This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
Summary
AI summaryAdded default panic-recover handling for cron jobs, returning hidden record data fields for superuser realtime subscribers.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Low |
Returns hidden record data fields for superuser realtime subscribers. Returns hidden record data fields for superuser realtime subscribers. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Dependency | Medium |
Bumps minimum Go GitHub action version to 1.26.4 including minor security fixes. Bumps minimum Go GitHub action version to 1.26.4 including minor security fixes. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Bugfix | Medium |
Fixes multiple select options wrapping issue. Fixes multiple select options wrapping issue. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Bugfix | Low |
Adds default panic-recover handling for cron jobs to prevent server termination on panic. Adds default panic-recover handling for cron jobs to prevent server termination on panic. Source: llm_adapter@2026-06-03 Confidence: high |
— |
Full changelog
To update the prebuilt executable you can run
./pocketbase update.
-
Fixed multiple select options wrapping (#7720).
-
Return the hidden record data fields for superusers realtime subscribers (#7721).
-
Added default panic-recover handling for the cron jobs to avoid terminating the server on panic.
-
Bumped the min Go GitHub action version to 1.26.4 as it includes some minor security fixes.
Security Fixes
- Bumped minimum Go GitHub Action version to 1.26.4, which includes minor security fixes
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Beta — feedback welcome: [email protected]