PILOS 4.9.0

This update to PILOS v4 adds storage space to metrics, fixes multiple UI bugs, and bumps many dependencies, including the BBB Recording Player.

---

To Install this version check our Getting Started Guide

---

Added

• Storage space to metrics (#2345, #2604) by @Sabr1n4W
• Tooltips for icon-only menu bar items (#2575) by @samuelwei

Changed

• Sun & moon icon in the menu bar (#2575) by @samuelwei
• Hover style of buttons in room cards (#2577) by @samuelwei
• URL for loading BBB recording player resources (#2616) by @samuelwei

Fixed

• Uneven height of right menu bar items (#2575) by @samuelwei
• Emoji handling in user avatar (#2613) by @samuelwei

Full Changelog: v4.8.0...v4.9.0

PILOS 4.8.0

This update to PILOS v4 adds OpenID Connect as a new authentication option and offers additional options for customizing the user interface using custom CSS. It also fixes several minor bugs and implements security recommendations and fixes that were suggested during a penetration test conducted by a German state government.

Due to the security vulnerabilities that have been fixed, we recommend installing the update as soon as possible.

---

To Install this version check our Getting Started Guide

---

⚠️ Upgrading / Breaking Change

In previous NGINX reverse proxy configuration recomendations, the Host header was not explicitly set.
Due to an undocumented change in the Laravel framework, this now results in a “Bad Request” error.

Add the following line to your NGINX configuration:

proxy_set_header Host $host;

---

Added

• OpenID Connect authentication (#300, #2281) by @samuelwei
• Security header X-XSS-Protection (#2519) @samuelwei
• Security header Referrer-Policy (#2519) @samuelwei
• Docs: HTTP Strict Transport Security (HSTS) recommendations (#2519) @samuelwei
• Virus scan results to metrics (#2304) by @samuelwei
• Route-specific CSS classes to frontend pages (#2496, #2497) by @samuelwei
• Admin option to upload a custom CSS file (#2496, #2553, #2554) by @Sabr1n4W

Changed

• UX: Placeholder in room search box (#2383, #2449) by @samuelwei
• Upgraded to Tailwind CSS v4 and migrated styles from SASS to plain CSS (#2477) by @samuelwei and @Sabr1n4W
• PHP.ini defaults to align with OWASP recommendations (#2519) @samuelwei
• Security header X-Frame-Options value to DENY (#2519) @samuelwei
• Authenticator label texts and term in external authentication documentation (#2551) by @Sabr1n4W

Fixed

• Negative floating point number in room expire email (#2476, #2480) by @samuelwei
• Infinite loading when navigating back to rooms from BBB due to bfcache (#2313, #2319) by @samuelwei
• Broken dark mode after using room utilisation statistic dialog (#2478, #2479) by @samuelwei
• BBB waiting room integration tests (#2517) by @samuelwei

Security

• Regenerate session after password change (#2519) @samuelwei
• Removed unused CORS header (#2519) @samuelwei
• Removed PHP version header (#2519) @samuelwei

Full Changelog: v4.7.1...v4.8.0

PILOS 4.7.1

This update of PILOS v4 fixes an issue with legacy 6-digit access codes and updates dependencies.

---

To Install this version check our Getting Started Guide

---

Changed

• Value range and randomness of access code generation (#2433) by @samuelwei

Fixed

• Support for legacy 6-digit access codes imported from Greenlight v2 (#2433) by @samuelwei

Full Changelog: v4.7.0...v4.7.1

PILOS 4.7.0

This update of PILOS v4 adds virus scanning and Prometheus metrics, as well as multiple other small UX improvements and bug fixes.

SECURITY
This release updates livewire to address CVE-2025-54068, CVSS 9.2 (CRITICAL). It is currently unclear whether PILOS is affected or not, but we strongly encouraged to update as soon as possible.

---

To Install this version check our Getting Started Guide

---

Added

• Show meeting ended reason (#2223) by @samuelwei
• Show BBB join errors (#2223) by @samuelwei
• Pass color-scheme preference to BigBlueButton (#2153, #2154) by @danielmachill, @achtadef
• Metrics endpoint (/metrics) (#2165) by @samuelwei
• Virus Scanning using ClamAV for all file uploads (#77, #1133) by @samuelwei

Fixed

• Logout session_expired warning message style (68abce8) by @samuelwei
• Show unavailable room types in create room dialog (#2265, #2279) by @samuelwei
• Show unavailable room types in change room type dialog (#2265, #2279) by @samuelwei
• Infinite loading when navigating back after logout redirect due to bfcache (#2282) by @samuelwei

Full Changelog: v4.6.1...v4.7.0

PILOS 4.6.1

This update of PILOS v4 resolves an issue where join parameters in the global streaming settings could not be cleared. It also includes internal code improvements and updated dependencies.

---

To Install this version check our Getting Started Guide

---

Fixed

• Allow global streaming join parameters to be empty (#2222) by @samuelwei

Full Changelog: v4.6.0...v4.6.1

PILOS 4.6.0

This update of PILOS v4 brings a few small improvements: user profile pictures and last login timestamps are shown in the admin UI and room types can now be configured with custom join parameters.

---

To Install this version check our Getting Started Guide

---

Added

• User pictures to the admin user list (#2131) @q16marvin
• Last login datetime to the database (#2150) @samuelwei
• Last login datetime to the admin user list (#2132, #2150) @samuelwei
• Custom join parameters in room type settings (#2099, #2151) @samuelwei

Fixed

• Container restart (#2134) @samuelwei

Full Changelog: v4.5.0...v4.6.0

PILOS 4.5.0

This update of PILOS v4 several key enhancements: a new optional feature for livestreaming BigBlueButton (BBB) meetings, additional options for configuring TLS handling in SMTP connections, and support for the Persian (Farsi) locale with right-to-left (RTL) layout and a fully translated locale selector.

---

To Install this version check our Getting Started Guide

---

Added

• Environment variable MAIL_AUTO_TLS to disable automatic TLS for SMTP servers with STARTTLS support (#2033) @samuelwei
• Environment variable MAIL_VERIFY_PEER to disable TLS Peer Verification for SMTP(S) (#2033) @samuelwei
• Environment variable MAIL_SCHEME to set a specific mail protocol smtp or smtps (#2033) @samuelwei
• Right-to-left (RTL) locale support (#2065) @samuelwei
• Translation to locale selector (#2079) @samuelwei
• Transition and animation for dark mode toggle (#2082) @samuelwei
• Logo for dark mode in BBB (#1399) @samuelwei
• Livestreaming BigBlueButton meetings to an RTMP endpoint via the BBB-Streaming-Server (#1697) @samuelwei
• Persian/Farsi locale
• Sync profile image from LDAP (#1994, #1997) @q16marvin and @samuelwei

Fixed

• Running BBB playback player build script in BusyBox (#2053) @pizkaz

Removed

• Environment variable MAIL_ENCRYPTION, use MAIL_SCHEME instead (#2033) @samuelwei

Full Changelog: v4.4.0...v4.5.0

---

New Contributors

• @q16marvin made their first contribution in #1997

PILOS 4.4.0

This update of PILOS v4 upgrades the base PHP image to 8.4, improves accessibility, allows removing the English locale, and includes several bug fixes.

---

To Install this version check our Getting Started Guide

---

Changed

• Bump base PHP image to 8.4 (#1937 ) by @samuelwei
• Hide locale select in main nav if only one locale is enabled (#1920) by @samuelwei
• Improve accessibility for room type filter on the room overview page (#1988) by @samuelwei
• Improve accessibility for room type replacement in the room type delete dialog (#1988) by @samuelwei

Fixed

• Logo url in emails for logos with absolute path (#1900) by @samuelwei
• Logo height and width in emails (#1900) by @samuelwei
• Download files with special characters in the filename (#1960) by @samuelwei
• Close join/start dialog before joining the BBB meeting (#1940) by @samuelwei
• Allow removing English from the list of enabled locales (#1919, #1920) by @samuelwei
• Action column in admin UI too small with only one action in some locales (#2015) by @samuelwei
• Action column in admin UI is shown even if no action is available due to permissions (#2015) by @samuelwei
• Action column in admin UI user list no always shown (#2015) by @samuelwei

Full Changelog: v4.3.1...v4.4.0

PILOS 4.3.1

This update of PILOS v4 fixes a bug in the Greenlight v2 compatibility mode routing and improves the recording documentation.

---

To Install this version check our Getting Started Guide

---

Fixed

• Greenlight compatibility default_room route (5c9059b) by @samuelwei
• Recording documentation (d6962c4, 603fd3d) by @samuelwei

Full Changelog: v4.3.0...v4.3.1

PILOS 4.3.0

This update of PILOS v4 introduces enhanced permission restrictions for non-superusers, a command to provision via JSON-file, numerous new frontend tests, and improved error handling. Additionally, various UI issues have been fixed, including search and loading errors, as well as inconsistencies in form validation and dropdown menus.

---

To Install this version check our Getting Started Guide

---

Added

• Missing loading retry button on room types overview page (#1588) by @samuelwei
• Reload button for replacement room type in delete dialog on room types overview page (#1588) by @samuelwei
• Permission restrictions to prevent non-superusers from editing and deleting superusers (#1651) by @samuelwei
• Permission restrictions to prevent non-superusers from assigning the superuser role (#1651) by @samuelwei
• Environment variable for configuring restricted permissions that cannot be assigned to non-superuser roles (#1651) by @samuelwei
• Display raw permission names in the admin interface (#1651) by @samuelwei
• Visual tests with Happo.io (#1600) by @samuelwei
• Artisan command for provisioning via JSON file (#1636, #1678) by @pizkaz
• Frontend tests for Footer (#1150, #1844) by @Sabr1n4W
• Frontend tests for Banner (#1150, #1844) by @Sabr1n4W
• Frontend tests for Forgot Password, Password Reset, Verify Email pages (#1150, #1844) by @Sabr1n4W
• Frontend tests for Admin Index page (#1150, #1844) by @Sabr1n4W
• Frontend tests for Admin Settings page (#1150, #1844) by @Sabr1n4W
• Frontend tests for Admin Users page (#1150, #1844) by @Sabr1n4W
• Frontend tests for Admin Roles page (#1150, #1844) by @Sabr1n4W
• Frontend tests for Admin Room Types page (#1150, #1844) by @Sabr1n4W
• Frontend tests for Admin Servers page (#1150, #1844) by @Sabr1n4W
• Frontend tests for Admin Server Pools page (#1150, #1844) by @Sabr1n4W
• Frontend tests for Meetings Index page (#1150, #1844) by @Sabr1n4W

Changed

• Real-time input validation on create superuser command (#1651) by @samuelwei
• Error handling in room statistics (#1535, #1600) by @samuelwei
• Error handling in room attendance (#1535, #1600) by @samuelwei
• Close multiselect dropdowns on selection (#1588) by @samuelwei, @Sabr1n4W
• Permissions loading behaviour on view/edit page of roles (#1588) by @samuelwei, @Sabr1n4W
• Improve frontend tests for login page (#1794) by @Sabr1n4W
• Access code input type on room settings section to hide browser arrow buttons (#1827, #1829) by @samuelwei
• Improve current Frontend tests (#1150, #1844) by @Sabr1n4W
• Bumped BBB Recording Player to 5.2.1 (#1855) by @samuelwei

Fixed

• Search not disabled during loading on the overview pages for roles, room types, servers and server pools (#1675, #1588) by @samuelwei, @Sabr1n4W
• Overlays not shown after loading error on view/edit pages of servers and server pools (#1677, #1588) by @samuelwei, @Sabr1n4W
• Dialog buttons not disabled correctly during actions on the overview/view/edit pages for roles, room types, servers and server pools (#1711, #1588) by @samuelwei, @Sabr1n4W
• Dialogs being closable during loading on the overview/view/edit pages for roles, room types, servers and server pools (#1588) by @samuelwei, @Sabr1n4W
• Form validation error messages on view/edit pages room types, server pools and application settings (#1588) by @samuelwei, @Sabr1n4W
• Error handling on the overview page of users (#1588) by @samuelwei, @Sabr1n4W
• Stale error handling on the view/edit page of sever pools (#1588) by @samuelwei, @Sabr1n4W
• 404 error handling on the room types delete dialog (#1588) by @samuelwei, @Sabr1n4W
• Set empty BBB logo image url (#1751, #1588) by @samuelwei, @Sabr1n4W
• 401 error handling on view/edit/create page of users (#1588) by @samuelwei, @Sabr1n4W
• Overlay reload buttons on view/edit/create page of roles, room types, servers and server pools (#1588) by @samuelwei, @Sabr1n4W
• Wrong error message shown for 422 errors when verifying email (#1744, #1758) by @Sabr1n4W
• Broken banner link style 'warning' (#1759, #1760) by @samuelwei
• Inconsistent select/multiselect loading states (#1772) by @Sabr1n4W
• Input fields not disabled correctly on login page (#1791, #1794) by @Sabr1n4W
• Style of 'clear' button of the room replacement selector in the 'Delete room type' dialog (#1784, #1787) by @samuelwei
• Inconsistent result ordering in tables on equal primary sorting criteria (#1601, #1795) by @samuelwei
• Missing form validation feedback for password fields on login page (#1801) by @samuelwei
• Missing form validation feedback on forgot password page (#1802) by @samuelwei
• Room limit radio on edit roles page not reset on stale error (#1824, #1825) by @samuelwei

Full Changelog: v4.2.0...v4.3.0

---

Special thanks to @Sabr1n4W for her incredible dedication over the past 12 months in re-implementing our test suite in Cypress and adapting it for the new UI. Your hard work and commitment have been invaluable to this project!