From 8e1d15a9833bf6196bf0fc16c00b72094c370923 Mon Sep 17 00:00:00 2001
From: Hoang Pham <hoangmaths96@gmail.com>
Date: Fri, 14 Nov 2025 18:00:43 +0700
Subject: [PATCH 1/9] fix whiteboard recording chrome #3

Signed-off-by: Hoang Pham <hoangmaths96@gmail.com>
---
 Containers/whiteboard/Dockerfile | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index 3e4af410..cff8ab6e 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -4,11 +4,8 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1
 
 USER root
 RUN set -ex; \
-    apk upgrade --no-cache -a; \
     apk add --no-cache bash; \
-    chmod 777 -R /tmp; \
-    if [ -f /usr/lib/chromium/chrome_crashpad_handler ]; then \
-        rm -f /usr/lib/chromium/chrome_crashpad_handler.real; \
+    if [ -f /usr/lib/chromium/chrome_crashpad_handler ] && [ ! -f /usr/lib/chromium/chrome_crashpad_handler.real ]; then \
         mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
         printf '%s\n' '#!/bin/sh' "exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database=\"\${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}\" \"\$@\"" >/usr/lib/chromium/chrome_crashpad_handler; \
         chmod +x /usr/lib/chromium/chrome_crashpad_handler; \
@@ -20,7 +17,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK CMD /healthcheck.sh
 
-WORKDIR /tmp
+WORKDIR /app
 
 ENTRYPOINT ["/start.sh"]
 

From d26924b1e714c3557c9a9912a9504d689a280bea Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 20 Nov 2025 10:40:23 +0100
Subject: [PATCH 2/9] Apply suggestion from @szaimen

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/whiteboard/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile
index cff8ab6e..cce2ed85 100644
--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@@ -5,6 +5,7 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1
 USER root
 RUN set -ex; \
     apk add --no-cache bash; \
+    chmod 777 -R /tmp; \
     if [ -f /usr/lib/chromium/chrome_crashpad_handler ] && [ ! -f /usr/lib/chromium/chrome_crashpad_handler.real ]; then \
         mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \
         printf '%s\n' '#!/bin/sh' "exec /usr/lib/chromium/chrome_crashpad_handler.real --no-periodic-tasks --database=\"\${CRASHPAD_DATABASE:-/tmp/chrome-crashpad}\" \"\$@\"" >/usr/lib/chromium/chrome_crashpad_handler; \
@@ -17,7 +18,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK CMD /healthcheck.sh
 
-WORKDIR /app
+WORKDIR /tmp
 
 ENTRYPOINT ["/start.sh"]
 

From 37c16e1b757234e32fc1fc549ba72e073647e6dd Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 11:01:11 +0100
Subject: [PATCH 3/9] fix typo

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index fbfaff8e..fa0e4af5 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -757,7 +757,7 @@ class ConfigurationManager
 
     public function GetCollaboraSeccompPolicy() : string {
         $defaultString = '--o:security.seccomp=';
-        if ($this->isSeccompDisabled()) {
+        if (!$this->isSeccompDisabled()) {
             return $defaultString . 'true';
         }
         return $defaultString . 'false';

From dfd2cd7d3eacf4a41e2b3c5617c5759b900ae84d Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 14:29:14 +0100
Subject: [PATCH 4/9] Revert "build(deps): bump collabora/code from 25.04.7.1.1
 to 25.04.7.2.1 in /Containers/collabora"

---
 Containers/collabora/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile
index d9b3018a..10f068ea 100644
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.7.2.1
+FROM collabora/code:25.04.7.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

From d3fb61bef04f3308250f79095925a177dc5ca089 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Nov 2025 13:31:22 +0000
Subject: [PATCH 5/9] build(deps): bump peter-evans/create-pull-request in
 /.github/workflows

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.8 to 7.0.9.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/271a8d0340265f705b14b6d32b9829c1cb33d45e...84ae59a2cdc2258d6fa0732dd66352dddae2a412)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 7.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/collabora.yml             | 2 +-
 .github/workflows/dependency-updates.yml    | 2 +-
 .github/workflows/imaginary-update.yml      | 2 +-
 .github/workflows/nextcloud-update.yml      | 2 +-
 .github/workflows/psalm-update-baseline.yml | 2 +-
 .github/workflows/talk.yml                  | 2 +-
 .github/workflows/update-helm.yml           | 2 +-
 .github/workflows/update-yaml.yml           | 2 +-
 .github/workflows/watchtower-update.yml     | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 57f2fdc0..f1092f68 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -18,7 +18,7 @@ jobs:
         mv cool-seccomp-profile.json php/
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: collabora-seccomp-update automated change
         signoff: true
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 9a2432fb..f4c6e22e 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -44,7 +44,7 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: php dependency updates
         signoff: true
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 2affec36..81b5785f 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
         sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: imaginary-update automated change
         signoff: true
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 24246326..ca8086a9 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -79,7 +79,7 @@ jobs:
         fi
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: nextcloud-update automated change
         signoff: true
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index a671f546..6ae81616 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -30,7 +30,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index e88d6571..adf4ffa9 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
         sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: talk-update automated change
         signoff: true
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index ab706366..5e2227a7 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -23,7 +23,7 @@ jobs:
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
         with:
           commit-message: Helm Chart updates
           signoff: true
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index f7677d5e..44358acf 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
         with:
           commit-message: Yaml updates
           signoff: true
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 8d8465ff..a7c664d8 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -26,7 +26,7 @@ jobs:
         sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
         
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7
       with:
         commit-message: watchtower-update automated change
         signoff: true

From aec3d09048de8cbcc70cc437c61dd6c8515db0a9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Nov 2025 13:31:46 +0000
Subject: [PATCH 6/9] build(deps): bump actions/checkout in /.github/workflows

Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5.0.1...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codespell.yml                | 2 +-
 .github/workflows/collabora.yml                | 2 +-
 .github/workflows/community-containers.yml     | 2 +-
 .github/workflows/dependency-updates.yml       | 2 +-
 .github/workflows/docker-lint.yml              | 2 +-
 .github/workflows/helm-release.yml             | 2 +-
 .github/workflows/imaginary-update.yml         | 2 +-
 .github/workflows/json-validator.yml           | 2 +-
 .github/workflows/lint-helm.yml                | 2 +-
 .github/workflows/lint-php.yml                 | 2 +-
 .github/workflows/nextcloud-update.yml         | 2 +-
 .github/workflows/php-deprecation-detector.yml | 2 +-
 .github/workflows/playwright.yml               | 2 +-
 .github/workflows/psalm-update-baseline.yml    | 2 +-
 .github/workflows/psalm.yml                    | 2 +-
 .github/workflows/shellcheck.yml               | 2 +-
 .github/workflows/talk.yml                     | 2 +-
 .github/workflows/twig-lint.yml                | 2 +-
 .github/workflows/update-copyright.yml         | 2 +-
 .github/workflows/update-helm.yml              | 2 +-
 .github/workflows/update-yaml.yml              | 2 +-
 .github/workflows/watchtower-update.yml        | 2 +-
 22 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 1d14787a..c1bc4889 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: Check spelling
         uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2
         with:
diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml
index 57f2fdc0..6d8f9a79 100644
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -10,7 +10,7 @@ jobs:
     name: update collabora
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run collabora-profile-update
       run: |
         rm -f php/cool-seccomp-profile.json
diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml
index 026b6e5f..cd3a9530 100644
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: Validate structure
         run: |
           CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
index 9a2432fb..8f1cde51 100644
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,7 +10,7 @@ jobs:
     name: Run dependency update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
       with:
         php-version: 8.4
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
index 5495ca0c..0efebdbb 100644
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
 
       - name: Install hadolint
         run: |
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
index 5a108936..1b083b64 100644
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
 
       - name: Turnstyle
         uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2
diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml
index 2affec36..97de4429 100644
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update to latest imaginary commit on master branch
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run imaginary-update
       run: |
         # Imaginary
diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml
index c7a25b1b..d406e011 100644
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: Validate Json
         run: |
           sudo apt-get update
diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml
index 0dc17ffa..1f7f2e72 100644
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 9e4b2444..bf449e1f 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml
index 24246326..1aaa9a99 100644
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
     name: Run nextcloud-update script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run nextcloud-update script
       run: |
         # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml
index dc2ee90e..22ed9854 100644
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -16,7 +16,7 @@ jobs:
     name: PHP Deprecation Detector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
       - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
         with:
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 31f5bb29..df791fe6 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
 
       - uses: actions/setup-node@v6
         with:
diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml
index a671f546..65b57197 100644
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
 
       - name: Set up php
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index b54344c4..21ecf1e6 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -32,7 +32,7 @@ jobs:
     name: static-psalm-analysis
     steps:
       - name: Checkout
-        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 4199b93b..2c0fd697 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check Shell
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run Shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
       with:
diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml
index e88d6571..5b477eb2 100644
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -10,7 +10,7 @@ jobs:
     name: update talk
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run talk-container-update
       run: |
         # Recording
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index e7c27f74..d8730987 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
 
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2
diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml
index 8ae3e445..353e5e9d 100644
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -8,4 +8,4 @@ jobs:
     name: update copyright
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v6.0.0
diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index ab706366..6a0d5bf8 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: update helm chart
         run: |
           set -x
diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml
index f7677d5e..a1b85b98 100644
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.0
       - name: update yaml files
         run: |
           sudo bash manual-install/update-yaml.sh
diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml
index 8d8465ff..b227a4fa 100644
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -10,7 +10,7 @@ jobs:
     name: update watchtower
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v6.0.0
     - name: Run watchtower-container-update
       run: |
         # Watchtower

From 32ab3aa2962533deb8602dfaee9385424cc2cd09 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 14:32:33 +0100
Subject: [PATCH 7/9] collabora: adjust some additional things

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/containers.json | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/php/containers.json b/php/containers.json
index 86d0e508..0a48b3ea 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -380,7 +380,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
@@ -399,10 +399,7 @@
         "SYS_ADMIN",
         "SYS_CHROOT",
         "FOWNER",
-        "CHOWN",
-        "MAC_OVERRIDE",
-        "BLOCK_SUSPEND",
-        "AUDIT_READ"
+        "CHOWN"
       ],
       "cap_drop": [
         "NET_RAW"

From 7661f45ccef34fe5be41838e7005d617aca4eca0 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 14:39:09 +0100
Subject: [PATCH 8/9] increase to v12.1.4

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/templates/containers.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index cb3a6d7f..39a2de48 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v12.1.3</h1>
+            <h1>Nextcloud AIO v12.1.4</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

From eda5151bb2a17c5909a9ba1e7f86db130de82fd5 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 24 Nov 2025 15:00:28 +0100
Subject: [PATCH 9/9] re-enable whiteboard by default

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 php/src/Data/ConfigurationManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index fa0e4af5..0b0a034d 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -164,10 +164,10 @@ class ConfigurationManager
 
     public function isWhiteboardEnabled() : bool {
         $config = $this->GetConfig();
-        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 1) {
-            return true;
-        } else {
+        if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 0) {
             return false;
+        } else {
+            return true;
         }
     }