You are reading the documentation for an outdated Corteza release. 2023.9 is the latest stable Corteza release.


The format is based on Keep a Changelog, and this project adheres to Calendar Versioning.


Corteza 2021.3 improves the stability and security of the system; and a lot of new features including a visual automation builder (Corteza Workflow), support template management and rendering. Corteza also introduces an authentication server that conforms to the OAuth2 protocol, which increases security and increases flexibility when it comes to authentication options.

  • Authentication changed to the OAuth2 standard, and any authentication logic relying on the previous versions will no longer work.

  • The Corredor server is now disabled by default. Set the CORREDOR_ENABLED=true in your .env file if you wish to have it enabled.

  • Corteza Messaging is now deprecated and removed.


Released on: 2021-10-07

Contributors: Katrin Yordanova (GH), Vivek Patel (GH), Jože Fortun (GH), Denis Arh (GH), Tomaž Jerman (GH)

  • Added the invoker and runner credentials in the initial workflow scope (687d98a6).

  • Improved record value access expressions when no record value is provided. The check if the values property is present is no longer needed (47706610).

  • Added the missing selected workflow scope variable which defines the selected records (64821e76).

  • Fixed improper boolean record value to workflow variable casting (47706610).

  • Fixed workflow trigger loading access control issues (c0024b0f).

  • Fixed pointer errors for the count expression when used within workflows (9ce01d2d).

  • Fixed expressions duplicating record values for multi value module fields (53ebbe0a).

  • Fixed improper workflow automation button removal (4f98192e).

  • Fixed record duplication when filtering over multi value fields (ea2aa53b).

  • Fixed invalid encoding of selected module fields when exporting pages (3eaa56f3).

  • Fixed duplicated page block description (57e860e0).

  • Fixed User field editor (bbe276ca, ea75a2fb).

  • Fixed broken Corredor alerts due to the internal redesign (b6997af2).

  • Fixed improper record page back button redirect (4a8db556).

  • Fixed improper actionlog type casting which resulted in broken log messages when the front-end technology stack was unable to parse the values (9483b16b).


Released on: 2021-09-15

Contributors: sgg-adraynrion (GH), Jože Fortun (GH), Vivek Patel (GH), Tomaž Jerman (GH)

  • Updated count expr function, will return length if executed with only one input


  • Workflow execution stacktrace may not completely respect the order of the workflow execution.

Released on: 2021-08-24

Contributors: Vivek Patel (GH), Tomaž Jerman (GH), Jože Fortun (GH), Denis Arh (GH)

  • Added the ability to enable split login form (1st step email, 2nd step password)

  • Added random and additional date manipulation expression functions (#238)

  • Added workflow support for messagebus/queue capabilities

  • Added workflow functions for role membership management

  • Added a deleted indicator when viewing a deleted workflow

  • Changed handling of default auth clients to restrict most modifications.

  • Minor UI/UX webapp changes and improvements

  • Skipped IdP due to invalid checks

  • Fixed workflow execution stack trace log order for most scenarios (see upgrade notes).

  • Fixed deferred workflow execution; addressed data races and general access control issues

  • Triggering of deleted workflows (#198)

  • Reworked default record value logic to make it easier to work with from web applications

  • Expression function parameter and return value casting for string functions

  • Nil pointer panics in auth and document rendering

  • Fixed invalid template handle validation

  • Fixed improper newline encoding in envoy exported documents


Released on: 2021-07-20

Contributors: Denis Arh (GH)

  • Fixed corteza-vue NPM package build (it used 2021.9.x instead of 2021.3.x)

  • Fixed system user creation through workflows


  • Corteza 2021.3.9 included an incorrect build of internal libraries, which may break specific features. The issue is resolved with 2021.3.10

Released on: 2021-07-14

Contributors: Tomaž Jerman (GH), Denis Arh (GH), Peter Grlica (GH), Vivek Patel (GH)

  • Refactored parts of the workflow execution logic and state management to improve execution stability and avoid infinite resource locking

  • Fixed external authentication provider registration

  • Fixed broken $authUser and $authToken in internal Corteza libraries


Released on: 2021-07-06

Contributors: Jože Fortun (GH), Tomaž Jerman (GH), Denis Arh (GH), Peter Grlica (GH)

  • Added throttling for record manipulation api calls

  • Refactored parts of Workflow setup and workflow execution logic to resolve data race conditions

  • Fixed improper workflow execution handler closure state management that overwrote the security context

  • Fixed Workflow configurator edge-cases where workflows were unable to be saved

  • Fixed onInterval and onTimestamp constraint configuration

  • fixed XSS sanitization on text fields


  • The Corredor workflow step is now disabled if the Corredor server is not enabled. If a Corredor workflow step is already in the workflow, but the Corredor server is not enabled, the workflow will now throw an error.

  • The "change the order in which the workflow and its triggers are saved to conform with the back-end logic" introduces edge cases where some workflows were unable to be updated. The issue is resolved with 2021.3.8.

Released on: 2021-06-22

Contributors: Vivek Patel (GH), Jože Fortun (GH), Tomaž Jerman (GH)

  • Added validation for Corredor workflow steps.

  • Change Record and User module field state management to better support dynamic prefilters

  • Rework the auth plugin to selectively clear the localStorage instead of clearing the whole thing

  • Fixed record updating for modules with deleted fields

  • Fixed record value validation for required, forbidden fields

  • Fixed improper handling of read-only module fields with default values

  • Fixed module and chart timestamp sorting

  • Improved record value manipulation from inside workflows

  • Fixed invalid input state for deferred trigger configuration (timestamp and interval)

  • Change the order in which the workflow and its triggers are saved to conform with the back-end logic

  • Add missing invoker when executing client-scripts

  • General system security improvements


Released on: 2021-06-07

Contributors: Tomaž Jerman (GH), Vivek Patel (GH), Jože Fortun (GH)

  • Fixed improper module field default value validation when combined with required fields

  • Fix pre-filter processing for User module fields

  • Temporarily removed the change regarding "fixed ComposeRecord filtering with multi-value fields"


  • The "fixed ComposeRecord filtering with multi-value fields" introduced some additional edge-cases which prevent the record search from working. 2021.3.6 temporary reverts the change until it is addressed properly.

Released on: 2021-05-25

Contributors: Vivek Patel (GH), Tomaž Jerman (GH), Jože Fortun (GH), Peter Grlica (GH), Denis Arh (GH)

  • Added additional workflow functions to support KV and KV-like manipulations

  • Added toast translations for federation notifications

  • Fixed improper logout handling, which preserved some tokens

  • Fixed federation structure sync (added a response wrapper to API response)

  • Fixed ComposeRecord filtering with multi-value fields

  • Fixed improper try-catch workflow step handling that prematurely terminated the workflow execution

  • Fixed improper workflow pre-run validations that cycled the execution procedure

  • Fixed Corredor helpers to properly use ListResponse


  • The workflow call stack size is now limited to 16 by default and can be overwritten via the WORKFLOW_CALL_STACK_SIZE .env variable. The call stack limitation prevents implicit workflow invocations from running infinitely.

Released on: 2021-05-14

Contributors: Vivek Patel (GH), Tomaž Jerman (GH), Jože Fortun (GH), Mia Arh (GH), Denis Arh (GH)

  • Added a failsafe that prevents infinite workflow executions due to implicit invocations

  • Added support for removing SCIM role/group members

  • Added a Corteza Admin screen to set the impersonating user for auth clients using client_credentials grant type

  • Hide document preview options for document types where a render driver is not available (such as PDF)

  • Fixed workflows not rendering properly after a save

  • Improved workflow import error reporting

  • Improve integration between workflows and Corredor server

  • Fixed session lifetime when doing external authentication

  • Fixed error handling in Low Code namespace editor

  • Fixed the CSV size limitation issue when importing ComposeRecords


Released on: 2021-04-29

Contributors: Jože Fortun (GH)

  • Added support for copy/pasting across different workflows

  • Added support for workflow import & export


Released on: 2021-04-20

Contributors: Jože Fortun (GH), Denis Arh (GH)

  • Added session screen on the Corteza Admin to monitor workflow execution and their status

  • Added support for custom initial scope when testing workflows

  • Fixed Low Code module configurator field picker bug, where double click didn’t add the field

  • Fixed Low Code module fields not respecting their configured order

  • Fixed excessive redirects for authentication procedures


  • To apply the CRM extension changes, re-provision or import corteza-(server GH)blob/2021.3.x/provision/700_crm/1600_workflows.yaml[this] through the CLI.

Released on: 2021-04-14

Contributors: Tomaž Jerman (GH), Jože Fortun (GH), Mia Arh (GH), Denis Arh (GH)

  • Improve the authentication flow by keeping the user on the same page when possible

  • Moved automation scripts under the Automation section in the admin panel

  • Workflow swimlanes now need to be double clicked to open the configurator

  • The Workflow testing overlay is now automatically removed when the workflow changes

  • Improved the Ctrl/CMD + S keybinding in the Workflow editor to improve UX

  • Tweaked the new workflow creation flow

  • Fixed envoy ComposeRecord resource self and cross-referencing

  • Fixed provisioning of auth clients

  • Fixed improper one dimensional page block rescaling on Low Code page builder

  • Fixed bug where record selector default options were not displayed if query existed

  • Prevent the workflow steps to reuse step identifiers

  • Fixed workflow test tooltip display and content

  • Fixed Corteza CRM workflow bugs and typos


Released on: 2021-04-04

Contributors: Jože Fortun (GH), Tomaž Jerman (GH), Denis Arh (GH), Mia Arh (GH), Peter Grlica (GH)

  • Added support for low-code/no-code automation via Workflow

  • Introduced an authorization server with support for authorization code and client credential OAuth2 flows

  • Added support for document template management and rendering (HTML and PDF)

  • Added support for file encoding via envoy

  • Compose record federation now supports the Activity Stream protocol

  • Upgraded Go version to 1.16

  • Reworked system asset embedding with //go:embed

  • Codebase cleanup and removed the With(ctx) anti-pattern

  • Reworked Low Code record export using envoy

  • Changed Corredor server to be disabled by default due to the introduction of Workflow

  • Removed Corteza Messaging (web application and API endpoints)

  • Removed the authentication web application

  • Removed legacy authentication endpoints

  • Pagination & sorting fixes

  • Fixed UserBeforeUpdate/UserBeforeDelete event bus events

Older releases

Refer to the archive for older Corteza releases.