## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags=""
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags=""
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
This reverts commit 07e003f68a.
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags=""
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags=""
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
## Description
Fixed a logic gap in the Applications page where no applications would
be displayed when `isAiAgentInstanceEnabled` is true but
`isAiAgentFlowEnabled` is false.
## Changes
- Updated conditional rendering logic for application lists to handle
all combinations of AI agent feature flags
- Non-anvil applications now display when either flag is disabled:
`(!isAiAgentInstanceEnabled || !isAiAgentFlowEnabled)`
- Anvil applications (AI agents) now only display when both flags are
enabled: `isAiAgentFlowEnabled && isAiAgentInstanceEnabled`
## Problem
Previously, when `isAiAgentInstanceEnabled` was `true` and
`isAiAgentFlowEnabled` was `false`, neither ApplicationCardList
component would render, resulting in no applications being shown to the
user.
### Logic Gap:
- First list: `!isAiAgentInstanceEnabled` → evaluates to `false`,
doesn't render
- Second list: `isAiAgentFlowEnabled` → evaluates to `false`, doesn't
render
- Result: No applications displayed
## Solution
Updated the conditions to ensure at least one list always renders based
on the flag states:
- Regular applications display unless both AI flags are enabled
- AI agent applications only display when both flags are enabled
## Testing
- [ ] Verified applications display when both flags are false
- [ ] Verified applications display when `isAiAgentInstanceEnabled` is
true but `isAiAgentFlowEnabled` is false
- [ ] Verified both application types display correctly when both flags
are true
- [ ] Verified AI agent applications only when both flags are enabled
## Files Changed
- `app/client/src/ce/pages/Applications/index.tsx`
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Git"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Enhanced application availability by refining the logic that
determines which application card lists are displayed based on different
system configuration combinations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
# PR Description
## Summary
Fixes an issue where `basePageId` could be undefined during initial page
load or navigation, causing errors in the URL builder.
## Changes
- Added fallback to `null` for `basePageId` in Header component when
undefined
- Wrapped `urlBuilderFn` call in try-catch block to gracefully handle
missing `basePageId`
- Returns empty string for href when `basePageId` is not yet available
## Why
During initial page load or navigation transitions,
`currentPage?.basePageId` may not be available yet, which could cause
the URL builder to throw errors. This change ensures the application
handles this edge case gracefully by providing a fallback value and
catching any errors that may occur.
## Automation
/ok-to-test tags="@tag.Git"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/18742901184>
> Commit: 48dc01a73bbb816b63acd186d9d80eb36cdf5814
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=18742901184&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Git`
> Spec:
> <hr>Thu, 23 Oct 2025 09:48:19 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
## Description
https://github.com/appsmithorg/appsmith-ee/security/dependabot/438
Fixes CVE-2025-58754
```
client % yarn why axios
├─ appsmith-rts@workspace:packages/rts
│ └─ axios@npm:1.12.2 (via npm:^1.12.0)
│
├─ appsmith@workspace:.
│ └─ axios@npm:1.12.2 (via npm:^1.12.0)
│
└─ wait-on@npm:7.2.0
└─ axios@npm:1.12.2 (via npm:^1.12.0)
```
## Automation
/ok-to-test tags="@tag.All"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/18520882251>
> Commit: 59f9b9b973b9673e983ab9e0437d812471d179b8
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=18520882251&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Wed, 15 Oct 2025 08:31:04 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated axios to ^1.12.0 across the client, including the RTS package
and resolution map, ensuring consistent dependency versions.
* Improves overall stability and compatibility by incorporating upstream
fixes and enhancements.
* Reduces the risk of dependency conflicts in the client workspace.
* No user-facing behavior changes are expected.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
[Slack
Thread](https://theappsmith.slack.com/archives/C03RPDB936Z/p1759920222623799)
EE Counterpart PR: https://github.com/appsmithorg/appsmith-ee/pull/8242
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.All"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/18408366993>
> Commit: 698d87930627197831d1ec9f89c40a02928d1b28
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=18408366993&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Fri, 10 Oct 2025 15:02:32 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Breaking Changes**
* Config REST endpoints for fetching/updating by name and ACL-guarded
config update paths have been removed; clients relying on those
endpoints or permissioned fetch/update should adjust.
* **Bug Fixes**
* Simplified config access surface to reduce permission-related
complexity and potential inconsistencies.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
Made changes to ensure that workspace id is also added to the
/applications url when clicking on All Apps icon or logo from editor
page.
Fixes #`41296`
## Automation
/ok-to-test tags="@tag.All"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/18468233571>
> Commit: 73d0192dfaf32c350335a2fb6d57d2ad81c65413
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=18468233571&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Mon, 13 Oct 2025 15:26:00 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Navigation to Applications is now workspace-aware: the Back to Apps
button (App Viewer) and the Appsmith link (Editor) route to the
Applications page scoped to the selected workspace when present.
* Ctrl/Cmd-click opens the workspace-scoped Applications page in a new
tab.
* Navigation updates dynamically when the current workspace changes.
* Behavior for anonymous users remains unchanged.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fix the [Caddy route tests
workflow](https://github.com/appsmithorg/appsmith/actions/workflows/caddy-routes-test.yml).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved compatibility for route test container by selecting the
correct binary for the running architecture (e.g., ARM, x86), reducing
setup failures.
* **Chores**
* Streamlined binary installation in the test container by extracting
directly to the system path, removing unnecessary intermediate steps.
* Maintained existing certificate setup with no functional changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
EE Shadow PR: https://github.com/appsmithorg/appsmith-ee/pull/8226
Fixes CVE-2025-9288
Fixes CVE-2025-9287
## Automation
/ok-to-test tags="@tag.All"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/18306326151>
> Commit: 75166362114f950aa5e4d5f53793329a495b404c
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=18306326151&attempt=5"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Tue, 07 Oct 2025 13:45:02 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* Chores
* Updated client-side dependencies and locked specific versions to
improve app stability and compatibility.
* Added resolution overrides to ensure consistent builds across
environments and reduce dependency-related issues.
* These updates are behind the scenes and do not change the user
interface or workflows.
* No impact on exported APIs; functionality remains unchanged for
end-users.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Addresses at least a couple of issues in a number of support tickets
about logs volume:
- we were double-logging all messages via Supervisor's
eventlistener:stdout configuration. Once to the sub-process's logs, and
once to another file in the logs/supervisor directory. The purpose of
this listener is to send logs to stdout/stderr so they can be picked up
by log aggregation services, no need to write again.
- we had debug logs enabled for Caddy which was creating quite a bit of
log volume in `logs/editor/<hostname>-stderr.log`
- bonus fix: in a multi-container deployment, all containers were trying
to write to `logs/supervisor/supervisord.log` making trying to
troubleshoot those deployments more difficult.
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Sanity"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/18222964844>
> Commit: 54b5a1a1c52408ae30472d1b5f25a157603fd626
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=18222964844&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Fri, 03 Oct 2025 13:38:52 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Simplified logging to route process output to standard output with
hostname tagging, reducing per-file logs and disk usage.
* Improved reliability of log capture with a dedicated stdout event
handler.
* Reduced log noise by disabling debug logging in the web server
configuration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
**Problem:**
Spring Boot 3.3.13 enforces single-valued OAuth2 parameters, causing
failures when multiple hd values are present in authorization requests.
**Solution:**
- Single-valued hd: Always 0 or 1 hd parameter
- Domain selection: Use request context to pick the domain
- Fallback: Use the first allowed domain when no match is found
- Multi-TLD support: Works with .com, .org, .io, etc.
- Proxy support: Handles X-Forwarded-Host headers
- Case-insensitive: Normalizes domain matching
EE Counterpart PR: https://github.com/appsmithorg/appsmith-ee/pull/8211
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Authentication,@tag.Sanity"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/18095565045>
> Commit: e4e0e93ddb4a2f9a7c2babd9247dcadafa73dc90
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=18095565045&attempt=2"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Authentication,@tag.Sanity`
> Spec:
> <hr>Mon, 29 Sep 2025 12:34:36 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Improved OAuth login for setups with multiple allowed domains. The
system now auto-derives the most appropriate domain from incoming
requests, supports subdomain and multi-level matches, and gracefully
falls back when no match is found. Ensures OAuth parameters remain
single-valued for better compatibility and reliability.
- Tests
- Added comprehensive test coverage for multi-domain handling, subdomain
matching, fallback behavior, empty configurations, and parameter
single-value validation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Tab navigation between input widgets was not working in Fixed Layout
applications. Users reported that pressing the Tab key would not move
focus to the next input widget in the expected order (top-to-bottom,
left-to-right), instead following the browser's default DOM-based tab
order.
This issues was raised by an Enterprise user
[here](https://theappsmith.slack.com/archives/C0341RERY4R/p1758112042665109)
## Root Cause
The issue was caused by a **timing problem** in the `useWidgetFocus`
hook:
1. The `useEffect` hook was running immediately when the component
mounted
2. However, the canvas element ref (`ref.current`) was set later via the
React ref callback
3. This caused the event listeners for Tab navigation to never be
attached, as `ref.current` was `null` when `useEffect` ran
4. Without the custom Tab event listeners, the browser fell back to its
default tab navigation behavior
## Solution
Refactored the `useWidgetFocus` hook to attach event listeners
**immediately when the ref is set**, rather than waiting for a
`useEffect` that runs too early:
### Before (Broken):
```typescript
useEffect(() => {
if (!ref.current) return; // ❌ Always true - ref not set yet
const handleKeyDown = (event: KeyboardEvent) => {
if (event.key === "Tab") handleTab(event);
};
ref.current.addEventListener("keydown", handleKeyDown);
}, []); // ❌ Runs before ref is set
```
### After (Fixed):
```typescript
const setRef = useCallback((node: HTMLElement | null) => {
if (node === null) return;
if (ref.current === node) return;
ref.current = node;
attachEventListeners(node); // ✅ Attach immediately when ref is set
}, [attachEventListeners]);
```
## Why This Solution Works
1. **Correct Timing**: Event listeners are now attached immediately when
React calls the ref callback with the DOM element
2. **No Race Conditions**: Eliminates the timing issue between
`useEffect` and ref assignment
3. **Maintains Functionality**: Preserves all existing tab navigation
logic (position-based sorting, modal focus trapping, etc.)
4. **Clean Architecture**: Separates event listener attachment logic
into a reusable callback
## Testing
- ✅ Tab navigation now works correctly in Fixed Layout applications
- ✅ Maintains proper top-to-bottom, left-to-right tab order
- ✅ Modal focus trapping continues to work
- ✅ Auto Layout behavior unchanged (tab navigation disabled as intended)
- ✅ No regressions in existing functionality
## Files Changed
- `app/client/src/utils/hooks/useWidgetFocus/useWidgetFocus.tsx` - Fixed
event listener timing
- `app/client/src/utils/hooks/useWidgetFocus/handleTab.ts` - Cleaned up
(no functional changes)
- `app/client/src/utils/hooks/useWidgetFocus/tabbable.ts` - Cleaned up
(no functional changes)
## Automation
/ok-to-test tags="@tag.Widget"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/18034264649>
> Commit: ab9af8404302eb19c243dea583160bc9e74f33aa
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=18034264649&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Widget`
> Spec:
> <hr>Fri, 26 Sep 2025 11:09:55 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved reliability of focusing widgets on click.
* More consistent Tab key navigation across widgets.
* Prevents unintended focus behavior in non–auto-layout mode.
* **Refactor**
* Streamlined event listener management for focus and keyboard
interactions, improving stability and reducing potential memory leaks.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
TLDR:
Refines TableWidgetV2 cell editability logic to disable editing when
infinite scroll is enabled.
<ins>Problem</ins>
When people toggled infinite scroll of ON and then moved it back to ON,
we were forcibly enabling editing for all columns which was wrong
product behavior.
<ins>Root cause</ins>
The utilities were putting the additables to true in DSL.
And editability logic missed a check for the infinite scroll setting,
causing cells to remain editable even when infinite scroll was active.
<ins>Solution</ins>
This PR handles the integration of infinite scroll support into
TableWidgetV2 by updating header and cell components to respect the
infiniteScrollEnabled prop. Editability is now disabled when infinite
scroll is active, ensuring consistent and predictable user experience.
Fixes #`Issue Number`
_or_
Fixes https://github.com/appsmithorg/appsmith-ee/issues/8144
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Table"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17998257804>
> Commit: 4d0ff9c41d97c55a94a3d261b962faef492f453a
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17998257804&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Table`
> Spec:
> <hr>Thu, 25 Sep 2025 06:15:12 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Laveena Enid <laveena@appsmith.com>
Co-authored-by: Aparna Ramachandran <101863839+btsgh@users.noreply.github.com>
Co-authored-by: Abhijeet <41686026+abhvsn@users.noreply.github.com>
Co-authored-by: yatinappsmith <84702014+yatinappsmith@users.noreply.github.com>
Co-authored-by: Nidhi <nidhi@appsmith.com>
Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
Co-authored-by: “sneha122” <“sneha@appsmith.com”>
Co-authored-by: Nidhi <nidhi.nair93@gmail.com>
Co-authored-by: Ankita Kinger <ankita@appsmith.com>
Co-authored-by: Rudraprasad Das <rudra@appsmith.com>
Co-authored-by: Trisha Anand <trisha@appsmith.com>
Co-authored-by: Trisha Anand <trisha1990@gmail.com>
Co-authored-by: Arpit Mohan <mohanarpit@users.noreply.github.com>
Co-authored-by: Hetu Nandu <hetu@appsmith.com>
Co-authored-by: albinAppsmith <87797149+albinAppsmith@users.noreply.github.com>
Co-authored-by: Albin <albin@appsmith.com>
Co-authored-by: Manish Kumar <107841575+sondermanish@users.noreply.github.com>
Co-authored-by: Pawan Kumar <pawan@appsmith.com>
Co-authored-by: Apeksha Bhosale <7846888+ApekshaBhosale@users.noreply.github.com>
Co-authored-by: Diljit <diljit@appsmith.com>
Co-authored-by: jacquesikot <jacquesikot@gmail.com>
Co-authored-by: Goutham Pratapa <goutham@appsmith.com>
Co-authored-by: Wyatt Walter <wyattwalter@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Laveena Enid <109572422+laveena-en@users.noreply.github.com>
Co-authored-by: Abhinav Jha <abhinav@appsmith.com>
Remove unused argument from generate_info_json.sh script call
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags=""
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
Updated the GitHub Actions workflow to use the Ubuntu 22.04-8core runner
for improved performance and compatibility.
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags=""
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
## Description
Made changes in backend to sort applications and workspaces in
alphabetic order
Also added feature flag control to this functionality.
Fixes#31108
## Automation
/test Workspace
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17998282833>
> Commit: ff76753e19106314d21cc4b9548177fe8f93339d
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17998282833&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Workspace`
> Spec:
> <hr>Thu, 25 Sep 2025 06:09:23 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Optional alphabetical ordering for workspaces and applications on the
Home page, toggleable via a new feature flag.
* Home view now chooses between case-insensitive alphabetical sorting
and the existing “recently used” ordering based on that flag.
* **Tests**
* Added automated tests verifying alphabetical workspace ordering and
exact name sequencing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Abhijeet <abhi.nagarnaik@gmail.com>
## Description
This PR adds a new error message constant
`AUTH_ACCOUNT_SUSPENDED_FOR_RATE_LIMIT` to handle cases where user
accounts are suspended due to rate limiting violations.
## Changes
- Added `AUTH_ACCOUNT_SUSPENDED_FOR_RATE_LIMIT` message constant in
`messages.ts`
- Added the new error message to the approved error messages list in
`approvedErrorMessages.ts`
- The message informs users that their account is suspended for 24 hours
and suggests resetting their password to continue
## Message Content
> "Your account is suspended for 24 hours. Please reset your password to
continue"
This provides clear guidance to users on both the suspension duration
and the action they can take to resolve it.
## Automation
/ok-to-test tags="@tag.Sanity, @tag.Authentication"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17939195425>
> Commit: 5b1a651df3483315ebea7f4096eb22e485a9a9d7
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17939195425&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity, @tag.Authentication`
> Spec:
> <hr>Tue, 23 Sep 2025 08:25:35 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a clear authentication message when an account is temporarily
suspended due to rate limiting (24-hour lockout). This message is now
displayed as a standard, user-visible error, helping users understand
why sign-in is blocked and when they can retry. This improves feedback
after too many attempts or excessive requests, reducing confusion and
support inquiries.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Git"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17945463792>
> Commit: 02dea2de752e6171fa3e4cefd8650b7fcf9b332f
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17945463792&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Git`
> Spec:
> <hr>Tue, 23 Sep 2025 12:56:31 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Auto-commit now accepts author name and email so commits reflect the
initiating user.
* Auto-commit processing can run asynchronously in the background.
* **Improvements**
* Auto-commit flows will fall back to generated author info when a
stored Git profile is unavailable.
* Controller now delegates auto-commit to a central service for
consistent responses.
* Enhanced logging for clearer Git operation traceability.
* **Tests**
* Updated and un-skipped end-to-end and unit tests covering auto-commit
paths.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
Hardcoded image reference was missed in the previous Bitnami image fix.
see: https://github.com/bitnami/charts/issues/35256
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags=""
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Init container images for Redis, MongoDB, and PostgreSQL now respect
chart values for registry, repository, and tag, allowing customization
and private registry support. Defaults are no longer hardcoded; behavior
for explicitly provided custom images remains unchanged. This helps with
compliance, air-gapped deployments, and consistency.
- Chores
- Bumped Helm chart to 3.6.5.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Git"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!IMPORTANT]
> 🟣🟣🟣 Your tests are running.
> Tests running at:
<https://github.com/appsmithorg/appsmith/actions/runs/17913609729>
> Commit: 2055a6b1f1f8b90651f7ad384736905e9a957e6d
> Workflow: `PR Automation test suite`
> Tags: `@tag.Git`
> Spec: ``
> <hr>Mon, 22 Sep 2025 11:18:58 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Temporarily disabled Git auto-commit; auto-commit operations no longer
execute.
* Auto-commit status responses now consistently report IDLE with 0%
progress.
* Users may notice no automatic commits in linked repositories; manual
commits unaffected.
* No changes to public API signatures; only response behavior adjusted.
* **Tests**
* End-to-end test for Git autocommit is skipped to reflect disabled
auto-commit.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Git"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!IMPORTANT]
> 🟣🟣🟣 Your tests are running.
> Tests running at:
<https://github.com/appsmithorg/appsmith/actions/runs/17855114706>
> Commit: eded40175d45e1294c0b3cb2a3efcd9496373844
> Workflow: `PR Automation test suite`
> Tags: `@tag.Git`
> Spec: ``
> <hr>Fri, 19 Sep 2025 10:02:49 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Added support for Redis Cluster URLs in Git-connected features,
enabling redis://, rediss://, and redis-cluster:// configurations.
- Introduced a configurable Git root path to improve cloning behavior
across environments.
- Refactor
- Unified Redis operations behind a single execution path to ensure
consistent behavior and compatibility across connection types.
- Streamlined Git initialization and argument handling to reduce edge
cases during repository setup.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Git"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17826532521>
> Commit: d7e0d5646396a25ffc73c9444a57200993868926
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17826532521&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Git`
> Spec:
> <hr>Thu, 18 Sep 2025 11:50:06 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Branch-aware Git clone/checkout with Redis-backed caching and
automatic cleanup.
- Operation-aware Git routing for endpoints.
- Enhanced, timestamped logging for Git scripts.
- Improvements
- Faster, more reliable Git flows with lock-based FSM orchestration.
- Consistent merge behavior that honors “keep working directory
changes.”
- Improved private key handling for SSH.
- Error Handling
- Clearer, granular Git error messages for metadata, FS ops, Redis
download, and cleanup.
- Documentation
- Updated Git route flow documentation.
- Tests
- Extensive unit tests covering routing, metadata checks, cleanup
gating, and key flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
**Before:**
The appsmith-ce release image contains CVE-2024-38821 critical
vulnerability.
<img width="1258" height="876" alt="Screenshot 2025-09-12 at 1 41 00 PM"
src="https://github.com/user-attachments/assets/6e5292c7-d073-4241-970d-511ab0533547"
/>
[cves_report_ce.json](https://github.com/user-attachments/files/22292789/cves_report_ce.json)
**After:**
The current DP image doesn't contain CVE-2024-38821 after removing pg
build from server.
<img width="1248" height="906" alt="Screenshot 2025-09-12 at 1 40 36 PM"
src="https://github.com/user-attachments/assets/d7d2c812-d6e5-4994-9c08-923e0302b415"
/>
[cves_41221.txt](https://github.com/user-attachments/files/22292798/cves_41221.txt)
Fixes CVE-2024-38821
## Automation
/ok-to-test tags="@tag.Sanity"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17725447283>
> Commit: 959d97e926357bfcd1e0aec32a9127be5b8df403
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17725447283&attempt=2"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Mon, 15 Sep 2025 08:39:53 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Removed PostgreSQL support from build artifacts; only the MongoDB
edition is produced going forward.
* Updated Docker validation to require only the MongoDB server jar;
error message reflects this change.
* Simplified artifact preparation by removing PostgreSQL image
extraction and related steps.
* Maintains existing exit-on-failure behavior; successful MongoDB paths
are unchanged.
* No changes to runtime behavior for MongoDB users.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes CVE-2025-48734
## Automation
/ok-to-test tags="@tag.Sanity"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17723760561>
> Commit: d71d66e99980b66d47ed0f29311a62f915b00caf
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17723760561&attempt=4"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Mon, 15 Sep 2025 08:40:18 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded the underlying input validation library to a newer version
across server components to incorporate upstream fixes and improvements.
* Improves overall stability and security with no expected changes to
user-facing behavior.
* Ensures continued compatibility with modern environments and reduces
maintenance risks.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
Adding responseMeta in query object even when the query fails so the
header request id can be used by the user, if needed.
Fixes [#8024](https://github.com/appsmithorg/appsmith-ee/issues/8024)
EE PR for tests: https://github.com/appsmithorg/appsmith-ee/pull/8149
## Automation
/ok-to-test tags="@tag.All"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17625800361>
> Commit: c3a972f13beeaef82774a8bddb28c89cf1f783f6
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17625800361&attempt=2"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Thu, 11 Sep 2025 06:23:42 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved error messages and details when plugin actions or triggers
fail, providing clearer context to diagnose issues.
* Surfaces underlying response data on errors (when available), enabling
more informative failure feedback in the UI.
* Ensures action state is updated consistently after failures (clears
loading and populates data/meta when present), preventing stale or
misleading states.
* Standardized error handling across related flows without changing
successful execution behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Git"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17473362736>
> Commit: 9bbf40be38011df0829473545833739e11d7b743
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17473362736&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Git`
> Spec:
> <hr>Thu, 04 Sep 2025 19:26:09 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Bug Fixes
- Improved reliability of Git-connected workflows by automatically
cleaning up dangling Git lock/index files before key operations,
reducing intermittent errors and stuck states across checkouts, branch
create/delete, commits, status, discard, and branch listing.
- Chores
- Made Git-in-memory detection more robust to avoid false positives when
the Git root path is missing or contains whitespace.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
CVE-2024-38821 is an authorization-bypass affecting Spring WebFlux apps
that apply non-permitAll rules to static resources. The fix for
CVE-2024-38821 is in Spring Security 6.3.4+.
[Ref](https://spring.io/security/cve-2024-38821)
Mitigation Strategy:
We are upgrading Spring Boot to 3.3.13 which officially manages Spring
Security versions. Spring Security 6.3.10 is well beyond the minimum
required 6.3.4+
### Verification
Verification Results:
1. Spring Security Version Check: ✅ SECURE
Current Version: Spring Security 6.3.10
Vulnerable Range: 6.3.0-6.3.3
Status: ✅ NOT VULNERABLE - Version 6.3.10 is well beyond the vulnerable
range
2. All Spring Security Components Verified: ✅ SECURE
✅ spring-security-web: 6.3.10
✅ spring-security-oauth2-client: 6.3.10
✅ spring-security-oauth2-core: 6.3.10
✅ spring-security-oauth2-jose: 6.3.10
✅ spring-security-config: 6.3.10
✅ spring-security-crypto: 6.3.10
✅ spring-security-test: 6.3.10
3. No Vulnerable Versions Detected: ✅ CLEAN
❌ No Spring Security 6.3.0-6.3.3 versions found
❌ No vulnerable Spring Security components detected
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Sanity"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17201170729>
> Commit: d588e5da0afe52b94730871b77ada4ab9b92c20e
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17201170729&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Mon, 25 Aug 2025 07:17:32 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded Spring Boot parent to 3.3.13 to improve stability,
compatibility, and maintenance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Updates the tooltip text for disabled environment switching to reference
"enterprise plan" instead of "business plan" to align with current
product terminology.
## Changes
- Added new `ENTERPRISE_EDITION_TEXT` constant in
`ce/constants/messages.ts`
- Updated `SwitchEnvironment` component to use the new enterprise text
constant
- Maintains backward compatibility by keeping the original
`BUSINESS_EDITION_TEXT` constant
## Files Changed
- `app/client/src/ce/constants/messages.ts` - Added new enterprise text
constant
- `app/client/src/ce/components/SwitchEnvironment/index.tsx` - Updated
tooltip to use enterprise terminology
## Testing
- [ ] Verify tooltip displays "enterprise plan" text when environment
switching is disabled
- [ ] Confirm tooltip link functionality remains unchanged
## Impact
This is a minor UI text update with no functional changes. Users will
now see consistent "enterprise plan" messaging in the environment switch
tooltip.
## Automation
/ok-to-test tags="@tag.Sanity"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/16900241210>
> Commit: a462cb0c2ddcd29b19e7adadf3de8fd5f5868e9f
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=16900241210&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Tue, 12 Aug 2025 06:34:15 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Updated tooltip messaging to display "enterprise plan" instead of
"business edition" in relevant user interface areas (environment
switcher and data-filter tooltips). This changes only the displayed plan
name in upgrade/locked-feature tooltips across the app. No changes to
feature availability or workflows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
Removing a line of code to fix extra space issue on Page with Fixed
height container once switched from a Page with Auto height container.
Also, manually tested out all issues from
[#19082](https://github.com/appsmithorg/appsmith/pull/19082) to confirm
nothing else breaks from the time these lines were added in the code.
Fixes [#41180](https://github.com/appsmithorg/appsmith/issues/41180)
## Automation
/ok-to-test tags="@tag.All"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17043252133>
> Commit: c8bde1226eed929dec92b1421a6167977486af97
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17043252133&attempt=2"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Mon, 18 Aug 2025 17:04:42 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved main container auto-height calculation to eliminate
unintended extra spacing, resulting in more accurate, content-driven
sizing.
* **Chores**
* Added diagnostic logging around main container size computation in
view mode to aid troubleshooting (no functional impact).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
Bitnami has deprecated the images we rely on by default in the chart. We
need to figure out how we adjust to this situation (and upgrade MongoDB
as well to get off the EOL version here). For now, use the bitnamilegacy
images.
see: https://github.com/bitnami/charts/issues/35256
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags=""
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* Chores
* Updated Helm chart to version 3.6.4.
* Switched default container image repositories for MongoDB and
PostgreSQL to bitnamilegacy while keeping the existing tags, improving
continuity with upstream changes.
* Cleaned up a deprecated MongoDB image configuration block to avoid
confusion in values configuration.
* These changes affect deployment configuration only and do not modify
application behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Git"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/16641904067>
> Commit: 83fbbcbcab702010f30a38cfe8b7f27c631e49f1
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=16641904067&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Git`
> Spec:
> <hr>Thu, 31 Jul 2025 07:34:44 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved error handling during artifact type identification from Git
repositories, ensuring more specific error messages and defaulting to
the application artifact type in certain file system error cases.
* Enhanced clarity of error messages when required metadata is missing
or incomplete.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
Reduced the cumulative contribution of isChildPropertyPath by
approximately 98%. During page load, it originally took around 100 ms
for a customer app on a Mac machine and is now down to 2 ms. As a
result, calculateSubTreeSortOrder has improved by 70% on the same setup.
Optimised sorting and removed redundant lookups in addNodes, which led
to marginal gains. This optimisation specifically targets a customer
scenario where addNodes and addDependantsOfNestedPropertyPaths are
heavily stressed, contributing to an overall latency of about 7 seconds.
Added additional logging to investigate the issue further.
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.All"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/16714192460>
> Commit: d6633bb07190c897a9a9d9563e606c4dd220fa55
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=16714192460&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Mon, 04 Aug 2025 05:57:55 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a new function to improve detection of child property paths
supporting both dot and bracket notation.
* **Refactor**
* Optimized internal logic for managing dependency sets and improved
node addition efficiency.
* Updated sorting method to accept arrays for better consistency.
* **Style**
* Enhanced code readability and maintainability with more concise
patterns.
* **Chores**
* Introduced performance timing and logging for key operations to aid in
monitoring and diagnostics.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
JSObjects and JSModuleInstance function paths were earlier skipped eval
when present in the eval order. In the [reactive
actions](https://github.com/appsmithorg/appsmith/pull/40963) PR this
check was removed and due to that JSModuleInstances function were
overriden in `evalContextCache` with it's uneval value. Due to which
during any eval where the JSModuleInstance function is present as a
binding, fails to evaluate
This PR reverts the check
Fixes https://github.com/appsmithorg/appsmith/issues/41146
## Automation
/ok-to-test tags="@tag.All"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/16665740260>
> Commit: 9a10adbc79bf5c2f2258b6dc4e013e4d66ac441d
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=16665740260&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Fri, 01 Aug 2025 05:00:23 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved evaluation process to prevent unintended evaluation of action
properties within JSObjects, resulting in more stable and predictable
behavior for users.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.All"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/16644871984>
> Commit: 99ae03dfd557096c7bb68a143a8ffc22ad4199ee
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=16644871984&attempt=2"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Thu, 31 Jul 2025 11:00:46 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated the Apache Commons Lang library to the latest version for
improved reliability.
* Updated internal imports to use the new library version.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
Git Cy test cleanup
Doc
https://www.notion.so/appsmith/Cypress-Git-Tests-Full-Migration-Plan-Technical-Migration-Document-21cfe271b0e2808e9bbfc52ff3f271d1?source=copy_link
Fixes https://github.com/appsmithorg/appsmith/issues/41116
## Automation
/ok-to-test tags="@tag.Git"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/16609928353>
> Commit: c44fe06457377789cee38114e809e7ce842a3870
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=16609928353&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Git`
> Spec:
> <hr>Wed, 30 Jul 2025 00:46:28 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated test intercepts and network request patterns to use new Git
API endpoint structures.
* Adjusted feature flag logic to enable a new Git API contracts flag for
relevant tests.
* Increased wait time for Git import operations to improve test
reliability.
* Refined and simplified test logic for Git discard, merge, and branch
operations.
* Added a new locator for pull count in Git sync UI tests.
* Removed deprecated or redundant assertions and UI checks in
Git-related tests.
* Skipped import tests for older app versions due to backend
compatibility issues.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
> [!TIP]
> _Add a TL;DR when the description is longer than 500 words or
extremely technical (helps the content, marketing, and DevRel team)._
>
> _Please also include relevant motivation and context. List any
dependencies that are required for this change. Add links to Notion,
Figma or any other documents that might be relevant to the PR._
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags=""
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Tests**
* Added a comprehensive test suite for Git operations, including
repository management, commits, branching, merging, tagging, resets, and
remote operations. These tests ensure reliability and correctness of Git
functionalities in the application.
* **Refactor**
* Updated the return type of a method related to Git repository handling
for improved type specificity. No changes to user-facing behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
Issue -
https://github.com/appsmithorg/appsmith-ee/security/dependabot/425
EE PR - https://github.com/appsmithorg/appsmith-ee/pull/8044
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Sanity"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/16617495337>
> Commit: 9b72ee1c230ed00894c744a3513b7343b5ed0ac5
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=16617495337&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Wed, 30 Jul 2025 09:16:44 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated internal package version resolutions to improve dependency
management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
issue -
https://github.com/appsmithorg/appsmith-ee/security/dependabot/426
EE PR - https://github.com/appsmithorg/appsmith-ee/pull/8036
Fixes #`Issue Number`
_or_
Fixes `Issue URL`
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.All"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/16595524174>
> Commit: 5482439dd45c41e12712ee131b87657f09fa5380
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=16595524174&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Tue, 29 Jul 2025 13:19:00 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated package resolutions to include a specific version of
"form-data" for improved dependency management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
Updating the logo in the app editor to use favicon instead
Fixes [#41134](https://github.com/appsmithorg/appsmith/issues/41134)
## Automation
/ok-to-test tags="@tag.Sanity"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!IMPORTANT]
> 🟣🟣🟣 Your tests are running.
> Tests running at:
<https://github.com/appsmithorg/appsmith/actions/runs/16591754385>
> Commit: 29ca67869963e9dbb9d684eeeb6713d865c6dd7f
> Workflow: `PR Automation test suite`
> Tags: `@tag.Sanity`
> Spec: ``
> <hr>Tue, 29 Jul 2025 09:11:02 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Updated the logo in the Appsmith link to display the organization's
favicon if available and different from the default, otherwise defaults
to the standard logo.
* **Bug Fixes**
* Increased the maximum allowed favicon size in branding settings from
32x32 to 48x48 pixels, with updated validation and messaging.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
