You are reading the documentation for an outdated Corteza release. 2023.9 is the latest stable Corteza release.


With Corteza 2022.3, we continue to improve system stability, security, performance, as well as introducing new setup and development quality-of-life improvements. In addition we introduce the new Corteza Discovery and Integration gateway profiler.

Corteza Discovery provides a powerful search engine to interact with your data with an intuitive user interface to search and, for some cases, visualize the data such as geographical metadata.

In order to enable Corteza Discovery you will need to configure your instance. Refer to the setup documentation for instructions

Corteza configuration UX improvements

To make Corteza Low Code app configuration process simpler, we introduce a few quality of life tweaks such as workflow step configuration preview tooltips, additional workflow help tooltips and labels, workflow step label suggestions, and delete strategy for pages with sub-pages.

In addition, we introduce the integration gateway route profiler to help you benchmark the system and help with automation troubleshooting and optimization.

Corteza deployment UX improvements

To simplify initial Corteza deployment troubleshooting steps, we introduce Corteza Server Web Console. The web console allows you to quickly access system logs, health checks, and other parameters you may need to debug a faulty instance.

The web console is most useful for scenarios where you may not have (or want to give) direct access to your servers.


Released on: 2022.11.08

  • Changed password constraints which saved their values as strings to save them as numbers. Additionally, the labels of the two fields were reworded to match the style of the other inputs in the password constraints section.. The change was made because the password constraints were saved as strings; with this change, the constraints will be saved as numbers. The change was made by '.number' was appended to the password constraint’s input model. (1b8e02c, 1d8eb4b, 9fd49e1, 53d8619, 651993b, 4c4f1df).

  • Fixed geometry values not being saved when changed manually in inputs.. The fix was made by by correctly detecting changes on the geometry value since it uses a more complex structure then the rest of the inputs. (1c220ec).

  • Fixed record export filter not interpolating placeholders such as ${userID} which lead to non functional exports.. The fix was made by by adding evaluation to the record export filter to correctly evaluate and interpolate placeholders. (ee123ea).

  • Fixed file uploads being rejected when specifying what MIME types are allowed or not. The issue occurred due to additional meta tags provided by the files or the underlying libraries.. The fix was made by by reworking how MIME types are validated by switching from comparing MIME type labels to a more robust library which was already used for detecting MIME types. (84e2ff1).

  • Fixed corredor server was crashing on startup due to nil pointer error.. The fix was made by by adding nil check for Vars methods so it does not cause any unexpected error, if nil value is used. (9ad5b36).

  • Fixed getting stuck on sign up page on error.. The fix was made by by redirecting back to sign up page with respective error message. (be1e035).

  • Fixed automation button resource translations not preserving between page refreshes. The issue was caused due to improper indexing as well as missing code to apply resource translations to record list selection buttons.. The fix was made by correcting resource translation indexing to start with 0 instead of 1 as well as adding missing code to correctly apply resource translations to record list selection buttons. (34827c5, 04eb3cd).


Released on: 2022-09-20

  • Added a button to stop the automation session execution (4bdf43b, 6f72928, 8bcb405, 8b7791, 132948, bc62f7). We also added the button on the workflow trigger steps (3363a37). We added the feature to allow the termination of long-running or unresponsive workflows.

  • General UI/UX changes:

    • Changed the colour of the record deleted alert from info to warning variant (88b6006).

    • Fixed the app selector overflow where the user interface cut off the application labels on One (997d799).

    • Tweaked the responsive layout on the Reporter web application where blocks would overlap on smaller screens (287ed67).

    • Added missing translations and general UI and layout tweaks.

  • Changed the password reset flow to no longer log out of the current user (f7d1015). We changed to improve UX when the user would change their password multiple times in a row or the Admin web application. Corteza no longer invalidates the access token if it belongs to the currently authenticated user who is resetting their password.

  • Changed the Low Code record toolbar interface to only apply the can delete record operation to the delete button (56b5b5c). We changed as it introduced unexpected behaviour when users weren’t allowed to delete records.

  • Fixed missing translations on dropdown fields for funnel and gauge charts by moving gauge labels to tooltips (11640e6) and tweaking translations to be applied on initial load (65ea532, 9af61fa).

  • Fixed possible step corruption and other issues with fork and join steps (2521ac9).

  • Fixed missing translations for automation buttons on record list by fixing them on Corteza server (a2cea1c) and Corteza Low Code (eee5b37).

  • Fixed problematic database state when upgrading from older 2021.9 versions due to NULL constraints (fe464c4). The issue was caused by adding a table upgrade for the scenarios column where it explicitly demanded the column should not be NULL and expressly stated that the default value is, in fact, NULL. The database migration now correctly sets the default value to a non-NULL value.

  • Fixed calendars always show the month view as the default view regardless of what was configured on the page block. This is fixed by correctly applying the provided configuration options instead of constant values (8e46baa).

  • Fixed toolbar system button translations are disappearing when reordering pages. Toolbar system button translations were lost when reorganizing page hierarchy. The browser caused the issue due to cache clearing (c88f3a0).

  • Fixed the Low Code record page from raising errors by removing the view button for record pages without a record (a256393).

  • Fixed record lists not properly refreshing when viewed in the page builder (564c0aa). The filters weren’t properly handled when evaluated from the page builder. When viewing the page, however, the filters were evaluated correctly.

  • Fixed a bug which prevented the roles from being unarchived (11dfd0a). We fixed the bug by correcting the lapsus in the state when updating roles.

  • Fixed Number module field number display is limited to 3 decimals. The Number field now correctly allows precision (e3a8ecd, e1b08bf) with the default on 3 decimals (0b2aa68).


Released on: 2022-07-27

  • Added a new option to the record list which forces the viewed records to be opened in a new tab instead of the current window. The feature was added to remove the need to navigate back and forth, re-apply filters when users are working on multiple records from a record list (25e7090, f7191e5, 98fc48e).

  • Added a new link to parent option to the Record module field which dictates wether the input value will be pre-filled with the parent’s record ID. The feature was added to allow some cases from not pre-populating the input, such as a module with a record field which points to itself (059ebf8, a79a852, 0e9de63).

  • Added support for resource translations on Low Code funnel and gauge charts. The feature allows the user to translate funnel and gauge chart step labels (9f61346).

  • Added Content-Type: text/javascript header to the config.js file served by Corteza server. The headers were added because when MIME sniffing was prevented, the web applications would stop working (1bdf2b5).

  • Added new .env AUTH_JWT_ALGORITHM option allowing you to configure what algorithm to use with your JWT tokens (480e70e, 8e42126).

  • The record list now waits for the filtering to finish before allowing further filtering. The change was made due to unexpected cases where filter A resulted after filter B so the record list showed data from filter A instead of B. The record list now waits for you to finish typing the query before fetching the data and locking the input (dea2d99).

  • Changed module field expressions to clear out the record value when the expression returns the value null. Previously, the field would show the zero-value for that type, such as 0 for Number field. The change was made to allow field expressions to clear out their values, useful for some specific cases (0bef905).

  • Changed the password reset policy to prevent users from re-using their old passwords. Previously, users could reset their current password to the same one as they’ve previously used, but now such a change is no linger allowed and caused the password reset to fail (b44024f)

  • General UI/UX changes; tweaked chart resource translation button sizes (255317a), remove console error about undefined module when creating a chart (482d971), fix record field multi delimiter (e7249fb)

  • Removed Boolean and Record fields when searching Corteza Low Code records using the search input box. The Boolean field was removed because the truthy/faulty evaluation produced too loose filters causing unexpected results. The Record field was removed because the values are searched using identifiers which caused confusion in some cases. You can use the field-specific filters to cover these two cases (dea2d99).

The API filtering still supports the same set of fields as it did previously. The exclusion was specific to Low Code record lists.

  • Removed the delete button on the create template user interface on the Admin web application. The button was removed because there is no need for it to be there since you can’t delete a not yet created template (b72bdd0).

  • Fixed the workflow expression editor modal discarding the changes when saving using the cmd+s shortcut. The cmd+s shortcut is now disabled when an expression editor modal window is opened (0803d25).

  • Fixed the trigger path change notification not disappearing when reverting using the cmd+z shortcut. The trigger path change logic now properly evaluates the cmd+z and cmd+y shortcuts (a43e106).

  • Fixed improper multi-value module field handling in Corteza Reporter tables. Previously, the multi-value field would cause the row to duplicate, but now it is shown as one where the values use the same multi-value delimiter as configured in the module field (d65a767).

  • Fixed RBAC rule provisioning issue where the rule migration attempted to create a duplicated RBAC rule entry. The migration step now skips any RBAC rules which would cause a duplicate error when migrated (1f657b3).

  • Fixed broken backwards compatibility for the workflow compose record delete function. A prior bug-fix introduced additional lookup parameters which were set as required, causing the old scenario where an actual Compose Record was provided to no longer work. The compose record delete function’s namespace and module arguments are no longer required but are enforced in the background logic (378d0f2).

  • Fixed improper password constraint validation where the input boxes didn’t properly validate some edge cases. The minimum password length is now limited to minimum of 8 characters and the other properties no longer allow negative values (192bc08, e0f912b, 9b424a6).

  • Fixed improper calendar Low Code page block responsiveness which caused it to appear cropped when it was added. The bug was fixed by manually tweaking the calendar’s elements for layout changes (cf66f22).

  • Fixed Low Code charts not showing any data when the ${record} or ${recordID} pre-filter variables were used. The issue was caused because records were incorrectly resolved and not available in time (ec33de1).

  • Fixed Record field’s options when using a nested Record field where data is duplicated. The fix now correctly resolves duplicated records and correctly displays option labels (b954f59).

  • Fixed record list’s display where only one column is shown. The issue was resolved by adjusting the columns for the "metadata" (the checkbox and the action buttons) (2671c5d)

  • Fixed record page preview when accessing without a record. The page no longer infinitely loads and generally prevents access if there is no record (21c4f04, 924934e).

  • Fixed a visual bug with multi-value Record fields where the last selected record would be shown as the placeholder even if removed from the list of selected records. The fix now opts out of using the last selected record as the placeholder but falls back to a generic label (491bc19).

  • Fixed a display error for report tables when a joined data source provided no data. The table column now properly handles this edge-cases and constructs the table appropriately (953556a)

  • Fixed an error when trying to mark a role as contextual. The error was caused by an invalid internal state and is now resolved (b14e4e7)

  • Fixed failing index creation for Corteza Discovery caused by an unsupported data type. The fix changes the used data type for the cases which caused the index to fail. The error was caused by identifier indexes such as module ID, namespace ID, and record ID (25ebf75)

  • Fixed invalid time produced by the Date Time field when time, past/future, and relative output options were selected. The date-time logic now properly handles this option combination and properly handles the value (a4bbbab).

  • Fix improper resource translations for Low Code charts when looking up specific charts (b8ad97e), module fields when looking up specific modules (5ccd682)

  • Fixed improper record list and chart pre-filter evaluation which caused a pre-filter with ${recordID} to display no data when creating new records (6da48a0)

  • Fixed invalid counter when exporting records from a record list (d837e9e).

  • Added SonarQube GitHub build action to Corteza server (5999c70).


Released on: 2022-06-15

  • Added support for workflow prompts to Corteza One and Admin web applications (Low Code already supports prompts). Some web applications don’t show certain prompt types such as "redirect to record page" (#76e4410, #c74fe70, #f95d26f, 6e835bc, #c62f9fe, #2909ca3).

  • Added a print layout to assist with print to PDF browser features. This feature helps produce nicer output PDF document without the unneeded UI navigation and other resource management elements (#ed8ee8b, #d980c0b, #c71e1f0, #f005b62, d582560).

  • Added support for provisioning JSON system setting values when running the provisioning step. The support was added to allow provision YAML files configure record toolbar button visibility (#05b97ee). An example of this would be compose.ui.record-toolbar: { "hideBack": true }.

  • Changed Low Code user interface UX by adding spinners to indicate data loading (#11c7cf8), changing calendar event cursor to pointer (#75cc346), added additional exceptions for record list sorting and filtering to avoid strange behavior (#70c6277, #6826d19), added a small delay when processing Record fields (#b6e722d).

  • Changed chart font family to Poppins-Regular to make them consistent with the rest of the Corteza design (#0349363).

  • Changed user authentication session and access token logic as well as updating corresponding .env variables and their descriptions (#7f84994). Changed the authentication session and corresponding cookie to expire on session end when using "log in", and after the specified lifetime when using "login and remember me" (#5fd5b93). Changed the "login and remember me" button to not show if the AUTH_SESSION_PERM_LIFETIME .env variable is set to 0 (disabling the feature) (#ad53ea9).

  • Changed the Corteza Low Code sidebar to show the link to all namespaces at the top of the dropdown. This change allows the link to be visible even with many namespaces present (#15ca4000).

  • Changed and standardized name and handle input value validation across all web apps. The change was made to provide a more consistent user experience across Corteza web applications. The inputs now properly display if the provided value is a valid name/handle or not (#e3bbec7, #cae73df, #1b1d165).

  • Changed the module field kinds to be sorted alphabetically when editing the module. The change was made to provide a more consistent user experience when configuring Low Code modules (#8378e73).

  • Removed the AUTH_JWT_EXPIRY .env variable because it is replaced by the AUTH_OAUTH2_ACCESS_TOKEN_LIFETIME .env variable (#e626bcd).

  • Fixed broken Low Code module export which caused Record fields to become unconfigurable after the module was imported (#1219112).

  • Fixed invalid RBAC rule migration where a rule could use wildcards between resource IDs (invalid state). A new migration step attempts to correct the broken RBAC rules (563a73c6).

  • Fixed improper workflow prompt handling when user has multiple Corteza instances (tabs) open at the same time. Corteza web applications improved communication on what prompts are already resolved and where the prompts should be shown (#40e5416).

  • Fixed improper number and text setting value decoding by covering edge-cases (#ced2daf).

  • Fixed invalid valid JSONL files being rejected when importing records by adding additional fallback content-type checks to the preprocessing logic (#f726d3f).

  • Fixed improper record access control rule migration due to invalid paging (#b6d13d9).

  • Fixed infinite loop webconsole alerts when offline (#d8e57b1).

  • Fixed improper Federation URI node generation by including the API base URL (#798c31e).

  • Fixed system healthcheck panic when Corredor connection is not available (#2ff1108).

  • Fixed broken module field value expressions where the old record reference was used. The issue occurred because the value was never provided (#7135903).

  • Fixed improper credential validation on user registration causing the user to be created even when invalid credentials (mainly the password) was provided. The fix moves the password validation step to the earlier stage of the sign up flow (#c1500df).

  • Fixed improper record count for grouped reports where multi-value fields are involved. The fix, for some cases, omits duplicate values (#416a7ec).

  • Fixed page blocks resetting to their default positions when the changes are saved (#efe24c3).

  • Fixed improper resource translation user interface content parsing which caused some of the paste events to clear out the contents or block the editor (#6a195df)

  • Fixed and assured that multi-value delimiters are properly displayed when viewing the record value (#a211af6)

  • Fixed duplicate resource translations when exporting the Low Code namespace. The fix applies extra pre-processing and validations before the resource translations are outputted to the archive (#dcef397).

  • Fixed custom field validation error messages not showing based on the user’s language. The value validator now utilizes i18n capabilities to provide appropriate error messages (#f9e9433).

  • Fixed improper RBAC rule correction migration procedure caused by an unrestricted data fetch overloading the database. The procedure now gradually fetches the required data thus avoiding the issue (#f310442).

  • Fixed failed workflow prompts from not being dismissible (#ff3d0e6).

  • Including the web console bundle into the built corteza-server (#54fffd0).

  • Defined a new resource utility structure which helps improve operation performance by performing smarter indexing strategies. The structure was applied to current RBAC access control service, the RBAC rule export and resource translations export services (#0466ffe, #e7c1fe1, #a68ddf1, #aef3171).


Released on: 2022-05-18

  • Added an empty check for module field name validation (d3c33a6).

  • Added more descriptive tab titles based on what page the user is currently on (d6bb352, a7f36e5).

  • Added record list filter preservation in the local browser storage (52ff728, bc2dd98). Note that the saved filters are only available on the browser they were saved in.

  • Changed static translations for Low Code modules (5efb7c9) and integration gateway filters (98f8e4b).

  • Changed resource configuration input states to be more consistent (2ef02c5).

  • Changed date-time record filter format template to ignore seconds (fc2eab1, 07c409e).

  • Changed resource activity log store definitions to be more restrictive and less flexible (e7ed1d8).

  • Changed record module fields to show a user-friendly label of the nested user field instead of the user ID (0d4d74b).

  • Changed chart configuration by hiding the "add metric" button when no module is selected (a3177bc).

  • Fixed queue search on the Admin web application (98a5d95, e6a0b0f).

  • Fixed integration gateway route search on the Admin web application (f821dd8, 5ddddf8).

  • Fixed broken resource translation migration when the related resource was deleted (1786eda).

  • Fixed chart configuration’s improper error handling (d4bf472) and improper state handling when a new chart was created (41b0a15).

  • Fixed improper resource translation handling for Low Code module field’s hint and description properties. The two properties were flipped (q7fbaf94, 1c6b793), incorrectly removed from resource translations when removed in the field configuration popup (d4c9243), and not reflected on the web application (18de72f).

  • Fixed charts failing to load in cases of incorrect state management (629d306).

  • Fixed record list filter not resetting when deleting filter rows (00b491d).

  • Fixed improper authentication scenarios loading when running the in development mode (d280fc7).

  • Fixed improper refresh token expiration. When new refresh tokens got issued they did not adjust the expiration timestamps (e7d3df1).

  • Fixed new Low Code record pages failing to load due to missing button definitions (b135287).

  • Fixed item selection lists (primarily module fields) where the item would get duplicated (9a33368).

  • Fixed the system crashing once user attempts to exchange invalid credentials by redirecting them to the login page (0c49832e).

  • Fixed improper peer-closed connection error handling which needlessly spammed error tracking systems (ab248fe1).


Released on: 2022-04-20

  • Added deleted resources to Discovery indexing and searching (09d69f124)

  • Added JWT token duration option to the CLI command (679af2f55).

  • Added additional Geometry field configuration options such as default zoom-level (a8534ed, b7ab3e47, 97d1aed3, 98cf01b8).

  • Added processing indicator to record organizer for improved UX (0e85fbca).

  • Added support for translating system Low Code module fields (623adaf3).

  • Added persistent storage to record list filters allowing you to reuse previously used filters (e18267fd).

  • Added Discovery web application to the make webapp make command

  • Added pagination to search responses improving web application performance for large responses (e046f12, 7cb2d64)

  • General UI/UX improvements on Corteza Low Code, Corteza Admin, Corteza One, and Corteza Workflow.

  • Changed Low Code deletion to also remove the related record page 0ceade66

  • Fixed File upload for CSV files where the server incorrectly detected the MimeType 195c2bb13

  • Fixed invalid workflow resource iterator management where larger datasets crashed execution due to improper resource limitation implementation (0792c0a17).

  • Fixed improper workflow execution tracing where the workflow execution logic ignored the workflow trace parameter (41667a7da).

  • Fixed data race errors for pkg/locale (345050990), pkg/corredor healthcheck (a797c847b), pkg/healtcheck (662f5155b), WebSockets (e8cd7d37d), and pkg/scheduler (4a75778c1).

  • Fixed time transformation expression functions erroring out when valid string encoded time values were used (5b40f7875).

  • Fixed memory leak errors causing performance degradation on WebSockets (c64116fc8), content sanitization (9346b5702), Workflow loading (fa614c7ac), and expression processing (adee67f6b).

  • Fixed workflow attachment uploading for all supported types (Reader, Bytes, and String) (6fd2288df).

  • Fixed prompt duplication by preventing prompts from being resent over web sockets (SERVER_COMMIT_BASE)9c0026462[9c0026462].

  • Fixed Workflow HTTP request function basic authentication header preparation 2898e1b8c

  • Fixed CInputDateTime responsiveness (b0c6422).

  • Fixed CSidebarNavItems behavior (7c7b708).

  • Fixed missing report page block display elements (1625d1fc)

  • Fix Low Code failing to load due to read-only parameter assignment (ce5cd504).

  • Fixed system field translations in record page blocks (fa7e6808).

  • Fixed overflowing record list notification indicating there are no records to show (12b9fc7f).

  • Fixed inline record list saving (f54452c7).

  • Fixed system fields not appearing in record page blocks (de874a8b).

  • Fixed record list footer overflowing page block (9cb2d923)

  • Fixed field expression documentation link (301a1de8).

  • Fixed dropdown selects overflowing the screen (8e37e2b8).

  • Fixed feed indexing for deleted resources (f5cfb6c).

  • Improved E2E testing by adding data-test-id tags to specific UI components (56af630c0, 3bb8fe59).


Released on: 2022-03-30

  • Changed auth templates to use general assets (43ddaf1e5).

  • Changed packages to use the more recent versions, more notably jwx goth, and jwt (6eda39f3a) as well as switching to go 1.17 (2d90fe4e9).

  • Changed onTimestamp workflow triggers to use the new date time component (e18230b).

  • Changed the expression workflow step to show the add button on the bottom of the list rather then on top (b16cb39).

  • Changed the workflow step configurator sidebar to use faster transitions for nicer user experience (642d3e2).

  • Changed the workflow error and delay steps to use expressions instead of constant values (5754544, 9ad29f7).

  • Changed the reports to display users with a user-friendly identifier (name, email, …​) instead of the system user ID (506a92d2c, ac6e7332a).

  • Changed the stack trace log level to "dpanic" (3f7755cd0).

  • Changed PageBuilder positioning to avoid toolbar with icons appearing below the Block’s title and description (667a9b0).

  • Changed the Low Code record list by defining a default limit and a maximum limit to prevent the server from getting overwhelmed (9e5fd42d4).

  • Changed the Low Code admin panel side navigation to show the resources in a tree representation for easier overview and access (14968080, 81e1c340, 8262db5).

  • Changed user display to fall back to user handle before the user ID (d1238b1).

  • Changed Low Code expression reference to redirect to the documentation (67834a52).

  • Changed inline record list editing to work on list pages instead of only record pages (6d070b62).

  • Changed the Integration Gateway request processing using automation workflows by defining more flexible interfaces to access the data (#324, 460646d45).

  • General UI changes (1b33bad3, c6bf400b, 31d33048, 1c0ec5ae, ab987f3d, feed8f0, 4f0e67b), tweaked responsive design (e7cfa97c), hiding/disabling buttons when they shouldn’t be available (36195451, 59c797b8), changed visual assets (f5b09bf5, 5c72c30).

  • Changed the action log layout to match other log lists (f96062e).

  • Changed funnel charts to be more configurable (dd28baec, 4d0eafb).

  • Fixed SQLite data loss caused by mid-use session disconnect (23c7f357f).

  • Fixed invalid session lifetime when a user signs up; was set to zero (f53463a32).

  • Fixed external authentication provider removal issues (74b3ddf94).

  • Fixed improper user-id claim parsing (6c7d89a92).

  • Fixed exported auth asset serving for non-development modes (dfe19c4c3).

  • Fixed overflowing workflow step labels (e424627).

  • Fixed premature workflow execution termination caused by parallel delay steps (4fd0ddfaa).

  • Fixed improper workflow event management by manually removing event listeners (deb301f), properly destroying instances (a192b4a), and making the ctrl+s key binding work more reliably (faa25d1).

  • Fixed workflow configurator side panel not allowing to open paths (8e0148f).

  • Fixed improper actionlog metadata type encoding/decoding (e833796aa).

  • Fixed invalid system configuration procedure where default settings potentially got omitted (7fd719364).

  • Fixed system panic caused by websockets (f76b94e74).

  • Fixed report name conflicts with system values (ab8668955) and missing values on the PostgreSQL database (cd15f3eaf).

  • Fixed reporter including deleted namespaces in report output (908008eba).

  • Fixed display elements not rendering when switching between different reports (24d163a).

  • Fixed missing locale HTTP headers when making requests from the reporter web application (8215602).

  • Fixed reporter table display element raising errors if no data is available (d2b0ad0).

  • Fixed missing module field resource translations (e9dfe8254).

  • Fixed improper empty resource translation handling by soft-deleting the value instead of omitting the change (631811929).

  • Fixed improper resource translation updating and handling for Low Code pages and modules (c24d7160).

  • Fix the number of records to be exported in ExporterModal (8f5f2c3).

  • Fixed Right-To-Left detection to work based on current user language (30cc4eb7, c882464).

  • Fixed filtering for time and date only DateTime fields (a755b984, 6ab98c52, a755b984).

  • Fixed automation button removal for unconfigured buttons in the record list page block configurator (7a7307b6).

  • Fixed record organizer, changed prefilter evaluation (74b047de, 2ea20d86) and added additional record source evaluation (5cbefcb8).

  • Fixed record list filtering by properly handling Boolean values (43a1d3cf), added missing system fields (67e7f4fa, 7cae2b0b), tweaked internal logic (f11def50, 751c589b), fixing improper field kind handling (1082cf73), and adding a fallback to the equality operator (b5ee8752).

  • Fixed settings not applying when they are updated and saved (7f5eebe).

  • Fixed timeout issues in http request workflow function (6620b6ea).

  • Fixed queue name matching on workflow onMessage event (465e8ffe).

  • Replaced dgrijalva/jwt-go with lestrrat-go/jwx, refactored the JWT handling implementation (59ec77e20, 46675080f), token issuer (6c3bef075), and moved token validation to earlier stages (53dd7cc29) for a safer, more robust and configurable implementation.

  • Added token validation and identity decoding for websockets (f9c8066e2).

  • Added missing roles to impersonated user JWT tokens (ab805f007).

  • Tweaked CORS settings (9fe21dd8c).

  • Added sanitization for workflow labels to avoid potential XSS (82d8f23).