Release v6.11.0 (2024-06-05)

Published 2024-06-05 12:09:26Z



  • When using limited masks, nested values are protected from data loss. If a limited mask for record of an object type with nested fields A and B would only allow write access to field A, data in field B would be lost upon save. The merging of data in other fields than allowed by a mask happened on top level only (that behavior is consistent with how it was in easydb 5). See below for more details on this API change.

  • Group members are not automatically seeing others members of the same group. If your setup relied on that default, you need to grant that right manually by adding the appropriate READ permission to the ACL of the group (see below).

  • This update brings a database update which updates all nested records in the table value in the database. This can, depending on the size and performance of your installation, take a few minutes.

  • POST /api/event/list?skipConstraints=0|1: New API to bulk import events. With skipConstraints=1 (system.root only) all event types can be imported. Used for fylr restore.


  • /api/config: Added iiif_links and iiif_default_links as option for the frontend to use HTML templates for the share dialog.

  • POST /api/user?skipConstraints=0|1: New URL-Parameter (system.root only) to allow saving of invalid email addresses. Used for fylr restore.


  • Build with PGO enabled. According to the Go blog this should give us 2-10% better performance at certain tasks. We profiled injecting new objects via POST /api/db as well as indexing which puts pressure on db loading and rendering of objects. However, measuring performance of fylr on production system is difficult as it's not only fylr doing a lot of tasks, but it usually involved i/o to data base and the indexer. Please let us know if you notice a difference on your production systems.

  • Set fylr.db.maxOpenConn to 100 in fylr.default.yml. Before we had this set to 0 which could cause a lot of connections to be opened on busy systems. In some cases fylr ran out of file handler for new TCP connections.

  • Metadata mapping: Allow metadata mapping for Track<n>:SourceImageWidth. Before this wasn't possible to map due to a discrepancy in exiftool between tag listing and actual tag out.

  • Rights management for groups has changed: Groups do not assign READ rights to all members of the same group any more. This is a breaking change if your setup relies on group members seeing other fellow group members without further configuration. This now requires to manually add the desired permissions to the ACL of the group.

  • POST /api/db does not accept empty fields any more if the mask hasn't enabled it. Before it was possible to send uneditable fields of a mask if they were zero. This was harmless but felt inconsistent, so we changed it.

  • POST /api/search: Support localized columns in _fields collector: It uses the same language which is used for sorting (order of users data languages preceded by the optional language setting of the search request) as for the collected value. To collect a specific language with no further computation a new language parameter can be used.

  • /api/config: Support logo_external_url to store a localized link which is followed if the user clicks on the custom logo in the fylr frontend.

  • 2-state boolean: fylr supports saving booleans in 3 states (null, false and true). This update turns booleans into 2-states in searches and for all object renderings. That means, that booleans are now always part of the object's JSON representation even if they are unset in the database. With this change search aggregations will aggregate false for booleans which are unset, resulting in a perfect sum where true and false buckets match the could of the search result.

  • /api/config: Output of the produce_config has better zero values. Arrays and string values no longer have a null value but are output as [] and "" resp.

  • Docker images: The fylr docker images are both (fylr && fylr-server) based on Alpine 3.20 now. Before fylr was based on Alpine 3.18 and fylr-server on Alpine 3.20. Update imagemagick to 7.1.1-33.

  • /api/pool, /api/objecttype: Omit output of _acl, _tags, _maskfilters, _transitions to users with system.root or system.poolmanager and system.objecttypemanager (resp.). Also this limitation is present in /api/search responses for all users.

  • fylr backup & fylr restore: Support Events. Events are included in the backup now and also in the restore. For that a new API POST /api/event/list?skipConstraints=0|1 has been added.

  • /api/db: _last_modified and _created can now both be set using the API. Before only _last_modified was writable and stored in object.updated_at from where it was never read. This change streamlines the usage of object.created_at and object.updated_at in a way that fylr will now never update or set object.updated_at unless it is set via the API (it is ignored if it is the same as object.created_at). _last_modified is now for any version either object.updated_at, or if unset the object.created_at. _created is the object.created_at of the object with version 1.


  • GET /api/objects: Fixed rendering integer.2 columns in IIIF manifests and HTML output.

  • Rights management for files in reverse nested: When exporting files from a reverse nested, fylr failed to check the permissions properly. The permissions can be given by the top level object if a file is part of a reverse nested object even if the reverse nested object as standalone would not allow access to that file.

  • Rights management for system groups: If system groups would grant to users, this would not be reflected in /api/search. Users not gain the READ rights when granted by a system group.

  • POST /api/search: Collecting of empty fields is now supported. If a field is empty we would skip the value before which could result in unpredictable items counts in the collected field array.

  • Backups of Postgres 16: When using format pg_dump fylr was unable to backup databases where the Postgres server was at version 16.

  • GET /api/db: The _created date was wrong if the not latest version 1 of an object was requested. In that case, the _created equaled the _last_modified date of the latest version.

_uuid for nested records

This API change introduces a new _uuid field for nested records. This _uuid is automatically created upon save, so this change is backwards compatible with existing installations.

Before, nested records would never be merged with existing data, so saving a limited mask could lead to unexpected data loss.

Existing nested data is merged, if limited masks provide a _uuid for the sent nested records. Each record is filled with values from the currently stored record which cannot be provided by the limited mask.

Users of the API are required to send the _uuid alongside with the nested record in order for the server to recognize existing nested. Existing implementations of the API will continue working, as the API behaves like before if the _uuid is not sent. In that case the mode for this is replace.

To support backup & restore, _uuid can be provided for newly inserted nested records in the payload of POST /api/db if the url parameter skipConstraints=1 is set. The _uuid is still checked to match fylr syntax for the _uuid. Strictly speaking this feature is not really required to make restore work, but in case we have any use for a stable _uuid in the future it is a nice to have addition.



  • IIIF Links: Added support in the frontend to display custom IIIF Links configured in the base config. If custom links are configured, they will be shown in the object's share panel. These custom links can display the embed code that can be copied to an external page.

  • Nested Tables UUID: Added support in the frontend for the new fylr feature, UUID in nested elements.

  • Logo External URL: Now an external link can be configured in the custom logo in the base config.


  • Nested Table and Limited Mask: Improved frontend functionality with nested tables when the mask is configured so that not all fields of the nested table are visible or editable.

  • Main Menu: Made visual corrections in the main menu.

  • Admin Messages: Now if a permanent message (tray app message or main menu message) contains only a link in the message, this link will be opened without showing the popup message.

  • Search Queries: Made visual corrections to the special operators (AND, OR, etc.) to make them easily identifiable.

  • PDF Creator: Now PDF printing is compatible with the table view for nested fields.


  • MetadataMapping: Fixed bugs in the metadatamapping when the elements being mapped are within a nested table.

  • System Tags: Fixed an issue where the frontend attempted to obtain a custom color for system tags when they were displayed in the filter panel.

  • Tag Icons: Fixed the display of tags that only show an icon in the search results.

  • Nested Tables: Fixed a bug where if a field within the nested table was read-only, it could cause all fields to be non-editable when adding new elements to the nested table.

  • Asset Broker: Made visual corrections for assets marked as hires.

  • Export Groups: Added support in the export manager for asset groups.

  • "About This" Panel on Main Menu: Updated the "About This" panel in the main menu to require root permissions for display.

  • Filepicker: Fixed various issues in the filepicker class to make it compatible with fylr. This class is used in plugins like Drupal, Typo3, etc.

  • ACL Manager: Fixed scaling issues of the ACL popover.

  • CSV Importer: Fixed a bug where numeric data was not correctly matched when importing multiple rows of a nested table.

  • Event Poller: Improved the behavior of the WebSocket event poller. Now, if the frontend loses connection with the server, a non-intrusive message will notify the user that it is attempting to reconnect. If the connection is restored, the user can continue using the application normally without needing to reload the web page.

  • CSV Importer: Fixed a bug where, if indices of a nested element were specified and it didn't have all cells with values, empty values were sent at the end of the array.

  • CSV Importer: Fixed the search of linked objects when more than one identifier field is given.

  • Custom Validation Errors: Fixed a bug in custom validation errors check on the frontend.

  • Script Executer: Fixed the metadata downloader plugin for Script executer. The plugin outputted wrongly formatted strings, producing corrupted CSVs. Also, the filter value feature was not checking metadata values properly.

  • CSS: Made numerous style corrections in the application.

  • Default Tags: Fixed the addition of default tags when opening a new object editor and when updating the editor.

Last updated