Hoppscotch Community Edition

This release introduces collection-level pre-request and test scripts, desktop settings with manual update controls, refinements to the API documentation experience, and self-hosted improvements, including SMTP OAuth2 authentication, alongside security patches and bug fixes.

Read more at: https://hoppscotch.com/blog/hoppscotch-v2026-4-0.

What's Changed

• refactor(cli): match test-result helper name to documented contract by @Basavaraj8143 in https://github.com/hoppscotch/hoppscotch/pull/6122
• feat(backend): use stateless OAuth2 state store by @mirarifhasan in https://github.com/hoppscotch/hoppscotch/pull/6098
• fix(common): handle non-string values in Postman collection import by @okxint in https://github.com/hoppscotch/hoppscotch/pull/6137
• fix(common): correct environment locale wording by @PallavSarkar2005 in https://github.com/hoppscotch/hoppscotch/pull/6117
• fix(data): make $randomUUID predefined variable RFC 4122 compliant by @Grizouforever in https://github.com/hoppscotch/hoppscotch/pull/6125
• chore(common): complete missing Spanish translations by @Pakvothe in https://github.com/hoppscotch/hoppscotch/pull/6109
• chore(common): complete missing Turkish translations by @onwp in https://github.com/hoppscotch/hoppscotch/pull/6071
• chore(common): modify Chinese translation of words by @jiangzm in https://github.com/hoppscotch/hoppscotch/pull/5996
• fix(common): add missing aria-labels to icon-only sidenav links by @rayrishu19-wq in https://github.com/hoppscotch/hoppscotch/pull/6160
• fix(common): variable hover tooltip was not clickable (disappeared) by @AaronFortG in https://github.com/hoppscotch/hoppscotch/pull/6155
• feat: add SMTP OAuth2 authentication support by @mirarifhasan in https://github.com/hoppscotch/hoppscotch/pull/6141
• fix: resolve invalid environment validation when publishing docs in personal workspace by @sahilkhan09k in https://github.com/hoppscotch/hoppscotch/pull/5962
• feat(common): improve API documentation publishing UX by @nivedin in https://github.com/hoppscotch/hoppscotch/pull/6116
• fix: remediate quinn-proto vulnerability across native packages by @CuriousCorrelation in https://github.com/hoppscotch/hoppscotch/pull/6174
• docs: security threat model and policy update by @CuriousCorrelation in https://github.com/hoppscotch/hoppscotch/pull/6158
• fix(common): apply platform default proxy URL on load and reset by @nivedin in https://github.com/hoppscotch/hoppscotch/pull/6142
• feat: add collection-level pre-request and test scripts by @johnan319 in https://github.com/hoppscotch/hoppscotch/pull/5745
• fix(common): support id_token in Authorization Code OAuth flow by @anwarulislam in https://github.com/hoppscotch/hoppscotch/pull/6144
• feat(desktop): settings phase 0 - infra and update check by @CuriousCorrelation in https://github.com/hoppscotch/hoppscotch/pull/6172
• feat(selfhost-web): make webapp-server timeouts configurable by @rkferreira in https://github.com/hoppscotch/hoppscotch/pull/6147
• fix(common): restore magic-link sign-in flow on cloud for orgs by @jamesgeorge007 in https://github.com/hoppscotch/hoppscotch/pull/6237
• fix(desktop): unified store scope and migration reroute by @CuriousCorrelation in https://github.com/hoppscotch/hoppscotch/pull/6238
• chore: security patch for the dependency chain v2026.4.0 by @mirarifhasan in https://github.com/hoppscotch/hoppscotch/pull/6191
• fix(backend): harden onboarding config endpoint by @mirarifhasan in https://github.com/hoppscotch/hoppscotch/pull/6240
• fix(common): set domain url as mockserver environment by @nivedin in https://github.com/hoppscotch/hoppscotch/pull/6185
• fix(common): subfolder add-new in team collections respects write access by @nivedin in https://github.com/hoppscotch/hoppscotch/pull/6243
• fix(common): preserve string contract for GQL history responses by @jamesgeorge007 in https://github.com/hoppscotch/hoppscotch/pull/6244

New Contributors

• @Basavaraj8143 made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/6122
• @okxint made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/6137
• @PallavSarkar2005 made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/6117
• @Grizouforever made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/6125
• @Pakvothe made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/6109
• @onwp made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/6071
• @rayrishu19-wq made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/6160
• @sahilkhan09k made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/5962
• @johnan319 made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/5745
• @rkferreira made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/6147

Full Changelog: https://github.com/hoppscotch/hoppscotch/compare/2026.3.1...2026.4.0

This patch release, exclusive to the Enterprise offering, resolves an issue that prevented changes to settings from being saved in the admin dashboard.

What's Changed

• fix(sh-admin): unblock settings save when input validation passes by @nivedin

Full Changelog: https://github.com/hoppscotch/hoppscotch/compare/2026.3.0...2026.3.1

This release brings Cloud for Organizations to the desktop app, adds admin workspace visibility, keyboard shortcut support for non-English layouts, and optional SMTP authentication, alongside security patches and bug fixes.

Read more at: https://hoppscotch.com/blog/hoppscotch-v2026-3-0.

What's Changed

• fix(common): persist OAuth2 code challenge method selection by @umutkeltek in https://github.com/hoppscotch/hoppscotch/pull/5921
• chore(common): update Chinese translations by @jiangzm in https://github.com/hoppscotch/hoppscotch/pull/5979
• fix(common): prevent stored XSS in team member overflow tooltip by @jamesgeorge007 in https://github.com/hoppscotch/hoppscotch/pull/5984
• fix(common): fetch full team collection tree on workspace import by @chhaviG22 in https://github.com/hoppscotch/hoppscotch/pull/5792
• fix: restore tooltips on icon-only buttons inside popover triggers by @nikhilmahato21 in https://github.com/hoppscotch/hoppscotch/pull/5935
• fix(common): prevent infinite auth refresh retry loop on permanent token failure by @danielalanbates in https://github.com/hoppscotch/hoppscotch/pull/5893
• fix(desktop): add native Edit menu to enable clipboard shortcuts on Linux by @umutkeltek in https://github.com/hoppscotch/hoppscotch/pull/5920
• fix(common): prevent open redirect in enter page by @jamesgeorge007 in https://github.com/hoppscotch/hoppscotch/pull/5982
• chore: security patch for the dependency chain v2026.3.0 by @mirarifhasan in https://github.com/hoppscotch/hoppscotch/pull/6013
• fix(backend): prevent stored XSS via mock server responses and cross-team request moves by @mirarifhasan in https://github.com/hoppscotch/hoppscotch/pull/6006
• feat: add MAILER_SMTP_IGNORE_TLS and optional SMTP auth by @mirarifhasan in https://github.com/hoppscotch/hoppscotch/pull/5972
• feat: show user workspace memberships in admin dashboard by @mirarifhasan in https://github.com/hoppscotch/hoppscotch/pull/5968
• refactor(common): route mock server and published docs operations through platform backend by @nivedin in https://github.com/hoppscotch/hoppscotch/pull/6036
• feat(desktop): cloud for orgs support - phase 3 by @CuriousCorrelation in https://github.com/hoppscotch/hoppscotch/pull/6043
• fix: keyboard shortcuts on non-English layouts by @CuriousCorrelation in https://github.com/hoppscotch/hoppscotch/pull/6009
• fix(common): use operation title as fallback in OpenAPI import by @hypergadam in https://github.com/hoppscotch/hoppscotch/pull/5950
• fix(common): handle File objects in HAR postData text resolution by @sh3xu in https://github.com/hoppscotch/hoppscotch/pull/5917
• fix(desktop): add missing backport changes by @CuriousCorrelation in https://github.com/hoppscotch/hoppscotch/pull/6047
• fix: validate device-login redirect_uri to prevent token theft via DNS wildcard bypass by @nahidhasan94 in https://github.com/hoppscotch/hoppscotch/pull/6012
• feat(common): fall back to ref_id in remove functions when id is missing by @anwarulislam in https://github.com/hoppscotch/hoppscotch/pull/5898
• chore: patch dependency vulnerabilities and harden production image by @mirarifhasan in https://github.com/hoppscotch/hoppscotch/pull/6055
• fix: use team.findMany for fetching user teams by @mirarifhasan in https://github.com/hoppscotch/hoppscotch/pull/6057
• fix(common): resolve history schema mismatch on page reload by @nivedin in https://github.com/hoppscotch/hoppscotch/pull/6068
• chore: align Tauri plugin-shell versions by @CuriousCorrelation in https://github.com/hoppscotch/hoppscotch/pull/6069
• fix(common): newly created folder not shown in save-as dialog by @majiayu000 in https://github.com/hoppscotch/hoppscotch/pull/6059

New Contributors

• @umutkeltek made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/5921
• @nikhilmahato21 made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/5935
• @danielalanbates made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/5893
• @hypergadam made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/5950
• @nahidhasan94 made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/6012
• @majiayu000 made their first contribution in https://github.com/hoppscotch/hoppscotch/pull/6059

Full Changelog: https://github.com/hoppscotch/hoppscotch/compare/2026.2.1...2026.3.0