Release history
typebot.io releases
Typebot is a powerful chatbot builder that you can self-host.
All releases
7 shown
Upgrade now
v3.17.0
Security relevant
Auth
RBAC
RCE / SSRF
+1 more
Security hardening + UI/content updates
v3.16.0
Security relevant
Security fixes
- Fixed stored XSS via javascript: URI in bubble links
- Fixed authorization bypass in getLinkedTypebots
- Fixed SSRF redirect bypass in HTTP Request and Code blocks
Notable features
- Spaces feature
- OpenAI and Anthropic model updates
Full changelog
New features
- ✨ Introduce Spaces [1541877]
- ✨ Add prompt and new models to OpenAI transcription [03973f4]
- ✨ Add onboarding email workflow and unsubscribe flow [406ef51]
- ⚡️ Add new OpenAI and Anthropic models [d0d33d1]
- 👌 Move metadata to share page [75eaf4b]
UI/UX Improvements
- 💅 Improve IconPicker loading [a0be7a4]
- 💅 Make group title hitbox fit text [3611245]
- 💅 Ordered list insert buttons + safe placeholders [9e709d7]
- 💅 Improve image alt text accessibility [d0f7075]
- 💅 Fix dots icons, bolder [2e34c7c]
Fixed
- 🐛 Update WordPress embed default lib version from 0.3 to 0.x [cf80f81]
- 🐛 Fix file upload in builder preview mode [aa3b619]
- 🐛 Fix import typebots [a56dc49]
- 🐛 Fix editables overflow [b8021f9]
- 🐛 Fix space icon picking and optimistic updates [7d43281]
- 🐛 Fix embeds crash (importing external modules) [78da6fa]
- 🐛 Fix builder preview AI streaming [62e5bf6]
- 🐛 Fix results pagination returning extra item [0d934a9]
- 🐛 Fix BubbleButton color resolution [e3a310e]
- 🐛 Fix text block in edit mode deletes group [7e419af]
- 🐛 Fix column settings crash in some situations [9de3802]
- 🐛 Fix whatsapp webhook input schema [4da563a]
- 🐛 Fix CookieStore domain error when declining cookie consent [e33cb1f]
- 🐛 Fix transcript replay when using reply event [dd10f4c]
- 🐛 Fix script args validation when variables have non-numeric values [97da0d6]
- 🐛 Accept transient Resend bounces [d448555]
- 🐛 Hide start event actions [cf38e75]
- 🐛 Release ExternalCopy handles to prevent native memory leak [ccd417d]
- 🐛 Fix typebot parsing crash when ai tool object does not have type (legacy) [6c084e6]
- 🐛 Fix alert dialog overlay color in dark mode [d596306]
- 🐛 Only display forge select variables if more than 1 fetched item [281c972]
- 🐛 Fix keyboard accessibility for clickable elements [f24873c]
- 🐛 Fix generateVariables custom auth base URL [a500c1d]
- 🐛 Fix private api file url [589e621]
Security
- 🔒 Fix stored XSS via javascript: URI in bubble links [2c3fc72]
- 🔒 Fix authorization bypass in getLinkedTypebots [b9530a0]
- 🔒 Fix SSRF redirect bypass in HTTP Request and Code blocks [23818bb]
- 🔒 Fix cross-workspace credential theft via preview endpoint [d6bcc26]
- 🔒 Fix cross-typebot result data access [7316263]
- 🔒 Fix SSRF vulnerabilities in forge block handlers [a330517]
- 🔒 Fix XSS on Rating and file upload inputs [474ecbf]
- 🔒 Fix getResultLog IDOR issue [d82b2d4]
- 🔒 Limit free workspace creation to prevent abuse [a942385]
- 🔒 Protect preview chat with enforced auth [d96f572]
Internal
- ♻️ Migrate to NX [c2b251c]
- ♻️ Migrate builder from tRPC to oRPC [a15673f]
- ♻️ Upgrade to Zod v4 [80db956]
- ✨ Introduce Effect-based workflow system [8febf1a]
- 🔧 Migrate S3 uploads from presigned POST to presigned PUT [cc9839f]
- 🔧 Stream result export directly to S3 [b463379]
- 🔧 Centralize runtime telemetry and Sentry reporting [603fd90]
- 🔧 Let Stripe now handle tax and business name collection [5617bf6]
- 🔧 Move to typebot.com [cb2430b]
- 🔧 Bump embeds package versions to 0.9.20 [7c51958]
v3.15.2
Bug fix
Fixed app router automatically adding transfer-encoding chunked header to backend requests; internal build and logging improvements.
v3.15.1
Bug fix
Fixed webhook listening functionality and email template build issues affecting CI/CD pipeline and email delivery.
v3.15.0
New feature
Notable features
- WhatsApp typing indicators
- S3 private URL with PAT
- Rate limiting for email APIs