budibase

v3.39.6 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 2d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

ai-app-builder ai-applications crud-app crud-application data-application data-apps

+12 more

internal-tools it-workflows low-code low-code-no-code low-code-platform no-code no-code-platform rest-api-framework sql-gui workflow-apps workflow-automation workflow-engine

Affected surfaces

rce_ssrf

ReleasePort's take

Moderate signal

editorial:auto 2d

Version 3.39.6 of Budibase fixes a DNS rebinding bypass vulnerability in outbound fetch validation and adds verification for NoSQL queries.

Why it matters: The release patches a critical security flaw (DNS rebinding) affecting outbound fetches and introduces query‑verification hardening; operators should upgrade immediately.

Summary

AI summary

Fix DNS rebinding bypass in outbound fetch validation and add nosql query verification security fixes.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Fixes DNS rebinding bypass in outbound fetch validation Fixes DNS rebinding bypass in outbound fetch validation Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Ignores updates for 'svelte' dependency in Dependabot config Ignores updates for 'svelte' dependency in Dependabot config Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Secfix: verifies NoSQL queries Secfix: verifies NoSQL queries Source: llm_adapter@2026-06-01 Confidence: low	—

Full changelog

What's Changed

Align automation condition value controls by @melohagan in https://github.com/Budibase/budibase/pull/18823
[SECURITY] Fix DNS rebinding bypass in outbound fetch validation by @adrinr in https://github.com/Budibase/budibase/pull/18868
Ignore updates for 'svelte' dependency in Dependabot config by @adrinr in https://github.com/Budibase/budibase/pull/18890
secfix: nosql queries verification by @calexiou in https://github.com/Budibase/budibase/pull/18847

Full Changelog: https://github.com/Budibase/budibase/compare/3.39.5...3.39.6

Security Fixes

[SECURITY] Fix DNS rebinding bypass in outbound fetch validation
secfix: nosql queries verification

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track budibase

Get notified when new releases ship.

About budibase

AI agents that run your operations. Model agnostic.

All releases →