nocodb

Availability

| Feature | CE / Free | Paid / Enterprise |
|---|:---:|:---:|
| Gantt View | – | ✅ |
| Shared Pages | – | ✅ |
| Expanded Record Side Panel | ✅ | ✅ |

Gantt View

Gantt View turns any date-based table into a live project schedule: records become draggable bars, dependencies become arrows, and key dates become milestone diamonds. Whether you're planning a product launch, mapping a roadmap, or coordinating project phases, it shows what runs when and what blocks what. Drag to reschedule, link tasks from a bar's handle, and zoom from a one-week sprint out to a five-year roadmap.

Learn more about Gantt View →

Shared Pages

You can now publicly share a NocoDocs page as a read-only link that anyone can open in a browser, no NocoDB account required. Whether you're sharing product docs, a project brief, or an internal wiki, you can take a document straight from the editor to a shareable URL, or embed it elsewhere with an iframe snippet. Switch the toggle off to revoke the link in seconds.

Learn more about sharing documents →

Expanded Record Side Panel in Community Edition

The Expanded Record Side Panel, introduced in 2026.05.1, now ships in Community Edition. Opening a record docks it to the right of the grid instead of a full-screen modal, so your data stays in view while you edit fields, read comments, or scan revision history. It's the default desktop layout across all editions; public and shared views still open as a centered modal.

Learn more about the Expanded Record →

Account Security

• One active session per account. Signing in on a new device or browser signs out the previous session, across every sign-in path including SSO. On by default in all editions; API tokens are unaffected.
• Workspace 2FA now covers owners. Owners are no longer exempt from workspace-wide 2FA enforcement, so on Enterprise workspaces that require 2FA, owners are prompted to enroll before continuing.

Improvements & Fixes

• Search and hide blank fields in an expanded record. In an expanded record you can now search for any field or value, useful when you have lots of fields. Plus the ability to hide blank fields too.
• Pinned filters for date fields. Date, DateTime, Created time, and Last modified time fields can now be pinned to the toolbar as compact pills (exact date, days ago, past N days).
• Dashboard chart color palettes. On Cloud dashboards, bar, line, pie, donut, and scatter widgets gain a palette picker, and gauges get a full color picker for range colors.
• Arrow keys step numeric form fields. Up and Down arrows now increment and decrement Integer, Decimal, and Percent fields in forms, matching how Currency already behaved.
• AutoNumber on empty tables. Adding an AutoNumber field to an empty table no longer throws an error; the sequence initializes correctly.
• Row coloring persists across view switches. A row-color condition's value is now retained when you switch views instead of resetting.
• Junction tables excluded from the table limit. Hidden many-to-many link tables are no longer counted toward a base's table limit, restoring the intended number of user-visible tables.
• Hidden required fields no longer fail silently. Hiding a required (NOT NULL) field now warns, flags it in the Fields menu, auto-expands hidden fields when adding a record, and shows a clear save error instead of dropping the row.
• Calendar and date fields respect the column timezone. Drag, resize, and display on Calendar views no longer show the wrong offset for MySQL DateTime and timezone-configured columns.

Self-Hosting Notes

• If you were using NC_CONNECTION_ENCRYPT_KEY and 2FA, please do read. On instances running with NC_CONNECTION_ENCRYPT_KEY set, TOTP had issues while verifying the code due to the encrypt/decrypt round-trip, causing every 2FA verification to fail with "Invalid verification code". This is fixed. If you were using 2FA, you will need to disable and re-enroll. Note that 2FA only applies to email and password based logins, not to SSO.
• Private-network access for databases and webhooks. SSRF protection is enforced by default. If your instance connects to a database or sends webhooks on a private or local network, you may need to opt in with the relevant environment variables (NC_ALLOW_LOCAL_EXTERNAL_DBS, NC_WEBHOOK_ALLOW_PRIVATE_NETWORK / NC_ALLOW_LOCAL_HOOKS), or disable SSRF filtering globally with NC_DISABLE_SSRF_PROTECTION. NocoDB Cloud always enforces SSRF protection.
• Security dependency audit. This release clears a large batch of dependency security advisories across the stack (including axios, next, and mermaid) with no changes to public APIs.

Closed Issues

• [closed] 🐛 Bug: iFrame embedding doesn't work for shared noco-docs #13901
• [closed] 🐛 Bug: Make connector nocodb:create returns 404 while direct v2 API call succeeds (self-hosted, PG 16) #13881
• [closed] 🐛 Bug: Calendar view sends Date field as timezone datetime unless the date input is focused, causing previous-day save in UTC+9 #13880
• [closed] 🐛 Bug: form view numeric fields not updated when scrolling up/down #13861
• [closed] 🐛 Bug: data entry fails quietly if record can not be stored (not null value in hidden field) #13838
• [closed] 🐛 Bug: import fails but message "successful ..." #13837
• [closed] 🐛 Bug: Webhook difference between forms #13802
• [closed] Featured your project on osalt.dev — README badge available if you'd like to use it #13800
• [closed] 🐛 Bug: NocoDB v2026.04.5 REST Data API returns ERR_TABLE_NOT_FOUND / 500 on PostgreSQL #13794
• [closed] 🐛 Bug: Schema sync creates duplicate Link/LTAR virtual columns per relationship on external Postgres source (2026.04.5) #13788
• [closed] 🐛 Bug: Linked record updated successfully via API v3 PATCH, but appears blank in NocoDB GUI #13612
• [closed] 🐛 Bug: /api/v2/tables/<table_id>/records does not allow new entries to be created #13284
• [closed] 🐛 Bug: Rate limit on self-hosted version (429) #13270
• [closed] 🐛 Bug: [External DataSource] Group by DateTime shows empty groups (totalRows=0) due to timezone mismatch between group keys and SQL query #13090