PILOS 4.14.2

This update to PILOS v4 fixes an error in search fields introduced by PILOS 4.14.1.

---

Important note

Our release notes and changelog typically include only information relevant to users and administrators; developer-only changes are not listed explicitly.

That said, the 4.14.1 release introduces a significant internal change to the codebase: strict typing has been enabled in PHP (#3032). We have carefully reviewed and addressed all type-related issues identified during this process and are confident in the stability of this update.

However, if you encounter any unexpected behavior in production, please report it by opening an issue.

The 4.14.1 and 4.14.2 releases intentionally do not include any database changes. If needed, you can safely roll back to version v4.14.0 by using the corresponding Docker image tag.

---

To Install this version check our Getting Started Guide

---

Fixed

• 500 error for empty search queries (#3039, #3040) by @samuelwei

Full Changelog: v4.14.1...v4.14.2

PILOS 4.14.1

This update to PILOS v4 improves the provision command, recording access and contains small UX improvements.

---

Important note

Our release notes and changelog typically include only information relevant to users and administrators; developer-only changes are not listed explicitly.

That said, this release introduces a significant internal change to the codebase: strict typing has been enabled in PHP (#3032). We have carefully reviewed and addressed all type-related issues identified during this process and are confident in the stability of this update.

However, if you encounter any unexpected behavior in production, please report it by opening an issue.

This release intentionally does not include any database changes. If needed, you can safely roll back to version v4.14.0 by using the corresponding Docker image tag.

---

To Install this version check our Getting Started Guide

---

Changed

• BBB API URL is now automatically normalized to include a trailing / when adding BBB servers using the provision command (#3011, #3014) @pizkaz
• Provision command data format to support partial provision using optional sections and fields (#3014) @pizkaz
• Show a login button instead of a reload button for guests without access to a room (#2321) @samuelwei

Fixed

• Room description editor not closed after 403 error on save (#2997, #3000) by @Sabr1n4W
• Recording access blocked in some browsers due to restrictions on opening new windows without user interaction (#2851, #2901) by @Sabr1n4W

Full Changelog: v4.14.0...v4.14.1

PILOS 4.14.0

This update to PILOS v4 adds new admin settings for accessibility and privacy, enhances the Greenlight v2 import, and introduces a new Greenlight v3 import command. It also contains several small accessibility and UI improvements, along with numerous dependency updates.

---

To Install this version check our Getting Started Guide

---

Added

• Accessibility statement URL setting for the admin UI and footer (#2873, #2874) by @samuelwei
• Greenlight v3 import command (#2664, #2665) by @pizkaz
• Greenlight v2 import command now supports importing room presentations (#2879, #2880) by @pizkaz
• Admin setting to hide room owner from unauthenticated users (#2843, #2844) by @danielwujecki

Changed

• BBB API URL is now automatically normalized to include a trailing / when adding or editing a server (#2912, #2913)
• Increased external ID database column length (#2998, #2999)

Fixed

• Greenlight v2 imported room settings not applied due to disabled expert mode (#2665) by @pizkaz
• Input zooming on iOS devices when focusing input fields (#3028, #3029) by @samuelwei
• Missing aria-label for recording edit button (#2906, #2911)
• Missing aria-labels for running meetings table header icons (#2905, #2910)

New Contributors

• @danielwujecki made their first contribution in #2844

Full Changelog: v4.13.0...v4.14.0

PILOS 4.13.0

This update to PILOS v4 includes a major internal refactoring of the room authentication flow, resolving an issue where users were unable to download files due to browser popup restrictions. It also introduces minor accessibility improvements and strengthens security.

---

To Install this version check our Getting Started Guide

---

Added

• Rate limiting to prevent Room-ID enumeration attacks (#2518) by @samuelwei

Changed

• Internal improvements to room authentication flow (#1409, #2726) by @Sabr1n4W

Fixed

• File downloads blocked in some browsers due to restrictions on opening new windows without user interaction (#1409, #2726) by @Sabr1n4W
• Room start failed with a 404 error when an uploaded file was missing from storage (#2726) by @Sabr1n4W
• Low color contrast in room utilization statistic chart (#2854, #2855) by @samuelwei
• Missing localized aria-labels for some UI components (#2856, #2857) by @samuelwei

Full Changelog: v4.12.0...v4.13.0

PILOS 4.12.0

This update to PILOS v4 adds support for the Arabic locale and bumps dependencies.

---

To Install this version check our Getting Started Guide

---

Added

• Arabic locale (#2798) by @hassanalitamam

Fixed

• Pulse Dashboard not loading (#2809) by @samuelwei

New Contributors

• @hassanalitamam made their first contribution in #2798

Full Changelog: v4.11.0...v4.12.0

PILOS 4.11.0

This update to PILOS v4 enhances compatibility with BBB servers and load balancers, prevents room URLs shared on third-party websites from appearing in search engine results, and includes various bug fixes and dependency updates — including an upgrade to the BBB Recording Player.

---

To Install this version check our Getting Started Guide

---

Added

• Configurable hashing algorithm for BBB API signatures (#2765, #2766) by @samuelwei
• X-Robots-Tag: noindex header for all routes, excluding the landing page (#2770, #2789) by @samuelwei
• X-Robots-Tag: nofollow header for all routes (#2772, #2789) by @samuelwei

Changed

• External authentication routes behavior for authenticated users (#2751, #2752) by @samuelwei
• Bump redis version in docker compose files to redis 8 (#2767) by @samuelwei
• Docs: Bumped the recommended PostgreSQL version to v18 (#2769) by @samuelwei

Removed

• robots.txt file (#2789) by @samuelwei

Fixed

• Icon alignment inside room files tab (#2660, #2728) by @samuelwei
• Race condition during room start (#2742) by @samuelwei
• Remove unnecessary Content-Type header from GET requests to the BigBlueButton API (#2774, #2775) by @defnull

New Contributors

• @defnull made their first contribution in #2775

Full Changelog: v4.10.0...v4.11.0

PILOS 4.10.0

This update to PILOS v4 improves UX and bumps many dependencies, including the BBB Recording Player.

SECURITY
Due to the security vulnerability (CVE-2026-22800) that has been fixed, we recommend installing the update as soon as possible.

---

To Install this version check our Getting Started Guide

---

Added

• Tooltip for the room info button (#2576) by @samuelwei
• Buttons to only copy room link and room access code in room share popover (#1419, #2325) by @samuelwei

Changed

• Auto-reload of rooms now disabled for guests without access (#2588) by @samuelwei
• API request method from GET to POST to panic a server (d9ab9bb) by @samuelwei

Fixed

• Icon alignment inside room tabs (#2660, #2686) by @samuelwei

Full Changelog: v4.9.0...v4.10.0

PILOS 4.9.0

This update to PILOS v4 adds storage space to metrics, fixes multiple UI bugs, and bumps many dependencies, including the BBB Recording Player.

---

To Install this version check our Getting Started Guide

---

Added

• Storage space to metrics (#2345, #2604) by @Sabr1n4W
• Tooltips for icon-only menu bar items (#2575) by @samuelwei

Changed

• Sun & moon icon in the menu bar (#2575) by @samuelwei
• Hover style of buttons in room cards (#2577) by @samuelwei
• URL for loading BBB recording player resources (#2616) by @samuelwei

Fixed

• Uneven height of right menu bar items (#2575) by @samuelwei
• Emoji handling in user avatar (#2613) by @samuelwei

Full Changelog: v4.8.0...v4.9.0

PILOS 4.8.0

This update to PILOS v4 adds OpenID Connect as a new authentication option and offers additional options for customizing the user interface using custom CSS. It also fixes several minor bugs and implements security recommendations and fixes that were suggested during a penetration test conducted by a German state government.

Due to the security vulnerabilities that have been fixed, we recommend installing the update as soon as possible.

---

To Install this version check our Getting Started Guide

---

⚠️ Upgrading / Breaking Change

In previous NGINX reverse proxy configuration recomendations, the Host header was not explicitly set.
Due to an undocumented change in the Laravel framework, this now results in a “Bad Request” error.

Add the following line to your NGINX configuration:

proxy_set_header Host $host;

---

Added

• OpenID Connect authentication (#300, #2281) by @samuelwei
• Security header X-XSS-Protection (#2519) @samuelwei
• Security header Referrer-Policy (#2519) @samuelwei
• Docs: HTTP Strict Transport Security (HSTS) recommendations (#2519) @samuelwei
• Virus scan results to metrics (#2304) by @samuelwei
• Route-specific CSS classes to frontend pages (#2496, #2497) by @samuelwei
• Admin option to upload a custom CSS file (#2496, #2553, #2554) by @Sabr1n4W

Changed

• UX: Placeholder in room search box (#2383, #2449) by @samuelwei
• Upgraded to Tailwind CSS v4 and migrated styles from SASS to plain CSS (#2477) by @samuelwei and @Sabr1n4W
• PHP.ini defaults to align with OWASP recommendations (#2519) @samuelwei
• Security header X-Frame-Options value to DENY (#2519) @samuelwei
• Authenticator label texts and term in external authentication documentation (#2551) by @Sabr1n4W

Fixed

• Negative floating point number in room expire email (#2476, #2480) by @samuelwei
• Infinite loading when navigating back to rooms from BBB due to bfcache (#2313, #2319) by @samuelwei
• Broken dark mode after using room utilisation statistic dialog (#2478, #2479) by @samuelwei
• BBB waiting room integration tests (#2517) by @samuelwei

Security

• Regenerate session after password change (#2519) @samuelwei
• Removed unused CORS header (#2519) @samuelwei
• Removed PHP version header (#2519) @samuelwei

Full Changelog: v4.7.1...v4.8.0

PILOS 4.7.1

This update of PILOS v4 fixes an issue with legacy 6-digit access codes and updates dependencies.

---

To Install this version check our Getting Started Guide

---

Changed

• Value range and randomness of access code generation (#2433) by @samuelwei

Fixed

• Support for legacy 6-digit access codes imported from Greenlight v2 (#2433) by @samuelwei

Full Changelog: v4.7.0...v4.7.1