Never miss a release that matters
AI-powered summaries of every GitHub release.
AI Summaries
Changelogs condensed into clear, actionable insights.
Always Free
Track up to 5 packages at no cost, forever.
Weekly Digest
A curated summary of every release, delivered weekly.
TL;DR
Directus now limits sensitive GraphQL mutations to single use and removes deprecated hashing utilities, enhancing security. Several improvements were also made to the user interface, including fixes for back button behavior and image rendering.
Breaking
- GraphQL Mutations: Sensitive system mutations are now limited to single use. (Security enhancement)
- Hashing Utilities: The
/utils/hash/generateand/utils/hash/verifyendpoints have been removed. (Deprecated functionality) - File Uploads: Upload path validation is stricter, preventing writes to restricted directories. (Security enhancement)
New
- Project Owner Settings: A new
PROJECT_OWNER_ENABLEDenvironment variable allows disabling owner information collection. (Privacy control) - UI Improvements: Tooltips have been updated to use the Reka UI framework, and keyboard shortcut support has been added. (User experience)
Fixes Worth Knowing
- Back Button: The back button now functions as expected when navigating through relations and direct item links.
- Image Rendering: Fixed an issue where public page foreground images were not overlaying the background correctly.
- XSS Vulnerability: A stored cross-site scripting (XSS) vulnerability related to project colors has been resolved. (Security fix)
- Array Indexing: Resolved an issue where array indexing in display templates was not working as expected.
TL;DR
Directus v12 introduces more control over health checks (system monitoring) with new configuration options and security improvements, alongside several bug fixes and usability enhancements.
Breaking
- The
/server/healthendpoint now requires authentication and returns 404 for unauthenticated requests; use/server/pingfor basic liveness checks. (API endpoint) - Health check configuration has changed;
cache,rateLimiter, andrateLimiterGlobalchecks are replaced with a genericredischeck using theredis:prefix. (System monitoring)
New
- You can now disable the health check endpoint entirely or selectively disable specific checks via environment variables. (System monitoring)
- Local key-value (KV) and cache stores now support Time-To-Live (TTL) settings for automatic data expiration. (Data storage)
Fixes Worth Knowing
- The project setup process now correctly flags invalid license keys. (Licensing)
- Search input now trims whitespace, resolving issues with queries returning no results due to extra spaces. (User interface)
- Flow names are now translatable, allowing for multi-language Directus instances. (Workflows)
- Fixed a bug where the pie chart tooltip was displaying incorrect values when decimals were zero. (Data visualization)
TL;DR
Directus now offers improved asset caching via optional must-revalidate and ETag headers, enhancing performance for content delivery (HTTP caching).
Fixes Worth Knowing
Several UI issues have been resolved, including freezes when translating WYSIWYG content, problems with flow selection, and errors when saving copies of files. User tokens now display correctly with collaboration enabled, and filter reordering is more reliable. Fixes also address activity/revision tracking and prevent creating collections with invalid characters in the name.
Before You Upgrade
If you utilize asset caching, consider enabling the ASSETS_CACHE_REVALIDATE environment variable to take advantage of the new caching features.
TL;DR
Directus now sanitizes HTML in comments, improving security and preventing potential cross-site scripting (XSS) vulnerabilities.
Fixes Worth Knowing
- Comments are now protected against malicious HTML code.
Before You Upgrade
No action is needed to benefit from this security enhancement.
TL;DR
Directus now features a new, powerful policy-based permissions system (access control) that fundamentally changes how user access is managed.
Breaking
- MySQL/MariaDB: The database client library was updated from
mysqltomysql2. (Database connection) - Policies: A new permissions system requires updates to extensions and potentially custom code interacting with permissions. (Access control)
- Extension API: The
preRegisterCheckfunction signature in extensions has changed. (Extension development)
New
- GraphQL & SDK: New GraphQL queries and SDK functions have been added to manage the new policies. (Access control)
Fixes Worth Knowing
- Data Access: Resolved issues preventing users without roles from correctly utilizing policies. (Access control)
- Filtering: Fixed incorrect permission checks when creating filters. (Data security)
- Layout: Resolved an issue with table layouts including presentation fields. (User interface)
Before You Upgrade
- Review and update any custom extensions that rely on the previous permissions system or the
preRegisterCheckfunction. - Test thoroughly after upgrading, especially around user roles and data access.
TL;DR
Directus now supports Content Versioning (branching), allowing you to create and manage different versions of your content without affecting the live site.
New
- Content Versioning: Create branches to experiment with content changes safely, then publish when ready.
Fixes Worth Knowing
None.
Before You Upgrade
None.
TL;DR
Directus now supports automated email sending with customizable templates via the new Flow feature, streamlining communication workflows.
Breaking
- Extensions SDK: Paths have been adjusted, potentially requiring updates to custom extensions.
New
- Flow Mail Templates: Automate email sending with customizable templates.
- Tabular Sorting: Items can now be sorted within tabular interfaces for many-to-many and one-to-many relationships.
Fixes Worth Knowing
- Data Model Editing: Resolved an issue where the wrong drawer opened when editing fields.
- Interface Refresh: Fixed a bug preventing interfaces from refreshing after saving changes.
- Asset Conversion: Improved handling of automatic asset format conversion.
Before You Upgrade
- If you've developed custom extensions, review and update paths to align with the new SDK structure.
TL;DR
Directus gains first-class support for LDAP authentication and introduces a new, more intuitive field flow for content modeling.
Breaking
- Hooks: Registration method changed; update custom hooks to the new structure.
- Collections Module: Renamed to “Content”; re-enable the module if you had a custom override.
- Permissions: Moved from
SchemaOverviewtoAccountability; update code accordingly.
New
- LDAP Authentication: Add support for authenticating users via LDAP.
- Field Flow: New interface for creating and managing fields within collections.
Fixes Worth Knowing
- Fixed issues with file uploads, translations, and repeater fields in the interface.
- Resolved problems with OAuth and SSO configurations.
- Corrected issues with generated columns and date handling in specific databases.
Before You Upgrade
- Update any custom hooks to use the new registration structure.
- If you had a custom module override for “Collections”, re-enable the “Content” module.
TL;DR
Directus now reliably handles file uploads and record creation, resolving critical data entry issues.
Breaking
- Record creation with non-auto-incrementing primary keys (unique identifiers) now functions correctly.
Fixes Worth Knowing
- File uploads through the Directus interface are now working as expected.
- Cookie settings have been corrected for improved security (web browser data storage).
Before You Upgrade
No specific action is needed; this release contains bug fixes and improvements.
TL;DR
Directus v9 introduces a completely redesigned user interface (UI) built with Vue.js, offering a modern and extensible data platform experience.
Breaking
- Existing database setups may experience issues due to incomplete migrations. (Data transfer)
- Features like 2FA, SSO, and custom extensions are currently unavailable. (Core functionality)
New
- A new UI provides a faster, more intuitive experience. (User interface)
- The codebase is now built with Vue.js, enabling greater flexibility and community contributions. (JavaScript framework)
Before You Upgrade
- Do not use this release in a production environment. (Alpha release)
- Use the provided database dump for initial testing. (Database setup)
TL;DR
Directus now uses a more streamlined user roles system, improving performance and simplifying permissions management.
Breaking
- User roles are now one-to-many relationships (instead of many-to-many), potentially requiring adjustments to existing role assignments.
New
- Users can now manually override automatic dark mode preferences.
Fixes Worth Knowing
- Importing custom extensions now functions correctly.
- Timezone issues in the activity log have been resolved.
Before You Upgrade
Review and adjust user role assignments to ensure they function as expected with the new one-to-many relationship structure.
TL;DR
This release improves Directus stability with several bug fixes across the application and API.
Breaking
[None]
New
[None]
Fixes Worth Knowing
Various bugs have been resolved, improving overall application stability and reliability for typical daily use.
Before You Upgrade
[None]
TL;DR
Directus 7 is now available as a Release Candidate, introducing a completely redesigned user interface (admin panel) and API for managing your content.
Breaking
- The admin panel has been rewritten (new UI/UX).
- The API has been rewritten (new endpoints/structure).
New
- New Admin Panel: A modern, intuitive interface for content management.
- New API: A flexible REST API built with Vue.js and Node.js.
Fixes Worth Knowing
None. This is a release candidate, focused on new features.
Before You Upgrade
Review the new documentation (https://docs.directus.io) and prepare for significant changes to both the admin panel and API.
TL;DR
Directus now allows limiting the number of selections in multiselect dropdowns, improving data input control.
New
- Multiselect fields can now be limited to a maximum number of selectable items.
Fixes Worth Knowing
- File uploads via URL are now working correctly.
- Date fields now save empty values as expected.
- Sorting in table listings is fixed.
- JSON interface updates values on paste.
- Slider component now supports decimal values.
Before You Upgrade
No specific action is needed for this upgrade.
TL;DR
Directus now offers more interface options, including a WYSIWYG editor (rich text editor) and a rating interface, alongside improvements to existing interfaces and data handling.
Breaking
- Removed
allowed_listing_viewscolumn from tables (affects custom integrations). - Removed Salt Interface (deprecated feature).
- Removed Template Chooser Interface (deprecated feature).
- Removed Public group on API 1.0 (affects API access).
- Removed Old Directus Columns Interface (affects custom column definitions).
New
- WYSIWYG editor for text areas (improves content creation).
- Rating Interface (allows collecting user ratings).
- Interface grouping by category (improves organization).
Fixes Worth Knowing
- Fixed errors related to
utf8mb4character sets (improves data handling). - Fixed issues with bookmark functionality (improves usability).
- Resolved problems with loading Many-to-One (M2O) data (improves data display).
Before You Upgrade
- Review and update any custom integrations relying on the
allowed_listing_viewscolumn.