Nhost

[email protected] scope: cli Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 15d API Development

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

authentication backend backend-as-a-service database firebase flutter

+12 more

graphql hasura javascript nextjs nhost postgresql react serverless serverless-functions storage typescript vue

Affected surfaces

auth

Summary

AI summary

Updates cli, 🐛 Bug Fixes, and ⚙️ Miscellaneous Tasks across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Harden local configserver against cross-origin and exfil access Harden local configserver against cross-origin and exfil access Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Feature	Medium	Embed email templates instead of fetching at runtime Embed email templates instead of fetching at runtime Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Dependency	Medium	Bump references to 1.45.0 Bump references to 1.45.0 Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—
Bugfix
Bugfix	Medium	Create install path if it doesn't exist Create install path if it doesn't exist Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix	Medium	Use when is in an env var for Docker Compose Use when is in an env var for Docker Compose Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix	Medium	Make build and check work on NixOS Make build and check work on NixOS Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—
Bugfix	Medium	Use the environment NHOST_PAT directly Use the environment NHOST_PAT directly Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—
Refactor	Medium	Update schema Update schema Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—

Full changelog

[[email protected]] - 2026-05-19

🚀 Features

(cli) Embed email templates instead of fetching at runtime (#4273)
(cli) Harden local configserver against cross-origin and exfil access (#4302)

🐛 Bug Fixes

(ci) Make build and check work on NixOS (#4234)
(ci) Use the environment NHOST_PAT directly (#4246)
(cli) Create install path if it doesn't exist (#4256)
(cli) Use when is in an env var for Docker Compose (#4160)

⚙️ Miscellaneous Tasks

(cli) Bump references to 1.45.0 (#4219)
(cli) Update schema (#4288)
(dashboard) Bump references to 2.63.0

Security Fixes

(cli) Harden local configserver against cross-origin and exfil access

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Nhost

Get notified when new releases ship.

About Nhost

The Open Source Firebase Alternative with GraphQL.

All releases →