liveblocks

v3.19.0 Security

This release patches 1 CVE for security teams tracking exposure across their dependency inventory.

Published 27d Developer Productivity

1 patched CVE

This release patches 1 known CVE CVE-2025-31125 EPSS 83%

1 CVEs patched

Topics

ai-agents ai-copilot collaboration commenting-system comments crdt

+10 more

liveblocks multiplayer notifications-systems presence react real-time toolkit websockets yjs yjs-provider

Summary

AI summary

Room history disable API is no longer experimental and Yjs undo/redo bug after plugin changes is fixed.

Full changelog

Add new markdownToCommentBody helper to convert Markdown strings into
CommentBody objects.

room.history.disable(fn) is now officially supported and no longer
experimental. It allows running storage mutations without them appearing on
the undo/redo stacks and it’s intended for background/async writes (e.g.
writing back AI generation results) that should not be undoable.

Fix keyboard shortcut in strikethrough tooltip. (Thanks @HellBoy-OP for the
contribution!)
Fix Yjs undo/redo silently breaking after editor.registerPlugin /
unregisterPlugin is called (e.g. when Tiptap's BubbleMenu, DragHandle,
or SlashCommand mount). The reattach restore() is now installed
unconditionally on view destroy, matching upstream
@tiptap/extension-collaboration. (Thanks @lucasmotta for the contribution!)

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track liveblocks

Get notified when new releases ship.

About liveblocks

Realtime infrastructure for multiplayer apps and agents