What's Changed

• 🐛 fix: organization & project router links by @deleteLater in https://github.com/featbit/featbit/pull/892
• ✨ feat: OpenApis for updating feature flag/segment targeting by @deleteLater in https://github.com/featbit/featbit/pull/893

Full Changelog: https://github.com/featbit/featbit/compare/5.3.2...5.3.3

What's Changed

• ✨ feat: fine-grained access control for segments by @cosmos-explorer in https://github.com/featbit/featbit/pull/885
• 🐛 fix: failed to load member filtering options by @deleteLater in https://github.com/featbit/featbit/pull/886
• ✨ feat: track workspace usage by @deleteLater in https://github.com/featbit/featbit/pull/888
• ✨ feat: workspace usage UI by @deleteLater in https://github.com/featbit/featbit/pull/889

Breaking Changes

This release includes database schema changes. To upgrade, please apply the corresponding scripts for your database:

PostgreSQL: Apply the v5.3.2.sql script
MongoDB: Execute the v5.3.2.js script

Full Changelog: https://github.com/featbit/featbit/compare/5.3.1...5.3.2

What's Changed

• ✨ feat: Make SSO the default authentication tab when SSO enabled by @wss-cadenwheeler in https://github.com/featbit/featbit/pull/863
• 🐛 fix: cannot get project list by access tokens by @deleteLater in https://github.com/featbit/featbit/pull/878
• 🐛 fix: cannot clone SystemManaged policy by @cosmos-explorer in https://github.com/featbit/featbit/pull/880
• ✨ feat: rate limiting for evaluation server by @CHR-LeeOlsen in https://github.com/featbit/featbit/pull/874
• ✨ feat: configurable CORS for evaluation server by @CHR-LeeOlsen in https://github.com/featbit/featbit/pull/877
• ✨ feat: support resource-level permissions for access tokens by @cosmos-explorer in https://github.com/featbit/featbit/pull/882

Full Changelog: https://github.com/featbit/featbit/compare/5.3.0...5.3.1

🎉 FeatBit v5.3.0: Security & Compliance

This is our first major release focused specifically on Security and Compliance. This release marks the beginning of an ongoing journey; we will continue to further harden the platform throughout the v5.3.x release cycle and beyond.

Key Improvements

Fine-Grained IAM Permission Control

We've enforced strict IAM permission check on backend APIs. This ensures requests is validated against the specific permissions of the current context (user or access token), providing better governance and preventing unauthorized data access.

Secure Authentication

We’ve refactored our JWT implementation to follow industry best practices, which includes short-lived access tokens and refresh token rotation, where each new session issues a fresh token and invalidates the previous one to minimize the risk of token theft.

Bug Fixes

• Update Kafka health checks use the full config (by @AmyJeanes in #860)
• Added missing indexes to Mongo database migrations. This is critical for environments like Azure Cosmos DB that require indexes for all sorted queries. (by @AmyJeanes in #862)

Breaking Changes

This release includes database schema changes. To upgrade, please apply the corresponding scripts for your database:

PostgreSQL: Apply the v5.3.0.sql script
MongoDB: Execute the v5.3.0.js script

Full Changelog: https://github.com/featbit/featbit/compare/5.2.4...5.3.0

What's Changed

• 🧹 refactor: resolve some NG0955 warnings by @deleteLater in https://github.com/featbit/featbit/pull/859
• ✨ feat: added timestamp filter to flag evaluation API by @deleteLater in https://github.com/featbit/featbit/pull/858

Full Changelog: https://github.com/featbit/featbit/compare/5.2.3...5.2.4

What's Changed

• 🐛 fix: cannot update feature flags for license without fine-grained-ac by @deleteLater in https://github.com/featbit/featbit/pull/856

Full Changelog: https://github.com/featbit/featbit/compare/5.2.2...5.2.3

What's Changed

• 🐛 fix: segment updates not reflected on client-side clients in certain scenarios by @deleteLater in https://github.com/featbit/featbit/pull/848
• ✨ feat: flag concurrent edits detection by @deleteLater in https://github.com/featbit/featbit/pull/850
• 🐛 fix: user can bypass flag IAM permissions by @cosmos-explorer in https://github.com/featbit/featbit/pull/849
• 📖 doc: complement open api docs by @deleteLater in https://github.com/featbit/featbit/pull/851
• ✨ feat: flag evaluation API by @deleteLater in https://github.com/featbit/featbit/pull/854
• ✨ feat: added new endpoints to open api by @cosmos-explorer in https://github.com/featbit/featbit/pull/853

Full Changelog: https://github.com/featbit/featbit/compare/5.2.1...5.2.2

What's Changed

• 🐛 fix: infinity horizontal scroll on compare table zoom out by @deleteLater in https://github.com/featbit/featbit/pull/840
• 🏗 fix: correct developer_policy_id in postgres migration scripts by @deleteLater in https://github.com/featbit/featbit/pull/836
• ✨ feat: added policy key by @cosmos-explorer in https://github.com/featbit/featbit/pull/841
• 🐛 fix: populate cache from postgres fails by @deleteLater in https://github.com/featbit/featbit/pull/843
• 🖍 style: restyle header component by @deleteLater in https://github.com/featbit/featbit/pull/842
• ✨ feat: added segment key by @cosmos-explorer in https://github.com/featbit/featbit/pull/844
• 🏗 infra: upgrade MongoDb images by @deleteLater in https://github.com/featbit/featbit/pull/845
• 🏗 infra: db migrations scripts for for v5.2.1 by @deleteLater in https://github.com/featbit/featbit/pull/837

Breaking Changes

This release includes database schema changes. To upgrade, please apply the corresponding scripts for your database:

• PostgreSQL: Apply the v5.2.1.sql script
• MongoDB: Execute the v5.2.1.js script

Full Changelog: https://github.com/featbit/featbit/compare/5.2.0...5.2.1

🎉 FeatBit v5.2.0: Enhanced Permission Control (RBAC) and Flag Comparison Helicopter View

We are excited to announce the release of FeatBit v5.2.0! This update brings enhanced permission control capabilities with finer granularity and a powerful new feature that enables you to compare and copy feature flag settings across environments.

Key Improvements

Enhanced Permission Control (RBAC)

FeatBit, by default, allows no access. Users need explicit permissions to access resources. (Learn More)

We've implemented fine-grained access control for feature flags, enabling precise control over specific actions users can perform. You can now define permissions at the flag level and you can also dynamically set permissions based on feature flag tags (e.g., allow the "QA Team" to edit only flags tagged with testing).

Note: We are actively working on extending granular permissions to other resources in upcoming releases.

Learn more: Feature Flag Access Control Documentation

Flag Comparison Helicopter View

You can now compare feature flag settings between two environments and seamlessly copy them from source to target.

The helicopter view provides a high-level overview of flag differences across multiple project environments. This feature is useful for:

• Managing multi-environment setups
• Ensuring consistency across environments
• Identifying differences that may impact application behavior
• Promoting flag settings from dev → staging → production

Miscellaneous

• Segment tags: Added tagging support for segments
• Custom flag sorting: Customize flag sorting behavior at the organization level (Learn more)
• Cross-project flag copying: Copy feature flags across projects within your organization, previously limited to the same project (Learn more)
• Clone existing flags: Create new flags by cloning existing ones (Learn more)
• Redesigned flag list page: Enhanced UI for better flag management (Learn more)
• Various UI/UX improvements and bug fixes

Breaking Changes

Database Schema Changes

This release includes database schema changes. To upgrade, please apply the corresponding scripts for your database:

• PostgreSQL: Apply the v5.2.0.sql script
• MongoDB: Execute the v5.2.0.js script

IAM Changes

• We fixed a bug that allowed users without the canAccessEnv permission to read data from environments. If you are using FeatBit-managed policies (Owner, Administrator, or Developer), no action is required. If you are using custom policies, ask your owner to grant the canAccessEnv permission for the relevant environments.
• This version introduces fine-grained access control. If you are using FeatBit-managed policies (Owner, Administrator, or Developer), no action is required. If you are using custom policies, ask your owner to grant the all actions (*) permission so users can manage feature flags.

Full Changelog: https://github.com/featbit/featbit/compare/5.1.4...5.2.0