Announcement2.1
Release v2.1
Appsmith v2.1 introduces customer support platform integration with Pylon, adds memory analysis tooling, and includes multiple security hardening fixes including SSRF protection, path traversal validation, and permission enforcement.
Features
- Replaced Intercom with Pylon across the platform. (#41722)
- Added
memory-analysis.shto help with memory sizing and diagnostic analysis. (#41816)
Fixes
- Applied a comprehensive non-routable IP address filter on WebClient to strengthen SSRF protection. (GHSA-v49v-673j-g4vj, GHSA-m23h-pvf3-2m7p) (#41849)
- Built MongoDB database tools from source using patched
x/cryptoandx/netdependencies. (#41850) - Restricted the Caddy admin interface to a local socket. (GHSA-8jvv-gwqg-6vjc) (#41847)
- Added path traversal validation to widget save paths. (GHSA-r553-q33m-v7pf) (#41834)
- Removed the unused Supervisord admin port. (GHSA-v49v-673j-g4vj) (#41837)
- Updated the Husky pre-commit hook to correctly stage server files from the worktree root. (#41835)
- Added a non-root user to the Cypress snapshot Dockerfile. (#41823)
- Enforced
MANAGE_PAGESpermission checks when updating the dependency map. (GHSA-q4p7-j55w-5mjm) (#41828) - Updated Helm charts to allow numeric CPU values in
resources.requests. (#41824)
securityperformanceinfrastructurememory-analysisssrf-protectionpermissions
Source: original entry ↗