# Release v6.30.0 (2026-03-11) Published 2026-03-11 13:01:41Z * [fylr\_checksums.txt](https://s3.eu-central-1.wasabisys.com/fylr-releases/v6.30.0/fylr_checksums.txt) * [fylr\_v6.30.0\_darwin\_amd64.tar.gz](https://s3.eu-central-1.wasabisys.com/fylr-releases/v6.30.0/fylr_v6.30.0_darwin_amd64.tar.gz) * [fylr\_v6.30.0\_darwin\_arm64.tar.gz](https://s3.eu-central-1.wasabisys.com/fylr-releases/v6.30.0/fylr_v6.30.0_darwin_arm64.tar.gz) * [fylr\_v6.30.0\_linux\_amd64.tar.gz](https://s3.eu-central-1.wasabisys.com/fylr-releases/v6.30.0/fylr_v6.30.0_linux_amd64.tar.gz) * [fylr\_v6.30.0\_windows\_amd64.zip](https://s3.eu-central-1.wasabisys.com/fylr-releases/v6.30.0/fylr_v6.30.0_windows_amd64.zip) ## Server ### Important * This release **forces a blocking re-index**. Make sure to plan enough time for this update as your users will not be able to access the database while the re-index is running. \[4535375cd] * **Recipes for metadata mapping can now use parameters**. With this, administrators and users can fine-tune plugin behaviour for metadata mappings. * The processing of **XSLT** over the OAI/PMH API was changed. This might be a breaking change for some XSLT sheets. **fylr** now required the Sheet to produce the XML elements on top level, or, an **XPATH-select** needs to be defined in the base config. ### Breaking changes This release brings the following (minor) breaking changes: * **/api/search\[type=event]**: Removed support for `event.info` filter (see below). \[02daaa9b6] * **/api/user/session**: Recipe configurations now follow JSON notation rules and are lower case (instead of the Go style CamelCase which was previously used). \[9db2bd089] * **fylr-plugin-ai-metadata**: Users of the plugin `fylr-plugin-ai-metadata` **must update** to the latest version. ### New * **Custom Recipe configurations**: Configuration for recipes can now be stored alongside with mappings, object types, pools or collections. This patch brings recipe parameters for metadata mappings. With this, recipe parameters can be pre-defined on multiple levels as well es per-request (`api/eas`). With parameters, we can enhance the `fylr-plugin-ai-metadata` which will benefit from on-demand user input to ad just prompts. Also in this patch is support for mandatory (`mandatory`) and user editable (`usereditable`) parameters. `usereditable` is used by `/api/eas` and `/api/collection` to allow users to overwrite recipe parameters. Also, recipe parameters can now use limited object data replacements (top level only) in task module `metadata`. \[9db2bd089] \[f1f57c7fa] \[06f622946] * **/api/export**: Added **custom Javascript** capability to the metadata mapping. With custom JS, all metadata mapping can now use Javascript to change the list of values compiled into the XML. This helps to support custom requirements to fill out data in e.g. OAI/PMH dc exports. \[dd3487b86] \[d7534d533] * **SSL Certmagic**: Added support for `externalAccount`. The new `fylr.services.webapp.tls.letsEncrypt.externalAccount` config can be used to setup certificate providers other then [**Let's Encrypt**](https://letsencrypt.org/). With this [`zeroSSL`](https://zerossl.com/) is now supported. * **/api/search**: Added `_field_name` to `_standard.geo` and sub field `.geo` for fields of type `files`. The new field `_standard.geo.1._field_name` allows to search for fields which contributed their geo values to the standard geo. Also, for type `files`, the subfield `.geo` is now supported. This allows to directly access the geo coordinates of the file in the search without mapping it to standard info. \[7b648e365] \[a26d86980] \[447096d4a] \[58518e481] * **SAML**: Support logout. Adds a new endpoint `/api/saml/slo` for IDP induced logout. Support also SP induced logout (if the IDP support this). \[d6daaded6] * **Base Config \[SAML]**: Make *Back to internal login* button (if SAML is activated) on login page customizable. \[2b7bc7e9e] ### Improved * **POST /api/db\[groupmode]**: Merge existing l10 values with new. In group mode, this keeps unsent and already set language value in loca text fields. Before unsent languages would be deleted. Now, frontends can decide to either delete a language (send the language empty), or keep the existing one (do not send the language). \[1cccad57d] \[af86e88f3] * **/api/oai**: Faster `XSLT` conversions. OAI/PMH with XSLT got a new configuration "xpath\_query". It is used to split the elements produced by the XSLT and merge them with the OAI/PMH headers. Existing XSLT are parsed at top level and should work as before. XLST is called with all objects requested by the OAI/PMH request, which makes it faster. Before the XSLT was called per object. \[19a73c4e9] \[8e66992f6] \[019d1b76d] * **/api/search\[collection]**: Support `created_at` and `updated_at` for sorting. Also, set `updated_at` for version 1 (before this was left `null`). Requires a re-index. \[292f409aa] \[f3b4605bb] * **/inspect/files**: Allow range & group search with `id:<...>`. \[c64469e86] \[a8ff4a39b] * **/inspect/export**: Add pagination support and search filter for file lists. Also reverse log entry output for better readability. \[2eecb1e6c] \[6b0b26520] * **/api/tags**: New api error `TagsInUse`. **fylr** now checks if any of the to-be-deleted tags are in use. The new API error contains a list of the first three tags which are in use together with a details explanation about where to find it. \[0d132f7fe] * **/api/search\[event]**: Do not index `event.info`. Removed this from supported search parameters. \[02daaa9b6] * **/api/search**: Index dependecies for `_standard` to the 3rd level only. Before we indexed to the 5th level which could cause the index to grow to immense size in some configurations. \[2a27ceb00] * **/inspect**: Added disclaimer warning. \[4d49da452] \[7c4a50f2f] \[667c14d18] * **Error handling**: Add a right displayname localization to `UnknownRightParam`, `UnknownRightValue`, `RightRequired` rights. \[eeb660da7] \[4cb26dbfe] * **fylr backup/restore**: Derive `--client-token-url` from `--server`. The parameter can now be omitted for most cases. \[a2a0adb62] * **Base Config \[SAML]**: Improved error output for Javascript entry code execution. If the SAML entry read back includes a JS code to change it, output the full script which was executed in the error message. This should make it easier to find bugs in such SAML entry scripts. Also, we now check SAML connection errors. This means that repeatedly saving an invalid or unreachable IDP url will no longer result in timeout wait times every time. Only if cached parameters are changed a new conenction attempt is performed. \[f856b101a] \[5eac060cd] \[0752a64e0] \[3e13e7bc3] * **Metadata mapping errors**: Plugins can now return a **metadata mapping error** using the returned metadata. `mapping.import.json_error` defines a `GJSON`-path to check the metadata for errors. This allows passing errors from the metadata plugin all the way to the user. While at it, merge metadata on a deeper level, so now the 1st and 2nd level are kept and only deeper levels are overwritten during the metadata read back merge. With this a plugin can provide multiple recipes and register all their metadata under a common metadata group (usually the plugin name) in the top level. \[997b3e6e2] * **Task module `delete_objects`**: Support delete policies `purge` and `undelete`. \[e71add958] * **/api/system/backup**: New parameter `include_events`. This is an opt-in to include events in the backup. Before events where only exported in format `pg_dump`. Also available in `/inspect/system/backup/`. \[e569d0849] * **POST /api/user**: Allow to disabled login of `system:root` user. We allow this, so that an instance can be set up to limit ip based access to root privileges. Now you can disable the sy stem root user's login and create a group (ip filtered) with root rights. \[aa2a9cc65] * **fylr convert**: Improve support for **PCD**. The **PCD** support was improved after image **Imagemagick** fixed their code to no longer work with a imaginary layer "7" requested from the **PCD**. We are now testing each layer for extractability by **Imagemagick** and use the biggest we find. Also in this patch, start `--page` with 0 (for TIFF) and support `--page` for **PDF**. Also support `--page` for **PCD**. \[5004f81f4] * **/api/event/stream**: Allow for cross server by setting `Allow-Origin`. With this, cross server frontends must no longer use the legacy poller `/api/event/poll`. Also, some changes to pollability for `INDEX_SWITCH`, `REINDEX_DONE`, `REINDEX_ERROR` and `REINDEX_INDEX_PURGED`. \[23922a245] * **/api/collection/\[list/objects]**: Silently ignore offsets < 0, correct them to 0. \[a86492d3c] * **SAML Login**: Improved debugging output. \[a9484b42e] ### Fixed * **/api/eas\[mapping]**: Fixed overloading case with linked objects. If a metadata mapping defined multiple sources so that multiple linked objects were matched for a single target field, the lookup of objects other than the first would not be mapped correctly. This was discovered using a custom location tag without `strategy: first`. Now, lookups are run only after all metadata mapping objects were read, so that overwrites and duplicates are recognized. \[6eaa92af5] * **Error localization**: Fixed localization for `UnknownColumnType`, `UnsupportedFieldType` and `RecipeParamUnknownType`. These errors would cause a `TmplToWriter` error in some frontend languages, disguising the actual error message. \[c10f755d5] * **/inspect/plugins**: Page render error was fixed. Also added build info of plugins to the output (where available). \[39aba8eef] * **/inspect**: Fixed Javascript for `H3` collapsibles. \[783273be7] * **Indexer**: Fixed re-queuing error detection for [Opensearch](https://opensearch.org/). Before we only re-queued indexer jobs if the error message from the indexer contained *es\_rejected\_execution\_exception*. This didn't work on OpenSearch (they don't use the *es*\_ prefix in the exception string). \[1f6ef0609] * **Indexer**: Limit sort terms to **\~30kb** to avoid indexing errors. With really deep hierarchies the facet term would be to big. This code cuts off such strings hard, to not run into limits of Lucene (32kb for a term). While at it, choose to pad strings for facets at 30 runes instead of 50. This should still be long enough for most use cases. It makes the sort string smaller and enhances the chances that the string is not cut off. \[55f1f4e6f] * **Execserver callbacks**: Fixed long standing problem with context. The patch fixes reading back data from long running execserver calls. This was most visible in the **FTP plugin** where the answer from the plugin waits until all **FTP transport** it done . Also, fixed error handling in export transports. If an error was reported by the transport, we would fail to write a `EXPORT_TRANSPORT_FAILED` event. Also, tune down logging if a context gets cancelled. The old code would output the WARN twice, resulting it log bloat. \[7a26bcb72] \[572a207df] \[ae0e2c5b0] * **Hotfolder & /api/eas?collection**: Fixed update case when uploading files. In case that an object has a nested with linked objects for the file, the update would not work properly. This patch fixes the update. Also, the lookup of the object is now skipping objects which the user is not allowed to READ. Before a missing READ right on a found object would result in an error. So now, the user A can have an object with "ref1" and the user B too. If user A doesn't see user's B objects, the update is still possible as the user A correctly only sees one object. Before fylr would complain that the user doesn't have the appropriate rights. \[18d2e7251] * **fylr restore**: Removed option `--max-parallel`. `POST /api/db` currently struggles to import deferred hierarchies in parallel. Since our restore needs that, we for now remove the max parallel feature. This option was also removed from `/inspect/migration`. \[88584fc29] * **/api/schema/commit**: Fixed constraints checks. If columns loose there constraint checks (remove not null or have wider ranges), we did not re-assure object constraints (this was only done for added not null and narrower ranges). This fixes inconsistent system tags which are not removed after data model changes allow the removal. \[1184c7864] * **/api/search**: Allow empty token searches. If the `-` search yields no terms, we ignore it instead of returning zero search results. Also, response with `WildcardOnlyNotAllowed` for searches which contain terms like "-\*". \[c83b27393] ## Frontend ### New * **Apply Placeholder** — A new option has been added to the New Object Editor that allows converting the placeholder coming from the Template or from metadata mappings into the actual value of the input field. This allows the user to edit the value directly in the editor without needing to create the object first. The Apply Placeholder button will appear in the top-right corner of the input when data from the template or metadata mappings is available. * **Expert Search Filter Input** — A new input has been added to the Expert Search popover that allows filtering fields within the Expert Search, making it easier to quickly find fields in very large Object Types (OTs). The filter also works with nested fields and can either display the full nested structure or only the fields that match the filter. * **Sort Manager Filter Input** — Similar to Expert Search, a filtering feature has been added to the Sort Manager, allowing users to quickly search for fields. * **Group Editor Multi-Language Select** — New checkboxes have been added to multi-language fields for each language, allowing editing only the selected language without modifying values in other languages. * **Collection Field in Expert Search** — A new **System Field** has been introduced in Expert Search to create search filters for Collections. Users can now search for objects within a specific collection or identify objects that are not assigned to any collection. This is particularly useful when configuring searches for **Background Tasks (BG Tasks)**. * **Leave on Remote (RPUT Uploads)** — A new option called **"Leave on remote"** has been added when uploading assets using the **RPUT** tool. If this checkbox is enabled, the original file will remain in the source location and **Fylr** will not copy it into the system. * **Linked Object Prevent Suggestion** — Added a new mask option for linked objects that prevents on-the-fly creation suggestions in editors. * **UUID Search Support in Main Search** — Support has been added to search records by **UUID** in the Main Search. Similar to `global_object_id`, if a UUID is entered after the `#` character, the system will search using that UUID. * **Metadata Recipes Parameters Editor** — Support has been added for the new **parameter editor** for recipes in metadata mappings. If a plugin supports this feature, a new configuration button will appear next to the mapping selector, allowing dynamic modification of recipe parameters. This configuration is available in Objecttype Manager, Pool Manager, Collection Upload Settings, Metadata Task Configuration, New Object Editor, and Mapping Editor. * **JavaScript Modifier for Export Mappings** — Export Mappings now support **JavaScript modifiers**, allowing custom logic to modify how field values are exported. This can be configured per field in the **Export Mapping Editor**. * **Search and Replace / Append for Multi-Language Fields** — The **Group Editor** now supports **Search and Replace** and **Append** operations for multi-language fields. ### Enhanced * **Full Screen Record Navigation** — When viewing a record in **Full Screen Detail View**, using **"Show Record in Detail"** for a linked object will now display it both in the **detail sidebar** and in the **Full Screen viewer**. * **Custom Deep Links Replacements** — A new replacement type has been added that allows inserting an object's **UUID** into the URL of a **Custom Deep Link**, enabling custom URLs that reference Fylr objects directly. * **Custom Metadata Mapping Fields UX** — The form for adding XML fields in metadata mappings has been improved. The field list now includes **Add** and **Remove** buttons, and a new checkbox allows configuring the **import\_strategy** in Import Mappings. * **Main Search Input** — A **Clear** button has been added directly to the search input to quickly reset the current search. * **Mask Editor** — When creating a new **Object Type**, the default mask will now include a **localized display name**. Previously, the default mask only contained an internal name and had to be manually renamed. * **Pool Selection for Linked Objects** — The form displaying pool selectors for linked objects in the **New Object Editor** has been improved. Selectors that should not be visible (e.g., due to permission restrictions) are now automatically hidden. * **Delete Task for Background Tasks** — New delete policies have been added that allow **purging** deleted objects or **recovering** deleted objects. Additionally, a new option allows including deleted objects in the search configuration for this task. * **Search Popover in Background Tasks** — Searches can now be configured to include **all Object Types**, not only those available in the Main Search. The **Search Type Selector** in the search popover now lists every Object Type in the system. * **Backups** — A new option **"Include Events"** has been added when creating backups in the **Backup Manager**. ### Fixed * **Token Search** — Fixed an issue where tokens containing uppercase letters would not return results. * **Linked Objects Visibility** — Fixed an issue where linked objects were not displayed correctly in the Detail view under limited permissions. * **Pool Selectors in New Editor Modal** — Fixed a bug where the pool selector for linked objects did not work correctly when creating objects from the **New Object Editor modal**. * **Remove from Collection Tool** — The **Remove from Collection** tool in Main Search will no longer appear in situations where it does not make sense, such as when the user has no access to collections or when the object is not assigned to any collection. * **Color Profile List** — Fixed the color profile list in the **Export Manager**, improving localization. * **`:secret` Field in Transport Configuration** — Fixed an issue with fields marked as `:secret` in the **Transport configuration** within the Export Manager. * **Linked Object Race Condition** — Fixed a race condition causing newly linked objects to temporarily appear as **"Not Found"**. * **Nested Fields Dragging** — Fixed a visual bug when dragging rows in nested fields to reorder them. * **Metadata-Mapped Linked Objects** — Fixed a bug preventing correctly displaying linked objects created by **metadata mappings** in the New Object Editor. * **Collection Upload Settings** — Fixed a bug where the system did not correctly check if an **easydb field** or linked object was inside a nested structure when configuring **collection upload settings**. * **Unknown Mask Splitter** — Fixed a bug that prevented rendering the **Detail View** when a mask contained an orphan **custom mask splitter**. ## Plugins ### Geo-JSON Plugin The **Geo-JSON plugin** has been updated with new features and fixes. The most relevant improvements include: * **Marker and Color per Field** — It is now possible to configure **icons and colors not only per Object Type but also per field**, making it easier to distinguish different fields on the main map. * **Field Filter in Main Map** — A new tool has been added to the **Main Map** that allows hiding specific geo-fields, making it possible to display only features coming from selected fields. > These changes require **Fylr version 6.30**.