Release v6.18.1 (2025-03-07)

Published 2025-03-07 13:49:18Z

Server

Important

This release contains an important security bug fix. It is highly recommended to update to this version as soon as possible.

Fixed

/api/export: Fixed recursion caused stack overflow (full fylr crash) if an export contained an object A with reverse nested B linking to another object C with reverse nested back to B. More general recursion protection has been added too, so that further cases are more likely to result in a panic rather than a stack overflow. [ac53fdc8] [40957697]
/api/schema: Fixed error path on Windows. A database schema could not be properly reported due to a debug dump which caused an error on Windows. [4acf9068]
POST /api/db: Fixed a stack overflow (fylr crashes). If object parent relations contain a recursion inside a bulk upload (all objects version 1), **fylr would not detected that recursion and insert the objects without error. After loading of these objects a stack overflow would occur. [5685dc2c] [40957697]
Plugin support: Fixed exec server silent errors with wrong config. If the config contains an empty command like fylr.services.execserver.commands.foo: null, the exec server would not answer, the error message would only say "EOF". This was caused by a uncaught panic caused while reading the config. This fix catches panics during exec server job execution as well as improves the error messages with shorter message for better readability. [d244d2d2]
DELETE /api/db: Allow deleting of two objects linking to each other. If an object 1 [object type A] has a nested linking to object 2 [object type A] deleting of object 1 and object 2 was blocked by the fylr server. [46baebdc]

Improved

OAI/PMH: Added attributes completeListSize, cursor & expirationDate to resumptionToken. [0446525b]
File Metadata XML: Removed debug output. [801f4098]

Frontend

Fixed

Exact Match Search: Fixed the exact match in autosuggestion for suggestions with more than one word
Editor Validation Errors: Fixed validations errors when custom data types (like weblink) throw invalid save data exceptions
Autocomplete Token: Fixed a bug where some autocomplete suggestion for custom data types were shown empty in the autocomplete popup.
Filter manager Popover: Fixed an issue with toolbar buttons being cut off.
Default Tags: Fixed an error when sending default tags to server for validation.

PreviousRelease v6.18.2 (2025-03-11)NextRelease v6.18.0 (2025-02-26)

Last updated 4 days ago

Server

Important

This release contains an important security bug fix. It is highly recommended to update to this version as soon as possible.

Fixed

/api/export: Fixed recursion caused stack overflow (full fylr crash) if an export contained an object A with reverse nested B linking to another object C with reverse nested back to B. More general recursion protection has been added too, so that further cases are more likely to result in a panic rather than a stack overflow. [ac53fdc8] [40957697]

/api/schema: Fixed error path on Windows. A database schema could not be properly reported due to a debug dump which caused an error on Windows. [4acf9068]

POST /api/db: Fixed a stack overflow (fylr crashes). If object parent relations contain a recursion inside a bulk upload (all objects version 1), **fylr would not detected that recursion and insert the objects without error. After loading of these objects a stack overflow would occur. [5685dc2c] [40957697]

Plugin support: Fixed exec server silent errors with wrong config. If the config contains an empty command like fylr.services.execserver.commands.foo: null, the exec server would not answer, the error message would only say "EOF". This was caused by a uncaught panic caused while reading the config. This fix catches panics during exec server job execution as well as improves the error messages with shorter message for better readability. [d244d2d2]

DELETE /api/db: Allow deleting of two objects linking to each other. If an object 1 [object type A] has a nested linking to object 2 [object type A] deleting of object 1 and object 2 was blocked by the fylr server. [46baebdc]

Improved

OAI/PMH: Added attributes completeListSize, cursor & expirationDate to resumptionToken. [0446525b]

File Metadata XML: Removed debug output. [801f4098]

Frontend

Fixed

Exact Match Search: Fixed the exact match in autosuggestion for suggestions with more than one word

Editor Validation Errors: Fixed validations errors when custom data types (like weblink) throw invalid save data exceptions

Autocomplete Token: Fixed a bug where some autocomplete suggestion for custom data types were shown empty in the autocomplete popup.

Filter manager Popover: Fixed an issue with toolbar buttons being cut off.

Default Tags: Fixed an error when sending default tags to server for validation.