Commits

appsmithorg / appsmith UNCLAIMED

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.

39483 0 2 TypeScript

release

April 1, 2026

chore: cypress tags audit (#41683)

Manish Kumar committed 1d ago

907f1b8

chore: added JVM args for traces with JDK25 (#41682)

Manish Kumar committed 1d ago

78ec716

March 31, 2026

fix(security): block SSRF via send-test-email SMTP host validation (GHSA-vvxf-f8q9-86gh) (#41666)

subratadeypappu committed 2d ago

c4c9303

March 30, 2026

fix: critical CVE 2025-70952 fix (#41673)

Manish Kumar committed 3d ago

46280e3

fix(security): upgrade handlebars to 4.7.9 to fix CVE-2026-33937 (#41672)

subratadeypappu committed 3d ago

3a4ca21

fix(security): mitigate CVE-2026-22732 — Spring Security HTTP headers not written (#41669)

subratadeypappu committed 3d ago

344cc41

March 27, 2026

fix: Datasource query doesn't fail when created At field is missing (#41665)

Manish Kumar committed 6d ago

b47d782

fix: normalize user emails on save to strip invisible Unicode characters (#41664)

subratadeypappu committed 6d ago

3862563

March 26, 2026

chore: docker file cleanup for base JDK removal and install of JDK25 (#41662)

Manish Kumar committed 7d ago

069d580

March 25, 2026

ci: run config for jdk 25 (#41654)

Manish Kumar committed 7d ago

089d24f

build: upgrade appsmith to jdk 25 and spring boot 3.5.11 (#41644)

Manish Kumar committed 8d ago

e4b4068

March 24, 2026

chore: improve error git route aspect rules (#41650)

Manish Kumar committed 8d ago

97e2376

March 23, 2026

fix(security): enforce ACL permission check in OAuth2 callback datasource lookup (GHSA-rg2x-4v4h-g78w) (#41640)

subratadeypappu committed 9d ago

097a1e6

fix(interfaces): validate filter temp table name before DROP TABLE (#41642)

subratadeypappu committed 9d ago

c8023ba

fix(arangoDBPlugin): prevent AQL injection via unsafe string concatenation (#41641)

subratadeypappu committed 10d ago

b142de4

March 20, 2026

fix(ssrf): expand metadata denylist (GHSA-9m89-5jw7-q5cr) (#41643)

subratadeypappu committed 12d ago

e77639e

fix(server): harden admin env value escaping (#41637)

subratadeypappu committed 12d ago

67bc0af

chore: update codeowners (#41645)

Manish Kumar committed 13d ago

f562c9c

fix(security): sanitize URL in ManualUpgrades to prevent reflected XSS (#41636)

subratadeypappu committed 13d ago

caf8771

March 19, 2026

fix(server): enforce edit permission on application snapshot deletion (GHSA-g2hc-wmw2-32jr) (#41624)

subratadeypappu committed 14d ago

f46326c

March 18, 2026

chore: move apt packages from main Dockerfile into base image layer (#41630)

Wyatt Walter committed 14d ago

4d07d19

chore: add SSH key support for CE git connect flow (#41632)

Manish Kumar committed 15d ago

f6b3f51

March 17, 2026

chore: promoted release_static_url_enabled to license (#41626)

Manish Kumar committed 16d ago

8c76dc2

fix: Show Red Asterisk on Required Fields (#41609)

Stacey Levine committed 16d ago

2ea3f03

March 16, 2026

fix(security): prevent unauthenticated disclosure of instance metadata [APP-14994] (#41598)

subratadeypappu committed 17d ago

470aa9e

March 13, 2026

chore: use redis from upstream image (#41616)

Wyatt Walter committed 19d ago

d56a4c6

fix(server): prevent SQL injection in UQI filter service projection and sortBy columns (#41594)

subratadeypappu committed 20d ago

9e7c2bb

fix(Security): restrict draft action execution to editors (#41614)

subratadeypappu committed 20d ago

3d46f68

March 12, 2026

chore: optional base image to build appsmith image from (#41615)

Manish Kumar committed 20d ago

715fedf

chore: upgrade redis to 7.4 in base dockerfile (#41581)

Wyatt Walter committed 21d ago

3c3ce57