From c3d3c3a6e9d0c5a82d58c566eae1c41482d9472e Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Mon, 9 Feb 2026 15:47:12 +0100
Subject: [PATCH] app: if repo changes, do not autoupdate

---
 src/apps.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/apps.js b/src/apps.js
index e4213acca..d84e9666e 100644
--- a/src/apps.js
+++ b/src/apps.js
@@ -777,6 +777,9 @@ function canAutoupdateAppSync(app, updateInfo) {
 
     if (updateInfo.unstable) return { code: false, reason: 'Update is marked as unstable' }; // only manual update allowed for unstable updates
 
+    // for community apps, it's a warning sign when the repo changes (for example: versions domain gets hijacked)
+    if (docker.parseImageRef(manifest.dockerImage).fullRepositoryName !== docker.parseImageRef(app.manifest.dockerImage).fullRepositoryName) return { code: false, reason: 'Package docker image repository has changed' };
+
     if ((semver.major(app.manifest.version) !== 0) && (semver.major(app.manifest.version) !== semver.major(manifest.version))) {
         return { code: false, reason: 'Major package version requires review of breaking changes' }; // major changes are blocking
     }