This patch release brings a number of important bug fixes and refinements, including improved modal behavior, Param integration fixes for ESM, and security hardening of authentication templates. Thanks to @harmvanderheijden, @MarcSkovMadsen, @maximlt, and @philippjfr for their contributions.
Enhancements
- Improve
.from_param()error messages (#8047) - Add
--reuse-sessions warmoption to preload and cache apps before first use (#8087)
Security
- Fix XSS vulnerabilities in login and OAuth error templates by escaping user-controlled input (#8049)
Bug Fixes
- Fix
value_throttledhandling in Param panes (#8057) - Prevent
AutocompleteInputfrom resetting whenrestrict=False(#8056) - Fix callback cleanup for
--reuse_sessionsmode (#8052) - Reset
param.Eventstate on ESM components (#8054) - Allow
Playercomponents to start upon initialization (#8058) - Fix modal dialog stacking and focus behavior in VanillaTemplate (#8059, #8060)
- Avoid errors in
Tabulatorwhen editing DataFrames withpd.NAvalues (#8068) - Add guard for undefined
urlinImportedStyleSheet(#8071) - Ensure session token payload is correctly updated when reusing sessions (#8072)
- Ensure
--reuse-sessionscaches the--indexapp correctly (#8073) - Add debounce logic to
ModelChangedevents in Pyodide to improve performance and prevent redundant updates (#8077) - Ensure
Layoutableparams propagate to HoloViews plots (#8078) - Fix regression in handling
param.Actionin.from_param()utility (#8079) - Ensure
LoadingSpinner.visiblecorrectly hides the component (#8081) - Ensure
JSONEditortriggers on re-ordering of nodes (#8086) - Fix
JSONEditormenu option to improve usability (#8085)
Documentation
- Add websocket communication how-to guide to documentation (#7952)
- Add note about increasing proxy buffer size for OAuth behind reverse proxies (#8084)
Maintenance
- Fix gallery deployment automation (#8055)