github mozilla/application-services v149.0
on GitHub

7 hours ago

v149.0 (2026-02-23)

⚠️ Breaking Changes ⚠️

General

  • Updated UniFFI to 0.31 (#7140)

Glean

  • Updated to v67.0.0 (#7177)

Nimbus

  • Added eval_jexl_debug() method to NimbusTargetingHelper interface for CLI testing and debugging. Evaluates JEXL expressions and returns debug results as JSON. Consumers implementing this interface must add the new method.
    (#7156)
    (#31607)
  • Update Cirrus MetricsHandler interface for recording enrollment status to specify nimbus user id as separate metric and change method name from record_enrollment_statuses to record_enrollment_statuses_v2. Consumers implementing this interface must add the new method.
    (#14280)
  • Move nimbus_events.enrollment_status to new nimbus-targeting-context ping, and add Nimbus MetricsHandler interface method submit_targeting_context to submit the ping. Consumers implementing this interface must add the new method. (#14542)
  • Enable using PreviousGeckoPrefState to revert Gecko pref experiments when applicable (#7157)

Error support

  • Removed the tracing-logging and tracing-reporting features, these are now always enabled.
    We don't believe this should affect any consumers, since they're were already using the
    tracing-logging feature and were either also using tracing-reporting or not handling error
    reporting at all.
  • Reworked register_event_sink signature to allow it to register an event sink for muliple targets at once.
  • Reworked unregister_event_sink. It now inputs the return value from register_event_sink.
  • Removed register_min_level_event_sink and unregister_min_level_event_sink.
    Use the new register_event_sink instead.

Logins

  • Opened count method on logins for Android. (#7207)

Autofill

  • Added count methods for credit cards and addresses. (#7207)

✨ What's New ✨

Ads Client

  • Adds new Kotlin AdsClientTelemetry.kt wrapper for Glean callbacks.
  • Try to reset cache database schema on connection initialization failure.
  • Reset cache on context ID rotation.
  • Enable staging environment support for all platforms (previously feature-gated)
  • Temporarily disable cache invalidation on click and impression recording (will be re-enabled behind Nimbus experiment)
  • Enable automatic context_id rotation every 3 days
  • BREAKING: Removed cycle_context_id() API method - context_id rotation is now automatic
  • Modified HTTP cache to ignore context_id field in request bodies when generating cache keys, preventing unnecessary cache invalidation on rotation

Android

  • Upgraded Kotlin compiler from 2.2.21 to 2.3.0 (#7183)

FxA Client

  • Support for the token exchange API, which we plan to use for getting access tokens for Relay.
    (#7179).
  • Removed SwiftKeychainWrapper logic. (#7150)

Logins

  • Added runMaintenance API to DatabaseLoginsStorage

Nimbus

  • Adds a Vec<PreviousGeckoPrefState> on ExperimentEnrollment when it is of type EnrollmentStatus::Enrolled and getters and setters. This is to support returning to an original value on Gecko pref experiments.
  • Added eval-jexl command to nimbus-cli for evaluating JEXL targeting expressions against the app context. Useful for testing and debugging targeting expressions on iOS and Android.
    (#7160)
  • Added Android support for eval-jexl functionality through the NimbusTargetingHelper.evalJexl() method, enabling JEXL expression evaluation on Android with full targeting context support.
    (#7163)
  • Fixed nimbus-cli eval-jexl command to work reliably on Android by removing logcat filters, clearing logs before evaluation, and increasing retry timing for better device compatibility.
    (#7173)
  • Added recordEventOrThrow() method to Nimbus Android SDK, allowing callers to catch database errors when recording events. Unlike recordEvent(), this method does not suppress exceptions, enabling error handling in consumers like Fenix.

Logins

  • Added runMaintenance API to DatabaseLoginsStorage
  • Add password reuse detection for breach alerts: Database schema upgraded to version 4 with new breachesL table storing encrypted breached passwords. New APIs are_potentially_vulnerable_passwords() (batch check) and is_potentially_vulnerable_password() (single check) enable cross-domain password reuse detection.
  • Add record_potentially_vulnerable_passwords() API for bulk-inserting breached passwords into the breach database. This is used during import operations (add_many_with_meta()) to automatically populate the breach database with passwords from logins with known breaches.
  • Move breach alert fields (time_of_last_breach, time_last_breach_alert_dismissed) from LoginFields to LoginMeta to group internally managed fields that are not directly updateable via the update() API.

Ads-Client

  • Adds new Kotlin AdsClientTelemetry.kt wrapper for Glean callbacks.

Relay

  • Added X-Relay-Client header to all Relay API requests with automatic platform detection (appservices-ios, appservices-android, etc.) to help the backend distinguish mobile vs desktop requests for telemetry.

Viaduct

  • Support setting default user-agent headers.

Error support

  • Added the RustComponentsErrorTelemetry.submitErrorPing method to allow Android consumers to submit rust components error pings.

🔧 What's Fixed 🔧

Remote Settings

Full Changelog

Check out latest releases or
releases around mozilla/application-services v149.0

Don't miss a new application-services release

NewReleases is sending notifications on new releases.

Get notifications