Features
- Added support for copying APIs, queries, and JavaScript objects between applications. (#41919) (#41920)
- Prevented Community Edition from starting when connected to a database previously used by Enterprise Edition. (#41906)
Fixes
- Blocked Redis datasource connections to the internal Appsmith Redis instance. (GHSA-qhfj-g87x-m39w) (#41921)
- Fixed Storybook issues by removing an overly broad
minimatchresolution, allowingglobv10/v11 to correctly supportGLOBSTAR. (#41949) - Applied a batch of dependency updates to address 17 security vulnerabilities identified during release image scans. (#41947)
- Upgraded Spring Boot to
3.5.14and Netty to4.1.135to address multiple CVEs. (#41928) - Improved Git error handling by distinguishing a missing default branch from an SSH key misconfiguration. (#41940)
- Applied dependency updates to address 1 additional security vulnerability. (#41942)
- Ensured cloned pages generate unique widget IDs, preventing widget conflicts. (#41762)
- Applied dependency updates to address 15 additional security vulnerabilities. (#41913)
- Upgraded
joito18.2.1to address CVE-2026-48038. (GHSA-q7cg-457f-vx79) (#41891) - Added validation to ensure pages belong to the correct application during partial exports. (GHSA-9xfc-9f97-x524) (#41832)
- Improved test stability by wrapping the
PropertyPaneTitleF2 assertion inwaitFor. (#41888) - Fixed an issue where SSO login redirects landed on
/applicationsinstead of the originally requested application. (#41820) - Replaced
innerHTMLanddangerouslySetInnerHTMLwith safer alternatives to improve security. (#41836)
Breaking changes
- The hardcoded
IN_DOCKERenvironment variable in the published image has been removed. It has been replaced with a new environment variableAPPSMITH_DISABLE_SSRF_FILTERwhich can be used in local development to reach local HTTP and Redis datasources. (#41921)