Releases: pocketbase/pocketbase
v0.18.3 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Exposed a global JSVM
readerToString(reader)
helper function to allow reading Goio.Reader
values (#3273).
This was added mainly because some payment providers may require the entire raw body in order to verify a webhook event. -
Bumped the GitHub action to use min Go 1.21.1 for the prebuilt executable since it contains some minor
html/template
andnet/http
security fixes.
v0.18.2 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Prevent breaking the record form in the Admin UI in case the browser's localStorage quota has been exceeded when uploading or storing large
editor
field values (#3265). -
Updated docs and missing JSVM typings.
-
Exposed additional crypto primitives under the
$security.*
JSVM namespace (#3273):// HMAC with SHA256 $security.hs256("hello", "secret") // HMAC with SHA512 $security.hs512("hello", "secret") // compare 2 strings with a constant time $security.equal(hash1, hash2)
v0.18.1 Release
To update the prebuilt executable you can run
./pocketbase update
.
- Excluded the local temp dir introduced with v0.17.3 from the backups (#3261).
v0.18.0 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Simplified the
serve
command to accept domain name(s) as argument to reduce any additional manual hosts setup that sometimes previously was needed when deploying on production (#3190)../pocketbase serve yourdomain.com
-
Added
fields
wildcard (*
) support. -
Added option to upload a backup file from the Admin UI (#2599).
-
Registered a custom Deflate compressor to speedup (nearly 2-3x) the backups generation for the sake of a small zip size increase.
Based on several local tests,pb_data
of ~500MB (from which ~350MB+ are several hundred small files) results in a ~280MB zip generated for ~11s (previously it resulted in ~250MB zip but for ~35s). -
Added the application name as part of the autogenerated backup name for easier identification (#3066).
-
Added new
SmtpConfig.LocalName
option to specify a custom domain name (or IP address) for the initial EHLO/HELO exchange (#3097).
This is usually required for verification purposes only by some SMTP providers, such as on-premise Gmail SMTP-relay. -
Added
NoDecimal
number
field option. -
editor
field improvements:- Added new "Strip urls domain" option to allow controlling the default TinyMCE urls behavior (default to
false
for new content). - Normalized pasted text while still preserving links, lists, tables, etc. formatting (#3257).
- Added new "Strip urls domain" option to allow controlling the default TinyMCE urls behavior (default to
-
Added option to auto generate admin and auth record passwords from the Admin UI.
-
Added JSON validation and syntax highlight for the
json
field in the Admin UI (#3191). -
Added datetime filter macros:
// all macros are UTC based @second - @now second number (0-59) @minute - @now minute number (0-59) @hour - @now hour number (0-23) @weekday - @now weekday number (0-6) @day - @now day number @month - @now month number @year - @now year number @todayStart - beginning of the current day as datetime string @todayEnd - end of the current day as datetime string @monthStart - beginning of the current month as datetime string @monthEnd - end of the current month as datetime string @yearStart - beginning of the current year as datetime string @yearEnd - end of the current year as datetime string
-
Added cron expression macros (#3132):
@yearly - "0 0 1 1 *" @annually - "0 0 1 1 *" @monthly - "0 0 1 * *" @weekly - "0 0 * * 0" @daily - "0 0 * * *" @midnight - "0 0 * * *" @hourly - "0 * * * *"
-
β οΈ Added offset argumentDao.FindRecordsByFilter(collection, filter, sort, limit, offset, [params...])
.
If you don't need an offset, you can set it to0
. -
To minimize the footguns with
Dao.FindFirstRecordByFilter()
andDao.FindRecordsByFilter()
, the functions now supports an optional placeholder params argument that is safe to be populated with untrusted user input.
The placeholders are in the same format as when binding regular SQL parameters.// unsanitized and untrusted filter variables status := "..." author := "..." app.Dao().FindFirstRecordByFilter("articles", "status={:status} && author={:author}", dbx.Params{ "status": status, "author": author, }) app.Dao().FindRecordsByFilter("articles", "status={:status} && author={:author}", "-created", 10, 0, dbx.Params{ "status": status, "author": author, })
-
Added JSVM
$mails.*
binds for the corresponding Go mails package functions. -
Added JSVM helper crypto primitives under the
$security.*
namespace:$security.md5(text) $security.sha256(text) $security.sha512(text)
-
β οΈ Fill theLastVerificationSentAt
andLastResetSentAt
fields only after a successfull email send (#3121). -
β οΈ Skip APIfields
json transformations for non 20x responses (#3176). -
β οΈ Changes totests.ApiScenario
struct:-
The
ApiScenario.AfterTestFunc
now receive as 3rd argument*http.Response
pointer instead of*echo.Echo
as the latter is not really useful in this context.// old AfterTestFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) // new AfterTestFunc: func(t *testing.T, app *tests.TestApp, res *http.Response)
-
The
ApiScenario.TestAppFactory
now accept the test instance as argument and no longer expect an error as return result (#3025).// old TestAppFactory: func() (*tests.TestApp, error) // new TestAppFactory: func(t *testing.T) *tests.TestApp
Returning a
nil
app instance from the factory results in test failure. You can enforce a custom test failure by callingt.Fatal(err)
inside the factory.
-
-
Bumped the min required TLS version to 1.2 in order to improve the cert reputation score.
-
Reduced the default JSVM prewarmed pool size to 25 to reduce the initial memory consumptions (you can manually adjust the pool size with
--hooksPool=50
if you need to, but the default should suffice for most cases). -
Update
gocloud.dev
dependency to v0.34 and explicitly set the newNoTempDir
fileblob option to prevent the cross-device link error introduced with v0.33. -
Other minor Admin UI and docs improvements.
v0.17.7 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Fixed the autogenerated
down
migrations to properly revert the old collection rules in case a change was made inup
(#3192; thanks @impact-merlinmarek).
Existingdown
migrations can't be fixed but that should be ok as usually thedown
migrations are rarely used against prod environments since they can cause data loss and, while not ideal, the previous old behavior of always setting the rules tonull/nil
is safer than not updating the rules at all. -
Updated some Go deps.
v0.17.6 Release
To update the prebuilt executable you can run
./pocketbase update
.
- Fixed JSVM
require()
file path error when using Windows-style path delimiters (#3163).
v0.17.5 Release
To update the prebuilt executable you can run
./pocketbase update
.
- Small fix to add quotes around the wrapped view query columns introduced in v0.17.4.
v0.17.4 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Fixed Views record retrieval when numeric id is used (#3110).
With this fix we also now properly recognizeCAST(... as TEXT)
andCAST(... as BOOLEAN)
astext
andbool
fields. -
Fixed
relation
"Cascade delete" tooltip message (#3098). -
Fixed jsvm error message prefix on failed migrations (#3103; thanks @nzhenev).
-
Disabled the initial Admin UI admins counter cache when there are no initial admins to allow detecting externally created accounts (eg. with the
admin
command) (#3106). -
Downgraded
google/go-cloud
dependency to v0.32.0 until v0.34.0 is released to prevent theos.TempDir
cross-device link
error since too many users complained about it.
v0.17.3 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Fixed Docker
cross-device link
error when creatingpb_data
backups on a local mounted volume (#3089).
It could still fail if the OS temp directory is on a different mount. As a workaround for this case you can try to explicitly setTMPDIR
env variable. With the next release ofgoogle/go-cloud
dependency we'll explicitly set the temp files to be created in the same dir as the uploaded/renamed files. -
Fixed the error messages for relation to views (#3090).
-
Always reserve space for the scrollbar to reduce the layout shifts in the Admin UI records listing due to the deprecated
overflow:overlay
. -
Enabled lazy loading for the Admin UI thumb images.
v0.17.2 Release
To update the prebuilt executable you can run
./pocketbase update
.
-
Soft-deprecated
$http.send({ data: object, ... })
in favour of$http.send({ body: rawString, ... })
to allow sending non-JSON body with the request (#3058).
The existingdata
prop will still work, but it is recommended to usebody
instead (to send JSON you can useJSON.stringify(...)
as body value). -
Added
core.RealtimeConnectEvent.IdleTimeout
field to allow specifying a different realtime idle timeout duration per client basis (#3054). -
Fixed
apis.RequestData
deprecation log note (#3068; thanks @gungjodi).