megachangelog
Announcement1.96

Appsmith v1.96 Release

This release includes new features like Betterbugs SDK support and a Tooltip property for Checkbox widgets, along with critical security fixes for file write, XSS, and OS command injection vulnerabilities, plus improvements to resource management and HTML content handling.

Features

  • Added Betterbugs SDK support. (#41532)
  • Added a Tooltip property for the Checkbox widget. (#41483)

Fixes

  • Fixed an arbitrary file write vulnerability that allowed writes outside the repository scope. (#41565)
  • Added a getTextFromHTML fallback and normalized search keys to properly handle HTML content. (#41553)
  • Fixed an XSS vulnerability in Table HTML cells. (#41539)
  • Closed InputStreams after StreamUtils.copyToString to prevent resource leaks. (#41516)
  • Fixed an issue where stale actions could not read contents. (#41533)
  • Updated MongoDB feature compatibility version (FCV) to 6. (#41534)
  • Fixed an OS command injection vulnerability when in-memory Git is enabled. (#41525)
releasesecurityfeaturesbugfixwidgetstability

Source: original entry ↗