5.42.1 (2026-04-15)

🔥 Bug fix

• typo in Russian translation for upload button (#25946)
• fixed 9 typos, spelling errors, and duplicate words. (#25936)
• skip form onChange when markdown updates come from setValue (#25955)
• adjust typo in test (#25960)
• update snapshot (9b2501ceeb)
• increase test timeout (f50134dbae)
• preserve relations in fill from another locale (#25703)
• enable save button when re-ordering components or dynamic zones (#25959)
• made changes to resolve Firefox timepicker issue (#25129, #25438)
• admin: batch content manager permission checks and reuse session ability (#25911)
• core: add firstPublishedAt field to draft (#25947)
• document-service: preserve relations during publish (#25909)
• tests: type errors cause build to fail which cause tests to fail (072ad0d801)
• upload: cache busting for cross-origin images in crop (#25950)
• upload-aws-s3: trust S3 response Location URL for compatible providers (#25939)

⚙️ Chore

• fix typos in comments and docs (12dfbe97c9)
• adding finnish translation to Strapi Admin (#25620)
• fix typos in comments and docs (91407798c4)
• update Polish language translations (#23762)
• deps: bump lodash from 4.17.23 to 4.18.1 (#25919)
• deps: bump lodash-es from 4.17.23 to 4.18.1 (#25906)
• deps: bump nodemailer from 8.0.4 to 8.0.5 (#25963)
• deps: bump axios from 1.13.5 to 1.15.0 (#25980)
• deps: bump path-to-regexp from 8.4.1 to 8.4.2 (#25901)
• examples: delete config.server.url to restore port override capability (#26011)

❤️ Thank You

• Adrien L @Adzouz
• akash-dabhi-qed @akash-dabhi-qed
• Antti Tuppurainen
• Bassel Kanso @Bassel17
• Jamie Howard @jhoward1994
• Mark Kaylor @markkaylor
• mathildeleg @mathildeleg
• Michał Kleszczyński @Magiczne
• Nico André @nclsndr
• Shalabh Gupta @coding-shalabh
• Tony @tonytkachenko
• Yohaan Narayanan @yohaann196
• Yohei Yamamoto @NAM-MAN

1.4.13 (2026-04-12)

Thank you for your donations:

One-time

• @boris22100
• @mkorthaus-private

Monthly

• You? Become a sponsor!

Features

• Contacts: Store trusted senders in a dedicated JMAP address book (#176)
• Email: Warn on send when attachment keyword found but no file attached (#172)
• Email: Enable keyword reordering (#174) and multi-tag support per email (#173)
• PWA: Add "don't remind me again" option to install prompt
• Auth: Add SESSION_SECRET_FILE and OAUTH_CLIENT_SECRET_FILE environment variable support
• Plugins: Add onAvatarResolve plugin hook
• Docker: Publish main and dev branches as separate GHCR packages

Fixes

• Email: Style links in plain text emails
• Email: Seed list history entry when app initializes on an email view
• Email: Remount composer on draft edit and preserve identity (#60)
• Contacts: Display contact names stored in name.full (#179)
• Contacts: Fix category dropdown blocking Save button in contact form (#177)
• Contacts: Resolve TS error from optional name.components in vCard parser
• Search: Search all folders when filtering emails by tag (#175)
• Auth: Include mount prefix in SSO redirect URI when app is served under a subpath
• PWA: Correct PWA icons with proper sizing, transparency, and dark/light mode support

1.4.12 (2026-04-09)

Thank you for your donations:

One-time

• @mkorthaus-private

Monthly

• You? Become a sponsor!

Features

• PWA: Add PWA support with service worker and install prompt
• Calendar: Add birthday calendar feature with settings and localization
• Calendar: Clamp February 29 birthdays in non-leap years
• Identity: Add automatic identity synchronization (#167)
• Plugins: Disable plugins by default and require admin approval
• Plugins: Replace auth header exposure with a secure HTTP proxy API for plugins
• Auth: Add configurable OAuth scopes and cookie security via environment variables
• Email: Sync mail view to browser history for back/forward navigation
• Contacts: Add ability to rename address books (#152)
• UI: Add version badge in settings
• i18n: Add Latvian (lv) locale support
• i18n: Add Polish language support
• i18n: Add Korean language support
• i18n: Add Simplified Chinese (zh_CN) locale support

Fixes

• Email: Show recipient instead of sender in Sent and Drafts folder lists
• Email: Embed dropped images as data URLs and prevent duplicate attachments (#163)
• Email: Fix logic for marking email as read in EmailViewer
• Email: Fix archive action passing MouseEvent as argument
• Mailbox: Preserve search filters on push-triggered mailbox refresh (#164)
• Mailbox: Align shared account folders with primary folders (#151)
• Mailbox: Fetch mailboxes on mount in FolderSettings when store is empty
• Mailbox: Improve mailbox deletion error handling
• Calendar: Improve calendar event retrieval by batching requests to avoid server limits (#141)
• Calendar: Compute per-occurrence UTC start/end in recurrence expansion (#116)
• Calendar: Guard against undefined trigger in calendar event alert popover (#143)
• Files: Stream WebDAV PUT uploads to avoid buffering in memory (#162)
• Files: Prune recent files against server nodes on refresh (#146)
• Files: Fix file deletion logic to update recent files and handle errors (#146)
• Files: Extend file drop zone to fill remaining viewport height
• Files: Fallback to application/octet-stream for long MIME types
• Security: Replace unguarded crypto.randomUUID() with safe generateUUID() utility
• Security: Validate plugin HTTP post URL against origin with regression tests
• Security: Allow blob images in CSP for inline drag-and-drop (#163)
• Auth: Resolve settings sync identity mismatch for OAuth/SSO sessions (#127)
• Contacts: Fix address book ID namespacing for shared contacts in create and update operations (#133)
• UI: Fix focused mode expanding beyond screen bounds (#156)
• API: Handle 403 on principal fetch without console error
• API: Enhance error handling in Stalwart API responses

5.42.0 (2026-04-08)

🚀 New feature

• removing A/B testing from the prompt Currently A/B testing opt-in isn't used, so removing it from the CLI (8d5b04ece4)
• changing sonar variable (0d822ade04)
• data-transfer: add directory export/import format (#25867)

🔥 Bug fix

• change return to continue in deleteRelations when using foreign keys (#25857)
• hide legacy options (da9cdfc640)
• contains filter no longer returns empty data (#25810)
• typos in documentation plugin README (4ff54bff36)
• admin: p is not function error (#25663)
• content-manager: pass component schemas when rebuilding list view headers (#25872)
• content-manager: wrap single type displayName with formatMessage (#25880)
• core: relation handling preserves order during unpublish/republish cycles (#25764)
• create-strapi-app: generate .yarnrc.yml for Yarn projects (#25869)
• documentation: use dist extensions path in production (#25863)

📚 Documentation Changes

• fix typos in documentation plugin README (8e11e41247)

⚙️ Chore

• add .claude directory to gitignore (e85aa81cdf)
• sonarqube variables like in their docs (40f9ecd6c7)
• deps: bump minimatch from 10.2.4 to 10.2.5 (#25879)
• deps: bump @xmldom/xmldom from 0.8.6 to 0.8.12 (#25877)
• deps: bump path-to-regexp from 8.2.0 to 8.4.0 (#25850)
• deps: bump undici from 6.24.0 to 6.24.1 (#25785)
• deps: bump handlebars from 4.7.7 to 4.7.9 (#25841)
• deps: bump yauzl from 3.2.0 to 3.2.1 (#25729)
• deps: bump bn.js from 4.12.0 to 4.12.3 (#25691)
• deps: bump js-yaml from 3.14.1 to 3.14.2 (#25680)
• deps: bump mdast-util-to-hast from 13.2.0 to 13.2.1 (#25681)
• deps: bump path-to-regexp from 8.4.0 to 8.4.1 (#25888)
• deps: bump simple-git from 3.21.0 to 3.32.3 (#25704)
• deps: bump file-type from 21.0.0 to 21.3.2 (#25728)
• deps: bump @octokit/plugin-paginate-rest from 9.2.1 to 9.2.2 (#25693)
• deps: bump @octokit/request from 8.4.0 to 8.4.1 (#25694)
• deps: bump picomatch from 2.3.1 to 2.3.2 (#25828)
• deps: bump nodemailer from 8.0.1 to 8.0.4 (#25848)

❤️ Thank You

• Adrien L @Adzouz
• Adrien Lepoutre @Adzouz
• Alexandre BODIN
• Bassel Kanso @Bassel17
• Ben Irvin
• guoyangzhen
• Jamie Howard @jhoward1994
• Joshua Klinesmith
• Simon Norris

✨ New Features & Improvements

• @directus/app
  • Moved useShortcut and translateShortcut in @directus/composables (#26979 by @HZooly)
  • added timezone support to datetime display (#26184 by @u12206050)
  • Added comparison modal checkbox to allow viewing only modified fields (#27010 by @robluton)
• @directus/composables
  • Moved useShortcut and translateShortcut in @directus/composables (#26979 by @HZooly)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed alias fields being included when selecting all fields in export (#26775 by @tysoncung)
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)
  • Fixed relational field removals inside groups not persisting on draft items (#26917 by @HZooly)
  • Fixed search input not closing when focus changes on keyboard navigation (#26970 by @Zhey-on)
• @directus/api
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)
  • Updated lodash, samlify and @xmldom/xmldom dependencies and add defu override (#27033 by @br41nslug)
  • Fixed coercion of stringified JSON in AI assistant tool arguments (#27005 by @bryantgillespie)
  • Added cleanup handlers for disconnected file streams (#26992 by @Champ-Goblem)
• @directus/errors
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)

📦 Published Versions

• @directus/app@15.8.0
• @directus/api@35.0.2
• @directus/composables@11.3.0
• create-directus-extension@11.0.34
• @directus/errors@2.3.1
• @directus/extensions-registry@3.0.24
• @directus/extensions-sdk@17.1.2
• @directus/memory@3.1.7
• @directus/validation@2.0.22

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest Crowdin changes. (#6067)
• Updated PHP dependency versions.

What's Changed

• Add more disk I/O metrics (utilization, read/write time, await, queue depth) (#1866)
• Add ability to copy alerts between systems by @svenvg93 (#1853)
• Add SENSORS_TIMEOUT environment variable (#1871)
• Replace distatus/battery with an internal implementation by @svenvg93 (#1872)
• Restrict universal token API to non-superuser accounts (#1870)
• Fix macOS ARM64 crashes by upgrading gopsutil to v4.26.3 (#1881, #796)
• Fix text size for system names in grid view by @Malith-Rukshan (#1860)
• Fix NVMe capacity reporting for Apple SSDs by @svenvg93 (#1873)
• Fix Windows root disk detection when the executable is not on the root disk (#1863)
• Fix nested virtual filesystem inclusion in Docker when mounting host root by @svenvg93 (#1859)
• Fix OPNsense installation persistence by using the daemon user by @svenvg93 (#1880)
• Upgrade JS dependencies with dependabot security alerts by @svenvg93 (#1882)
• Upgrade PocketBase to latest version

New Contributors

• @Malith-Rukshan made their first contribution in #1860

Full Changelog: v0.18.6...v0.18.7

Changelog

• 0559807 Always write complete files in sidecar meta provider
• d8f9275 Do not expose directories that can't be buckets
• c32ddff Update stage constants for ongoing requests
• 686f58c chart/README.md hostPath usage warning
• 464a82d chore(deps): bump actions/checkout from 4 to 6
• d4c0e6b chore(deps): bump docker/build-push-action from 6 to 7
• a71e94f chore(deps): bump docker/login-action from 3 to 4
• 8351970 chore(deps): bump docker/metadata-action from 5 to 6
• 6c7b03c chore(deps): bump docker/setup-buildx-action from 3 to 4
• b27e42b chore(deps): bump docker/setup-qemu-action from 3 to 4
• d2152b0 chore(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0
• 1ec724b chore(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1
• fe61e30 chore(deps): bump the dev-dependencies group with 17 updates
• 504fe99 chore(deps): bump the dev-dependencies group with 22 updates
• 85b40a6 chore(deps): bump the dev-dependencies group with 25 updates
• 3a8d658 chore(deps): bump the dev-dependencies group with 5 updates
• 7f9c943 chore: add helm lint to pr tests
• 3b76df1 chore: consistent comments
• 2ed4d7d chore: remove the unnecessary AmazonS3.xsd from s3response.
• 97cc6bf chore: run go modernize tool
• baf5cbf feat(chart): add HTTPRoute configuration
• b47ef4e feat(chart): enable persistence by default, discuss more in README
• af1a99c feat: add Helm chart for versitygw
• 285d130 feat: add browser-based POST object upload support
• db956fb feat: add cosign signing to chart OCI artifact
• 9a3ccf6 feat: add option to change webui path prefix
• 56cb36d feat: add option to disable copy-file-range for multipart uploads
• 755029d feat: add persistence.hostPath to Helm chart
• 710003f feat: add unix domain socket listener support to port option
• 59002b2 feat: implement integration tests for browser-based POST object
• 33917ad feat: implement quicker backend/posix walk algorithm
• 052f236 feat: implement x-amz-source-expected-bucket-owner for CopyObject and UploadPartCopy
• 73730d9 feat: noop plugin for gateway load testing
• a152f29 feat: option to host webui on s3 port
• e023f00 feat: remove /api/gateways webserver endpoint
• 8795c15 feat: s3proxy default to credential chain with optional anonymous access
• 3b17f05 feat: support response header overrides in HeadObject
• 604848b fix(chart): fix cosign-installer tag
• b154707 fix(chart): fix multidoc separator when 2 routes are enabled
• 47af907 fix(chart): replace buggy chart-releaser action
• 53ce309 fix(chart): use docker login for helm and cosign
• 495b38a fix: abort scoutfs multipart uploads on error after successful moveblocks
• 21a636b fix: add request headers and metadata headers limit
• 3d47e7f fix: add x-amz-bucket-region to ListObjects(V2) response headers.
• b44952d fix: allow Helm chart users to use their own, existing PVC
• ffe7383 fix: allow list buckets to use default aws region us-east-1
• dc31696 fix: azure ListBuckets pagination to use client-side continuation tokens
• 929048c fix: azure PresignedAuth_UploadPart test failure
• 271313b fix: azure close download body in CopyObject to prevent resource leak
• afbeb7c fix: azure modernize part number loop check
• 8534d28 fix: bracket IPv6 addresses in auto-detected webui gateway URLs
• 90e240d fix: change ErrMissingDateHeader http status code to 403
• 97bb705 fix: change the way object metadata is stored in posix
• 927d1d6 fix: cleanup file descriptor leaks with chown fails
• 22f0431 fix: cleanup tempfiles when error prevents calling link
• bbe246e fix: enforce 5gb copy source object size threshold.
• 2ef6cc3 fix: fix admin cli update user --project-id retrieval
• a25408c fix: remove POST object multipart boundary prefix trimming
• c260129 fix: retry link on ENOENT caused by racing DeleteObject
• 13b3dc5 fix: serialize concurrent CompleteMultipartUpload calls via rename
• fbff3f6 fix: update deprecated StandardOutput/StandardError type
• 17e5e20 fix: webui location of tailwind.js asset
• e0275ba fix: webui move explorer styling to theme.css
• 07c970e fix: webui pass correct arguments to request() in putBucketPolicy

Changelog

Bug fixes

• 95d722b: fix: test udp (@seriousm4x)

Others

• 6caddf2: Update README.md - reorganized parts and linked to Wiki instead (#1719) (@invario)
• f7dc0b2: Update docker-compose.yml (#1721) (@invario)
• 8d461e0: add note for DEVICE_IP and DEVICE_MAC availability in cmds (#1716) (@invario)
• 314d338: build(deps): bump golang.org/x/image from 0.37.0 to 0.38.0 in /backend (@dependabot[bot])
• d8bdab2: build(deps): bump yaml from 1.10.2 to 1.10.3 in /frontend (@dependabot[bot])
• 6d53e9e: fix(cron/wake): fix closure bugs, add reload hooks, and improve command robustness (#1723) (@monstercjz)
• 49d4109: gh-actions: remove go and npm, will update manually (@seriousm4x)
• 59b1723: send additional 2 magic packets via IP address for routed WOL (#1718) (@invario)
• 65d6e9f: update deps (@seriousm4x)

5.41.1 (2026-04-01)

🔥 Bug fix

• load inquirer async (043798dbe8)

❤️ Thank You

• Ben Irvin

5.41.0 (2026-04-01)

🔥 Bug fix

• use strapi.fetch for remote uploads (#25661)
• Content types with attributes named filters, sort, fields, or populate no longer cause 400 validation errors on populate queries and countDraftRelations (#21338, #25762)
• check devDependencies when resolving required admin deps (#22130)
• use max batch sizes per dialect (#25390)
• content-type-builder: default draftAndPublish to true in AI CTB (#25781)
• document-service: re-insert cascade-deleted bidirectional relations (#25725)
• graphql: expose status and hasPublishedVersion on non–D&P root queries for nested relations (#25763)
• homepage: render widgets progressively and batch permission checks (#25846)
• upload: allow removal of file type filter in media library (#25399)
• upload: row duplicate-key warning (#25670)
• upload: allow upload of files with empty MIME type (#25844)

⚙️ Chore

• deps: bump undici from 6.23.0 to 6.24.0 (#25731)
• deps: bump effect from 3.19.19 to 3.21.0 (#25796)
• scripts/check-package-versions: support Yarn catalog (#25625)

💅 Enhancement

• add customField parameter to extendFields (#22521)
• content-manager: add documentid in listview and editview (#25759)

🚨 Security

• package upgrades to remove deprecated versions of boolean, tar, and glob (#25776)

❤️ Thank You

• Adrien Foulon @Tofandel
• akash-dabhi-qed @akash-dabhi-qed
• Bassel Kanso @Bassel17
• Ben Irvin
• Daniil Barkov @giollord
• Kai Gritun
• mathildeleg @mathildeleg
• Nico André
• Shuhrat Dehkanov
• Ziyi @butcherZ

1.4.11 (2026-03-31)

Features

• Logging: Add logging categories for better log management

Fixes

• Security: Harden security with CSP enforcement, SSRF redirect validation, reenabled S/MIME chain verify, IP spoofing prevention, and PDF iframe sandbox
• Security: Harden proxy authentication and SSRF defenses
• Security: Block plugins with dangerous JS patterns and enforce strict session secret length validation
• S/MIME: Add self-signed certificate detection and update status messages for S/MIME signatures
• Email: Auto-focus input fields in email composer for improved user experience (#126)
• Mailbox: Prevent orphaning of nested mailboxes by restricting deduplication to root-level folders
• JMAP: Strip server-immutable fields from updates before sending to JMAP (#128)
• Files: Update file feature disabled messages and add stability warnings
• i18n: Add missing translation keys to all non-English locales

1.4.10 (2026-03-31)

Features

• Plugins: Add plugin configuration UI with schema-driven admin config page, calendar event action slot, and Jitsi Meet plugin
• Calendar: Implement client-side recurrence expansion for calendar events
• Calendar: Add iCal subscription editing and batch event import
• Calendar: Add hover preview settings and functionality
• Calendar: Add virtual location input for calendar events (#121)
• Email: Add reply-to addresses support in email composer
• Email: Add mail layout settings and update email list components
• Email: Add auto-select reply identity feature with settings and localization
• Email: Enhance compose functionality with button integration and translations
• Filters: Preserve activation state when updating or creating Sieve scripts to avoid deactivating server-managed vacation scripts
• Filters: Skip server-managed vacation script in Sieve script handling
• Settings: Add support for custom JMAP server endpoints in login and settings
• Settings: Add folder expansion state management and settings navigation
• UI: Add options to hide account switcher and show account avatars on navigation rail
• i18n: Add JMAP server endpoint labels and hints in multiple languages
• i18n: Add missing translation keys to all non-English locales

Fixes

• Security: Patch critical auth bypass and credential leak vulnerabilities
• Security: Support 3DES S/MIME decryption by importing legacy RSAES-PKCS1-v1_5 keys and add diagnostic logging (#35)
• Security: Account isolation, auto-import signer certs, and no-key error handling (#35)
• Calendar: Fix JSCalendar 2.0 recurrenceRule single-object compatibility (#116)
• Calendar: Enhance calendar event handling to distinguish between events and tasks
• Calendar: Link existing events to target calendar during iCal import instead of skipping (#113)
• Calendar: Deduplicate UIDs during iCal import to prevent mass failures (#113)
• Calendar: Fix events disappearing after iCal import/subscription refresh
• Calendar: Enhance calendar event handling with full-day detection and layout adjustments
• Calendar: Use UTC timestamps for timed event rendering
• Calendar: Work around Stalwart not returning Task objects via CalendarEvent/query
• Email: Enhance email loading and deduplication logic in email store (#119)
• Email: Ensure draft editing function is called correctly in EmailViewer component (#60)
• Email: Match hover action background to selected row state
• Email: Align tag counts with mailbox folder counts in sidebar
• Auth: Handle 2FA/TOTP session expiry with basic auth (#117)
• Mailbox: Improve mailbox tree logic and enhance mailbox handling with logging (#118)
• UI: Improve dark mode handling for media elements and background images
• UI: Adjust account list spacing and remove push connection indicator
• UI: Fix nested button in theme card

1.4.9 (2026-03-27)

Features

• Admin: Add Stalwart admin authentication, sidebar access, and a reorganized dashboard with dedicated policy sections
• Plugins: Add plugin/theme admin dashboard, harness tooling, forced enable or disable controls, managed policy enforcement, and a resizable detail sidebar
• Filters: Add vacation responder management with Sieve generation and parsing, UI integration, and improved sync preservation
• Email: Add plain text only composer mode, optional conversation threading disable, configurable hover action placement, and OAuth app password support
• UI: Add drag-and-drop customization for sidebar apps
• Files: Use dynamic server-configured maximum upload sizes
• i18n: Add Russian locale support and complete missing translation strings for recent task features

Fixes

• Calendar: Improve date parsing and event normalization, prevent calendar page re-render loops, ensure unique ICal subscription IDs, and create all-day events with correct JSCalendar midnight handling
• Email: Respect the configured mark-as-read delay in EmailViewer and fetch full email content when needed while editing drafts (#60, #95)
• Auth: Improve network error handling, add JMAP rate limiting handling, and enhance settings retrieval and persistence diagnostics (#100, #104)
• UI: Improve mobile layout behavior on contacts and calendar pages (#103)
• Themes: Repair theme ZIP bundle handling and enforce admin theme locks correctly
• Code Quality: Resolve outstanding ESLint warnings across the codebase

chore: update version to 1.4.9

1.4.8 (2026-03-23)

Features

• Email: Add support for marking emails as answered or forwarded and display status icons in email list and thread views
• Email: Enhance identity selection by supporting sub-addressing (plus addressing) in email composer
• Settings: Add notification settings with sound picker, preview playback, and configurable alert sounds
• Settings: Add default mail program settings with localization support across all locales
• Auth: Implement path prefix handling for OAuth callbacks and login redirects, enabling reverse proxy deployments
• Validation: Add all multi-part TLDs for domain validation in favicon API (#81)

Fixes

• Calendar: Fix bugs in duration parsing, RFC compliance, and event handling across calendar components
• Calendar: Detect tasks created by external CalDAV clients such as Thunderbird
• Settings: Enhance account settings with username and authentication method display (#90)

1.4.7 (2026-03-21)

Features

• Calendar: Add task management features with task creation, editing, and status tracking
• Calendar: Add option to show week numbers in mini-calendar
• Email: Add resizable image component and rich text editor with image upload support
• Files: Support uploading folders via drag-and-drop and toolbar button
• Filters: Add expanded visual view for filter rules
• Auth: Add non-interactive SSO login flow for embedded/iframe deployments (#69)
• DevOps: Add separate Docker build workflow for releases and dev branch images

Fixes

• Calendar: Handle updates and deletions for synthetic JMAP IDs in calendar events with fallback to destroy and recreate
• Security: Extend CryptoEngine to support legacy algorithms and integrate with LinerEngine for decryption
• Auth: Refactor logout to use synchronous flow with full page redirect
• Email: Update iframe sandbox attributes to allow popups to escape sandbox
• i18n: Add missing translation keys across all locales
• Docker: Update .env.example to clarify Docker volume mounting for settings data directory

1.4.6 (2026-03-21)

Features

• Demo: Add full demo mode with fixture data for emails, calendars, contacts, files, filters, identities, mailboxes, and vacation responses
• Demo: Implement JMAP client interface abstraction to support demo and live backends
• Contacts: Add no-category filter, drag-and-drop to category, and category combo box in contact form
• Email: Add hover actions for emails with configurable quick-action buttons
• Settings: Implement keyword migration functionality for upgrading legacy email tags
• Security: Enhance S/MIME certificate extraction and add legacy PBE (password-based encryption) support
• Tour: Add interactive guided tour overlay for new user onboarding

Fixes

• Settings: Add missing showTimeInMonthView and showOnMobile type definitions to settings store
• UI: Adjust padding and size of sidebar buttons for improved layout

1.4.5 (2026-03-20)

Features

• Calendar: Add prev/next navigation buttons and date label to desktop calendar toolbar
• Calendar: Add pending event preview functionality to calendar views and event modal
• Calendar: Add setting to show event start time in month view
• Contacts: Implement pagination for fetching contacts with maxObjectsInGet capability
• Email: Add attachment position setting in email settings
• Layout: Add mobile visibility toggle for sidebar apps
• Error: Add NotFound component to handle 404 errors and redirect unauthenticated users

Fixes

• Auth: Enhance account switching logic and clear stores on account change
• Auth: Improve account restoration logic and handle stale accounts
• Auth: Improve draft handling in email composer and enhance session cookie verification
• Calendar: Expand recurring events in CalendarEvent/query so individual occurrences are returned (#65)
• Calendar: Validate event start field when fetching calendar events
• Calendar: Auto-scroll agenda view to today's events and include today's date in groups
• Calendar: Correct JSX syntax in CalendarToolbar component
• Dependencies: Update flatted to 3.4.2
• DevOps: Use native ARM runners instead of QEMU for Docker builds
• DevOps: Enhance health check with detailed memory diagnostics and stable liveness probe

1.4.4 (2026-03-19)

Features

• Calendar: Implement CalDAV discovery API with automatic calendar home resolution for multi-account setups
• Calendar: Enhance calendar management settings with mailbox role reassignment controls
• Email: Add signature rendering utilities with HTML-to-text conversion and sanitization

Fixes

• Auth: Fix account session handling to update existing accounts instead of duplicating entries
• Auth: Fix logout redirects and unauthenticated home page rendering
• Calendar: Fix duplicate calendar edits and prevent double-save submissions in event modal
• Calendar: Remove stale calendar ID references in favor of CalDAV-discovered IDs
• Contacts: Improve RFC 9553 compliance for contact birthdays and address formatting
• Email: Fix email signature rendering for identity signatures
• Folders: Improve mailbox role management by clearing roles from all mailboxes before reassigning

1.4.3 (2026-03-19)

Features

• Auth: Implement multi-account support with up to 5 simultaneous accounts and instant switching
• Auth: Add account switcher component with connection status, default account selection, and per-account logout
• Auth: Support multi-account OAuth and basic auth with per-account session persistence
• Contacts: Enhance contacts sidebar with collapsible sections, bulk operations, and address book grouping
• Contacts: Add contact import functionality and keyword filtering
• Settings: Add per-account encrypted settings storage with server-side sync support

Fixes

• UI: Adjust popover alignment in sub-address helper component
• Settings: Improve error logging in settings sync functionality

1.4.2 (2026-03-19)

Features

• Calendar: Add task list view for calendar tasks with task details and management
• Calendar: Add shared calendar grouping with visual separation in sidebar
• Calendar: Support double-click to create events and improve modal date handling
• Contacts: Add address book directories with drag-and-drop and editor picker
• Email: Add email attachment support in sendEmail functionality
• Email: Implement draft editing functionality across email components
• Email: Implement unwrapping of embedded message/rfc822 attachments with enhanced HTML body validation
• Email: Add email export/import localization keys for multiple languages
• Contacts: Update gender handling to use speakToAs structure

Fixes

• Email: Resolve default sender to canonical identity on local-part login
• Email: Refactor overflow handling in EmailViewer to use hidden priorities and layout effects
• Email: Remove debugMode usage from EmailViewer component
• Calendar: Enhance IMIP invitation and cancellation handling for calendar events
• Calendar: Add time-based sorting for events in buildWeekSegments function
• Dependencies: Update dompurify to 3.3.3 and elliptic to 6.6.1, add undici override

✨ New Features & Improvements

• @directus/app
  • Added keyboard navigation to the cards layout (#26976 by @HZooly)
  • Added native Tabs group interface. Uninstall the extension if currently using it to avoid unintended side effects. (#26836 by @bryantgillespie)
  • Added bulk folder deletion from the files grid with move-up or delete-all options (#26886 by @HZooly)
  • Used shorter tooltip delay for disabled elements (#26965 by @HZooly)
• @directus/utils
  • Added parseNow utility to resolve the $NOW dynamic variable (#26954 by @costajohnt)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed calendar picker crash when using dynamic variables (e.g. $NOW) (#26954 by @costajohnt)
  • Updated relationship_not_setup wording to clarify it may also result from missing permissions (#26918 by @Ikromjon1998)
  • Restored useItem support for custom query options like fields and deep by adding an optional extra query parameter and updating affected call sites. (#26985 by @LZylstra)
• @directus/api
  • Fixed file replacement returning Forbidden (#27001 by @ComfortablyCoding)
  • Updated happy-dom, path-to-regexp, picomatch, node-forge, and brace-expansion to address CVEs (#27006 by @br41nslug)
  • Fixed extension auto reload not triggering (#26986 by @ComfortablyCoding)
• @directus/utils
  • Fixed calendar picker crash when using dynamic variables (e.g. $NOW) (#26954 by @costajohnt)
• @directus/schema
  • Fixed MySQL foreignKeys query to include TABLE_NAME in the JOIN condition, preventing a cartesian product when InnoDB statistics on system tables are degraded. (#26964 by @HattoriEnzo)
• @directus/sdk
  • Fixed filter operator typing for date and time fields to support comparison and range operators. (#26957 by @costajohnt)

📦 Published Versions

• @directus/app@15.7.0
• @directus/api@35.0.1
• @directus/composables@11.2.17
• create-directus-extension@11.0.33
• @directus/env@5.7.1
• @directus/extensions@3.0.23
• @directus/extensions-registry@3.0.23
• @directus/extensions-sdk@17.1.1
• @directus/memory@3.1.6
• @directus/pressure@3.0.21
• @directus/schema@13.0.7
• @directus/schema-builder@0.0.18
• @directus/storage-driver-azure@12.0.21
• @directus/storage-driver-cloudinary@12.0.21
• @directus/storage-driver-gcs@12.0.21
• @directus/storage-driver-s3@12.1.7
• @directus/storage-driver-supabase@3.0.21
• @directus/themes@1.3.1
• @directus/types@15.0.1
• @directus/utils@13.4.0
• @directus/validation@2.0.21
• @directus/sdk@21.2.2

• Closed Secure Link vulnerability
• iOS profile now uses external IMAP settings correctly
• Fixed issue with importing contacts from VCF files
• Security improvements

Changelog

• 65612b7 chore: add .DS_Store to .gitignore
• 29e4666 chore: enable windows test build and release binaries
• 38276ab fix: fixes webserver network type

Changelog

• 8234c31 Fix versitygw#1864 to not return parent keys for ListObjectVersions with prefix
• d4ea895 chore(deps): bump actions/download-artifact from 4 to 7
• 7ebe0f8 chore(deps): bump actions/download-artifact from 7 to 8
• 790bac2 chore(deps): bump actions/upload-artifact from 4 to 6
• 892590a chore(deps): bump actions/upload-artifact from 6 to 7
• 6e9f0db chore(deps): bump github.com/clipperhouse/uax29/v2
• 22d49ed chore(deps): bump github.com/gofiber/fiber/v2 from 2.52.11 to 2.52.12
• 496b098 chore(deps): bump goreleaser/goreleaser-action from 6 to 7
• 0530636 chore(deps): bump the dev-dependencies group with 21 updates
• fa9f9ef chore(deps): bump the dev-dependencies group with 4 updates
• 0954428 chore(deps): bump the dev-dependencies group with 7 updates
• 3f2de08 chore: cleanup go.mod with go mod tidy
• fc5c0a3 chore: fix typos and error return wrapping types in posix
• 4fa7d38 chore: fix warning in system.yml github workflow
• af76584 chore: update README.md to highlight new web gui feature
• dc0572b chore: update readme for testing overview
• e7a1231 feat: add cli options to specify webui gateway/admin listing
• b3eac97 feat: add concurrency limiter to scoutfs
• fd0c9df feat: add favicon to all pages in webui
• 599ab1b feat: add multi-address listener for s3/admin/webui
• e2821fc feat: add option to disable s3proxy client data integrity checks
• 4b11f54 feat: add posix concurrency-limiter
• 8550dba feat: add tagging support for directory objects in posix
• 7fb3ded feat: adds Location, x-amz-bucket-arn response headers in CreateBucket
• 2436475 feat: adds checksums for directory objects in posix
• f7814ad feat: adds fiber max connections and in-flight requests limiter
• 9c21299 feat: allow anonymous access for s3proxy backend
• 5ae791b feat: configuration option to disable ACLs
• d03a331 feat: optimize multipart upload checksum calculation.
• 3e26175 feat: replace aws-sdk-go-v2 s3 manager with transfermanager
• 5c918f3 feat: revert ignore object ACL behavior
• 880d4ce feat: update go version to 1.25.0 and golang.org/x/net to 0.51.0
• e702a48 fix: CopyObject with URL-encoded special chars
• da82e5e fix: add missing tests to group-tests map
• 2232efd fix: adds application/xml Content-Type to error responses
• f1577fd fix: correct private canned ACL behavior on bucket creation
• 89aa822 fix: fixes DeleteObject if-match quoted comparison
• 6fafc15 fix: fixes PutBucketCors CORSRules validation
• 46bcc8a fix: fixes object default Content-Type
• 760f252 fix: improve WalkVersions() ancestor-directory guard for prefix filtering
• 3d56636 fix: make webui sidebar responsive on mobile
• 68755ca fix: replace debuglogger.Logf("Internal Error, %v", err) with debuglogger.InternalError(err)
• 4ebe408 fix: store final checksum on CompleteMultipartUpload
• 7695be5 fix: store part checksums at destination path in UploadPartCopy

Changelog

• bcf341b Add "lexical" sort to walker.go
• 73e2df4 Base import of cutdown version of io/fs/walk.go from golang as walker.go
• 0c520a3 Reload TLS certificates on SIGHUP
• bef8f38 Revert of 34da183 and 8e18b43 for backend/walk.go
• a69f5a4 chore(deps): bump actions/checkout from 4 to 6
• 2489d87 chore(deps): bump docker/build-push-action from 5 to 6
• 1dfc77d chore(deps): bump github.com/clipperhouse/uax29/v2
• d2996e1 chore(deps): bump the dev-dependencies group with 2 updates
• e37dfa6 chore(deps): bump the dev-dependencies group with 6 updates
• 82878f4 chore(deps): bump the dev-dependencies group with 7 updates
• 792a3eb chore: add advanced codeql workflow for repo customizations
• f78483a chore: add codeql ignore for embedded 3rd party js assets
• e08539e chore: add dependabot updates for github actions
• 68d7924 feat: add web-based UI for S3 object management and admin operations
• 2e67940 feat: adds delimiter support in ListMultipartUploads
• 6c564fe feat: makes root creds usable for admin subcommand with lower precendence
• 43fd18b fix: admin server debug always enabled when --admin-port option enabled
• 01fc142 fix: correct spelling for debuglogger.InternalError() (#1784)
• 86e2b02 fix: fixes delete markers access for some actions
• 2365f9f fix: fixes list-limiters parsing and validation
• 43559e6 fix: fixes non-existing object deletion with versionId
• f6225aa fix: fixes some write operations blocking in read-only mode
• 12092cf fix: fixes the SignedStreamingPayloadTrailer_success test failure
• 63fcdb3 fix: pin github.com/nats-io/nkeys version to v0.4.12
• f29206a fix: put object on windows when parent directories dont already exists
• 11e5049 fix: remove duplicate cors headers from options router
• 7017ffa fix: removes object metadata loading from posix ListParts
• 8569b15 fix: return not implemented in object actions, if acl header is present
• 03f0be2 fix: reverts the nats-io/nkeys package version to v0.4.12
• 9343860 fix: webui md5 missing error when enabling directory object lock

Changelog

• 7a4dd59 chore(deps): bump github.com/valyala/fasthttp
• 8d16bff chore(deps): bump the dev-dependencies group with 2 updates
• 6198bf4 chore(deps): bump the dev-dependencies group with 20 updates
• 0124398 chore(deps): bump the dev-dependencies group with 6 updates
• d446102 feat: add option for default global cors allow origin headers
• f467b89 feat: adds Location in CompleteMultipartUpload response
• 8073994 feat: adds integration tests for STREAMING-AWS4-HMAC-SHA256-PAYLOAD requests
• cc54aad feat: adds integration tests for STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER requests
• 2561ef9 feat: implements admin CreateBucket endpoint/cli command
• 5aa2a82 fix: Makes precondition headers insensitive to whether the value is quoted
• c2c2306 fix: adds an error route for ?versions subresource with key
• 12e1308 fix: adds versionId in put/get/delete object tagging actions response.
• 9eaaeed fix: bunch of fixes in signed streaming requests
• 657b9ac fix: changes AuthorizationHeaderMalformed error status to 400
• edac345 fix: cleanup sidecar metadata empty dirs
• 7a26aec fix: fix the concurrency issue in integration tests bucket name generation
• d015842 fix: fixes CreateBucket LocationConstraint validation
• a75aa9b fix: fixes if-none-match precondition header logic in object write operations
• cf99b3e fix: fixes invalid/expired x-amz-object-lock-retain-until-date errors
• 2a7e76a fix: fixes missing bucket object lock config error
• c91e5dc fix: fixes the InvalidRetentionPeriod error code and message
• 39ee175 fix: fixes the PutBucketPolicy response status
• 981a34e fix: fixes x-amz-if-match-size parsing
• b78d21c fix: optimize sidecar empty-dir checks
• 9f6bf18 fix: removes Expect from sigv4 ignored headers list
• 06a4512 fix: removes the NoSuchTagSet error in GetObjecTagging
• 61308d2 fix: return NoSuchKey if a precondition header is present and object doesn't exist in PutObject, CompleteMultipartUpload
• 8e0eec0 fix: return null in GetBucketLocation for us-east-1
• 06f4f0a fix: skips object lock check in DeleteObject without versionId.
• 0cab42d xattr: use different namespace prefixes for FreeBSD vs other platforms

Changelog

• d7cbee7 chore(deps): bump the dev-dependencies group with 10 updates
• 55c94f4 chore(deps): bump the dev-dependencies group with 17 updates
• b29d6a0 chore(deps): bump the dev-dependencies group with 23 updates
• cadd791 chore(deps): bump the dev-dependencies group with 6 updates
• d0ec284 feat: adds STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER option in test generation script
• c58f9b2 feat: adds integration tests for unsigned streaming payload trailer uploads
• ce9693e feat: upgrades actions checkout v4 -> v5 and go-setup v5 -> v6
• 0a2a23d fix: Checks that x-amz-decoded-content-length matches the actual payload in unsigned streaming upload
• dfe6abc fix: adds validation for chunk sizes in unsigned streaming trailer upload
• f631cd0 fix: fixes error handling for unsigned streaming upload malformed encoding
• b57764e fix: fixes ipa iam GetUserAccount id parsing panic
• d507f20 fix: fixes the GetObjectAttributes panic in s3 proxy
• d861dc8 fix: fixes unsigned streaming upload parsing and checksum calculation
• 69e107e fix: rejects STREAMING-UNSIGNED-PAYLOAD-TRAILER for all actions, except for PutObject and UploadPart
• 7627deb fix: removes mandatory checksum header check for PutObjectTagging

Changelog

• 2dd442c Allow self-signed certificates
• 45f55c2 auth/vault: add Vault namespace support
• 11bd58c chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0
• cdc4358 chore(deps): bump the dev-dependencies group with 11 updates
• 3a65521 chore(deps): bump the dev-dependencies group with 12 updates
• c3c39e4 chore(deps): bump the dev-dependencies group with 16 updates
• ff973c2 chore(deps): bump the dev-dependencies group with 17 updates
• 703c7cd chore(deps): bump the dev-dependencies group with 17 updates
• 971ae78 chore(deps): bump the dev-dependencies group with 23 updates
• dff3eb0 chore(deps): bump the dev-dependencies group with 23 updates
• 9ae6807 chore(deps): bump the dev-dependencies group with 3 updates
• 6cf3b93 chore(deps): bump the dev-dependencies group with 6 updates
• 40da4a3 chore: cleanup unused constants
• 4c3965d feat: add option to disable strict bucket name checks
• 3c3e9dd feat: add project id support for scoutfs backend
• ce6193b feat: adds bucket policy version support
• 05f8225 feat: adds missing versioning-related bucket policy actions
• a64733b feat: adds projectID prop in IAM user account
• 8d2eeeb feat: adds tagging support for object versions in posix
• d396859 feat: adds the x-amz-expected-bucket-owner check in the gateway
• 7745972 feat: adds x-amz-tagging-count support for HeadObject
• a4dc837 feat: concurrent execution of integration tests
• 64f50cc feat: gracul shutdown of s3api and admin servers
• 12f4920 feat: implements checksum calculation for all actions
• caa7ca0 feat: implements fiber panic recovery
• 9bde1dd feat: implements tagging support for CreateBucket
• 707af47 feat: prevents locked objects overwrite with CopyObject and CompleteMultipartUpload
• d05f25f feat: refactoring of the integration tests
• 7aa733a feat: use docker entrypoint for flexible env var docker config
• ebdda06 fix: adds BadDigest error for incorrect Content-Md5 s
• 9f54a25 fix: adds an error route for object calls with ?uploads query arg
• df74e7f fix: adds checks for x-amz-content-sha256 in anonymous requests
• 4740372 fix: adds error routes to reject x-amz-copy-source for GET, POST, HEAD, DELETErequests
• 9a01185 fix: adds request body check for CopyObject and UploadPartCopy
• 7744dac fix: adds validation for bucket canned ACL
• eae11b4 fix: adds versionId validation for object level actions
• ca6a92b fix: changes empty mp parts error on CompleteMultipartUpload
• a606e57 fix: correct a few object lock behaviors
• 8bb4bcb fix: fixes NoSuchVersion errors for some actions in posix
• 068b04e fix: fixes PutObjectRetention error cases and object lock error code/message.
• 8c3e49d fix: fixes checksum header and algorithm mismatch error
• 5c084b8 fix: fixes locked objects overwrite in versioning-enabled buckets
• 5c3cef6 fix: fixes s3 event and access logs sending in ProcessController
• 6176d9e fix: fixes sigv4 and presigned url auth errors.
• ebf7a03 fix: fixes the bucket/object tagging key/value name validation
• 5bc6852 fix: fixes the checksum type/algo mismatch error in create mp
• 24679a8 fix: fixes the composite checksums in CompleteMultipartUpload
• 54e2c39 fix: fixes the invalid Content-Length error
• 1d0a1d8 fix: fixes the panic in GetBucketVersioning in s3 proxy
• d15d348 fix: fixes the response header names normalizing
• ee67b41 fix: head object should set X-Amz-Bucket-Region on access denied
• 27dc84b fix: implements proper error handling for malformed http requests
• 045bdec fix: makes object metadata keys lowercase in object creation actions
• a057a25 fix: removes content-md5 check from the actions where it's unnecessary
• f435880 fix: removes trailing / for bucket operations in host-style parser
• 932f1c9 fix: sets crc64nvme as defualt checksum for complete mp action