Skip to content

twenty

v2.6.0 Breaking

This release includes 2 breaking changes for platform teams planning a safe upgrade.

Published 15d Productivity & Wikis
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

crm crm-system customer graphql javascript marketing
+8 more
monorepo nestjs postgresql react reactjs sales typescript web

Affected surfaces

auth

Summary

AI summary

Updates affect auth, server, admin-panel, twenty-front, front, billing, and AI integrations.

Changes in this release

Breaking Medium

Drop APP_SECRET from approved-access-domain validation and session cookies

Drop APP_SECRET from approved-access-domain validation and session cookies

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Breaking Medium

Rename permissionFlag to rolePermissionFlag and add catalog/backfill

Rename permissionFlag to rolePermissionFlag and add catalog/backfill

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Resume workspace selection on /welcome with valid tokenPair cookie

Resume workspace selection on /welcome with valid tokenPair cookie

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Medium

Signing keys management tab with usage tracking in admin panel

Signing keys management tab with usage tracking in admin panel

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Medium

Relation traversal in filter dropdown (stacked) in twenty-front

Relation traversal in filter dropdown (stacked) in twenty-front

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Medium

Set 50-character maximum length on passwords in auth

Set 50-character maximum length on passwords in auth

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Sync AI model catalog from models.dev

Sync AI model catalog from models.dev

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Make product stepper visuals interactive on website

Make product stepper visuals interactive on website

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Sync AI model catalog from models.dev again

Sync AI model catalog from models.dev again

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Add MCP tool annotations

Add MCP tool annotations

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Dependency Medium

Bump twenty-sdk, twenty-client-sdk, create-twenty-app to 2.5.0

Bump twenty-sdk, twenty-client-sdk, create-twenty-app to 2.5.0

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Performance Medium

Index messageChannel/calendarChannel for per‑workspace sync crons

Index messageChannel/calendarChannel for per‑workspace sync crons

Source: granite4.1:30b@2026-05-19-audit

Confidence: low
Bugfix Medium

Batch upgrade migration inserts to stay under PG param limit

Batch upgrade migration inserts to stay under PG param limit

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Drop correlated subquery in getWorkspaceLastAttemptedCommandName

Drop correlated subquery in getWorkspaceLastAttemptedCommandName

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Treat plaintext-under-isSecret rows as plaintext in app variable encryption migration

Treat plaintext-under-isSecret rows as plaintext in app variable encryption migration

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Pin node:24-alpine to 24.15.0-alpine3.23 digest in Dockerfile

Pin node:24-alpine to 24.15.0-alpine3.23 digest in Dockerfile

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Rebuild unique phone indexes drops legacy non-empty partial WHERE clause

Rebuild unique phone indexes drops legacy non-empty partial WHERE clause

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Normalize composite defaultValues in manifest converter for app re-install compatibility

Normalize composite defaultValues in manifest converter for app re-install compatibility

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Use theme-aware color for side panel title in front

Use theme-aware color for side panel title in front

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Scope workspace findOne in incrementMetadataVersion

Scope workspace findOne in incrementMetadataVersion

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Add relationTargetFieldMetadataId column early in upgrade sequence

Add relationTargetFieldMetadataId column early in upgrade sequence

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Handle network errors in RestApiService catch block

Handle network errors in RestApiService catch block

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Query timeout fix in billing

Query timeout fix in billing

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Replace removed Mintlify build command in docs

Replace removed Mintlify build command in docs

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Bugfix Medium

Anchor body text color to theme var in twenty-front

Anchor body text color to theme var in twenty-front

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Bugfix Medium

Correct OpenAPI schema for phones.additionalPhones

Correct OpenAPI schema for phones.additionalPhones

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Bugfix Medium

Align currency icon vertically with amount text in front

Align currency icon vertically with amount text in front

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Medium

Translations updates by github-actions[bot]

Translations updates by github-actions[bot]

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Medium

Additional translations updates by github-actions[bot]

Additional translations updates by github-actions[bot]

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Medium

More translations updates by github-actions[bot]

More translations updates by github-actions[bot]

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Medium

Additional docs translations updates by github-actions[bot]

Additional docs translations updates by github-actions[bot]

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Full changelog

What's Changed

  • feat(auth): resume workspace selection on /welcome with valid tokenPair cookie by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20575
  • chore: bump version to 2.6.0 by @twenty-pr[bot] in https://github.com/twentyhq/twenty/pull/20585
  • Bump twenty-sdk, twenty-client-sdk, create-twenty-app to 2.5.0 by @charlesBochet in https://github.com/twentyhq/twenty/pull/20587
  • fix(server): batch upgrade migration inserts to stay under PG param limit by @charlesBochet in https://github.com/twentyhq/twenty/pull/20588
  • fix(server): drop correlated subquery in getWorkspaceLastAttemptedCommandName by @charlesBochet in https://github.com/twentyhq/twenty/pull/20591
  • fix(server): treat plaintext-under-isSecret rows as plaintext in app variable encryption migration by @charlesBochet in https://github.com/twentyhq/twenty/pull/20590
  • chore: sync AI model catalog from models.dev by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20601
  • feat(secret-encryption): drop APP_SECRET from approved-access-domain validation and session cookies by @charlesBochet in https://github.com/twentyhq/twenty/pull/20580
  • [Website] Make product stepper visuals interactive. by @mabdullahabaid in https://github.com/twentyhq/twenty/pull/20602
  • fix(docker): pin node:24-alpine to 24.15.0-alpine3.23 digest by @charlesBochet in https://github.com/twentyhq/twenty/pull/20603
  • fix(docs): replace removed Mintlify build command by @Ariqhermawan in https://github.com/twentyhq/twenty/pull/20578
  • feat(admin-panel): signing keys management tab with usage tracking by @charlesBochet in https://github.com/twentyhq/twenty/pull/20586
  • i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20605
  • fix(server): rebuild unique phone indexes drops legacy non-empty partial WHERE clause by @charlesBochet in https://github.com/twentyhq/twenty/pull/20606
  • feat(twenty-front): relation traversal in filter dropdown (stacked) by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20533
  • i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20609
  • fix(server): normalize composite defaultValues in manifest converter (unblock app re-install on 2.5-normalized workspaces) by @charlesBochet in https://github.com/twentyhq/twenty/pull/20615
  • chore: sync AI model catalog from models.dev by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20620
  • feat(auth): set 50-character maximum length on passwords by @FelixMalfait in https://github.com/twentyhq/twenty/pull/20655
  • i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20661
  • fix(front): use theme-aware color for side panel title by @shubham-0707 in https://github.com/twentyhq/twenty/pull/20645
  • fix(twenty-front): anchor body text color to theme var by @ehconitin in https://github.com/twentyhq/twenty/pull/20622
  • fix(server): scope workspace findOne in incrementMetadataVersion by @charlesBochet in https://github.com/twentyhq/twenty/pull/20660
  • fix(server): add relationTargetFieldMetadataId column early in upgrade sequence by @charlesBochet in https://github.com/twentyhq/twenty/pull/20664
  • fix(server): correct OpenAPI schema for phones.additionalPhones by @HachemOuanes in https://github.com/twentyhq/twenty/pull/20631
  • fix(front): align currency icon vertically with amount text by @shubham-0707 in https://github.com/twentyhq/twenty/pull/20646
  • fix(server): handle network errors in RestApiService catch block by @shubham-0707 in https://github.com/twentyhq/twenty/pull/20644
  • [1/3] Rename permissionFlag to rolePermissionFlag + add permissionFlag catalog/backfill by @ehconitin in https://github.com/twentyhq/twenty/pull/20481
  • i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20674
  • Add MCP tool annotations by @Bonapara in https://github.com/twentyhq/twenty/pull/20672
  • fix(billing) - query timeout by @etiennejouan in https://github.com/twentyhq/twenty/pull/20669
  • Add OpenAI Apps domain challenge file by @Bonapara in https://github.com/twentyhq/twenty/pull/20677
  • i18n - docs translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20680
  • perf(server): index messageChannel/calendarChannel for per-workspace sync crons by @charlesBochet in https://github.com/twentyhq/twenty/pull/20678
  • [Navigation Drawer] Multiple fixes in settings and app drawer by @ehconitin in https://github.com/twentyhq/twenty/pull/20634
  • Fix 19026 deactivated relation unassignable by @Lakshayyy-m in https://github.com/twentyhq/twenty/pull/19296
  • i18n - translations by @github-actions[bot] in https://github.com/twentyhq/twenty/pull/20685
  • fix(ai-chat) - upload files by @etiennejouan in https://github.com/twentyhq/twenty/pull/20681
  • feat(server): upgrade-aware entity decorators for cross-version upgrades by @charlesBochet in https://github.com/twentyhq/twenty/pull/20686
  • Update pricing plan cards by @Bonapara in https://github.com/twentyhq/twenty/pull/20614
  • fix(server): handle legacy PK name in 2.6 rename-permission-flag upgrade by @charlesBochet in https://github.com/twentyhq/twenty/pull/20697

New Contributors

  • @Ariqhermawan made their first contribution in https://github.com/twentyhq/twenty/pull/20578
  • @shubham-0707 made their first contribution in https://github.com/twentyhq/twenty/pull/20645
  • @HachemOuanes made their first contribution in https://github.com/twentyhq/twenty/pull/20631

Full Changelog: https://github.com/twentyhq/twenty/compare/v2.5.0...v2.6.0

Breaking Changes

  • [1/3] Rename permissionFlag to rolePermissionFlag + add permissionFlag catalog/backfill
  • feat(auth): set 50-character maximum length on passwords
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track twenty

Get notified when new releases ship.

Sign up free

About twenty

Building a modern alternative to Salesforce, powered by the community.

All releases →

Related context

Related tools

Earlier breaking changes

  • v2.8.0 Introduces a new permission flags system defined by apps
  • v2.8.0 Permission flags system replaces previous permission model
  • v2.7.0 Unify connected account permissions.
  • v2.7.0 Encrypt `ConnectedAccount` connectionParameters field.
  • v2.5.0 [breaking: deploy server before front] feat(view-sort): pick sort sub-field inline on the chip

Beta — feedback welcome: [email protected]