FIND-20260325-005 · 2026-03-25 · Innovation Veille

Coolify v4.0.0-beta.470 released — security fixes in proxy config and shell escaping

release HIGH
Coolify beta.470 was released on March 24, 2026 with a security-focused patch. Key fixes include proxy configuration validation, shell argument escaping in deployments (prevents injection), environment variable resolution in compose files, GitHub webhook handling, and hostname validation. New features include EspoCRM one-click template and Nightwatch monitoring. Storage API now exposes UUID endpoints for databases and services.

Source

https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.470

ODS Impact

ODS infrastructure uses Coolify as the PaaS layer for all service deployments across 4 GCP VPS nodes. The shell argument escaping fix is critical — malicious environment variable values in compose deployments could have executed arbitrary commands. Update Coolify from beta.469 to beta.470 immediately via the Coolify self-update mechanism.

Security Review

License: Apache-2.0 | Maintenance: ACTIVE | Risk: LOW | Recommendation: ADOPT

Tags

coolify release security paas deployment infrastructure
Generated by ODS Innovation Veille · 2026-03-25T07:06:03+00:00