Releases: pocketbase/pocketbase
v0.22.12 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Fixed calendar picker grid layout misalignment on Firefox (#4865).
-
Updated Go deps and bumped the min Go version in the GitHub release action to Go 1.22.3 since it comes with some minor security fixes.
v0.22.11 Release
To update the prebuilt executable you can run
./pocketbase update
.
- Load the full record in the relation picker edit panel (#4857).
v0.22.10 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Updated the uploaded filename normalization to take double extensions in consideration (#4824)
-
Added Collection models cache to help speed up the common List and View requests execution with ~25%.
This was extracted from the ongoing work on #4355 and there are many other small optimizations already implemented but they will have to wait for the refactoring to be finalized.
v0.22.9 Release
To update the prebuilt executable you can run
./pocketbase update
.
- Fixed Admin UI OAuth2 "Clear all fields" btn action to properly unset all form fields (#4737).
v0.22.8 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Fixed '~' auto wildcard wrapping when the param has escaped
%
character (#4704). -
Other minor UI improvements (added
aria-expanded=true/false
to the dropdown triggers, added contrasting border around the default mail template btn style, etc.). -
Updated Go deps and bumped the min Go version in the GitHub release action to Go 1.22.2 since it comes with some
net/http
security and bug fixes.
v0.22.7 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Replaced the default
s3blob
driver with a trimmed vendored version to reduce the binary size with ~10MB.
It can be further reduced with another ~10MB once we replace entirely theaws-sdk-go-v2
dependency but I stumbled on some edge cases related to the headers signing and for now is on hold. -
Other minor improvements (updated GitLab OAuth2 provider logo #4650, normalized error messages, updated npm dependencies, etc.).
v0.22.6 Release
To update the prebuilt executable you can run
./pocketbase update
.
- Admin UI accessibility improvements:
- Fixed the dropdowns tab/enter/space keyboard navigation (#4607).
- Added
role
,aria-label
,aria-hidden
attributes to some of the elements in attempt to better assist screen readers.
v0.22.5 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Minor test helpers fixes (#4600):
- Call the
OnTerminate
hook onTestApp.Cleanup()
. - Automatically run the DB migrations on initializing the test app with
tests.NewTestApp()
.
- Call the
-
Added more elaborate warning message when restoring a backup explaining how the operation works.
-
Skip irregular files (symbolic links, sockets, etc.) when restoring a backup zip from the Admin UI or calling
archive.Extract(src, dst)
because they come with too many edge cases and ambiguities.This was initially reported as security issue (thanks Harvey Spec) but in the PocketBase context it is not something that can be exploited without an admin intervention and since the general expectations are that the PocketBase admins can do anything and they are the one who manage their server, this should be treated with the same diligence when using
scp
/rsync
/rclone
/etc. with untrusted file sources.It is not possible (or at least I'm not aware how to do that easily) to perform virus/malicious content scanning on the uploaded backup archive files and some caution is always required when using the Admin UI or running shell commands, hence the backup-restore warning text.
Or in other words, if someone sends you a file and tells you to upload it to your server (either as backup zip or manually via scp) obviously you shouldn't do that unless you really trust them.
PocketBase is like any other regular application that you run on your server and there is no builtin "sandbox" for what the PocketBase process can execute. This is left to the developers to restrict on application or OS level depending on their needs. If you are self-hosting PocketBase you usually don't have to do that, but if you are offering PocketBase as a service and allow strangers to run their own PocketBase instances on your server then you'll need to implement the isolation mechanisms on your own.
v0.22.4 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Removed conflicting styles causing the detailed codeblock log data preview to not visualize properly (#4505).
-
Minor JSVM improvements:
- Added
$filesystem.fileFromUrl(url, optSecTimeout)
helper. - Implemented the
FormData
interface and added support for sendingmultipart/form-data
requests with$http.send()
(#4544).
- Added
v0.22.3 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Fixed the z-index of the current admin dropdown on Safari (#4492).
-
Fixed
OnAfterApiError
debug lognil
error reference (#4498). -
Added the field name as part of the
@request.data.someRelField.*
join to handle the case when a collection has 2 or more relation fields pointing to the same place (#4500). -
Updated Go deps and bumped the min Go version in the GitHub release action to Go 1.22.1 since it comes with some security fixes.