Security
- ⚠️ Prevent Zero-click XSS attacks via user-defined link fragments (GHSA-mhpg-c27v-6mxr by @evnchn, @falkoschindler)
- ⚠️ Prevent XSS attacks via user-defined links in apps with
ui.sub_pages(GHSA-m7j5-rq9j-6jj9 by @evnchn, @falkoschindler, @xx-mikusan-xx) - ⚠️ Prevent XSS attacks via user-defined URL in
ui.navigate.pushandui.navigate.replace(GHSA-7grm-h62g-5m97 by @xx-mikusan-xx, @evnchn, @falkoschindler) - ⚠️ Prevent service degradation via leaking Redis connections for disconnected clients (GHSA-mp55-g7pj-rvm2, #5616 by @yudelevi, @evnchn, @falkoschindler)
New features and enhancements
- Allow defining table cell slots without string templates (#846, #1138, #2080, #2625, #3148, #3317, #3540, #3662, #3939, #5092, #5591, #5592 by @tofusoul, @kleynjan, @retsyo, @me21, @CrystalWindSnake, @Ottokranz, @williamhCode, @marcuslimdw, @zceemja, @strunov, @Yuerchu, @falkoschindler, @evnchn)
- Introduce
ui.anywidgetandui.altair(#657, #5096, #5137 by @murilomm192, @Jerold-S, @azjps, @evnchn, @falkoschindler, @Noghpu, @s-meza) - Allow disabling or setting a custom GZipMiddleware (#5582 by @falkoschindler, @denniswittich, @evnchn)
- Introduce
on_clickforui.echart(#5576, #5578 by @TheOtherRealm, @evnchn, @falkoschindler) - Add support for scheme validations with AJV formats in
ui.json_editor(#4748, #5571 by @phnmn, @evnchn) - Convert
ui.plotlyandui.joystickinto JavaScript components for faster loading (#5567, #5568 by @evnchn, @falkoschindler) - Add
prefixandsuffixproperties toui.inputandui.number(#5534 by @Yuerchu, @evnchn, @falkoschindler) - Check dependencies for naming conflicts (#5495 by @evnchn, @falkoschindler)
Bugfixes
- Avoid default parameter values overwriting default props (#4856, #4857, #5505, #5622 by @SHDocter, @falkoschindler, @thetableman, @evnchn)
⚠️ Note: This bugfix changes the name of some undocumented, internally used props. If you happen to have used them in advanced use cases in user code, refer to this list of all renamed props. NiceGUI will warn and auto-convert them. This backward compatibility will be removed in NiceGUI 4.0. - Fix Docker bind-mount regression after uv migration (#5593, #5600 by @lpellicer, @evnchn)
⚠️ Note: If you adjusted your code/workflows to work around the 3.4.0 regression, you can now undo those workarounds for 3.5.0. - Fix
ui.mermaidsending error events to wrong UI element (#5597, #5599 by @AwMalka, @evnchn, @falkoschindler) - Fix
ui.timerleaking memory when client disconnects immediately (#5595, #5598 by @ftilde, @evnchn, @falkoschindler)
Documentation
- Extend documentation about input validation (#5584, #5620 by @whoamiafterall, @evnchn)
- Make sure example images are always shown (#5604, #5605 by @evnchn)
- Segment direct & inherited properties/methods in reference documentation to enhance readability (#5484 by @himbeles, @evnchn, @falkoschindler)
Testing
- Test
.vuecomponents (#5619 by @evnchn, @falkoschindler)
Special thanks to our top sponsors Lechler GmbH, LambdaTest and frankhuurman ✨
and all our other sponsors and contributors for supporting this project!
🙏 Want to support this project? Check out our GitHub Sponsors page to help us keep building amazing features!