twenty

v2.3.0 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 21d Productivity & Wikis

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

crm crm-system customer graphql javascript marketing

+8 more

monorepo nestjs postgresql react reactjs sales typescript web

ReleasePort's take

Moderate signal

editorial:auto 13d

v2.3.0 fixes server.fs.deny security bypass in file system access control and removes Gauge chart dashboard support. Adds Prometheus metrics export and generic OAuth provider support to SDK.

Why it matters: Patch if using server.fs.deny. Audit dashboards—Gauge charts will not render post-upgrade. Test Prometheus export in dev; roll out OAuth support to teams.

Summary

AI summary

Remove twenty-website package, exposing upgrade status as Prometheus gauge metrics.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	server.fs.deny security bypass with queries fixed server.fs.deny security bypass with queries fixed Source: llm_adapter@2026-05-21 Confidence: low	—
Breaking	Medium	Gauge chart support removed from dashboards Gauge chart support removed from dashboards Source: llm_adapter@2026-05-21 Confidence: high	—
Feature
Feature	Medium	Thread actions, filters, and archive support added Thread actions, filters, and archive support added Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Generic OAuth provider support added to app SDK Generic OAuth provider support added to app SDK Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	OTLP metrics export logs added for troubleshooting OTLP metrics export logs added for troubleshooting Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Azure foundry provider support added to AI Azure foundry provider support added to AI Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	AI tool and workflow action triggers split in SDK AI tool and workflow action triggers split in SDK Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Upgrade status exposed as Prometheus gauge metrics Upgrade status exposed as Prometheus gauge metrics Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	SEO improved with canonical locale URLs and language switcher SEO improved with canonical locale URLs and language switcher Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	OTLP heartbeat gauge and export attempt logging added OTLP heartbeat gauge and export attempt logging added Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Server upgrade status visible on admin panel Server upgrade status visible on admin panel Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Twenty version validation added to SDK Twenty version validation added to SDK Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Application isConfigured status shown in admin panel Application isConfigured status shown in admin panel Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Application variable now implements SyncableEntity Application variable now implements SyncableEntity Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	AI system prompts now prefer batch tools AI system prompts now prefer batch tools Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Headless front component supports multiple selected records Headless front component supports multiple selected records Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	SDK command menu item definition function added SDK command menu item definition function added Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Docker-not-running error provides actionable next steps Docker-not-running error provides actionable next steps Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Workspace creation and payment events logged to ClickHouse Workspace creation and payment events logged to ClickHouse Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Application variable converted to a syncable entity Application variable converted to a syncable entity Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Bugfix
Bugfix	Medium	TwentyMCP helper receives three correctness fixes TwentyMCP helper receives three correctness fixes Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	SSE event stream updates stabilized during workflow transitions SSE event stream updates stabilized during workflow transitions Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Redis idle disconnects handled in session store Redis idle disconnects handled in session store Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	IMAP channel resilience improved for transient errors IMAP channel resilience improved for transient errors Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Empty record page fixed for non-English workspace members Empty record page fixed for non-English workspace members Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Empty cells shown for soft-deleted related records Empty cells shown for soft-deleted related records Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	OpenTelemetry API deduplication fixes NoopMeterProvider OpenTelemetry API deduplication fixes NoopMeterProvider Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	REST filter default conjunction detection fixed REST filter default conjunction detection fixed Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	SMTP outbound message persistence fixed SMTP outbound message persistence fixed Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	CalDAV implementation refactored for calendar sync CalDAV implementation refactored for calendar sync Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	ConnectionProvider now implements SyncableEntity properly ConnectionProvider now implements SyncableEntity properly Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

What's Changed

[AI] Add thread actions, filters, and archive support by @ehconitin in https://github.com/twentyhq/twenty/pull/20068
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20164
i18n - docs translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20166
Dispatch root package.json hoisted deps and devDeps by @prastoin in https://github.com/twentyhq/twenty/pull/20140
Bump 2.3.0 by @Weiko in https://github.com/twentyhq/twenty/pull/20169
fix: register all cron jobs in twenty-app-dev image by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20167
fix: disable sync on seeded message and calendar channels by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20168
chore: sync AI model catalog from models.dev by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20178
[AI] Prefer batch tools in system prompts by @ehconitin in https://github.com/twentyhq/twenty/pull/20173
fix(code-interpreter): three correctness fixes for the TwentyMCP helper + tool output shape by @krzysztof7363 in https://github.com/twentyhq/twenty/pull/20103
test(upgrade): assert sequence-runner error structurally instead of snapshot by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20213
fix(shared): @types/lodash.camelcase for Docker CD by @charlesBochet in https://github.com/twentyhq/twenty/pull/20219
fix(shared): add uuid, @types/uuid, @types/qs for Docker CD by @charlesBochet in https://github.com/twentyhq/twenty/pull/20222
Twenty email deps by @prastoin in https://github.com/twentyhq/twenty/pull/20223
revert: Sentry #20064 + @sentry 10.27 (prod bisect) by @charlesBochet in https://github.com/twentyhq/twenty/pull/20221
feat(apps): generic OAuth provider support for app SDK by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20181
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20226
feat(server): OTLP metrics export logs for troubleshooting by @charlesBochet in https://github.com/twentyhq/twenty/pull/20228
Fix record table dashboard save by @abdulrahmancodes in https://github.com/twentyhq/twenty/pull/20202
feat(server): add heartbeat gauge + first-export-attempt log for OTLP by @charlesBochet in https://github.com/twentyhq/twenty/pull/20230
[Website] Implement translations. by @mabdullahabaid in https://github.com/twentyhq/twenty/pull/20171
Fix front unit test on main by @prastoin in https://github.com/twentyhq/twenty/pull/20233
fix(server): deduplicate @opentelemetry/api to fix NoopMeterProvider by @charlesBochet in https://github.com/twentyhq/twenty/pull/20231
Fix empty record page on system objects for non-English workspace members by @Weiko in https://github.com/twentyhq/twenty/pull/20235
Add twenty version validation by @martmull in https://github.com/twentyhq/twenty/pull/20227
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20236
[DockerFile] Optimize twenty-server deps and build by @prastoin in https://github.com/twentyhq/twenty/pull/20132
AI - Add azure foundry provider by @etiennejouan in https://github.com/twentyhq/twenty/pull/20170
i18n - docs translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20238
Add server upgrade status on admin panel by @ijreilly in https://github.com/twentyhq/twenty/pull/20107
fix: handle missing file entity in avatar deletion listener by @aayushbaluni in https://github.com/twentyhq/twenty/pull/20192
Return false instead of throwing when event stream does not exist by @thomtrp in https://github.com/twentyhq/twenty/pull/20165
fix: show active advanced filter count badge in dropdown button by @wadeKeith in https://github.com/twentyhq/twenty/pull/20229
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20240
Improve twenty deploy cli logs by @martmull in https://github.com/twentyhq/twenty/pull/20237
Add check for manifest uuid version by @martmull in https://github.com/twentyhq/twenty/pull/20239
fix rest filter default conjunction detection by @channi23 in https://github.com/twentyhq/twenty/pull/20133
i18n - docs translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20243
i18n - docs translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20248
Fix/workspace member avatars 20193 by @Pantkartik in https://github.com/twentyhq/twenty/pull/20200
New name not appearing when renaming "Stages" in data-model settings by @Bonapara in https://github.com/twentyhq/twenty/pull/20246
fix: Invalid configuration instead of related notes by @LuckyPigDev in https://github.com/twentyhq/twenty/pull/20251
feat: expose upgrade status as Prometheus gauge metrics by @charlesBochet in https://github.com/twentyhq/twenty/pull/20262
fix: show empty cell instead of 'Not shared' for soft-deleted related records by @charlesBochet in https://github.com/twentyhq/twenty/pull/20260
Remove twenty-website package. by @mabdullahabaid in https://github.com/twentyhq/twenty/pull/20270
Make ConnectionProvider a true SyncableEntity by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20232
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20278
fix: show AI chat filter button only on hover in navigation drawer by @ehconitin in https://github.com/twentyhq/twenty/pull/20274
fix smtp outbound persist message by @neo773 in https://github.com/twentyhq/twenty/pull/20276
fix: don't mark IMAP channel as failed on transient server errors by @neo773 in https://github.com/twentyhq/twenty/pull/20273
docs: align example name to my-twenty-app across quickstarts by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20279
[Headless Front component] Support multiple selected record by @prastoin in https://github.com/twentyhq/twenty/pull/20268
ci: add ci-website workflow for twenty-website-new by @charlesBochet in https://github.com/twentyhq/twenty/pull/20281
fix: show 'Not shared' for RLS-hidden morph relation records by @charlesBochet in https://github.com/twentyhq/twenty/pull/20272
feat(apps): split AI tool and workflow action triggers in LogicFunction manifest by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20208
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20284
fix: show pinned commands in side panel search results by @abdulrahmancodes in https://github.com/twentyhq/twenty/pull/20265
Bump twenty current version by @prastoin in https://github.com/twentyhq/twenty/pull/20241
feat(sdk): move catalog-sync under server group by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20282
docs: restructure Getting Started around three explicit phases by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20283
feat(sdk): give Docker-not-running error an actionable next step by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20280
remove direction from messages by @neo773 in https://github.com/twentyhq/twenty/pull/20026
fix(website-new): inherit test target so twenty-shared builds in CI by @charlesBochet in https://github.com/twentyhq/twenty/pull/20285
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20286
CalDAV refactor by @neo773 in https://github.com/twentyhq/twenty/pull/20180
feat(sdk): add defineCommandMenuItem by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20256
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20289
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20290
Fix stale address coordinates after clearing autofill by @abdulrahmancodes in https://github.com/twentyhq/twenty/pull/20264
Fix root monorepo package json focused installation by @prastoin in https://github.com/twentyhq/twenty/pull/20292
i18n - docs translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20297
feat: improve SEO foundations and canonicalise locale URLs while adding language-switcher in Footer as planned by @mabdullahabaid in https://github.com/twentyhq/twenty/pull/20294
Improve app gallery image sizing (no cropping) by @abdulrahmancodes in https://github.com/twentyhq/twenty/pull/20287
i18n - website translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20301
Fix unreliable SSE event stream updates during workflow form transitions by @thomtrp in https://github.com/twentyhq/twenty/pull/20242
Fix unclear metadata validation errors by @abdulrahmancodes in https://github.com/twentyhq/twenty/pull/20234
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20302
i18n - docs translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20303
[Dashboards] [Warning] Remove gauge chart support and delete existing widgets by @ehconitin in https://github.com/twentyhq/twenty/pull/20172
fix(server): handle Redis idle disconnects in session-store client by @sibelius in https://github.com/twentyhq/twenty/pull/20143
20215 convert application variable to a syncable entity by @martmull in https://github.com/twentyhq/twenty/pull/20269
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20313
fix(front): resolve labelIdentifier per target for morph relation depth=1 by @charlesBochet in https://github.com/twentyhq/twenty/pull/20305
Nest command unhandled error process exit 1 by @prastoin in https://github.com/twentyhq/twenty/pull/20312
Replace sign-in mocked metadata with hardcoded BackgroundMock by @charlesBochet in https://github.com/twentyhq/twenty/pull/20308
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20317
Fix migration by @martmull in https://github.com/twentyhq/twenty/pull/20321
fix: server.fs.deny bypassed with queries by @mabdullahabaid in https://github.com/twentyhq/twenty/pull/20323
fix(server): bypass workspace cache in onboardingStatus resolver by @charlesBochet in https://github.com/twentyhq/twenty/pull/20322
fix(front): defer default home redirect when object metadata is not loaded by @charlesBochet in https://github.com/twentyhq/twenty/pull/20330
chore(deps): bump papaparse from 5.5.2 to 5.5.3 by @dependabot[bot] in https://github.com/twentyhq/twenty/pull/20335
chore(deps-dev): bump verdaccio from 6.3.1 to 6.5.2 by @dependabot[bot] in https://github.com/twentyhq/twenty/pull/20334
refactor: stop reading joinColumnName from relation field settings by @charlesBochet in https://github.com/twentyhq/twenty/pull/20304
[Website] Add articles section with index and article pages, matching customers page design by @mabdullahabaid in https://github.com/twentyhq/twenty/pull/20315
Fix NestJS CLI pin chokidar to v3 by @neo773 in https://github.com/twentyhq/twenty/pull/20316
Remove broken total count from workflow version by @thomtrp in https://github.com/twentyhq/twenty/pull/20324
Add Workspace Created and Payment Received ClickHouse events by @thomtrp in https://github.com/twentyhq/twenty/pull/20277
Add isConfigured to application registration in App admin panel by @martmull in https://github.com/twentyhq/twenty/pull/20326
i18n - website translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20337
Ai provider - fix by @etiennejouan in https://github.com/twentyhq/twenty/pull/20318
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20338
i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20340

New Contributors

@krzysztof7363 made their first contribution in https://github.com/twentyhq/twenty/pull/20103
@aayushbaluni made their first contribution in https://github.com/twentyhq/twenty/pull/20192
@wadeKeith made their first contribution in https://github.com/twentyhq/twenty/pull/20229
@Pantkartik made their first contribution in https://github.com/twentyhq/twenty/pull/20200
@LuckyPigDev made their first contribution in https://github.com/twentyhq/twenty/pull/20251
@sibelius made their first contribution in https://github.com/twentyhq/twenty/pull/20143

Full Changelog: https://github.com/twentyhq/twenty/compare/v2.2.0...v2.3.0

Breaking Changes

Removed twenty-website package.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track twenty

Get notified when new releases ship.

About twenty

Building a modern alternative to Salesforce, powered by the community.

All releases →

Related context

Related tools

Earlier breaking changes

v2.8.0 Introduces a new permission flags system defined by apps
v2.8.0 Permission flags system replaces previous permission model
v2.7.0 Unify connected account permissions.
v2.7.0 Encrypt `ConnectedAccount` connectionParameters field.
v2.6.0 Rename permissionFlag to rolePermissionFlag and add catalog/backfill