this->BuildApiUrl(sprintf('containers/%s/exec', urlencode($containerName)));
-            /** @var array */
             $response = json_decode(
                 $this->guzzleClient->request(
                     'POST',
@@ -755,7 +740,7 @@ readonly class DockerActionManager {
                 JSON_THROW_ON_ERROR,
             );
 
-            $id = (string) $response['Id'];
+            $id = $response['Id'];
 
             // start the exec
             $url = $this->BuildApiUrl(sprintf('exec/%s/start', $id));
@@ -894,10 +879,8 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        /** @var array */
         $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
-        /** @var null|int */
         $exitCode = $responseBody['State']['ExitCode'];
         if (is_int($exitCode)) {
             return $exitCode;
@@ -918,10 +901,8 @@ readonly class DockerActionManager {
             throw $e;
         }
 
-        /** @var array */
         $responseBody = json_decode((string)$response->getBody(), true, 512, JSON_THROW_ON_ERROR);
 
-        /** @var null|int */
         $exitCode = $responseBody['State']['ExitCode'];
         if (is_int($exitCode)) {
             return $exitCode;
@@ -952,7 +933,6 @@ readonly class DockerActionManager {
         $imageName = $imageName . ':' . $this->GetCurrentChannel();
         try {
             $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
-            /** @var array */
             $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
 
             if (!isset($imageOutput['Created'])) {

php/src/Docker/DockerHubManager.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Docker;
 
@@ -17,7 +18,6 @@ readonly class DockerHubManager {
     public function GetLatestDigestOfTag(string $name, string $tag) : ?string {
         $cacheKey = 'dockerhub-manifest-' . $name . $tag;
 
-        /** @psalm-var mixed $cachedVersion */
         $cachedVersion = apcu_fetch($cacheKey);
         if($cachedVersion !== false && is_string($cachedVersion)) {
             return $cachedVersion;
@@ -31,10 +31,9 @@ readonly class DockerHubManager {
                 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:' . $name . ':pull'
             );
             $body = $authTokenRequest->getBody()->getContents();
-            /** @var array */
             $decodedBody = json_decode($body, true, 512, JSON_THROW_ON_ERROR);
             if(isset($decodedBody['token'])) {
-                $authToken = (string) $decodedBody['token'];
+                $authToken = $decodedBody['token'];
                 $manifestRequest = $this->guzzleClient->request(
                     'HEAD',
                     'https://registry-1.docker.io/v2/'.$name.'/manifests/' . $tag,

php/src/Docker/GitHubContainerRegistryManager.php

@@ -1,5 +1,5 @@
 <?php
-
+declare(strict_types=1);
 
 namespace AIO\Docker;
 
@@ -18,7 +18,6 @@ readonly class GitHubContainerRegistryManager
     {
         $cacheKey = 'ghcr-manifest-' . $name . $tag;
 
-        /** @psalm-var mixed $cachedVersion */
         $cachedVersion = apcu_fetch($cacheKey);
         if ($cachedVersion !== false && is_string($cachedVersion)) {
             return $cachedVersion;
@@ -32,10 +31,9 @@ readonly class GitHubContainerRegistryManager
                 'https://ghcr.io/token?scope=repository:' . $name . ':pull'
             );
             $body = $authTokenRequest->getBody()->getContents();
-            /** @var array */
             $decodedBody = json_decode($body, true, 512, JSON_THROW_ON_ERROR);
             if (isset($decodedBody['token'])) {
-                $authToken = (string) $decodedBody['token'];
+                $authToken = $decodedBody['token'];
                 $manifestRequest = $this->guzzleClient->request(
                     'HEAD',
                     'https://ghcr.io/v2/' . $name . '/manifests/' . $tag,

php/src/Middleware/AuthMiddleware.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Middleware;
 

php/src/Twig/ClassExtension.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Twig;
 

php/src/Twig/CsrfExtension.php

@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 
 namespace AIO\Twig;
 

php/templates/components/container-state.twig

@@ -17,6 +17,9 @@
     {% if c.documentation != '' %}
       (<a target="_blank" href="{{ c.documentation }}">docs</a>)
     {% endif %}
+    {% if c.GetUpdateState().value == 'different' %}
+      ⚠️&nbsp;Update&nbsp;available
+    {% endif %}
   </span>
   {% if c.GetUiSecret() != '' %}
     <details>

php/templates/containers.twig

@@ -37,7 +37,8 @@
             {% set isBackupOrRestoreRunning = false %}
             {% set isApacheStarting = false %}
             {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-            {% set newMajorVersionString = '' %}
+            {% set newMajorVersionString = '26 Winter' %}
+            {% set oldMajorVersionString = '25 Autumn' %}
 
             {% if is_backup_container_running == true %}
                 {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -297,7 +298,7 @@
                                 {% if newMajorVersionString != '' and isAnyRunning == true and isApacheStarting != true %}
                                     <details>
                                     <summary>Note about <strong>Nextcloud Hub {{ newMajorVersionString }}</strong></summary>
-                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersionString }} yet and want to do that now, feel free to follow <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/6865">this documentation</a></strong></p>
+                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersionString }} yet and want to do that now, feel free to follow <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/7523">this documentation</a></strong></p>
                                     </details>
                                 {% endif %}
                             {% endif %}
@@ -343,7 +344,7 @@
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                         <input id="base_path" type="hidden" name="base_path" value="">
                                         {% if newMajorVersionString != '' %}
-                                            <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud Hub {{ newMajorVersionString }} (if unchecked, Nextcloud Hub 10 will get installed)</label><br>
+                                            <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud Hub {{ newMajorVersionString }} (if unchecked, Nextcloud Hub {{ oldMajorVersionString }} will get installed)</label><br>
                                         {% endif %}
                                         <input type="submit" value="Download and start containers" />
                                     </form>

php/templates/includes/aio-version.twig

@@ -1 +1 @@
-12.6.1
+12.7.0

php/templates/includes/optional-containers.twig

@@ -72,8 +72,8 @@
                 <li>Good Nextcloud integration</li>
                 <li>Open core</li>
                 <li>Best performance</li>
-                <li>Limited ODF compatibility</li>
                 <li>Best Microsoft compatibility</li>
+                <li>Limited ODF compatibility</li>
             </ul>
             {% if isAnyRunning == false %}
                 <a href="https://www.onlyoffice.com/" target="_blank" class="office-learn-more" onclick="event.stopPropagation();">