budibase

v3.38.3 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 20d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

ai-app-builder ai-applications crud-app crud-application data-application data-apps

+12 more

internal-tools it-workflows low-code low-code-no-code low-code-platform no-code no-code-platform rest-api-framework sql-gui workflow-apps workflow-automation workflow-engine

Affected surfaces

auth deps

ReleasePort's take

Light signal

editorial:auto 13d

Budibase 3.38.3 masks long-form datasource secrets and hardens OAuth2 token fetching.

Why it matters: Patch to 3.38.3 immediately to protect data security and authentication integrity.

Summary

AI summary

Mask long-form datasource secrets and harden OAuth2 token fetching.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Mask long-form datasource secrets Mask long-form datasource secrets Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Harden OAuth2 token fetching Harden OAuth2 token fetching Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Display actions breakdown modal in usage page and home metrics Display actions breakdown modal in usage page and home metrics Source: llm_adapter@2026-05-21 Confidence: high	—
Dependency	Low	Bump protobufjs from 7.5.5 to 7.5.8 Bump protobufjs from 7.5.5 to 7.5.8 Source: granite4.1:30b@2026-05-22-audit Confidence: low	—

Full changelog

What's Changed

Bump protobufjs from 7.5.5 to 7.5.8 by @dependabot[bot] in https://github.com/Budibase/budibase/pull/18777
[Security] Mask long-form datasource secrets by @PClmnt in https://github.com/Budibase/budibase/pull/18772
[18747] Display actions breakdown modal in usage page and home metrics by @jvcalderon in https://github.com/Budibase/budibase/pull/18778
[Security] Harden OAuth2 token fetching by @PClmnt in https://github.com/Budibase/budibase/pull/18761

Full Changelog: https://github.com/Budibase/budibase/compare/3.38.2...3.38.3

Security Fixes

[Security] Mask long-form datasource secrets
[Security] Harden OAuth2 token fetching

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track budibase

Get notified when new releases ship.

About budibase

AI agents that run your operations. Model agnostic.

All releases →