This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+12 more
Affected surfaces
ReleasePort's take
Moderate signalVersion 3.39.13 of Budibase adds IP‑based lockout to the login endpoint.
Why it matters: The new security control mitigates credential‑stuffing attacks; severity rating is 90, indicating high impact for authentication surfaces.
Summary
AI summaryIP‑based lockout added to the login endpoint.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Critical |
Adds IP-based lockout to login endpoint Adds IP-based lockout to login endpoint Source: llm_adapter@2026-06-11 Confidence: high |
— |
| Bugfix | Low |
Uses app binding escaping for automations Uses app binding escaping for automations Source: llm_adapter@2026-06-11 Confidence: high |
— |
| Bugfix | Low |
Clarifies menu item text Clarifies menu item text Source: llm_adapter@2026-06-11 Confidence: high |
— |
Full changelog
What's Changed
- [BUDI-18938] Use app binding escaping for automations by @melohagan in https://github.com/Budibase/budibase/pull/18946
- clarifies menu item by @mikesealey in https://github.com/Budibase/budibase/pull/18956
- [VUL-78] Add IP-based lockout to login endpoint by @jvcalderon in https://github.com/Budibase/budibase/pull/18947
Full Changelog: https://github.com/Budibase/budibase/compare/3.39.12...3.39.13
Security Fixes
- VUL-78 – Added IP‑based lockout to login endpoint
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]