netbox

v4.6.2 Feature

This release adds 5 notable features for engineering teams evaluating rollout.

Published 1d Configuration Management

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

cabling dcim django infrastructure-management ipam netbox

+5 more

network network-automation python sot sysadmin

Summary

AI summary

Broad release touches Bug Fixes, Enhancements, https://github.com/netbox-community/netbox/issues/17127, and https://github.com/netbox-community/netbox/issues/19336.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	Adds user preference for selecting metric or imperial units of measurement Adds user preference for selecting metric or imperial units of measurement Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Medium	Converts tabbed list view filtering from JavaScript to HTMX Converts tabbed list view filtering from JavaScript to HTMX Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Medium	Supports bulk renaming of the `label` field on device components Supports bulk renaming of the `label` field on device components Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Medium	Allows setting `quick_add` on an `ObjectVar` in custom scripts Allows setting `quick_add` on an `ObjectVar` in custom scripts Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Medium	Makes designated environment parameters available via new `env()` Jinja2 filter Makes designated environment parameters available via new `env()` Jinja2 filter Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Medium	Includes child dependency counts in module type REST API representation Includes child dependency counts in module type REST API representation Source: llm_adapter@2026-06-02 Confidence: high	—
Feature	Low	Improves robustness of the RQ worker liveness check Improves robustness of the RQ worker liveness check Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Feature	Low	Supports additional template variables for constructing map URLs Supports additional template variables for constructing map URLs Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix
Bugfix	Medium	Fixes `ValueError` in CircuitTerminationForm when termination type is set but target object is blank Fixes `ValueError` in CircuitTerminationForm when termination type is set but target object is blank Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Prevents duplicate scheduled background jobs from being created Prevents duplicate scheduled background jobs from being created Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Fixes `site_id` filter on cables REST API returning no results when both endpoints are circuit terminations Fixes `site_id` filter on cables REST API returning no results when both endpoints are circuit terminations Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Fixes `fetch()` on S3Backend to reliably resolve object keys Fixes `fetch()` on S3Backend to reliably resolve object keys Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Medium	Restricts Job queryset in ScriptResultView to authorized objects Restricts Job queryset in ScriptResultView to authorized objects Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Medium	Avoids name conflict when multiple plugins introduce taggable models of the same name Avoids name conflict when multiple plugins introduce taggable models of the same name Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Medium	Fixes inconsistent enforcement of `grant_token` permissions between UI and REST API Fixes inconsistent enforcement of `grant_token` permissions between UI and REST API Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Low	Cache empty config revision state to avoid per-request database queries Cache empty config revision state to avoid per-request database queries Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Low	Fixes erroneous cable path retracing when using a cable profile Fixes erroneous cable path retracing when using a cable profile Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Low	Adds missing required form field indicator to InlineFields rows Adds missing required form field indicator to InlineFields rows Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Low	Validates `vid_ranges` bounds metadata in VLANGroup.save() to avoid miscounts and crashes on singleton ranges Validates `vid_ranges` bounds metadata in VLANGroup.save() to avoid miscounts and crashes on singleton ranges Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Low	Ensures custom scripts added via a remote data source are validated Ensures custom scripts added via a remote data source are validated Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Low	Displays verbose name instead of internal model name for related object type on custom field detail page Displays verbose name instead of internal model name for related object type on custom field detail page Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Low	Avoids recording spurious UPDATE change record after DELETE for objects with reverse SET_NULL relations Avoids recording spurious UPDATE change record after DELETE for objects with reverse SET_NULL relations Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Low	Marks `name` and `description` fields on GraphQL ConfigContextProfileFilter as optional Marks `name` and `description` fields on GraphQL ConfigContextProfileFilter as optional Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Low	Fixes GraphQL EventRuleFilter.action_object_type being typed as a string lookup against ContentType foreign key Fixes GraphQL EventRuleFilter.action_object_type being typed as a string lookup against ContentType foreign key Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Low	Fixes AttributeError when creating a custom field choice set with base choices Fixes AttributeError when creating a custom field choice set with base choices Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Bugfix	Low	Avoids out-of-memory crash in DynamicMultipleChoiceField with large choice sets Avoids out-of-memory crash in DynamicMultipleChoiceField with large choice sets Source: granite4.1:30b@2026-06-02-audit Confidence: low	—

Full changelog

Enhancements

#17127 - Add a user preference for selecting metric or imperial units of measurement
#19336 - Convert the filtering of tabbed list views from JavaScript to HTMX
#19460 - Support additional template variables for greater flexibility when constructing map URLs
#20804 - Support bulk renaming of the label field on device components
#21261 - Allow setting quick_add on an ObjectVar in custom scripts
#21952 - Improve robustness of the RQ worker liveness check
#22109 - Include child dependency counts in the module type REST API representation
#22212 - Make designated environment parameters available within Jinja2 templates via the new env() filter
#22239 - Rename the "Save" button on the table configuration form to "Apply" for clarity
#22255 - Allow plugins to register custom serializer resolvers for get_serializer_for_model()

Bug Fixes

#21091 - Declare proper request & response schema types for the device/VM config rendering API endpoints
#22158 - Cache empty config revision state to avoid per-request queries polluting database connections
#22163 - Fix ValueError raised by CircuitTerminationForm when a termination type is set but the target object is blank
#22180 - Ensure custom scripts added via a remote data source are validated
#22187 - Fix erroneous cable path retracing when using a cable profile
#22219 - Add missing required form field indicator to InlineFields rows
#22228 - Validate vid_ranges bounds metadata in VLANGroup.save() to avoid miscounts and a crash on singleton ranges
#22232 - Prevent duplicate scheduled background jobs from being created
#22233 - Fix site_id filter on the cables REST API returning no results when both endpoints are circuit terminations
#22247 - Display the verbose name instead of the internal model name for the related object type on the custom field detail page
#22270 - Avoid recording a spurious UPDATE change record after DELETE for objects with reverse SET_NULL relations
#22282 - Fix fetch() on S3Backend to reliably resolve object keys
#22283 - Restrict the Job queryset in ScriptResultView to authorized objects
#22286 - Mark the name and description fields on the GraphQL ConfigContextProfileFilter as optional
#22287 - Fix GraphQL EventRuleFilter.action_object_type being typed as a string lookup against a ContentType foreign key
#22301 - Avoid name conflict when multiple plugins introduce taggable models of the same name
#22307 - Fix inconsistent enforcement of grant_token permissions between the UI and REST API
#22325 - Fix AttributeError when creating a custom field choice set with base choices
#22328 - Avoid out-of-memory crash in DynamicMultipleChoiceField with large choice sets

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track netbox

Get notified when new releases ship.

About netbox

The premier source of truth powering network automation. Open source under Apache 2. Try NetBox Cloud free: https://netboxlabs.com/products/free-netbox-cloud/

All releases →

netbox

Summary

Changes in this release

Enhancements

Bug Fixes

Related context

Related tools