Skip to content

Release history

Nhost releases

The Open Source Firebase Alternative with GraphQL.

Back to tool Latest release

All releases

79 shown

Upgrade now
@nhost/[email protected] Breaking risk
Dependencies

CVE fixes + GraphQL headers + nixops changes

Open
Review required
[email protected] Mixed
Auth

File detail errors + S3 pagination + ConfigServer hardening

Open
Upgrade now
@nhost/[email protected] Breaking risk
Auth Dependencies

session.Session → StoredSession

Open
@nhost/[email protected] Breaking risk
Breaking changes
  • Renamed `session.Session` to `StoredSession` in @nhost/js
Notable features
  • Added copy button to JSON editor in the dashboard
Full changelog

[@nhost/[email protected]] - 2026-05-05

🚀 Features

  • (dashboard) Add copy button to Json editor (#4229)

🐛 Bug Fixes

  • (nhost-js) Rename session.Session to StoredSession to disambiguate from auth.Session (#4194)
  • (dashboard) Add v2 icon migration inventory documentation (#4208)
  • (dashboard) Remove graphite dev assistant from topbar (#4222)
View release on GitHub
[email protected] Bug fix

Revoke all sessions and only invalidate regular refresh tokens when a password changes.

Full changelog

[[email protected]] - 2026-04-30

🐛 Bug Fixes

  • (auth) Revoke all sessions on password change (#4192)
  • (auth) Only invalidate regular refresh tokens (#4226)
View release on GitHub
[email protected] New feature
Security fixes
  • dep: Bump uuid, Astro and xmldom due to CVEs
Notable features
  • Allow filtering function logs by regex
  • Serverless functions view in dashboard
  • Reuse esbuild context to lower memory usage
Full changelog

[[email protected]] - 2026-04-30

🚀 Features

  • (cli) Allow filtering function logs by regex (#4193)
  • (dashboard) Serverless functions view (#4141)
  • (functions) Reuse esbuild context to lower memory usage (#4211)

🐛 Bug Fixes

  • (deps) Bump up uuid, Astro and xmldom due to CVEs (#4187)

⚙️ Miscellaneous Tasks

  • (functions) Bump references to 2.1.0 (#4218)
View release on GitHub
[email protected] New feature
Notable features
  • Reuse esbuild context to lower memory usage
Full changelog

[[email protected]] - 2026-04-30

🚀 Features

  • (functions) Reuse esbuild context to lower memory usage (#4211)

⚙️ Miscellaneous Tasks

  • (ci) Move bumping of versions to dedicated PRs (#4217)
View release on GitHub
@nhost/[email protected] Security relevant
Security fixes
  • CVE fixes for UUID, Astro, xmldom
  • PostCSS XSS vulnerability (GHSA-qx2v-qp2m-jg93)
Notable features
  • Serverless functions view
  • Display constraints, triggers and indexes in database view
  • Add JSON editor to custom check
Full changelog

[@nhost/[email protected]] - 2026-04-29

🚀 Features

  • (dashboard) Display constraints, triggers and indexes in database view (#3875)
  • (dashboard) Switch role and action via dropdowns in permissions editor (#4196)
  • (dashboard) Add JSON editor to custom check (#4166)
  • (dashboard) Serverless functions view (#4141)

🐛 Bug Fixes

  • (dashboard) Handle non-trackable postgres functions in database page (#4176)
  • (deps) Bump up uuid, Astro and xmldom due to CVEs (#4187)
  • (dashboard) Revalidate remote schema introspection after reload (#4178)
  • (dashboard) Stick permissions button to bottom of storage sidebar (#4188)
  • (dashboard) Include schema prefix in GraphQL root field placeholders (#4179)
  • (deps) Fix postcss XSS advisory (GHSA-qx2v-qp2m-jg93) (#4197)
  • (dashboard) Remove unused maintenance mode (#4180)
View release on GitHub
[email protected] New feature

Adds v2 support for logs and update functions.

Full changelog

[[email protected]] - 2026-04-20

🚀 Features

  • (auth) Allow disabling auto-signup (#4168)
  • (cli) Add support for logs and update functions to new v2 (#4159)

⚙️ Miscellaneous Tasks

  • (ci) Bump version references as part of the changelog (#4169)
View release on GitHub
@nhost/[email protected] New feature

Storage management improvements: bucket deletion, filtering, and permission handling.

Full changelog

[@nhost/[email protected]] - 2026-04-20

🚀 Features

  • (dashboard) Delete buckets (#3987)
  • (dashboard) Add filters to storage page (#4125)
  • (dashboard) Storage maintenance (#4126)
  • (dashboard) Add permission handling to storage (#4049)
  • (auth) Allow disabling auto-signup (#4168)

🐛 Bug Fixes

  • (dashboard) Combine View and Materialized View database sidebar filters, and improve filter bar UX (#4152)
  • (dashboard) Show the correct preview (#4157)

⚙️ Miscellaneous Tasks

  • (ci) Bump version references as part of the changelog (#4169)
View release on GitHub
@nhost/[email protected] Security relevant
Security fixes
  • Lodash vulnerability
  • Vite CVE
  • Dependency CVEs
Notable features
  • Allow disabling auto-signup
Full changelog

[@nhost/[email protected]] - 2026-04-20

🚀 Features

  • (auth) Allow disabling auto-signup (#4168)

🐛 Bug Fixes

  • (deps) Update lodash due to vulnerability (#4108)
  • (deps) Update vite due to CVE (#4122)
  • (docs) Downgrade to vite7 due to incompatibilities (#4134)
  • (nhost-js) Deduplicate fragment definitions in GraphQL client (#4113)

⚙️ Miscellaneous Tasks

  • (ci) Added a small wrapper around govulncheck to allow filtering some CVEs (#4112)

Chore

  • (deps) Update deps due to cve (#4091)
View release on GitHub
[email protected] Security relevant

Upgrades Go to address CVEs.

Full changelog

[[email protected]] - 2026-04-17

🚀 Features

  • (storage) Do not require SELECT permissions to upload (#4151)

🐛 Bug Fixes

  • (storage) Forward session headers on /ops/list-broken-metadata (#4131)
  • (storage) Pass session headers to DeleteFileByID (#4144)

⚙️ Miscellaneous Tasks

  • (nixops) Bump go due to cves (#4124)
View release on GitHub
[email protected] Security relevant

Security fixes for OAuth2 email verification and Go dependency CVEs.

Full changelog

[[email protected]] - 2026-04-17

🐛 Bug Fixes

  • (auth) Limit returned rows to the most recent in case users have multiple linked accounts (#4118)
  • (auth) Strict use of email verified with oauth2 providers (#4162)

⚙️ Miscellaneous Tasks

  • (nixops) Bump go due to cves (#4124)
View release on GitHub
[email protected] New feature
Notable features
  • GitHub Actions support for CLI deployments
Full changelog

[[email protected]] - 2026-04-14

🚀 Features

  • (cli) Allow deploying using the cli/github actions (#4139)

⚙️ Miscellaneous Tasks

  • (ci) Added a small wrapper around govulncheck to allow filtering some CVEs (#4112)
  • (nixops) Bump go due to cves (#4124)
  • (cli) Bump nhost/dashboard to 2.59.0 (#4135)
View release on GitHub
@nhost/[email protected] Mixed
Notable features
  • Display buckets in storage
  • Add and edit storage buckets
Full changelog

[@nhost/[email protected]] - 2026-04-14

🚀 Features

  • (dashboard) Display buckets in storage (#3985)
  • (dashboard) Add/edit buckets (#3986)

🐛 Bug Fixes

  • (dashboard) Conditionally fill in address in onboarding test (#4147)
View release on GitHub
@nhost/[email protected] Security relevant
⚠ Upgrade required
  • Update to 2.58.0 to receive CVE patches in next.js and sveltekit dependencies
Security fixes
  • dep: next.js and sveltekit dependencies updated to address reported CVEs
Notable features
  • Function permissions settings for controlling serverless function access
  • CLI and GitHub Actions deployment support
  • Database sidebar search and filtering by object type
Full changelog

[@nhost/[email protected]] - 2026-04-13

🚀 Features

  • (dashboard) Add function permissions settings (#3995)
  • (dashboard) Track volatile functions as GraphQL mutation (#4115)
  • (cli) Allow deploying using the cli/github actions (#4139)
  • (dashboard) Improve database sidebar with search and filters by object type (#4127)

🐛 Bug Fixes

  • (dashboard) Prevent remote schema type collisions in e2e tests (#4132)
  • (dashboard) Allow updating arrays in database (#4109)
  • (dashboard) Remove tsconfig-paths-webpack-plugin and vite-tsconfig-paths (#4128)
  • (dashboard) Fix redeploy button and commit SHA visibility in deployments list (#4145)

Chore

  • (deps) Bump next.js and sveltekit due to CVEs (#4143)
View release on GitHub
@nhost/[email protected] Security relevant
⚠ Upgrade required
  • vite was downgraded to vite 7 due to incompatibilities introduced by the CVE patch (#4134); verify vite version expectations in your build toolchain.
Security fixes
  • lodash vulnerability update (#4108)
  • vite CVE update (#4122)
Notable features
  • Display functions in data browser
  • New deployments UI
View release on GitHub
[email protected] Security relevant
Breaking changes
  • removed possibility to bind MCP server to a port
Security fixes
  • removed insecure MCP server port binding
Notable features
  • service volume overrides for local dev
View release on GitHub
@nhost/[email protected] Breaking risk
Breaking changes
  • Remove eslint
Security fixes
  • CVE fixes in ajv and tar dependencies
Notable features
  • OAuth2 provider configuration form and client management
  • Metadata page
Full changelog

[@nhost/[email protected]] - 2026-02-19

🚀 Features

  • (dashboard) Add metadata page (#3899)
  • (dashboard) Added oauth2 provider configuration form and oauth2 client management (customers) (#3930)

🐛 Bug Fixes

  • (deps) Bump Orval version and remove outdated pnpm overrides (#3920)
  • (deps) Bump ajv and tar due to cves (#3925)
  • (docs) Bump minimatch version (#3929)
  • (dashboard) Remove eslint (#3927)
View release on GitHub
@nhost/[email protected] New feature
Notable features
  • JSONB specific operators in OperationComboBox
  • One-off scheduled events support
Full changelog

[@nhost/[email protected]] - 2026-02-17

🚀 Features

  • (dashboard) Add jsonb specific operators to OperationComboBox (#3904)
  • (dashboard) Add one-off scheduled events (#3889)

🐛 Bug Fixes

  • (deps) Bump up markdown-it to address vulnerability (#3914)
  • (dashboard) Allow transferring free and paused project to Starter orgs (#3918)
View release on GitHub
@nhost/[email protected] New feature
Notable features
  • Edit table relationships support
Full changelog

[@nhost/[email protected]] - 2026-02-16

🚀 Features

  • (dashboard) Edit table relationships (#3720)
  • (ci) Remove mintlify (#3887)

🐛 Bug Fixes

  • (deps) Update brace-expansion due to cve (#3886)
  • (dashboard) Run type check before tests (#3894)
View release on GitHub
@nhost/[email protected] Security relevant
Security fixes
  • brace-expansion CVE fix
Full changelog

[@nhost/[email protected]] - 2026-02-06

🚀 Features

  • (ci) Remove mintlify (#3887)

🐛 Bug Fixes

  • (nixops) Update nodejs to v24 (#3862)
  • (deps) Update brace-expansion due to cve (#3886)
  • (nhost-js) Decode base64url-encoded strings correctly in jwt tokens (#3892)
View release on GitHub
@nhost/[email protected] New feature
Notable features
  • Disconnect GitHub auth provider from Nhost account
Full changelog

[@nhost/[email protected]] - 2026-02-04

🚀 Features

  • (dashboard) Disconnect GitHub's auth provider from Nhost account (#3847)
  • (docs) Release starlight (#3877)

🐛 Bug Fixes

  • (nixops) Update nodejs to v24 (#3862)

⚙️ Miscellaneous Tasks

  • (dashboard) Add CLAUDE.md (#3880)
  • (dashboard) Test links (#3881)
View release on GitHub
[email protected] New feature
Notable features
  • MCP tool to list documentation
Full changelog

[[email protected]] - 2026-02-02

🚀 Features

  • (cli) Added mcp tool to list documentation (#3863)

🐛 Bug Fixes

  • (cli) Use astro docs as source (#3859)
  • (cli) Bump schema (#3872)

⚙️ Miscellaneous Tasks

  • (cli) Bump nhost/dashboard to 2.46.3 (#3800)
View release on GitHub
@nhost/[email protected] Security relevant
Security fixes
  • orval CVE fix
  • nextjs vulnerability fix
  • tar CVE fix
Full changelog

[@nhost/[email protected]] - 2026-02-02

🐛 Bug Fixes

  • (dashboard) Update orval to 8.0.3 (#3839)
  • (dashboard) Show paused banner in events and file stores pages (#3844)
  • (dashboard) Update nextjs to 16 (#3841)
  • (deps) Update nextjs due to vulnerability (#3854)
  • (dashboard) Update orval due to cve (#3869)
  • (dashboard) Disable delete personal account button if confirm checkbox isn't pressed (#3864)
  • (dashboard) Do not submit new record form after clicking on cancel (#3853)

Chore

  • (deps) Update tar due to cve (#3867)
View release on GitHub
@nhost/[email protected] Mixed
Security fixes
  • Added pnpm overrides to address CVEs
  • Updated Next.js due to vulnerability
  • Updated tar due to CVE
Notable features
  • Auth locale support expanded to 3 characters
View release on GitHub
[email protected] New feature
Notable features
  • Improved image processing and resource management
Full changelog

[[email protected]] - 2026-02-02

🚀 Features

  • (nixops) Update nixpkgs (#3808)

🐛 Bug Fixes

  • (cli) Bump schema (#3763)
  • (internal/lib) Avoid reading multipart-form body (#3861)
  • (storage) Improve image processing and resource management (#3835)
View release on GitHub
[email protected] New feature
Notable features
  • Embedded documentation in binary
  • MCP tools for documentation search and retrieval
Full changelog

[[email protected]] - 2026-01-28

🚀 Features

  • (docs) Document functions logging (#3793)
  • (nixops) Update nixpkgs (#3808)
  • (cli) Embed documentation in the binary and add subcommands and MCP tools to search/retrieve (#3836)

⚙️ Miscellaneous Tasks

  • (cli) Update certs (#3791)
  • (cli) Update dev/local certs (#3843)
View release on GitHub
@nhost/[email protected] Security relevant
Security fixes
  • CVEs addressed via pnpm overrides
Full changelog

[@nhost/[email protected]] - 2026-01-22

🐛 Bug Fixes

  • (dashboard) Update orval to version 8 (#3827)
  • (ci) Check that orval codegen files are up to date (#3829)
  • (deps) Added pnpm overrides due to cves (#3831)
  • (dashboard) Use optional chaining for concealErrors setting (#3830)
View release on GitHub
@nhost/[email protected] Mixed
Notable features
  • Cron triggers support
Full changelog

[@nhost/[email protected]] - 2026-01-13

🚀 Features

  • Cron triggers (#3705)

🐛 Bug Fixes

  • (dashboard) Fix tracking multiple foreign keys (#3748)
  • (dashboard) Make e2e tests more robust (#3768)
  • (dashboard) Remove custom domains from settings (#3782)

⚙️ Miscellaneous Tasks

  • (ci) Update npm/pnpm and remove deployment token (#3767)

Chore

  • (deps) Update tar and qs packages (#3786)
  • (deps) Update react-router (#3790)
View release on GitHub

Beta — feedback welcome: [email protected]