github dreamfactorysoftware/dreamfactory 7.4.0
on GitHub

12 hours ago

DreamFactory v7.4.0 delivers significant security hardening, introduces MCP (Model Context Protocol) server support, and enhances Azure AD/Entra ID integration with group-to-role mapping capabilities.

New Features

MCP Server Integration

  • New Package: df-mcp-server v1.0.0 — Introduces Model Context Protocol (MCP) server capabilities, enabling AI-powered applications to interact with DreamFactory APIs
  • Custom login page support for MCP Services

Azure AD / Entra ID Group-to-Role Mapping

  • Map Entra ID groups directly to DreamFactory roles for seamless permission management
  • Automatic permission synchronization when users log in — group membership changes are now detected and applied
  • Enhanced service configuration UI with role-per-app settings display

OAuth & Authentication Enhancements

  • Active Directory / Entra Client Credentials Flow — Full support for service account authentication
  • Session token support for client credentials authentication
  • New toggle in OAuth configuration to allow/deny new user creation during SSO login
  • PostgreSQL system database compatibility improvements for NOT NULL constraints

API Documentation & Filtering

  • Filter services by roles and permissions in API Docs UI — Users now only see services they have access to
  • IIS compatibility fix for parameter key handling as HTTP verbs

Security Fixes

  • PTT-2025-032 — Security vulnerability patched across df-core and df-system packages
  • SQL Injection Fix (RBAC) — Replaced string concatenation with parameterized queries in role-based service filtering; added input validation for service IDs
  • XSS Prevention — Server-side input validation for service labels (max 80 characters) and descriptions (max 255 characters); HTML tag stripping implemented
  • Private Key File Validation — Added validation checks for private key files to prevent misconfigurations

Database Connectors

Oracle Database

  • New toggle in database creation/edit screens to enable full decimal type for null or unassigned integer types, matching Oracle's native defaults

AWS (DynamoDB/S3)

  • Added support for virtual relationships, enabling cross-table relationship definitions without foreign keys

Schema Management

  • Fixed virtual foreign key slider in schema tab when creating new virtual fields

Infrastructure & Connectors

HTTP/RWS Connector

  • Cleaned up HTTP/Remote Web Service connector with improved curl support
  • Better error handling and connection management

Logging

  • Refactored GelfLogger class to support Stringable message objects for modern PHP compatibility

Upgrade Notes

  • No breaking changes; standard upgrade process applies
  • Users leveraging Azure AD/Entra ID should review the new group-to-role mapping feature to simplify permission management
Check out latest releases or
releases around dreamfactorysoftware/dreamfactory 7.4.0

Don't miss a new dreamfactory release

NewReleases is sending notifications on new releases.

Get notifications