After re-reporting the vulnerability through GitHub, the maintainer of Dokploy has published a fix in version v0.24.3. Read more here: https://github.com/Dokploy/dokploy/security/advisories/GHSA-...

Oh, wow, that actually sucks. I had a similar issue with my self-hosted instance. I couldn't access it because it crashed and never auto-restarted. Luckily, our services were still running, so it wasn't as bad as your incident.

I really loved Dokploys UI and that it was fully open source, so it sucks to see them not care about the security of their products. I even sponsored them for a few months.

How has EasyPanel been for you so far? Is it worth checking out over Coolify, for example?

Easypanel has been pretty great for me so far, a couple issues with ports but otherwise really nice UI and features

I wish I could switch to coolify as it's features and offering is way better imo, but the UI/UX for it is a massive downgrade, since I love working visually with my services, Coolify just isn't a good fit yet until they upgrade the UX

Yea, I'm not sure why the developer refuses to fix it. You can probably do a lot more than just read environment variables too.

Looks cool, but usually permissions management is done by auth, how does this work with autumn?

We are pretty tightly coupled with Auth. Part of setting it up is resolving your internal customer (or org) ID from your auth JWT and passing it into an autumnHandler function, which then makes calls to the Autumn API.

This means you don't need to store any additional IDs for billing -- just make calls to Autumn with your exiting auth uuids.