formbricks releases

Review required

5.0.2 Bug fix · 5d

Dependencies

S3 image error fix

Open

No immediate action

5.0.1 Bug fix · 7d

Stamps version + fixes SSO

Open

Config change

5.0.0 Breaking risk · 8d

Breaking upgrade

Cube/Hub, Feedback Directories, Dashboards, Workspaces, AI

Open

Review required

4.9.7 Bug fix · 12d

Dependencies

DNS pinning fix

Open

Upgrade now

4.9.6 Bug fix · 16d

Auth Breaking upgrade

SSO deletion fixes

Open

4.9.5 Bug fix · 1mo

Minor fixes and improvements.

Full changelog

What's Changed

• fix: backport account deletion authorization (#7901) by @xernobyl in https://github.com/formbricks/formbricks/pull/7903

Full Changelog: https://github.com/formbricks/formbricks/compare/4.9.4...4.9.5

View release on GitHub

4.9.4 Security relevant · 1mo

Security fixes

• SSRF vulnerability in webhook delivery prevented

Full changelog

What's Changed

• fix: (backport) password hash visibility improvement (#7814) by @xernobyl in https://github.com/formbricks/formbricks/pull/7833
• fix: fixes sentry ref issue (backport #7776) by @Dhruwang in https://github.com/formbricks/formbricks/pull/7872
• fix: prevent Airtable integration crash when token expires (backport #7811) by @Dhruwang in https://github.com/formbricks/formbricks/pull/7873
• fix: (backport) prevent SSRF via redirect following in webhook delivery (#7877) by @Dhruwang in https://github.com/formbricks/formbricks/pull/7892

Full Changelog: https://github.com/formbricks/formbricks/compare/4.9.3...4.9.4

View release on GitHub

4.9.3 Bug fix · 1mo

## What's Changed * fix: prevent split offline responses on restore (backport #7767)

Full changelog

What's Changed

• fix: prevent split offline responses on restore (backport #7767) by @Dhruwang in https://github.com/formbricks/formbricks/pull/7777

Full Changelog: https://github.com/formbricks/formbricks/compare/4.9.2...4.9.3

View release on GitHub

4.9.2 Bug fix · 1mo

Minor fixes and improvements.

View release on GitHub

4.9.1 Bug fix · 1mo

## What's Changed * fix: restore legacy SSO auto-linking hotfix

View release on GitHub

4.9.0 Security relevant · 1mo

Security fixes

• Cross-org IDOR vulnerability in server actions
• CSP violations in DOMPurify style attribute handling
• Session revocation on password reset

Notable features

• V3 surveys API
• Offline support for link surveys
• Single-use password reset links

View release on GitHub

4.8.7 Bug fix · 2mo

Notable features

• Improved language switch handling to preserve survey orientation and auto-saved language
• Stabilized multilingual button layout to prevent overflow
• Enabled Arabic text rendering in the multilingual toggle

View release on GitHub

4.8.6 Bug fix · 2mo

Fixed survey publishing state sync, auto-save conflicts, and language code case mismatches.

View release on GitHub

4.8.5 Bug fix · 2mo

Fixed multi-language survey rendering, prevented duplicate subscription race conditions, resolved Stripe webhook reconciliation issues.

View release on GitHub

4.8.4 Bug fix · 2mo

Fixed segment filtering logic and indirect segment activity tracking.

View release on GitHub

4.8.3 Bug fix · 2mo

Fixed inability to remove images from welcome cards.

View release on GitHub

4.8.2 Bug fix · 2mo

Fixed SDK initialization race conditions and loading page display issues.

View release on GitHub

4.8.1 Bug fix · 2mo

Security fixes

• CSP style attribute injection prevention

View release on GitHub

4.8.0 New feature · 2mo

Notable features

• Workflows navigation section
• PostHog analytics integration
• Impressions tracking

View release on GitHub

4.7.5 Bug fix · 3mo

Fixed Docker image build by copying database files to runner stage.

View release on GitHub

4.7.4 New feature · 3mo

Notable features

• Pod disruption budget for Helm
• Batched segment evaluation

View release on GitHub

4.7.3 Bug fix · 3mo

Notable features

• Boolean survey response type

View release on GitHub

4.7.2 Bug fix · 3mo

Fixed CTA required elements, data type handling, segment operations, and API response validation.

View release on GitHub

4.7.1 Bug fix · 3mo

Fixed database query execution issues.

View release on GitHub

4.7.0 New feature · 3mo

Security fixes

• qs DoS vulnerability
• next and lodash vulnerabilities
• preact JSON injection vulnerability

Notable features

• Language variants
• Response ID tracking
• Hungarian language support

View release on GitHub

4.6.1 Bug fix · 4mo

Optimized license checking to reduce Redis overhead and prevent memory crashes.

View release on GitHub

4.6.0 Security relevant · 4mo

⚠ Upgrade required

• next.js and preact have been upgraded; verify compatibility with any custom next.js configurations
• Webhook integrations can now optionally use a webhook secret for verification — consider enabling it for improved security

Security fixes

• Upgraded react-email packages to fix transitive next.js vulnerability
• Upgraded next.js and preact to fix high-severity vulnerabilities
• Hardened CSP and X-Frame-Options headers

Notable features

• Optional IP address capture functionality for surveys
• Custom HTML scripts in link surveys
• Auto-save for draft surveys with Cmd+S hotkey

View release on GitHub

4.5.0 New feature · 4mo

⚠ Upgrade required

• Projects have been renamed to workspaces. Review any internal tooling, documentation, or API references that reference 'projects' to ensure compatibility.
• isomorphic-dompurify replaced with sanitize-html in server components — verify sanitization behavior if you have custom content pipelines.
• V2 API OpenAPI paths updated to include full prefixes — check existing API integrations for path changes.

Breaking changes

• Projects renamed to workspaces — any documentation, bookmarks, integrations, or internal references using the term 'projects' will need to be updated.

Notable features

• UI to manage contact attribute keys and values
• Pretty URL UI components for survey sharing
• Custom favicon support

View release on GitHub