1.4.11 (2026-03-31)

Features

• Logging: Add logging categories for better log management

Fixes

• Security: Harden security with CSP enforcement, SSRF redirect validation, reenabled S/MIME chain verify, IP spoofing prevention, and PDF iframe sandbox
• Security: Harden proxy authentication and SSRF defenses
• Security: Block plugins with dangerous JS patterns and enforce strict session secret length validation
• S/MIME: Add self-signed certificate detection and update status messages for S/MIME signatures
• Email: Auto-focus input fields in email composer for improved user experience (#126)
• Mailbox: Prevent orphaning of nested mailboxes by restricting deduplication to root-level folders
• JMAP: Strip server-immutable fields from updates before sending to JMAP (#128)
• Files: Update file feature disabled messages and add stability warnings
• i18n: Add missing translation keys to all non-English locales

1.4.10 (2026-03-31)

Features

• Plugins: Add plugin configuration UI with schema-driven admin config page, calendar event action slot, and Jitsi Meet plugin
• Calendar: Implement client-side recurrence expansion for calendar events
• Calendar: Add iCal subscription editing and batch event import
• Calendar: Add hover preview settings and functionality
• Calendar: Add virtual location input for calendar events (#121)
• Email: Add reply-to addresses support in email composer
• Email: Add mail layout settings and update email list components
• Email: Add auto-select reply identity feature with settings and localization
• Email: Enhance compose functionality with button integration and translations
• Filters: Preserve activation state when updating or creating Sieve scripts to avoid deactivating server-managed vacation scripts
• Filters: Skip server-managed vacation script in Sieve script handling
• Settings: Add support for custom JMAP server endpoints in login and settings
• Settings: Add folder expansion state management and settings navigation
• UI: Add options to hide account switcher and show account avatars on navigation rail
• i18n: Add JMAP server endpoint labels and hints in multiple languages
• i18n: Add missing translation keys to all non-English locales

Fixes

• Security: Patch critical auth bypass and credential leak vulnerabilities
• Security: Support 3DES S/MIME decryption by importing legacy RSAES-PKCS1-v1_5 keys and add diagnostic logging (#35)
• Security: Account isolation, auto-import signer certs, and no-key error handling (#35)
• Calendar: Fix JSCalendar 2.0 recurrenceRule single-object compatibility (#116)
• Calendar: Enhance calendar event handling to distinguish between events and tasks
• Calendar: Link existing events to target calendar during iCal import instead of skipping (#113)
• Calendar: Deduplicate UIDs during iCal import to prevent mass failures (#113)
• Calendar: Fix events disappearing after iCal import/subscription refresh
• Calendar: Enhance calendar event handling with full-day detection and layout adjustments
• Calendar: Use UTC timestamps for timed event rendering
• Calendar: Work around Stalwart not returning Task objects via CalendarEvent/query
• Email: Enhance email loading and deduplication logic in email store (#119)
• Email: Ensure draft editing function is called correctly in EmailViewer component (#60)
• Email: Match hover action background to selected row state
• Email: Align tag counts with mailbox folder counts in sidebar
• Auth: Handle 2FA/TOTP session expiry with basic auth (#117)
• Mailbox: Improve mailbox tree logic and enhance mailbox handling with logging (#118)
• UI: Improve dark mode handling for media elements and background images
• UI: Adjust account list spacing and remove push connection indicator
• UI: Fix nested button in theme card

1.4.9 (2026-03-27)

Features

• Admin: Add Stalwart admin authentication, sidebar access, and a reorganized dashboard with dedicated policy sections
• Plugins: Add plugin/theme admin dashboard, harness tooling, forced enable or disable controls, managed policy enforcement, and a resizable detail sidebar
• Filters: Add vacation responder management with Sieve generation and parsing, UI integration, and improved sync preservation
• Email: Add plain text only composer mode, optional conversation threading disable, configurable hover action placement, and OAuth app password support
• UI: Add drag-and-drop customization for sidebar apps
• Files: Use dynamic server-configured maximum upload sizes
• i18n: Add Russian locale support and complete missing translation strings for recent task features

Fixes

• Calendar: Improve date parsing and event normalization, prevent calendar page re-render loops, ensure unique ICal subscription IDs, and create all-day events with correct JSCalendar midnight handling
• Email: Respect the configured mark-as-read delay in EmailViewer and fetch full email content when needed while editing drafts (#60, #95)
• Auth: Improve network error handling, add JMAP rate limiting handling, and enhance settings retrieval and persistence diagnostics (#100, #104)
• UI: Improve mobile layout behavior on contacts and calendar pages (#103)
• Themes: Repair theme ZIP bundle handling and enforce admin theme locks correctly
• Code Quality: Resolve outstanding ESLint warnings across the codebase

chore: update version to 1.4.9

1.4.8 (2026-03-23)

Features

• Email: Add support for marking emails as answered or forwarded and display status icons in email list and thread views
• Email: Enhance identity selection by supporting sub-addressing (plus addressing) in email composer
• Settings: Add notification settings with sound picker, preview playback, and configurable alert sounds
• Settings: Add default mail program settings with localization support across all locales
• Auth: Implement path prefix handling for OAuth callbacks and login redirects, enabling reverse proxy deployments
• Validation: Add all multi-part TLDs for domain validation in favicon API (#81)

Fixes

• Calendar: Fix bugs in duration parsing, RFC compliance, and event handling across calendar components
• Calendar: Detect tasks created by external CalDAV clients such as Thunderbird
• Settings: Enhance account settings with username and authentication method display (#90)

1.4.7 (2026-03-21)

Features

• Calendar: Add task management features with task creation, editing, and status tracking
• Calendar: Add option to show week numbers in mini-calendar
• Email: Add resizable image component and rich text editor with image upload support
• Files: Support uploading folders via drag-and-drop and toolbar button
• Filters: Add expanded visual view for filter rules
• Auth: Add non-interactive SSO login flow for embedded/iframe deployments (#69)
• DevOps: Add separate Docker build workflow for releases and dev branch images

Fixes

• Calendar: Handle updates and deletions for synthetic JMAP IDs in calendar events with fallback to destroy and recreate
• Security: Extend CryptoEngine to support legacy algorithms and integrate with LinerEngine for decryption
• Auth: Refactor logout to use synchronous flow with full page redirect
• Email: Update iframe sandbox attributes to allow popups to escape sandbox
• i18n: Add missing translation keys across all locales
• Docker: Update .env.example to clarify Docker volume mounting for settings data directory

1.4.6 (2026-03-21)

Features

• Demo: Add full demo mode with fixture data for emails, calendars, contacts, files, filters, identities, mailboxes, and vacation responses
• Demo: Implement JMAP client interface abstraction to support demo and live backends
• Contacts: Add no-category filter, drag-and-drop to category, and category combo box in contact form
• Email: Add hover actions for emails with configurable quick-action buttons
• Settings: Implement keyword migration functionality for upgrading legacy email tags
• Security: Enhance S/MIME certificate extraction and add legacy PBE (password-based encryption) support
• Tour: Add interactive guided tour overlay for new user onboarding

Fixes

• Settings: Add missing showTimeInMonthView and showOnMobile type definitions to settings store
• UI: Adjust padding and size of sidebar buttons for improved layout

1.4.5 (2026-03-20)

Features

• Calendar: Add prev/next navigation buttons and date label to desktop calendar toolbar
• Calendar: Add pending event preview functionality to calendar views and event modal
• Calendar: Add setting to show event start time in month view
• Contacts: Implement pagination for fetching contacts with maxObjectsInGet capability
• Email: Add attachment position setting in email settings
• Layout: Add mobile visibility toggle for sidebar apps
• Error: Add NotFound component to handle 404 errors and redirect unauthenticated users

Fixes

• Auth: Enhance account switching logic and clear stores on account change
• Auth: Improve account restoration logic and handle stale accounts
• Auth: Improve draft handling in email composer and enhance session cookie verification
• Calendar: Expand recurring events in CalendarEvent/query so individual occurrences are returned (#65)
• Calendar: Validate event start field when fetching calendar events
• Calendar: Auto-scroll agenda view to today's events and include today's date in groups
• Calendar: Correct JSX syntax in CalendarToolbar component
• Dependencies: Update flatted to 3.4.2
• DevOps: Use native ARM runners instead of QEMU for Docker builds
• DevOps: Enhance health check with detailed memory diagnostics and stable liveness probe

1.4.4 (2026-03-19)

Features

• Calendar: Implement CalDAV discovery API with automatic calendar home resolution for multi-account setups
• Calendar: Enhance calendar management settings with mailbox role reassignment controls
• Email: Add signature rendering utilities with HTML-to-text conversion and sanitization

Fixes

• Auth: Fix account session handling to update existing accounts instead of duplicating entries
• Auth: Fix logout redirects and unauthenticated home page rendering
• Calendar: Fix duplicate calendar edits and prevent double-save submissions in event modal
• Calendar: Remove stale calendar ID references in favor of CalDAV-discovered IDs
• Contacts: Improve RFC 9553 compliance for contact birthdays and address formatting
• Email: Fix email signature rendering for identity signatures
• Folders: Improve mailbox role management by clearing roles from all mailboxes before reassigning

1.4.3 (2026-03-19)

Features

• Auth: Implement multi-account support with up to 5 simultaneous accounts and instant switching
• Auth: Add account switcher component with connection status, default account selection, and per-account logout
• Auth: Support multi-account OAuth and basic auth with per-account session persistence
• Contacts: Enhance contacts sidebar with collapsible sections, bulk operations, and address book grouping
• Contacts: Add contact import functionality and keyword filtering
• Settings: Add per-account encrypted settings storage with server-side sync support

Fixes

• UI: Adjust popover alignment in sub-address helper component
• Settings: Improve error logging in settings sync functionality

1.4.2 (2026-03-19)

Features

• Calendar: Add task list view for calendar tasks with task details and management
• Calendar: Add shared calendar grouping with visual separation in sidebar
• Calendar: Support double-click to create events and improve modal date handling
• Contacts: Add address book directories with drag-and-drop and editor picker
• Email: Add email attachment support in sendEmail functionality
• Email: Implement draft editing functionality across email components
• Email: Implement unwrapping of embedded message/rfc822 attachments with enhanced HTML body validation
• Email: Add email export/import localization keys for multiple languages
• Contacts: Update gender handling to use speakToAs structure

Fixes

• Email: Resolve default sender to canonical identity on local-part login
• Email: Refactor overflow handling in EmailViewer to use hidden priorities and layout effects
• Email: Remove debugMode usage from EmailViewer component
• Calendar: Enhance IMIP invitation and cancellation handling for calendar events
• Calendar: Add time-based sorting for events in buildWeekSegments function
• Dependencies: Update dompurify to 3.3.3 and elliptic to 6.6.1, add undici override

✨ New Features & Improvements

• @directus/app
  • Added keyboard navigation to the cards layout (#26976 by @HZooly)
  • Added native Tabs group interface. Uninstall the extension if currently using it to avoid unintended side effects. (#26836 by @bryantgillespie)
  • Added bulk folder deletion from the files grid with move-up or delete-all options (#26886 by @HZooly)
  • Used shorter tooltip delay for disabled elements (#26965 by @HZooly)
• @directus/utils
  • Added parseNow utility to resolve the $NOW dynamic variable (#26954 by @costajohnt)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed calendar picker crash when using dynamic variables (e.g. $NOW) (#26954 by @costajohnt)
  • Updated relationship_not_setup wording to clarify it may also result from missing permissions (#26918 by @Ikromjon1998)
  • Restored useItem support for custom query options like fields and deep by adding an optional extra query parameter and updating affected call sites. (#26985 by @LZylstra)
• @directus/api
  • Fixed file replacement returning Forbidden (#27001 by @ComfortablyCoding)
  • Updated happy-dom, path-to-regexp, picomatch, node-forge, and brace-expansion to address CVEs (#27006 by @br41nslug)
  • Fixed extension auto reload not triggering (#26986 by @ComfortablyCoding)
• @directus/utils
  • Fixed calendar picker crash when using dynamic variables (e.g. $NOW) (#26954 by @costajohnt)
• @directus/schema
  • Fixed MySQL foreignKeys query to include TABLE_NAME in the JOIN condition, preventing a cartesian product when InnoDB statistics on system tables are degraded. (#26964 by @HattoriEnzo)
• @directus/sdk
  • Fixed filter operator typing for date and time fields to support comparison and range operators. (#26957 by @costajohnt)

📦 Published Versions

• @directus/app@15.7.0
• @directus/api@35.0.1
• @directus/composables@11.2.17
• create-directus-extension@11.0.33
• @directus/env@5.7.1
• @directus/extensions@3.0.23
• @directus/extensions-registry@3.0.23
• @directus/extensions-sdk@17.1.1
• @directus/memory@3.1.6
• @directus/pressure@3.0.21
• @directus/schema@13.0.7
• @directus/schema-builder@0.0.18
• @directus/storage-driver-azure@12.0.21
• @directus/storage-driver-cloudinary@12.0.21
• @directus/storage-driver-gcs@12.0.21
• @directus/storage-driver-s3@12.1.7
• @directus/storage-driver-supabase@3.0.21
• @directus/themes@1.3.1
• @directus/types@15.0.1
• @directus/utils@13.4.0
• @directus/validation@2.0.21
• @directus/sdk@21.2.2

• Closed Secure Link vulnerability
• iOS profile now uses external IMAP settings correctly
• Fixed issue with importing contacts from VCF files
• Security improvements

Changelog

• 65612b7 chore: add .DS_Store to .gitignore
• 29e4666 chore: enable windows test build and release binaries
• 38276ab fix: fixes webserver network type

Changelog

• 8234c31 Fix versitygw#1864 to not return parent keys for ListObjectVersions with prefix
• d4ea895 chore(deps): bump actions/download-artifact from 4 to 7
• 7ebe0f8 chore(deps): bump actions/download-artifact from 7 to 8
• 790bac2 chore(deps): bump actions/upload-artifact from 4 to 6
• 892590a chore(deps): bump actions/upload-artifact from 6 to 7
• 6e9f0db chore(deps): bump github.com/clipperhouse/uax29/v2
• 22d49ed chore(deps): bump github.com/gofiber/fiber/v2 from 2.52.11 to 2.52.12
• 496b098 chore(deps): bump goreleaser/goreleaser-action from 6 to 7
• 0530636 chore(deps): bump the dev-dependencies group with 21 updates
• fa9f9ef chore(deps): bump the dev-dependencies group with 4 updates
• 0954428 chore(deps): bump the dev-dependencies group with 7 updates
• 3f2de08 chore: cleanup go.mod with go mod tidy
• fc5c0a3 chore: fix typos and error return wrapping types in posix
• 4fa7d38 chore: fix warning in system.yml github workflow
• af76584 chore: update README.md to highlight new web gui feature
• dc0572b chore: update readme for testing overview
• e7a1231 feat: add cli options to specify webui gateway/admin listing
• b3eac97 feat: add concurrency limiter to scoutfs
• fd0c9df feat: add favicon to all pages in webui
• 599ab1b feat: add multi-address listener for s3/admin/webui
• e2821fc feat: add option to disable s3proxy client data integrity checks
• 4b11f54 feat: add posix concurrency-limiter
• 8550dba feat: add tagging support for directory objects in posix
• 7fb3ded feat: adds Location, x-amz-bucket-arn response headers in CreateBucket
• 2436475 feat: adds checksums for directory objects in posix
• f7814ad feat: adds fiber max connections and in-flight requests limiter
• 9c21299 feat: allow anonymous access for s3proxy backend
• 5ae791b feat: configuration option to disable ACLs
• d03a331 feat: optimize multipart upload checksum calculation.
• 3e26175 feat: replace aws-sdk-go-v2 s3 manager with transfermanager
• 5c918f3 feat: revert ignore object ACL behavior
• 880d4ce feat: update go version to 1.25.0 and golang.org/x/net to 0.51.0
• e702a48 fix: CopyObject with URL-encoded special chars
• da82e5e fix: add missing tests to group-tests map
• 2232efd fix: adds application/xml Content-Type to error responses
• f1577fd fix: correct private canned ACL behavior on bucket creation
• 89aa822 fix: fixes DeleteObject if-match quoted comparison
• 6fafc15 fix: fixes PutBucketCors CORSRules validation
• 46bcc8a fix: fixes object default Content-Type
• 760f252 fix: improve WalkVersions() ancestor-directory guard for prefix filtering
• 3d56636 fix: make webui sidebar responsive on mobile
• 68755ca fix: replace debuglogger.Logf("Internal Error, %v", err) with debuglogger.InternalError(err)
• 4ebe408 fix: store final checksum on CompleteMultipartUpload
• 7695be5 fix: store part checksums at destination path in UploadPartCopy

Changelog

• bcf341b Add "lexical" sort to walker.go
• 73e2df4 Base import of cutdown version of io/fs/walk.go from golang as walker.go
• 0c520a3 Reload TLS certificates on SIGHUP
• bef8f38 Revert of 34da183 and 8e18b43 for backend/walk.go
• a69f5a4 chore(deps): bump actions/checkout from 4 to 6
• 2489d87 chore(deps): bump docker/build-push-action from 5 to 6
• 1dfc77d chore(deps): bump github.com/clipperhouse/uax29/v2
• d2996e1 chore(deps): bump the dev-dependencies group with 2 updates
• e37dfa6 chore(deps): bump the dev-dependencies group with 6 updates
• 82878f4 chore(deps): bump the dev-dependencies group with 7 updates
• 792a3eb chore: add advanced codeql workflow for repo customizations
• f78483a chore: add codeql ignore for embedded 3rd party js assets
• e08539e chore: add dependabot updates for github actions
• 68d7924 feat: add web-based UI for S3 object management and admin operations
• 2e67940 feat: adds delimiter support in ListMultipartUploads
• 6c564fe feat: makes root creds usable for admin subcommand with lower precendence
• 43fd18b fix: admin server debug always enabled when --admin-port option enabled
• 01fc142 fix: correct spelling for debuglogger.InternalError() (#1784)
• 86e2b02 fix: fixes delete markers access for some actions
• 2365f9f fix: fixes list-limiters parsing and validation
• 43559e6 fix: fixes non-existing object deletion with versionId
• f6225aa fix: fixes some write operations blocking in read-only mode
• 12092cf fix: fixes the SignedStreamingPayloadTrailer_success test failure
• 63fcdb3 fix: pin github.com/nats-io/nkeys version to v0.4.12
• f29206a fix: put object on windows when parent directories dont already exists
• 11e5049 fix: remove duplicate cors headers from options router
• 7017ffa fix: removes object metadata loading from posix ListParts
• 8569b15 fix: return not implemented in object actions, if acl header is present
• 03f0be2 fix: reverts the nats-io/nkeys package version to v0.4.12
• 9343860 fix: webui md5 missing error when enabling directory object lock

Changelog

• 7a4dd59 chore(deps): bump github.com/valyala/fasthttp
• 8d16bff chore(deps): bump the dev-dependencies group with 2 updates
• 6198bf4 chore(deps): bump the dev-dependencies group with 20 updates
• 0124398 chore(deps): bump the dev-dependencies group with 6 updates
• d446102 feat: add option for default global cors allow origin headers
• f467b89 feat: adds Location in CompleteMultipartUpload response
• 8073994 feat: adds integration tests for STREAMING-AWS4-HMAC-SHA256-PAYLOAD requests
• cc54aad feat: adds integration tests for STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER requests
• 2561ef9 feat: implements admin CreateBucket endpoint/cli command
• 5aa2a82 fix: Makes precondition headers insensitive to whether the value is quoted
• c2c2306 fix: adds an error route for ?versions subresource with key
• 12e1308 fix: adds versionId in put/get/delete object tagging actions response.
• 9eaaeed fix: bunch of fixes in signed streaming requests
• 657b9ac fix: changes AuthorizationHeaderMalformed error status to 400
• edac345 fix: cleanup sidecar metadata empty dirs
• 7a26aec fix: fix the concurrency issue in integration tests bucket name generation
• d015842 fix: fixes CreateBucket LocationConstraint validation
• a75aa9b fix: fixes if-none-match precondition header logic in object write operations
• cf99b3e fix: fixes invalid/expired x-amz-object-lock-retain-until-date errors
• 2a7e76a fix: fixes missing bucket object lock config error
• c91e5dc fix: fixes the InvalidRetentionPeriod error code and message
• 39ee175 fix: fixes the PutBucketPolicy response status
• 981a34e fix: fixes x-amz-if-match-size parsing
• b78d21c fix: optimize sidecar empty-dir checks
• 9f6bf18 fix: removes Expect from sigv4 ignored headers list
• 06a4512 fix: removes the NoSuchTagSet error in GetObjecTagging
• 61308d2 fix: return NoSuchKey if a precondition header is present and object doesn't exist in PutObject, CompleteMultipartUpload
• 8e0eec0 fix: return null in GetBucketLocation for us-east-1
• 06f4f0a fix: skips object lock check in DeleteObject without versionId.
• 0cab42d xattr: use different namespace prefixes for FreeBSD vs other platforms

Changelog

• d7cbee7 chore(deps): bump the dev-dependencies group with 10 updates
• 55c94f4 chore(deps): bump the dev-dependencies group with 17 updates
• b29d6a0 chore(deps): bump the dev-dependencies group with 23 updates
• cadd791 chore(deps): bump the dev-dependencies group with 6 updates
• d0ec284 feat: adds STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER option in test generation script
• c58f9b2 feat: adds integration tests for unsigned streaming payload trailer uploads
• ce9693e feat: upgrades actions checkout v4 -> v5 and go-setup v5 -> v6
• 0a2a23d fix: Checks that x-amz-decoded-content-length matches the actual payload in unsigned streaming upload
• dfe6abc fix: adds validation for chunk sizes in unsigned streaming trailer upload
• f631cd0 fix: fixes error handling for unsigned streaming upload malformed encoding
• b57764e fix: fixes ipa iam GetUserAccount id parsing panic
• d507f20 fix: fixes the GetObjectAttributes panic in s3 proxy
• d861dc8 fix: fixes unsigned streaming upload parsing and checksum calculation
• 69e107e fix: rejects STREAMING-UNSIGNED-PAYLOAD-TRAILER for all actions, except for PutObject and UploadPart
• 7627deb fix: removes mandatory checksum header check for PutObjectTagging

Changelog

• 2dd442c Allow self-signed certificates
• 45f55c2 auth/vault: add Vault namespace support
• 11bd58c chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0
• cdc4358 chore(deps): bump the dev-dependencies group with 11 updates
• 3a65521 chore(deps): bump the dev-dependencies group with 12 updates
• c3c39e4 chore(deps): bump the dev-dependencies group with 16 updates
• ff973c2 chore(deps): bump the dev-dependencies group with 17 updates
• 703c7cd chore(deps): bump the dev-dependencies group with 17 updates
• 971ae78 chore(deps): bump the dev-dependencies group with 23 updates
• dff3eb0 chore(deps): bump the dev-dependencies group with 23 updates
• 9ae6807 chore(deps): bump the dev-dependencies group with 3 updates
• 6cf3b93 chore(deps): bump the dev-dependencies group with 6 updates
• 40da4a3 chore: cleanup unused constants
• 4c3965d feat: add option to disable strict bucket name checks
• 3c3e9dd feat: add project id support for scoutfs backend
• ce6193b feat: adds bucket policy version support
• 05f8225 feat: adds missing versioning-related bucket policy actions
• a64733b feat: adds projectID prop in IAM user account
• 8d2eeeb feat: adds tagging support for object versions in posix
• d396859 feat: adds the x-amz-expected-bucket-owner check in the gateway
• 7745972 feat: adds x-amz-tagging-count support for HeadObject
• a4dc837 feat: concurrent execution of integration tests
• 64f50cc feat: gracul shutdown of s3api and admin servers
• 12f4920 feat: implements checksum calculation for all actions
• caa7ca0 feat: implements fiber panic recovery
• 9bde1dd feat: implements tagging support for CreateBucket
• 707af47 feat: prevents locked objects overwrite with CopyObject and CompleteMultipartUpload
• d05f25f feat: refactoring of the integration tests
• 7aa733a feat: use docker entrypoint for flexible env var docker config
• ebdda06 fix: adds BadDigest error for incorrect Content-Md5 s
• 9f54a25 fix: adds an error route for object calls with ?uploads query arg
• df74e7f fix: adds checks for x-amz-content-sha256 in anonymous requests
• 4740372 fix: adds error routes to reject x-amz-copy-source for GET, POST, HEAD, DELETErequests
• 9a01185 fix: adds request body check for CopyObject and UploadPartCopy
• 7744dac fix: adds validation for bucket canned ACL
• eae11b4 fix: adds versionId validation for object level actions
• ca6a92b fix: changes empty mp parts error on CompleteMultipartUpload
• a606e57 fix: correct a few object lock behaviors
• 8bb4bcb fix: fixes NoSuchVersion errors for some actions in posix
• 068b04e fix: fixes PutObjectRetention error cases and object lock error code/message.
• 8c3e49d fix: fixes checksum header and algorithm mismatch error
• 5c084b8 fix: fixes locked objects overwrite in versioning-enabled buckets
• 5c3cef6 fix: fixes s3 event and access logs sending in ProcessController
• 6176d9e fix: fixes sigv4 and presigned url auth errors.
• ebf7a03 fix: fixes the bucket/object tagging key/value name validation
• 5bc6852 fix: fixes the checksum type/algo mismatch error in create mp
• 24679a8 fix: fixes the composite checksums in CompleteMultipartUpload
• 54e2c39 fix: fixes the invalid Content-Length error
• 1d0a1d8 fix: fixes the panic in GetBucketVersioning in s3 proxy
• d15d348 fix: fixes the response header names normalizing
• ee67b41 fix: head object should set X-Amz-Bucket-Region on access denied
• 27dc84b fix: implements proper error handling for malformed http requests
• 045bdec fix: makes object metadata keys lowercase in object creation actions
• a057a25 fix: removes content-md5 check from the actions where it's unnecessary
• f435880 fix: removes trailing / for bucket operations in host-style parser
• 932f1c9 fix: sets crc64nvme as defualt checksum for complete mp action

Changelog

• c93d2cd Fix scoutfs backend s3 upload with non-aligned size.
• fbde51b be able to debug LDAP queries; be consistent between GetUserAccount() and ListUserAccounts() on how to build the search filters; objectClasses were missing in GetUserAccount research filter leading to a bad result for example when a posixgGroup have the same name as a posixUser.
• eb0a8ee chore(deps): bump the dev-dependencies group with 10 updates
• 8fb020e chore(deps): bump the dev-dependencies group with 25 updates
• 5aa407d cleanup: ipa iam server debug logging done with debuglogger
• b358e38 cleanup: minor fixes to ldap exported functions and test
• 24b1c45 cleanup: move debuglogger to top level for full project access
• b46a486 cleanup: s3 iam server debug logging done with debuglogger
• 58117c0 feat: add get bucket location frontend handlers
• 8cad7fd feat: add response header overrides for GetObject
• 818e91e feat: adds x-amz-object-size in PutObject response headers
• 4c41b8b feat: changes cors implementation in s3 to store/retreive in meta bucket
• 7a098b9 feat: implement conditional writes
• b3ed763 feat: implements conditional reads for GetObject and HeadObject
• 18e3012 fix: #1527 - case-insensitive x-amz-checksum-mode header value
• 2bb8a1e fix: NotImplemented for GetObject/HeadObject PartNumber
• 6a82213 fix: add keeplive option (CLI and env var)
• 8436202 fix: adds full wildcard and any character match for bucket policy actions
• 8e18b43 fix: lex sort order of listobjects backend.Walk
• 34da183 fix: lex sort order of listobjectversions backend.WalkVersions
• 488a9ac fix: panic in signed-chunk-reader with incorrect debug string
• a4091fd fix: previous pr was not rebased before merging and caused a build error

Changelog

• 936239b DRY of scoutfs integration, alignment testing for scoutfs.MoveData
• e62337f Fix O_TMPFILE Linkat race.
• 8e6dd45 Fix race in GetObject
• 3934bea Lowercase err message.
• 298d4ec Merged scoutfs and posix ListObjects and ListObjectsV2
• f0858a4 Small cleanups.
• 3208247 chore(deps): bump github.com/valyala/fasthttp
• 6e91e87 chore(deps): bump the dev-dependencies group with 18 updates
• 13c7cb4 chore(deps): bump the dev-dependencies group with 19 updates
• 47e49ce chore(deps): bump the dev-dependencies group with 19 updates
• cef2950 chore(deps): bump the dev-dependencies group with 20 updates
• f29337a chore(deps): bump the dev-dependencies group with 20 updates
• 5be9e3b feat: a total refactoring of the gateway middlewares by lowering them from server to router level.
• 36d2a55 feat: add rabbitmq s3 event notification support
• 1eeb7de feat: add versioning dir option to scoutfs backend
• e5850ff feat: adds copy source validation for x-amz-copy-source header.
• f877502 feat: adds integration tests for public buckets.
• 0895ada feat: adds not implemented routes for bucket accelerate configuration actions
• ed92ad3 feat: adds not implemented routes for bucket ecryption actions
• cdccdcc feat: adds not implemented routes for bucket intelligent tiering actions
• 24b88e2 feat: adds not implemented routes for bucket inventory configuration actions
• 025b0ee feat: adds not implemented routes for bucket lifecycle configuration actions
• 5f28a74 feat: adds not implemented routes for bucket logging actions
• 45a1f7a feat: adds not implemented routes for bucket metrics configuration actions
• d784c0a feat: adds not implemented routes for bucket notification configuration actions
• be79fc2 feat: adds not implemented routes for bucket public access block actions
• 88f84bf feat: adds not implemented routes for bucket replication actions
• 6b450a5 feat: adds not implemented routes for bucket request payment actions
• 14a2984 feat: adds not implemented routes for bucket website actions
• 67d0750 feat: adds unit tests for object DELETE and POST operations
• ba76aea feat: adds unit tests for the object HEAD and GET controllers.
• 09031a3 feat: bucket cors implementation
• d90944a feat: implementes GetBucketPolicyStatus s3 action
• 866b07b feat: implementes unit tests for all the bucket action controllers.
• d2038ca feat: implements advanced routing for HeadObject and bucket PUT operations.
• a7c3cb5 feat: implements advanced routing for ListBuckets, HeadBucket and bucket delete operations
• b7c758b feat: implements advanced routing for bucket POST and object PUT operations.
• a3fef42 feat: implements advanced routing for object DELETE and POST actions.
• 56d4e4a feat: implements advanced routing for object GET actions.
• abdf342 feat: implements advanced routing for the admin apis. Adds the debug logging and quite mode for the separate admin server.
• b8456bc feat: implements advanced routing system for the bucket get operations.
• dc16c04 feat: implements integration tests for the new advanced router
• edaf9d6 feat: implements public bucket access for write operations
• 39cef57 feat: implements public bucket access.
• ab571a6 feat: implements unit tests for admin controllers
• 394675a feat: implements unit tests for controller utilities
• 7f9ab35 feat: implements unit tests for object PUT controllers
• 0eadc38 fix: add -1 to azure etag to avoid client sdk verfications
• e134f63 fix: add test cases and fix behavior for head/get range requests
• 3d20a63 fix: adds Acces-Control-Allow-Headers to cors responses
• 7dc213e fix: adds bucket region in ListBuckets result
• 8db1966 fix: adds not implemented routes for bucket analytics s3 actions.
• 4187b4d fix: adds validation for x-amz-content-sha256 header
• 891672b fix: fixes the HeadObject version access control with policies.
• 4395c9e fix: fixes the InvalidBucketAclWithObjectOwnership error code.
• 69ba00a fix: fixes the UploadPart failure with no precalculated checksum header for FULL_OBJECT checksum type
• 2b9e343 fix: fixes the invalid part number marker error description in ListParts
• e74d2c0 fix: fixes the invalid x-amz-mp-object-size header error in CompleteMultipartUpload.
• 0972af0 fix: fixes the nil body reader panic.
• 65cd44a fix: fixes the s3 access logs and metrics manager reporting. Fixes the default cotext keys setter order in the middlewares.
• dafe099 fix: iam ldap reconnect after network disconnects
• e18c4f4 fix: ignores special checksum headers when parsing x-amz-checksum-x headers
• 3363988 fix: makes checksum type and algorithm case insensitive in CreateMultipartUpload
• 7953241 fix: panic in access log when region header not set in request context
• 6306512 fix: update marker/continuation token to be the azure next marker

Changelog

• ee4d0b0 chore(deps): bump the dev-dependencies group with 3 updates
• a915c3f chore(deps): bump the dev-dependencies group with 6 updates
• 36509da chore: use time.Equal for s3proxy time equality checks
• e39ab6f feat: split the vault mount path into kv and auth
• cbd3eb1 fix: ListMultipartUploads pagination panic and duplicate results
• f295df2 fix: add new auth method to update ownership within acl
• 91b904d fix: add retry for iam freeipa http requests
• c196b5f fix: admin bucket actions for s3proxy
• c320108 fix: always log internal server error messages to stderr
• 003bf5d fix: convert deprecated fasthttp VisitAll() to All()
• 08ccf82 fix: refresh expired iam vault tokens when needed

Changelog

• d971e0e chore(deps): bump the dev-dependencies group with 12 updates
• 3aa2042 chore(deps): bump the dev-dependencies group with 18 updates
• b33499c chore(deps): bump the dev-dependencies group with 18 updates
• 23169fa chore(deps): bump the dev-dependencies group with 2 updates
• 532123e chore(deps): bump the dev-dependencies group with 4 updates
• d9300ea feat: add SECURITY.md to define GitHub security policy
• 98a7b7f feat: adds a middleware to validate bucket/object names
• 7b8b483 feat: calculate full object crc for multi-part uploads for compatible checksums
• 458db64 feat: implements public bucket access.
• 7260854 fix: add object path validation util
• 0d73e3e fix: prevent internal request retry to s3proxy backend
• 6541232 fix: s3 backend user bucket listing
• d831985 fix: s3log crash if startTime not defined
• 5ba5327 fix: s3proxy create bucket always returning BucketAlreadyExists

What's Changed

• Add apple-touch-icon link by @y1zhou in #1850
• Fix regression in partition discovery on Docker (#1847)
• Fix UI bug where charts did not display 1m max until next update
• Fix agent detection of Podman when using socket proxy (#1846)
• Fix NVML GPU collection being disabled when nvidia-smi is not in PATH (#1849)
• Reset SMART interval on agent reconnect if the agent hasn't collected SMART data, allowing config changes to take effect immediately

New Contributors

• @y1zhou made their first contribution in #1850

Full Changelog: v0.18.5...v0.18.6

What's Changed

• Add "update available" notification in hub web UI with CHECK_UPDATES=true by @svenvg93 in #1830
• Add Linux mdraid health monitoring by @VACInc in #1750
• Add ports column to containers table (#1481)
• Allow Linux systemd timer monitoring with SERVICE_PATTERNS (#1820)
• Add ZFS ARC support on FreeBSD
• Add optional tabs layout on web UI system page (#1513)
• Improve web UI performance and mobile styles (thanks @steveiliop56 for new mobile menu in #1840)
• Improve disk discovery and I/O device matching (#1811, #1772)
• Improve (likely fix) status alert reliability (#1519)
• Fix temperature collection blocking agent stats on some systems by @Jimbojones1 in #1839
• Fix SMART_INTERVAL consistency across agent reconnects (#1800)
• Fix container health status for Podman (#1475)
• Fix disk usage averaging for extra disk alerts using historical records by @victoreduardo in #1801
• Fix bandwidth alert computation from byte-per-second source (#1770)
• Fix 1m chart view leading to inflated Docker network IO during use
• Fix daylight saving time offset handling in daily quiet hours by @svenvg93 in #1827
• Fix potential nil pointer panics in hub realtime worker and websocket ping
• Fix: bypass NIC auto-filter when interface is explicitly whitelisted via NICS by @svenvg93 in #1805
• Fix ATA device statistics handling for negative values (#1791)
• Fix AMD GPU sysfs filesize misreporting workaround (#1799)
• Fix light flashes when refresh in dark mode by @svenvg93 in #1832
• Fix macOS agent path lookup for macmon (#1746)
• Update Go version and dependencies

New Contributors

• @guidNull made their first contribution in #1764
• @victoreduardo made their first contribution in #1801
• @Jimbojones1 made their first contribution in #1839

Full Changelog: v0.18.4...v0.18.5

⚠️ Potential Breaking Changes

Added support for importing data in the background (#26914)
Imports now automatically time out after 1 hour, with a maximum of 20 running concurrently. These limits can be configured via IMPORT_TIMEOUT and IMPORT_MAX_CONCURRENCY, respectively.

Improved build times using tsdown’s oxc-transform (#26604)
Exports previously available from @directus/types/collab are now exported directly from @directus/types

Shrunk app UI to 90% and converted all px to rem (16px browser default) (#26826)
Potential breaking change: The app UI has been shrunk to 90% of its previous size. Extensions that rely on hardcoded px values or the old 14px root font-size may render incorrectly — all app sizing now uses rem based on the 16px browser default.

• @directus/api
  • Added support for importing data in the background (#26914 by @Nitwel)
• @directus/types
  • Improved build times using tsdown’s oxc-transform (#26604 by @Nitwel)
• @directus/specs
  • Updated fast-xml-parser, qs, minimatch, tar, undici, vue-split-panel and flatted dependencies (#26951 by @br41nslug)

✨ New Features & Improvements

• @directus/app
  • Added support for importing data in the background (#26914 by @Nitwel)
  • Added utility endpoint and UI to generate translations collections and fields. (#26742 by @bryantgillespie)
  • Added deployment provider link on the run detail page, opening deployments directly in Vercel or Netlify dashboards. (#26888 by @LZylstra)
  • Shrunk app UI to 90% and converted all px to rem (16px browser default) (#26826 by @formfcw)
• @directus/api
  • Added tool search tool for Anthropic AI provider to reduce context usage (#26864 by @bryantgillespie)
  • Added support for setting the secure attribute on OpenID/OAuth2 cookies via the AUTH_<PROVIDER>_COOKIE_SECURE environment variable (#26628 by @dstockton)
  • Updated FilesService.uploadOne to support an optional storage parameter (#26882 by @gaetansenn)
  • Added AI SDK Devtools middleware support for debugging AI Assistant in development only. Added AI telemetry provider (#26678 by @bryantgillespie)
    config for Braintrust and Langfuse, enabling sending traces for observability, usage, and token costs.
  • Added utility endpoint and UI to generate translations collections and fields. (#26742 by @bryantgillespie)
  • Added support for Redis namespace control (#26943 by @dstockton)
• @directus/errors
  • Added support for importing data in the background (#26914 by @Nitwel)
• @directus/env
  • Added support for importing data in the background (#26914 by @Nitwel)
  • Added support for Redis namespace control (#26943 by @dstockton)
• @directus/system-data
  • Added utility endpoint and UI to generate translations collections and fields. (#26742 by @bryantgillespie)
• @directus/constants
  • Added utility endpoint and UI to generate translations collections and fields. (#26742 by @bryantgillespie)
• @directus/extensions-sdk
  • Shrunk app UI to 90% and converted all px to rem (16px browser default) (#26826 by @formfcw)
• @directus/themes
  • Shrunk app UI to 90% and converted all px to rem (16px browser default) (#26826 by @formfcw)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fix file renaming (#26946 by @br41nslug)
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Fixed filtering out preRegisterCheck === false modules from settings module bar config (#26953 by @AlexGaillard)
  • Prevented uncaught exception when v-menu has no tabbable elements (#26922 by @robluton)
  • Fixed a bug where global draft updates failed for singleton collections (#26910 by @formfcw)
  • Refactored "Clear value(s) on save when hidden" condition so it's applied inside a drawer (#26925 by @AlexGaillard)
  • Added functionality to duplicate access policies (#26889 by @robluton)
  • Reduced width of split panel resize handle to prevent scrollbar interference (#26908 by @robluton)
  • Updated Vite to version 8.0.0 (#26887 by @Nitwel)
  • Corrected field editability for conditional update policies and version items (#26815 by @HZooly)
  • Fixed date picker not emitting value after month/year change. (#26880 by @powerseed)
  • Fixed inconsistent dropdown arrows in visual editor header bar (#26904 by @formfcw)
• @directus/api
  • Added API request counting to telemetry reports. Requests are tracked by HTTP method and cache status. (#26738 by @connorwinston)
  • Fix file renaming (#26946 by @br41nslug)
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Fixed errors during import not propagated while the file is streaming (#26881 by @Nitwel)
  • Added cache clear CLI command with --system and --data flags (#26898 by @gaetansenn)
  • Improved build times using tsdown’s oxc-transform (#26604 by @Nitwel)
  • Preserved M2A type info when using named GraphQL fragments (#26920 by @gaetansenn)
  • Added GraphQL resolver deduplication (#26949 by @br41nslug)
  • Fixed aggregation sanitization (#26948 by @br41nslug)
  • Added cross origin opener policy settings (#26947 by @br41nslug)
  • Fixed revisions not using prepareDelta (#26867 by @br41nslug)
• @directus/types
  • Fix file renaming (#26946 by @br41nslug)
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Updated FilesService.uploadOne to support an optional storage parameter (#26882 by @gaetansenn)
  • Added GraphQL resolver deduplication (#26949 by @br41nslug)
  • Fixed revisions not using prepareDelta (#26867 by @br41nslug)
• @directus/env
  • Fix file renaming (#26946 by @br41nslug)
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Added support for setting the secure attribute on OpenID/OAuth2 cookies via the AUTH_<PROVIDER>_COOKIE_SECURE environment variable (#26628 by @dstockton)
  • Added AI SDK Devtools middleware support for debugging AI Assistant in development only. Added AI telemetry provider (#26678 by @bryantgillespie)
    config for Braintrust and Langfuse, enabling sending traces for observability, usage, and token costs.
  • Added cross origin opener policy settings (#26947 by @br41nslug)
• @directus/ai
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/composables
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/constants
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/errors
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/extensions
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/extensions-registry
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/extensions-sdk
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Updated Vite to version 8.0.0 (#26887 by @Nitwel)
• @directus/format-title
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/memory
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/pressure
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/release-notes-generator
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Fixed generated build (#26959 by @AlexGaillard)
• @directus/schema
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/schema-builder
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-azure
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-cloudinary
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-gcs
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-local
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-s3
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-supabase
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/stores
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/system-data
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/themes
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/update-check
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/utils
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Preserved M2A type info when using named GraphQL fragments (#26920 by @gaetansenn)
  • Fixed revisions not using prepareDelta (#26867 by @br41nslug)
• @directus/validation
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/sdk
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Improved build times using tsdown’s oxc-transform (#26604 by @Nitwel)
  • Fixed function typing in sdk for date and time fields. (#26936 by @costajohnt)

📦 Published Versions

• @directus/app@15.6.0
• @directus/api@35.0.0
• @directus/ai@1.3.1
• @directus/composables@11.2.16
• @directus/constants@14.3.0
• create-directus-extension@11.0.32
• @directus/env@5.7.0
• @directus/errors@2.3.0
• @directus/extensions@3.0.22
• @directus/extensions-registry@3.0.22
• @directus/extensions-sdk@17.1.0
• @directus/format-title@12.1.2
• @directus/memory@3.1.5
• @directus/pressure@3.0.20
• @directus/release-notes-generator@2.0.4
• @directus/schema@13.0.6
• @directus/schema-builder@0.0.17
• @directus/specs@13.0.0
• @directus/storage@12.0.4
• @directus/storage-driver-azure@12.0.20
• @directus/storage-driver-cloudinary@12.0.20
• @directus/storage-driver-gcs@12.0.20
• @directus/storage-driver-local@12.0.4
• @directus/storage-driver-s3@12.1.6
• @directus/storage-driver-supabase@3.0.20
• @directus/stores@2.0.1
• @directus/system-data@4.4.0
• @directus/themes@1.3.0
• @directus/types@15.0.0
• @directus/update-check@13.0.5
• @directus/utils@13.3.2
• @directus/validation@2.0.20
• @directus/sdk@21.2.1

5.40.0 (2026-03-18)

🚀 New feature

• add package manager dropdown before version in bug report template (#25679)

🔥 Bug fix

• add maxwidth to documentactions menu (#25664)
• formatErrorMessages array values formatting (#24196)
• admin: alias singleton frontend deps in vite (#25682)
• content-manager: reduce excessive rerendering in components and dynamic zones (#25631)
• content-manager: skip non-draftAndPublish relations in countDraftRelations (#25453)
• i18n: show locale key in disabled select when editing locale (#25124)

📚 Documentation Changes

• fix docs links in README (#25715)

⚙️ Chore

• use https instead of git url in package.repository.url (#25698)
• content-manager: optimize relations handling in EditView component (#25683)
• core: parallelize and cache dynamic zone populate (#25685)

💅 Enhancement

• resolved filter editability on clicking filter tag (#24057)
• core: remove beta on Document API, enforce deprecation on EntityService API (#25744)

❤️ Thank You

• akash-dabhi-qed @akash-dabhi-qed
• Andrea Cappuccio @hood
• Bassel Kanso @Bassel17
• calm @calm329
• Jamie Howard @jhoward1994
• markkaylor
• mathildeleg @mathildeleg
• Nico André
• Nikolas Rimikis @Leptopoda
• Pierre Wizla
• Varun Chawla @veeceey

5.38.1 (2026-03-11)

Superseded on March 11, 2026 by v5.39.0 due to versioning mistake.
Please use v5.39.0.

5.39.0 (2026-03-11)

🚀 New feature

• expand accordion by default when inserting a new component in a document (#24230)
• content-manager: filter list view by publication status (#25510)

🔥 Bug fix

• added shift+tab to blocks editors (#24122)
• single type publish permission error (#24754)
• es translations (#25655)
• typo 'compatability' to 'compatibility' in error messages (#25535)
• content-manager: export ContentManagerPlugin type for plugin dev… (#24149)
• content-manager: reduce excessive rerendering in relation fields (#25623)
• content-manager: reduce rerenders for conditional fields (#25617)
• content-releases: publish in right order to preserve relations (#25551)
• guided-tour: no overlay in dark mode (#25485)
• openapi: correctly merge plugin router prefix with route paths (#25616)
• types: fix document findOne params (#25613)
• upload: add crossOrigin attribute to image preview (#24946)

⚙️ Chore

• upgrade to glob 13 (#25610)
• upgrade better-sqlite3 to 12.6.2 (#25611)
• remove eslint-plugin-rxjs (#25612)
• upgrade koa to 20.8.4 and minimatch to 10.2.4 (#25624)
• eslintignore coverage (#25649)
• stop adding issues to GitHub projects in issues_handleLabel workflow (#25677)
• update package metadata (#25599)
• *: register vitest dependency in Yarn catalog (#25400)
• core/permissions: ensure engine properly merges conditions (#25569)
• deps: bump js-yaml from 3.14.1 to 3.14.2 (#24858)
• deps: bump qs from 6.14.2 to 6.15.0 (#25555)
• deps: bump jws from 3.2.2 to 3.2.3 (#24981)
• deps: bump elliptic from 6.5.7 to 6.6.1 (#24803)
• deps: bump serialize-javascript from 6.0.1 to 6.0.2 (#24841)
• deps: bump mdast-util-to-hast from 13.2.0 to 13.2.1 (#24950)
• deps: bump jws from 3.2.2 to 3.2.3 (#25652)
• deps: bump tar from 7.5.9 to 7.5.10 (#25642)
• deps: bump serialize-javascript from 6.0.1 to 6.0.2 (#25653)

🚨 Security

• upload: improve mimetype detection for uploads (#25177)

❤️ Thank You

• Adrien L
• Akash Santra @Akash504-ai
• akash-dabhi-qed @akash-dabhi-qed
• Ayoub Hidri @ayhid
• Bassel Kanso @Bassel17
• Ben Irvin
• Brandon Aaron @brandonaaron
• Daniel Garcia @dagadevelop
• Gouttfi @Gouttfi
• jeanvier
• markkaylor
• Nico André
• Nikolas Rimikis @Leptopoda
• Owen Rossi-Keen @Smoke3785

5.38.0 (2026-03-04)

🚀 New feature

• content-manager: add relationOpenMode setting (modal/page/newTab) (#25433)
• email-nodemailer: upgrade to Nodemailer v8 with advanced email features and Admin UI capabilities (#25392)
• i18n: add missing french translations (#23093)

🔥 Bug fix

• typo 'recieved' to 'received' across codebase (#25541)
• markdown editor number list is created with wrong numbers (#24631)
• add i18n for boolean cell values (#22314)
• folder subtitles for folders without assets or subfolders (#22694)
• vite and webpack config when linking ds locally (#25530)
• types: add missing typing for proxy.koa config (#25575)

⚙️ Chore

• bump design-system to v2.2.0 (#25584)
• deps: bump rollup from 4.27.4 to 4.59.0 (#25566)
• upload: add import from url (#25496)

❤️ Thank You

• Adrien L
• Altay Akkus
• Ayoub Hidri @ayhid
• Daniel Garcia @dagadevelop
• Grégory Boutte
• Jorrit Schippers
• markkaylor
• mathildeleg @mathildeleg
• Schero D. @Schero94
• Tewson Seeoun @tewson