typebot.io

New features

• ✨ Introduce Spaces [1541877]
• ✨ Add prompt and new models to OpenAI transcription [03973f4]
• ✨ Add onboarding email workflow and unsubscribe flow [406ef51]
• ⚡️ Add new OpenAI and Anthropic models [d0d33d1]
• 👌 Move metadata to share page [75eaf4b]

UI/UX Improvements

• 💅 Improve IconPicker loading [a0be7a4]
• 💅 Make group title hitbox fit text [3611245]
• 💅 Ordered list insert buttons + safe placeholders [9e709d7]
• 💅 Improve image alt text accessibility [d0f7075]
• 💅 Fix dots icons, bolder [2e34c7c]

Fixed

• 🐛 Update WordPress embed default lib version from 0.3 to 0.x [cf80f81]
• 🐛 Fix file upload in builder preview mode [aa3b619]
• 🐛 Fix import typebots [a56dc49]
• 🐛 Fix editables overflow [b8021f9]
• 🐛 Fix space icon picking and optimistic updates [7d43281]
• 🐛 Fix embeds crash (importing external modules) [78da6fa]
• 🐛 Fix builder preview AI streaming [62e5bf6]
• 🐛 Fix results pagination returning extra item [0d934a9]
• 🐛 Fix BubbleButton color resolution [e3a310e]
• 🐛 Fix text block in edit mode deletes group [7e419af]
• 🐛 Fix column settings crash in some situations [9de3802]
• 🐛 Fix whatsapp webhook input schema [4da563a]
• 🐛 Fix CookieStore domain error when declining cookie consent [e33cb1f]
• 🐛 Fix transcript replay when using reply event [dd10f4c]
• 🐛 Fix script args validation when variables have non-numeric values [97da0d6]
• 🐛 Accept transient Resend bounces [d448555]
• 🐛 Hide start event actions [cf38e75]
• 🐛 Release ExternalCopy handles to prevent native memory leak [ccd417d]
• 🐛 Fix typebot parsing crash when ai tool object does not have type (legacy) [6c084e6]
• 🐛 Fix alert dialog overlay color in dark mode [d596306]
• 🐛 Only display forge select variables if more than 1 fetched item [281c972]
• 🐛 Fix keyboard accessibility for clickable elements [f24873c]
• 🐛 Fix generateVariables custom auth base URL [a500c1d]
• 🐛 Fix private api file url [589e621]

Security

• 🔒 Fix stored XSS via javascript: URI in bubble links [2c3fc72]
• 🔒 Fix authorization bypass in getLinkedTypebots [b9530a0]
• 🔒 Fix SSRF redirect bypass in HTTP Request and Code blocks [23818bb]
• 🔒 Fix cross-workspace credential theft via preview endpoint [d6bcc26]
• 🔒 Fix cross-typebot result data access [7316263]
• 🔒 Fix SSRF vulnerabilities in forge block handlers [a330517]
• 🔒 Fix XSS on Rating and file upload inputs [474ecbf]
• 🔒 Fix getResultLog IDOR issue [d82b2d4]
• 🔒 Limit free workspace creation to prevent abuse [a942385]
• 🔒 Protect preview chat with enforced auth [d96f572]

Internal

• ♻️ Migrate to NX [c2b251c]
• ♻️ Migrate builder from tRPC to oRPC [a15673f]
• ♻️ Upgrade to Zod v4 [80db956]
• ✨ Introduce Effect-based workflow system [8febf1a]
• 🔧 Migrate S3 uploads from presigned POST to presigned PUT [cc9839f]
• 🔧 Stream result export directly to S3 [b463379]
• 🔧 Centralize runtime telemetry and Sentry reporting [603fd90]
• 🔧 Let Stripe now handle tax and business name collection [5617bf6]
• 🔧 Move to typebot.com [cb2430b]
• 🔧 Bump embeds package versions to 0.9.20 [7c51958]