github windmill-labs/windmill v1.668.5
on GitHub

5 hours ago

1.668.5 (2026-03-29)

Bug Fixes

  • add per-IP and per-account brute force protection on login endpoint (#8601) (06bbe7b)
  • add timestamp validation to webhook signature verification (#8596) (74fba2a)
  • disable workspace webhook events when CLOUD_HOSTED (#8598) (be7fbeb)
  • harden login rate limiting with CLOUD_HOSTED gating and memory eviction (#8602) (754b88a)
  • prevent SSRF and local file read via git repository resource URLs (#8600) (845db72)
  • rename snippet param to avoid svelte compiler shadowing bug in asset usages drawer (#8595) (8c770a2)
  • require mcp: scope for MCP endpoints instead of blanket bypass (#8597) (f5fc9f8)
  • use constant-time comparison for API key and basic auth validation (#8593) (b4d1f2a)
  • validate JSON before sql_builder bind to prevent injection via JSONB queries (#8599) (970e859)
Check out latest releases or
releases around windmill-labs/windmill v1.668.5

Don't miss a new windmill release

NewReleases is sending notifications on new releases.

Get notifications