⚠️ Potential Breaking Changes

Changed license to MSCL-1.0-GPL (#27417)

• Breaking Change: Relicensed from BUSL-1.1 to MSCL-1.0-GPL (Monospace Sustainable Core License, Version 1.0).

Changed the default of IP_TRUST_PROXY from true to false to harden the default deployment against IP spoofing. (#27607)

• The IP_TRUST_PROXY default was changed from true to false. If you run Directus behind a reverse proxy and rely on X-Forwarded-For (or similar) headers for client IP resolution, you must now explicitly set IP_TRUST_PROXY to true or a more specific trust configuration.

Fixed health check results not being shared in multi-instance settings. Restricted /server/health to authenticated users (#27160)

• Health checks are cached by default and shared across multi-instance deployments
  • /server/health will return 404 for unauthenticated requests, use /server/ping for liveness checks
  • cache, rateLimiter and rateLimiterGlobal health checks have been replaced by a generic redis check using the redis: prefix

Introduced VERSION_KEY_ constants and renamed main to published @alvarosabu (#27397)*

• Backward Compatibility: You can now use ?version=published to resolve versions of the main item(s) via the version query parameter. For backward compatibility, ?version=main will continue to work.

Replaced status field with archived boolean in collection settings @alvarosabu (#27397)

• Backward Compatibility: Existing collections with string-based status fields continue to work unchanged; newly created collections now default to a boolean "Archived" field instead of the string "Status" field

Deprecated the VResizeable component @formfcw (#27437)

• Deprecation for extensions: The globally registered VResizeable component has been deprecated. Extension authors using <v-resizeable> should migrate to @directus/vue-split-panel or their own implementation.

Updated type system, borders, and theme variables @formfcw (#27437)

• Potential breaking change for theme extensions: headerShadow and sidebarShadow removed from LayoutConfig interface
• Potential breaking change for theme extensions: boxShadow removed from header theme rules schema
• Potential breaking change for theme extensions: sidebarShadow no longer exposed in layout wrapper state

Updated module navigation bar spacing and styling @HZooly (#27437)

• Potential breaking change in theme extensions: Removed navigation.project.borderColor / navigation.project.borderWidth / navigation.project.background from theming. No action is required — these props will simply no longer have any effect.

Locked published items in versioned collections from editing and added a header action button to edit in the draft version @alvarosabu (#27397)

• Breaking change — new behavior for versioned collections Published items in versioned collections are now locked. Edits must be made through the draft version.

Removed rounded buttons and adopted shared header action button across all views @formfcw (#27437)

• Potential breaking change for extensions: The rounded prop has been removed from v-button. Extensions using rounded will still render correctly but buttons will appear as rounded rectangles instead of circles. No functional impact.

Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437)

• Potential breaking change for theme extensions: The theme properties navigation.background, navigation.backgroundAccent, navigation.borderWidth, navigation.borderColor, header.background, header.borderWidth, and header.borderColor have been removed and replaced by shell.background, shell.backgroundAccent, shell.borderWidth, and shell.borderColor.
• Potential breaking change for theme extensions: Custom themes overriding any of these removed properties must migrate to the new shell scope. The corresponding CSS variables change from --theme--navigation--background, --theme--navigation--background-accent, --theme--navigation--border-*, --theme--header--background, and --theme--header--border-* to --theme--shell--background, --theme--shell--background-accent, and --theme--shell--border-*.

Removed the extra confirmation step from the publish flow @alvarosabu (#27487)

• Breaking change — new publish flow: Publishing a version no longer shows an additional confirmation dialog after confirming changes in the comparison modal. The item is published directly once the changes are confirmed.

Updated sidebar styles @formfcw (#27437)

• Potential breaking change for theme extensions: Removed section.toggle.borderWidth / section.toggle.borderColor in favor of section-level border tokens. No action is required — these props will simply no longer have any effect.
• Potential breaking change for theme extensions: Removed sidebarShadow and headerShadow from defineLayout(). No action is required — these props will simply no longer have any effect.

Refactored focus ring from border/box-shadow to outline @formfcw (#27437)

• Potential breaking change for theme extensions: borderColorFocus, boxShadowHover, and boxShadowFocus are removed from the theme schema — custom themes referencing these will lose their focus overrides silently
• Potential breaking change for interface extensions that relied on --theme--form--field--input--border-color-focus or --theme--form--field--input--box-shadow-focus CSS variables will need to migrate to --theme--form--field--input--focus-ring-color

Updated header bar elements and deprecated the headline slot @formfcw (#27437)

• Deprecation for extensions: The headline slot on the private view header bar has been deprecated. Existing content keeps rendering, but consumers using <template #headline> will now see a deprecation hint from Volar.

• @directus/app

  • Locked published items in versioned collections from editing and added a header action button to edit in the draft version @alvarosabu (#27397 by @formfcw)
  • Removed rounded buttons and adopted shared header action button across all views @formfcw (#27437 by @formfcw)
  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
  • Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437 by @formfcw)
  • Removed the extra confirmation step from the publish flow @alvarosabu (#27487 by @alvarosabu)

• @directus/api

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)
  • Fixed health check results not being shared in multi-instance settings. Restricted /server/health to authenticated users (#27160 by @ComfortablyCoding)

• @directus/themes

  • Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)

  • Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437 by @formfcw)

  • Updated sidebar styles @formfcw (#27437 by @formfcw)

  • Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)

    :::notice

    • Deprecation for extensions: The globally registered v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.
    • Deprecation for extensions: On v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering — actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.
    • Potential Breaking change for theme extensions: The theme properties header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.

    :::

• @directus/types

  • Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)

  • Updated header and navigation bar base design and merged their theme properties into a new shell scope @formfcw (#27437 by @formfcw)

  • Updated sidebar styles @formfcw (#27437 by @formfcw)

  • Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)

    :::notice

    • Deprecation for extensions: The globally registered v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.
    • Deprecation for extensions: On v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering — actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.
    • Potential Breaking change for theme extensions: The theme properties header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.

    :::

• @directus/extensions

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/extensions-registry

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/extensions-sdk

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/format-title

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/memory

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/pressure

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/release-notes-generator

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/update-check

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/validation

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/schema

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/schema-builder

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/specs

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/storage

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/storage-driver-cloudinary

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/storage-driver-supabase

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/storage-driver-azure

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/storage-driver-gcs

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/storage-driver-local

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/storage-driver-s3

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/stores

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• create-directus-extension

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• create-directus-project

  • Changed license to MSCL-1.0-GPL (#27417 by @ComfortablyCoding)

• @directus/env

  • Changed the default of IP_TRUST_PROXY from true to false to harden the default deployment against IP spoofing. (#27607 by @br41nslug)

• @directus/sdk

  • Fixed the outdated updateExtension command and added missing deleteExtension and extension registry commands (#27314 by @kheiner)

    ::notice

    • updateExtension now accepts an id instead of bundle and name
      :::

  • Refactor sdk error to use class over object (#27417 by @ComfortablyCoding)

    :::warning
    Requests that fail will now throw a RequestError instead of returning a response with an error property.
    :::

✨ New Features & Improvements

• @directus/app

  • Introduced VERSION_KEY_* constants and renamed main to published @alvarosabu (#27397 by @formfcw)

  • Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)

  • Fixed Image Editor save button to use split button @HZooly (#27437 by @formfcw)

  • Added split-menu slot to v-button and migrate primary header actions @formfcw (#27437 by @formfcw)

  • Added AI-powered translations to the translations interface, including glossary, style guide, and configurable default model settings derived from the enabled providers and allowed models. (#26940 by @bryantgillespie)

  • Added version support to getItemRoute and update all callers to preserve version context when navigating to items from layouts and interfaces @alvarosabu (#27397 by @formfcw)

  • Added behavior to auto-switch to the draft version on the first edit of published item @alvarosabu (#27507 by @alvarosabu)

  • Added Publish without Review action to the publish split menu with shortcut @alvarosabu (#27501 by @alvarosabu)

  • Updated Visual Editor header bar buttons @formfcw (#27437 by @formfcw)

  • Updated content route middleware to handle singleton collections and draft flow via route guards @alvarosabu (#27397 by @formfcw)

  • Replaced status field with archived boolean in collection settings @alvarosabu (#27397 by @formfcw)

  • Updated module bar buttons style @HZooly (#27437 by @formfcw)

  • Deprecated the VResizeable component @formfcw (#27437 by @formfcw)

  • Updated VChip component to appear as a pill in form field label, group accordion, group tabs, kanban, deployment status, extension item, marketplace extension list item, marketplace extension banner, and user popover @formfcw (#27462 by @formfcw)

  • Added tresjs shader background for public pages @alvarosabu (#27428 by @alvarosabu)

  • Updated type system, borders, and theme variables @formfcw (#27437 by @formfcw)

  • Rendered non-clickable version menu without directus_versions read access @alvarosabu (#27461 by @alvarosabu)

  • Added item-less draft creation flow for versioned collections @alvarosabu (#27397 by @formfcw)

  • Updated module navigation bar spacing and styling @HZooly (#27437 by @formfcw)

  • Updated Visual Editor popover/modal action buttons @formfcw (#27437 by @formfcw)

  • Updated UI for the Draft & Publish workflow @formfcw (#27437 by @formfcw)

  • Updated mobile appearance of drawer sidebar @formfcw (#27437 by @formfcw)

  • Moved Promote/Publish button to header actions @alvarosabu (#27397 by @formfcw)

  • Updated primary header actions to show label and replace outlined header action buttons @formfcw (#27437 by @formfcw)

  • Updated SearchInput component to match the new design @formfcw (#27437 by @formfcw)

  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)

  • Refactored header bar action slots and reorganized CTAs @formfcw (#27437 by @formfcw)

    :::notice

    • Deprecation for extensions: The actions:append slot in the header bar has been deprecated in favor of the new actions:primary slot for primary CTAs. Existing actions:append usage keeps rendering in the secondary-actions zone, but consumers will now see a deprecation hint from Volar.

    :::

  • Added navigation logic on discarding item-less versions @alvarosabu (#27397 by @formfcw)

  • Put the sidebar into the content area @HZooly (#27437 by @formfcw)

  • Updated color system for VChip and VersionMenu components @formfcw (#27437 by @formfcw)

  • Updated content section spacing and drawer content spacing @HZooly (#27437 by @formfcw)

  • Extracted the card subheader into a reusable subheader component @HZooly (#27437 by @formfcw)

  • Added version select to collection page @alvarosabu (#27397 by @formfcw)

  • Updated sidebar styles @formfcw (#27437 by @formfcw)

  • Renamed "Promote" to "Publish" in version menu and disabled create version and published selection for item-less versions @alvarosabu (#27397 by @formfcw)

  • Added version query param guards on content-item route @alvarosabu (#27397 by @formfcw)

  • Improved bookmark flow @formfcw (#27450 by @formfcw)

  • Forwarded theme tokens and i18n strings from Studio to the visual-editing iframe @formfcw (#27469 by @formfcw)

  • Refactored focus ring from border/box-shadow to outline @formfcw (#27437 by @formfcw)

  • Introduced VersionChip component @formfcw (#27437 by @formfcw)

  • Updated theme preview component to match the new design @formfcw (#27437 by @formfcw)

  • Updated collab avatar indicator design @formfcw (#27437 by @formfcw)

  • Refactored drawer header layout and simplified v-drawer API @formfcw (#27437 by @formfcw)

    :::notice

    • Deprecation for extensions: The globally registered v-breadcrumb component has been deprecated. Extensions using <v-breadcrumb> keep rendering but will see a deprecation hint from Volar.
    • Deprecation for extensions: On v-drawer, the subtitle prop (use the title prop instead), the subtitle slot, the header:append slot, and the actions:append slot have been deprecated. Existing usage keeps rendering — actions:append content lands in the secondary-actions zone, and for primary CTAs in the drawer header use the new actions:primary slot. Consumers will see deprecation hints from Volar.
    • Potential Breaking change for theme extensions: The theme properties header.headline.foreground and header.headline.fontFamily have been removed. Custom themes overriding these properties should remove them. The corresponding CSS variables --theme--header--headline--foreground and --theme--header--headline--font-family no longer exist.

    :::

  • Updated header bar elements and deprecated the headline slot @formfcw (#27437 by @formfcw)

  • Ensured to switch to the draft version when visually editing an item of a versioned collection @formfcw (#27595 by @formfcw)

  • Extracted reusable ModuleBarButton component @formfcw (#27437 by @formfcw)

  • Moved client-validation to promote version workflow instead of save version @alvarosabu (#27397 by @formfcw)

  • Added Create New action to publish split menu with shortcut @alvarosabu (#27425 by @alvarosabu)

• @directus/api
  • Introduced VERSION_KEY_* constants and renamed main to published @alvarosabu (#27397 by @formfcw)
  • Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)
  • Added AI-powered translations to the translations interface, including glossary, style guide, and configurable default model settings derived from the enabled providers and allowed models. (#26940 by @bryantgillespie)
  • Added Publish without Review action to the publish split menu with shortcut @alvarosabu (#27501 by @alvarosabu)
  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
  • Added JSON filtering, alias and sorting support (#26981 by @br41nslug)
  • Added support for item-less versions @Nitwel (#27397 by @formfcw)
  • Added support for the version query parameter in collections @Nitwel (#27397 by @formfcw)
  • Allow disabling the health check endpoint via HEALTHCHECK_ENABLED or selectively disabled checked services via HEALTHCHECK_SERVICES (#27160 by @ComfortablyCoding)
  • Improved AI assistant prompt caching support across providers. (#27545 by @bryantgillespie)
• @directus/constants
  • Introduced VERSION_KEY_* constants and renamed main to published @alvarosabu (#27397 by @formfcw)
• @directus/env
  • Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)
  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
  • Allow disabling the health check endpoint via HEALTHCHECK_ENABLED or selectively disabled checked services via HEALTHCHECK_SERVICES (#27160 by @ComfortablyCoding)
• @directus/system-data
  • Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)
  • Replaced status field with archived boolean in collection settings @alvarosabu (#27397 by @formfcw)
  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
  • Updated directus_oauth_* system collection visibility to match other system collections (#27682 by @hanneskuettner)
• @directus/types
  • Added auto-save for version editing @alvarosabu (#27449 by @alvarosabu)
  • Updated type system, borders, and theme variables @formfcw (#27437 by @formfcw)
  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
  • Refactored focus ring from border/box-shadow to outline @formfcw (#27437 by @formfcw)
  • Added support for item-less versions @Nitwel (#27397 by @formfcw)
  • Added support for the version query parameter in collections @Nitwel (#27397 by @formfcw)
  • Fixed health check results not being shared in multi-instance settings. Restricted /server/health to authenticated users (#27160 by @ComfortablyCoding)
• @directus/errors
  • Added Publish without Review action to the publish split menu with shortcut @alvarosabu (#27501 by @alvarosabu)
• @directus/composables
  • Updated type system, borders, and theme variables @formfcw (#27437 by @formfcw)
  • Added version select to collection page @alvarosabu (#27397 by @formfcw)
• @directus/themes
  • Updated type system, borders, and theme variables @formfcw (#27437 by @formfcw)
  • Refactored focus ring from border/box-shadow to outline @formfcw (#27437 by @formfcw)
  • Updated header bar elements and deprecated the headline slot @formfcw (#27437 by @formfcw)
• @directus/utils
  • Added MCP OAuth 2.1 authorization server. MCP clients (like Claude, Codex) can now authenticate via standard OAuth flow with PKCE instead of requiring a manually provisioned static token. Enable with MCP_OAUTH_ENABLED=true. Dynamic and client ID metadata registration were kept separately opt-in with MCP_OAUTH_DCR_ENABLED=true and MCP_OAUTH_CIMD_ENABLED=true. (#27069 by @hanneskuettner)
• @directus/sdk
  • Added JSON filtering, alias and sorting support (#26981 by @br41nslug)
  • Added support for item-less versions @Nitwel (#27397 by @formfcw)
• @directus/specs
  • Added support for the version query parameter in collections @Nitwel (#27397 by @formfcw)
• @directus/visual-editing
  • Redesigned the editable-element overlay with theming, RTL support and improved a11y @formfcw (#27469 by @formfcw)
• @directus/memory
  • Added TTL support for local KV and cache stores (#27160 by @ComfortablyCoding)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Added DIRECTUS_DOMAIN constant and replaced hardcoded directus.io to directus.com using the new constant (#27417 by @ComfortablyCoding)
  • Consolidated URLs and emails into shared constants (#27641 by @HZooly)
  • Limited mobile sidebar width so the overlay can be tapped to close it @HZooly (#27437 by @formfcw)
  • Bumped vue-tsc to 3.1.8 (#27437 by @formfcw)
  • Fixed tick rendering when count exceeds display limit in v-slider (#27644 by @HZooly)
  • Fixed icon alignment in v-divider component @HZooly (#27437 by @formfcw)
  • Fixed v-dialog returning focus to opener instead of an autofocused child on close @formfcw (#27464 by @formfcw)
  • Fixed flow handle button alignment in flow editor @HZooly (#27437 by @formfcw)
  • Shown "Import in background" checkbox only when a file is selected @HZooly (#27437 by @formfcw)
  • Fixed sidebar reopening at minimum size after being collapsed via drag handle @HZooly (#27437 by @formfcw)
  • Capped datepicker year to prevent invalid date (#27659 by @HZooly)
  • Bumped Vitest to 3.2.6 (#27686 by @br41nslug)
  • Fixed EXTENSIONS_PATH and EXTENSIONS_LOCATION env vars not being respected by the Vite dev server (#27642 by @HZooly)
  • Added notice on license page with oig link (#27661 by @robluton)
  • Fixed vue console warnings related to the comparison modal (#27538 by @formfcw)
  • Fixed bug on tooltip value when decimals is 0 in pie chart panel (#27356 by @Prateet-Github)
  • Fixed misaligned filter editor in search bar @formfcw (#27454 by @formfcw)
  • Added missing collection note translations for the directus_oauth_* system collections (#27682 by @hanneskuettner)
  • Changed back button behavior, always navigates one level up @HZooly (#27437 by @formfcw)
  • Fixed default favicon path to resolve against the instance root path instead of the site origin. (#27095 by @singhvishalkr)
  • Fixed repeater interface ignoring per-field translations and $t: keys on sub-field labels, and added a "Field Name Translations" section to the sub-field configuration UI (#27374 by @khanahmad4527)
  • Fixed search input not trimming whitespace, causing queries with leading or trailing spaces to return no results (#27359 by @khanahmad4527)
  • Added minor copy change to license onboarding and license key interface (#27651 by @robluton)
  • Fixed calendar layout toolbar responsiveness @HZooly (#27437 by @formfcw)
  • Updated license request links. (#27652 by @HZooly)
  • Fixed the error handling (try-catch) when saving a field in Directus Studio. (#27486 by @baguse)
  • Fixed items not being selectable in the collection drawer when the Kanban layout is used while the parent item is opened in a version context @alvarosabu (#27427 by @alvarosabu)
  • Fixed AI assistant "Clear conversation" not canceling in-flight requests, causing them to continue running in the background (#27646 by @levgiorg)
  • Added support for translatable flow names via the existing $t: prefix and translation strings, matching the field/collection label pattern. The flow name input in the flow editor now exposes the translation picker. (#27472 by @khanahmad4527)
  • Removed unsupported json filter function from the studio (#27669 by @sourav-18)
  • Fixed bookmark icon and color not showing in header @formfcw (#27437 by @formfcw)
  • Fixed UI freeze caused by WYSIWYG interface when its non-editable state toggles @formfcw (#27515 by @formfcw)
  • Fixed project setup silently ignoring invalid license keys (#27671 by @ComfortablyCoding)
• @directus/api
  • Bumped Vitest to 3.2.6 (#27686 by @br41nslug)
  • Fixed project setup silently ignoring invalid license keys (#27671 by @ComfortablyCoding)
  • Fixed nested deep query parameters being dropped when filters use dynamic variables (#27676 by @mazen-salah)
  • Fixed bulk creation of itemless drafts always fails (#27683 by @ComfortablyCoding)
  • Fixed SSO resolver erroring when admin is not defined (#27662 by @ComfortablyCoding)
  • Fixed Postgres numeric overflow errors being misattributed to an unrelated field (#27690 by @MahinAnowar)
  • Fixed registration email verification tokens to use the configured secret fallback when SECRET is missing. (#27406 by @rijkvanzanten)
  • Bumped axios, js-cookie, samlify, systeminformation, simple-git, fast-uri dependencies (#27589 by @br41nslug)
  • Fixed MCP OAuth dynamic client registration defaults and metadata responses. (#27628 by @hanneskuettner)
  • Prevented setting a custom user provider when not entitled to SSO (#27675 by @ComfortablyCoding)
  • Fixed aliased relational fields in GraphQL queries, fragments and REST queries (#27054 by @AlexGaillard)
  • Fixed active seat processing not accounting for user/role changes (#27662 by @ComfortablyCoding)
  • Removed dead isMinimumAppPermission function (#27662 by @ComfortablyCoding)
  • Fixed failed itemless drafts being dropped from version reads when limit=-1 (#27578 by @alvarosabu)
  • Added a namespace to shares cache keys (#27707 by @br41nslug)
  • Updated IP blocking (#27606 by @br41nslug)
  • Updated the built-in OpenAI and Anthropic AI model lists to use the latest available API models. (#27602 by @hanneskuettner)
  • Fixed singletons allowing multiple itemless versions (#27532 by @formfcw)
  • Fixed issue causing duplicate admin roles on first admin creation (#27663 by @robluton)
  • Fixed non custom permissions denied irrespective of if entitled (#27662 by @ComfortablyCoding)
• @directus/constants
  • Added DIRECTUS_DOMAIN constant and replaced hardcoded directus.io to directus.com using the new constant (#27417 by @ComfortablyCoding)
  • Consolidated URLs and emails into shared constants (#27641 by @HZooly)
• @directus/system-data
  • Added AI-powered translations to the translations interface, including glossary, style guide, and configurable default model settings derived from the enabled providers and allowed models. (#26940 by @bryantgillespie)
  • Updated the built-in OpenAI and Anthropic AI model lists to use the latest available API models. (#27602 by @hanneskuettner)
• @directus/types
  • Added AI-powered translations to the translations interface, including glossary, style guide, and configurable default model settings derived from the enabled providers and allowed models. (#26940 by @bryantgillespie)
  • Added JSON filtering, alias and sorting support (#26981 by @br41nslug)
• @directus/utils
  • Added JSON filtering, alias and sorting support (#26981 by @br41nslug)
• @directus/sdk
  • Fixed health check results not being shared in multi-instance settings. Restricted /server/health to authenticated users (#27160 by @ComfortablyCoding)
  • Fixed SingletonCollections incorrectly including core schema collections (#27196 by @kheiner)
• @directus/ai
  • Updated the built-in OpenAI and Anthropic AI model lists to use the latest available API models. (#27602 by @hanneskuettner)
• @directus/release-notes-generator
  • Ignored private workspace packages when generating release notes (#27637 by @licitdev)

📦 Published Versions

• @directus/app@16.0.0
• @directus/api@36.0.0
• @directus/ai@1.3.2
• @directus/composables@11.5.0
• @directus/constants@14.4.0
• create-directus-extension@12.0.0
• create-directus-project@13.0.0
• @directus/env@6.0.0
• @directus/errors@2.4.0
• @directus/extensions@4.0.0
• @directus/extensions-registry@4.0.0
• @directus/extensions-sdk@18.0.0
• @directus/format-title@13.0.0
• @directus/memory@4.0.0
• @directus/pressure@4.0.0
• @directus/release-notes-generator@3.0.0
• @directus/schema@14.0.0
• @directus/schema-builder@1.0.0
• @directus/specs@14.0.0
• @directus/storage@13.0.0
• @directus/storage-driver-azure@13.0.0
• @directus/storage-driver-cloudinary@13.0.0
• @directus/storage-driver-gcs@13.0.0
• @directus/storage-driver-local@13.0.0
• @directus/storage-driver-s3@13.0.0
• @directus/storage-driver-supabase@4.0.0
• @directus/stores@3.0.0
• @directus/system-data@4.5.0
• @directus/themes@2.0.0
• @directus/types@16.0.0
• @directus/update-check@14.0.0
• @directus/utils@13.5.0
• @directus/validation@3.0.0
• @directus/visual-editing@2.1.0
• @directus/sdk@22.0.0

My Debian contributions this month were all sponsored by Freexian.

You can also support my work directly via Liberapay or GitHub Sponsors.

OpenSSH

I backported various security fixes from 10.3 to trixie, bookworm, bullseye, buster, and stretch. For trixie, I also backported several IPQoS fixes to line up with upstream’s traffic management settings and drop a rather hacky Debian-specific patch; this needed a quick follow-up fix.

I upgraded trixie-backports to 10.3.

I fixed openssh uses pidof but does not depend on procps.

PuTTY

I upgraded from 0.83 to 0.84.

Python packaging

New upstream versions:

• bitstruct
• ormar
• pdm (fixing a build failure)
• pydantic
• pydantic-core
• pydantic-settings
• pyglet (fixing a build failure)
• python-asyncssh
• python-bitarray
• python-btrees
• python-build
• python-certifi
• python-charset-normalizer (fixing a build failure)
• python-fakeredis (contributed supporting fix upstream)
• python-holidays
• python-jsonschema-path
• python-memray (fixing a build failure and CVE-2026-32722)
• python-openapi-schema-validator
• python-pathable
• python-persistent
• python-pyftpdlib
• python-pytest-run-parallel
• sorl-thumbnail
• twisted
• zope.interface
• zope.proxy

Other build/test failures:

• beets
• buildbot (contributed upstream)
• dep-logic (contributed upstream)
• diskcache
• khard
• matplotlib
• mkdocs-rss-plugin
• ormar: compatibility with fastapi 0.125 and pydantic 2.13
• pgzero
• py7zr
• pydantic-extra-types (contributed upstream)
• pydata-sphinx-theme
• python-invocations (contributed upstream)
• python-localzone
• python-maturin
• python-nacl
• python-pampy
• python-treq (contributed upstream, including fixing some CI bitrot)
• python-txrequests (contributed upstream)

Other bugs:

• buildbot: (Build-)depends on deprecated module python3-pkg-resources (contributed upstream)
• pysodium: Depends on cruft package libsodium
• python-fakeredis: lua support not working, breaking django-redis cache locking
• python3.14: Drop libnsl-dev build-dependency

I updated python-treq upstream to stop vendoring multipart, now that the packaging issues with that have been sorted out.

Code reviews

• debmirror: User-Agent blocked by Ubuntu/Launchpad repositories (uploaded, and cherry-picked into trixie)
• pydantic: Fix CVE-2024-3772 in bookworm (merged and uploaded)
• pyodbc: Run SQLite tests (merged and uploaded)
• python-jsonschema-path: Transition to starlette 1.0 (merged and uploaded)
• python-maison: FTBFS with the nocheck build profile (followed up to fix the nodoc build profile as well)
• python-openapi-core: Transition to starlette 1.0
• python-openapi-schema-validator: Transition to starlette 1.0 (merged and uploaded)
• python-openapi-spec-validator: Transition to starlette 1.0 (merged and uploaded)
• python-pathable: Transition to starlette 1.0 (merged and uploaded)
• python-rich-argparse: New upstream version 1.8.0 (merged and uploaded)

Other bits and pieces

I contributed a debian-policy patch to fix several links related to build profiles.

Excited to get delivering in South Dakota? Then this blog is for you! Today, we're happy to share more of the custom depots you'll deliver to and from in our upcoming South Dakota DLC for American Truck Simulator. From busy agricultural industries to a large scrapyard, let's take a closer look at what our teams have been busy creating!

5.48.0 (2026-06-10)

🚀 New feature

• add optional openapi spec route (#26239)
• openapi: gate endpoint access with config (#26574)

🔥 Bug fix

• upload returns unsigned URL on update media info (#25195)
• widgets show error when role has no access to mainfield of ct (#26537)
• admin: return empty object for empty json body in fetch client (#26277)
• build: build does not run install; add install-deps arg (#26483)
• ci: run build:size as full command for compressed-size-action v3 (#26556)
• ci: restore allowed paths-filter pin (#26575)
• content-manager: use ReadonlyArray for layout prop and fix Repeatable test fixture (#26522)
• content-manager: raise z-index of code block language selector (#25010, #26324)
• core: validate numeric inputs before DB unique checks (#26101)
• database: restore join-table relation sort order in components (#26553)
• database: avoid double finalising completed transactions (#26122)
• upload: folder navigation bugs in Media Library (#26515)
• upload: preserve animation frames in GIF and WebP images (#26126)
• utils: ignore empty sort when building orderBy (#26427)

📚 Documentation Changes

• openapi: add contributor documentation (#26410)

⚙️ Chore

• remove experimental-dev example app (#26552)
• update .gitignore for AI tooling directories (#26526)
• deps: bump axios from 1.16.1 to 1.17.0 (#26539)
• deps: bump the testing-library group across 1 directory with 2 updates (#26506)
• deps: bump actions/setup-node from 4 to 6 (#26496)
• deps: bump actions/stale from 10 to 10.2.0 (#26497)
• deps: bump preactjs/compressed-size-action from 2 to 3 (#26498)
• deps: resolve vulnerable transitive deps via lockfile dedupe and resolutions (#26540)
• deps: bump cheerio from 1.0.0 to 1.2.0 (#26569)
• deps: bump dorny/paths-filter from 3.0.3 to 4.0.1 (#26566)
• deps: bump actions/download-artifact from 4.3.0 to 8.0.1 (#26564)
• deps-dev: bump the eslint group across 1 directory with 10 updates (#26500)
• deps-dev: bump @types/delegates from 1.0.0 to 1.0.3 (#26570)
• deps-dev: bump the nx group across 1 directory with 2 updates (#26502)
• repo: skip change freeze ownership check when freeze disabled (#26474)

💅 Enhancement

• core/core: rounded thin borders for startup banner (#26273)
• graphql: use discriminated unions instead of unsafe type casting (#25913)
• upgrade: unhide and document upgrade to command (#26446)

🚨 Security

• deps: patch uuid (GHSA-w5hq-g745-h8pq) and qs DoS advisories (9aef801f35)
• deps: scope uuid/qs resolutions to affected descriptors (38b6831652)

❤️ Thank You

• Andrei L @unrevised6419
• Andrei Varapayeu @thisavoropaev
• Arav Menon @Arav-Menon
• Aurélien GEORGET
• Ben Irvin
• Dante Calderon @dantehemerson
• Jamie Howard @jhoward1994
• Maksim Zhukau @MaksZhukov
• mathildeleg @mathildeleg
• Nico André

Bug Fixes

• WC-1535: Fixed unable to login to Facebook destination on Windows.
• WC-1527: Fixed a rare crash when starting an RTMP output.

Volgens een artikel in de Financial Times is het WK voetbal altijd al een politiek instrument geweest: oprichter Jules Rimet wilde er na de loopgraven van de Eerste Wereldoorlog de wereldvrede mee bewerkstelligen, maar door een weeffout in de bekostiging zijn het inmiddels vooral despoten die het toernooi binnenhalen, met Trumps MAGA Cup als nieuwste hoofdstuk.

Tegelijk blijkt een stadion juist een van de weinige plekken waar dissent niet te onderdrukken valt, of het nu Catalanen onder Franco zijn, Italiaanse ballingen die Mussolini's elftal uitfloten of een Megatron in Madison Square Garden die Trump wegjoelt. De NOS draait dat soort boegeroep liever weg en neemt klakkeloos de gemanipuleerde FIFA-feed over, en dat is precies wat een publieke omroep in tijden van wantrouwen niet zou moeten doen.

Het boek How to Rule the World ontmaskert ondertussen het Stanford binnen Stanford, waar VC's al in eerstejaars investeren, feestjes alleen nog met sober monitors en een "I am on stolen land"-eed mogen, en de campuspresident sneuvelt op gefotoshopte onderzoeksresultaten.

Tussendoor een ode aan de sonische identiteiten van de FIFA, met San Francisco als onbetwiste favoriet.

Meer te weten te komen over Carbon Equity? Lees dan verder op carbonequity.com

Interesse gewekt voor Seth Godin? Begrijpelijk! Tickets voor het Amsterdam Business Forum op 18 september vind je op DenkProducties.nl.

Docker Images

Docker images have been built and pushed:

Docker Hub:

• alexta69/metube:latest
• alexta69/metube:2026.06.10

GitHub Container Registry:

• ghcr.io/alexta69/metube:latest
• ghcr.io/alexta69/metube:2026.06.10

Changes

• upgrade yt-dlp from 2026.3.17 to 2026.6.9 (e30a24f)

AI slop is invading the web. A recent story about disallowing LLM-generated submissions on Lobsters triggered a lot of debate. My personal worst offenders are LinkedIn articles with AI-generated images and uninspired articles filled with emojis from people trying to masquerade as experts on a subject they don’t care enough to write themselves. While I am unhappy about this situation, I rely on LLMs for grammar, copyediting, and translation. I don’t see this as a contradiction.

I am a native French speaker, but I blog in both English and French. When I started writing this blog in 2011, I was composing in French and translating to English, but I found it was better to work in the reverse order to avoid unnatural and non-idiomatic constructions. One of my goals is to write “good” English but I never felt it was my strong point.¹ For example, verb tenses are often an issue, even if I mostly stick with the present tense. I learn the rules and forget them right away. I also don’t feel like hiring an editor for something I see as an hobby.

As an example, I have kept the history of the successive iterations when writing “Scaling Akvorado BMP RIB with sharding”:

1. the first draft, authored with the help of a thesaurus,²
2. the edited copy revised by the copyediting skill,
3. the translation to French generated with the translation skill, and
4. the human proofread of the French translation, with minor edits to the English version.

I know that LLMs may alter the author’s voice when editing, but the corrections in the second step are minor. The prompt asks to “apply light stylistic edits,” with some guidance around avoiding passive voice, long sentences, bland verbs, and filler words. It also defines the target audience: technical with a B2 level in English.

In the following excerpt, I used “long time” instead of “long-standing.” The former is missing an hyphen and applies to people—a long-time friend, while the later relates to a situation—a long-standing agreement. I had a hard time understanding the reason of the second change: the LLM prefers a defining relative clause to provide the definition of “RIB sharding.”

As the Internet routing table contains more than 1 million routes, Akvorado needs to scale to tens of millions of routes. This has been a long time long-standing challenge, but I expect this issue is now fixed by using RIB sharding, a method to split that splits the routing database into several parts to enable concurrent updates.

In the next modification, the LLM puts “device” instead of “equipment.” This is correct as “equipment” is an uncountable noun. I know that, but I still fall into this trap.

When Akvorado does not find a route from a specific device, it falls back to a route sent by another equipment device.

I ask the LLM to use “descriptive verbs” and it complies by replacing a multi-word predicate with a lexically rich verb:

The benchmarks demonstrate it has better performance than outperforms other packages, both packages for lookups, insertions, and memory usage.

It also fixes grammar errors. In the next excerpt, a “list of routes” is a singular expression. Moreover, “stored” is a state and I should not use “into” as it expresses a change.

The list of routes for each prefix are is not stored directly into in the prefix tree.

As a last example, consider the following snippet. The “require” verb accepts a noun or an object followed by a to-infinitive. I can’t use it with just a to-infinitive.

An alternative would be to have one prefix tree for each peer but it would require to configure configuring all routers to export their routes.

As someone who didn’t grow up speaking English, I struggle with these grammar rules despite reading a lot of English material.³ French is more complex to get started but more systematic. English is full of irregularities.

On each page, I disclose in the footer whether an AI modified the content. There are three levels:

• 🧠: no AI or almost no AI (e.g., grammar corrections)
• ✨: enhanced (e.g., copyediting)
• 🤖: generated (e.g., translated from another language, even if human-edited)

Hover or tap the icon to reveal the AI’s name and its role in the document.

Example of AI usage disclosure: Claude Sonnet 4.5 edited this article.

The graph below shows which tool altered each post, year by year. Recently, I applied the grammar skill to past articles. Since 2018, French articles have been translated with the help of DeepL first, then of an LLM. Since 2024, English articles are copyedited.

If you are strongly against any usage of LLMs specifically for writing, I hope you accept my more nuanced position on the usage of these tools as a trade-off to provide clearer and more engaging articles. Years of literature on improving English told us it is important to choose the right word to keep the reader engaged.

[…] Good writing consists of mastering the fundamentals (vocabulary, grammar, the elements of style) and then filling the third level of your toolbox with the right instruments.

― Stephen King, On Writing

12.18 - 2026-06-09

⛰️ Features

• (packaging) Create .rpm package through Makefile, plus let GH action run that step in release mode - (fc728cf)
• Create checkbox in advanced session setting for new ForceUnicode setting - (75a0f7f)
• Create opt-out setting "ForceUnicode", for sessions which shall not force Unicode communication - (ed9a94f)
• Enable connection port visible in a column of the session tree - (7cfdb97)
• Display auth plugin in a new column of the user listing tree - (3e4f562)
• Support authentication plugin selection in user manager - (07112a0)
• Grid export option for exporting the focused grid column only - (d896680)
• Bypass automatic foreign key lookup in data grid editing through new menu item - (a5ae04b)
• Add a separate menu item "copy formatted text", using the old code for copying SynEdit-highlighted text as HTML - (84c63c6)
• Filter edit box for shortcuts in preferences - (fb243fc)
• Create CLI app for adding PE security flags to heidisql.exe - (3e797e2)
• Rename snippet per right-click on query helpers tree - (7171e48)
• Name columns in SELECT when exporting table with invisible columns - (1799b0d)
• Support invisible indexes on MySQL 8.0+ and ignored indexes on MariaDB 10.6+ - (b3fa484)
• Support assigning a default role to a user - (96d2aef)
• Support assigning roles to a user or role - (96717cd)
• Do not require MySQL's RELOAD privilege just for opening the user manager - (f79d9a5)
• When nodes are filtered, change "Check all" action to "Change all visible" - (ebd60b3)
• Disable role rename, add menu item for creating a role, support role deletion - (83472c5)
• Prevent editing contents of generated columns in data grid - (9ecdff0)
• Basic support for MariaDB user roles, loaded without SQL error and shown with a different icon - (3249401)
• Add context menu item for deleting a single query from the history - (0035d5e)
• Reset a table's current auto_increment value in "delete + insert data" mode - (0422bb3)
• Support cancelling server login dialog - (e5b9574)
• Keep EXPLAIN output format traditional, on newer MySQL servers - (90f9937)
• Make HTML export dark/light mode aware - (dc046e9)
• Allow setting database to in PostgreSQL connections, and show and in the pulldown selector - (950e2ca)

🚀 Enhancements

• Disable plugin selector as long as no user was selected - (54dd7d8)
• Do not copy default type and value from previous column when adding columns to a table - (42a061d)
• Suppress dialog for saving modified SQL on app close, when tabs get auto-restored - (4ca01d9)
• Remove FLUSH PRIVILEGES from the user managers FormShow handler. If a click on a non-flushed user in the tree produces an exception, that is caught and shown as a normal error message. - (fe7a5ef)
• 50% black grid lines, should fit on both light and dark theme - (1872916)
• Increase supported table size and row limit for quick filter menu showing distinct values - (48eca57)

🐛 Bug Fixes

• (ui) Filter away vertical writing fonts with an @ prefix - (1814ee9)
• (ui) Size and margin of buttons on SQL help dialog - (61bc258)
• (ui) Apply the same larger tree node height on Linux - (c770406)
• (ui) Remove default "add user" event from add button, turn it into a pure dropdown button - (d7910c1)
• Copy table dialog crashes when none of dbtree and listtables has Focused=True - (9216061)
• Prefer SHOW KEYS over SHOW INDEXES, which are synonyms, while very old servers only accept the one with KEYS - (b97122c)
• Prevent grid queries from doing "WHERE intcol::text = 1", due to "1" being incompatible to the text value on the left - (bcea889)
• Vulnerability CVE-2025-70873, updating SQLite libs to v3.53.1 - (2930be8)
• Complaint about invalid password length on user plugins which have no fixed password length - (510b141)
• SUBSTRING() on array typed VARCHARs throw "function substr(...) does not exist" - (5f2959d)
• MS SQL throws "Cannot drop database xyz, because it is currently in use" when user is about to drop the current database - (fa2bb05)
• Wrong tab order after inserting new checkbox in the middle - (59d4f1f)
• Space missing in CREATE TABLE code of PG table with SERIAL column - (1633c33)
• Quick filter prompts on numbers break WHERE clause through local formatting - (e7646a0)
• Restore displayed session name in message dialog caption, was removed in commit:63028518f8b0d5869383d3bc0c42f188851797ed - (a6d6e70)
• Missing bottom anchor on shortcuts tree - (f8c4bde)
• Broken ci compilation for Windows - (570fab1)
• Broken ci compilation, move -WB -WR linker options to the conditionals section of the lpi file - (97ec20b)
• Turn exception in ParseViewStructure into a log message - (7562a1e)
• Data grid filter cut with several double-dash comments on one line - (dac7b0e)
• Hidden input box for line terminator in csv import dialog - (f20d634)
• Mouse click in edited row calls save action although focus did not change - (b8313e5)
• SSH command line tweaks, patch from jarczakpawel - (454571e)
• Broken compilation due encoding update to utf-8: ellipsis char constant seen as string now, instead of char - (26b9696)
• Replace hardcoded Windows directory separator with DirectorySeparator - (41615e6)
• Explicitly set client encoding on PG connection - (79c5e4c)
• MSSQL foreign key lookup to include table schema - (305534d)
• Wrong ENUM column type detection, due to less strict regex - (e731fd0)
• Do not start edit mode in ListTables on right mouse button click - (89ccbac)
• Staying on current table by click on "follow foreign key" when the foreign table lives in a different database - (8643172)
• Some crashes found in uploaded crash reports - (7bed735)
• Enable save button after changing default role per combobox - (508b139)
• Support backtick quoted user roles, and some other TValueListEditor related bug fixes - (86ea19c)
• A few compiler warnings - (c6dffe1)
• Pre-select nothing in BOOL grid cell editor on PostgreSQL - (1895959)
• Allow non existent SQLite files, only complain when its path does not exist - (02cf4cb)
• Solution for #2431 breaks other stuff, reverting a part of it - (e940863)
• Editing table data on mysql versions without generated column support - (32f3e6b)
• EAbort crash when copying text from SynEdit without a highlighter - (6c219b9)
• Missing anchors and autosize in user manager form - (91b90bc)
• Reset tree refresh marker earlier, so SetActiveDatabase triggers events and hides the table + data tab after dropping tables - (d2c9c96)
• Prevent crash due to unsupported edit-database feature on MS SQL - (68aeb96)
• Clear data grid before indicating a broken or temporary table for which we get no columns from IS.COLUMNS - (b4ec223)
• Populate SSH executable combo with only a global "ssh" command, do not add .exe files on Linux and macOS - (37f57ce)
• Call to non existent inherited constructor version of TSQLBatch - (b2f4d5b)
• TSQLBatch using backslash for escaping single quotes on all server types. Introduce server type specific TSQLBatch.FEscape char. - (e9af525)
• Crash in SQL export to database for zero length SQL, plus upgrade old-style string handling - (056b5e9)
• Do not delete selected SQL text from editor when trying to focus the position of erroneous SQL - (f5c5f33)
• Crash after canceling query - (ee16571)

🚜 Refactor

• Convert remaining latin1 unit to utf-8 - (85fb0bd)
• Sync from master - (9727d53)
• Revert most of what I did for #2424 - (3d547fd)
• Prefer qAutoInc in SQLProvider over dedicated AutoIncName method - (2fbb779)
• Simplify some more calls to Query() with the overloaded variants - (b0ab0fc)
• Convert more TFeatureOrRequirement's to TQueryId - (9f21853)

Localize

• Update compiled .mo translation files - (53f95d2)

Contributors

• @ansgarbecker

New Contributors ❤️

• @jonathanp12 made their first contribution

Bump version for v12.18 release

We are excited to introduce the TourAmerica paint jobs for the Kenworth T680 2022 and W900 as free content in the upcoming 1.60 update for American Truck Simulator!

A few months ago, Kenworth unveiled a special-edition paint scheme as part of the Freedom 250 initiative, a nationwide effort commemorating the 250th anniversary of the United States and celebrating the enduring spirit of American trucking.

Inspired by the iconic TourAmerica T600 paint scheme of the 1990s, this striking design combines red, white, and blue colors - a classic styling with contemporary finishes. We are happy to support the celebrations by bringing this beautiful paint job to American Truck Simulator, where it will be available for both the Kenworth W900 and Kenworth T680 2022.

Now, ATS drivers can join in the festivities as well and pay tribute to trucking heritage with a unique paint job that honors both a legendary design and a major milestone in American history.

These paint jobs are already available in the ongoing 1.60 Open Beta for American Truck Simulator. If you're taking part, be sure to give your Kenworth a fresh new look and hit the road in style!

Remember to follow us on our X/Twitter, Facebook, Instagram, Bluesky, and YouTube for all the latest news from American Truck Simulator, or sign up for our newsletter to stay informed. Until next time, we wish you happy haulin'!

Security Release

• Update Instructions
• Update details on blog

This is a security release to address the following vulnerabilities:

• Attachment requests could be manipulated to leak details/links/metadata (not content) of attachments which the user did not have permission to view.
• The file:// protocol could be abused in some Windows-specific scenarios to auto-run requests with credential information when viewing exports.
  • This protocol is now filtered from interactive content.
• The search system could be abused to cause errors and fill logs.

Upgrade is advised for instances with public viewing enabled, or where untrusted users have authenticated access.

Thanks to Stephen O. / Sakusen (Codeberg, Website), Gurmandeep Deol (of Seneca Polytechnic), Rafael Castilho (X account) and Gabriel Duarte Guerra (GitHub) for responsibly reporting these issues.

Full List of Changes

• Updated PHP package versions.
• Updated translations with the latest Crowdin changes.
• Updated content allow-filtering to only allow the file:// protocol on anchor hrefs, instead of in all dynamic content.
• Updated attachment update handling to validate permissions before request content.
• Fixed numeric handling issue in tag search when using non-standard numbers.

⚠️ Note: This is the final Strapi 4 release ⚠️

No further updates to Strapi 4 will be published, this release serves as the final version of Strapi 4 which is considered EOL (End-Of-Life) as of April 30th, 2026. All Strapi users should migrate to Strapi 5: https://docs.strapi.io/cms/migration/v4-to-v5/introduction-and-faq

Also please note, this does include Strapi Customers as well. Strapi Cloud will still continue to function with Strapi 4 but that may be subject change in the near future without warning.

What's Changed

Security

• Fixed a critical vulnerability where relational filtering could expose sensitive data through insufficient query sanitization. See GHSA-rjg2-95x7-8qmx / CVE-2026-27886.
• Upgraded tar to v7 to address security warnings.
• Applied v4 dependency security and maintenance updates.

Fixes

• Enforced unique admin email validation when updating the authenticated user profile.

Compatibility

• Added Node.js 22 support for Strapi v4.

Full Changelog: v4.26.1...v4.26.2

Official announcement

European Voxit community strengthens digital sovereignty: shared codebase completed.

Read the official announcement at:
https://www.voxit.org/european-voxit-community-strengthens-digital-sover...

The Voxit community and platform development

The Voxit participation platform is originally based on the open source Polis platform developed by The Computational Democracy Project in the United States, but since its establishment in autumn 2025, the European Voxit community has been developing an independent solution, adapted to European needs.

The aim is to create an open source, interoperable and scalable participation infrastructure suited to Europe’s regulatory environment and aligned with democratic values. Through this development work, Voxit is becoming a clearly distinct fork of the original Polis platform – allowing Europe to develop participatory infrastructure at its own pace and according to its own governance needs, while the original Polis project continues to break new ground. This enables Europe to build its own open and trustworthy digital democracy tools, rooted in public governance and European democratic traditions.

Voxit 1.0 source code is now available

The source code for version 1.0 of the European community edition of the Voxit platform has now been published and is openly maintained on GitLab.com at: https://gitlab.com/voxit/voxit#

The RISC-V CPU architecture has been gaining a lot of popularity since it launched in 2014, and now that the industry is standardizing on the RVA23 level that includes vector support as a mandatory extension, we are likely to see a lot more edge- and IoT devices with the ability to run local LLMs at reasonable speed, and most importantly at very compelling prices.

SpacemiT is a Chinese RISC-V CPU manufacturer that launched on May 11th, 2026, their long-anticipated next-gen RISC-V AI chip K3. It is among the earliest RISC-V CPUs that adhere to the RVA23 standard and performance-wise it is quite capable, providing 130 KDMIPS general computing power, 60 TOPS on INT4 which translates to about 15 tokens per second when running a 30 billion parameter large language model.

The aspect that really makes it stand out is:

• the RISC-V CPU architecture is open source,
• the price point is within reach of home and small business users and
• the overall feature set makes it an ideal platform to build local and offline AI systems.

SpacemiT also develops their own Debian-based Linux distribution Bianbu OS, and seems to have collaboration going on with the wider community. Their community site seems active, and they also have a dedicated X account @spacemit_riscv and Reddit account r/spacemit_riscv posting relevant progress info on Linux kernel upstreaming activities. The X account is also responsive, as evidenced by its replies to my questions.

Canonical lists the SpacemiT K3 pico-ITX and K3 CoM260 Kit on its official Ubuntu for RISC-V partner-built hardware page, which strengthens the perception that upstream Linux support is being taken seriously. The SpacemiT folks also gave an interesting talk at the 2026 Ubuntu Summit that includes a peek into their roadmap with future K3, K7 and K9 models.

For technical details, see SpacemiT’s K3 pico-ITX documentation, the Jetson Orin Nano-compatible K3 CoM260 board documentation and documentation of the K3 processor itself.

Comparing the resellers

SpacemiT does not sell anything directly to consumers. Instead you need to buy a board that includes the K3 chip from an integrator. Currently the main resellers are:

• Milk-V
• Sipeed
• Banana Pi
• Firefly
• DeepComputing

All of the above are Chinese companies that ship to customers both inside and outside China. DeepComputing stands out as the only one that actually has done real integration and ships the K3 on a custom board, while the others simply resell the SpacemiT-produced K3 pico-ITX and K3 CoM260 Kit.

Milk-V

Milk-V is a RISC-V specialized integrator, as the name already implies. They sell the K3 under the name Jupiter2. Of all the K3 pico-ITX reseller product pages, the Jupiter2 presentation is the nicest and most detailed. Unfortunately their order page at arace.tech only states that it is a “pre-order” with no information about shipping schedule, taxes, or other details like what SSD is included (if any). Based on the pictures it does ship with a Milk-V branded case. The 32 GB RAM lists at 504 EUR, which is a very reasonable price. The @MilkV_Official account on X recently promoted the K3.

Documentation and support

As of this writing, the Milk-V Jupiter2 documentation site is just a stub and has no actual content, and only two links to the SpacemiT K3 documentation site. For support there is a web forum with a dedicated Jupiter2 section. There is also a Matrix space, but unlike their other products, there is no dedicated Jupiter (neither v1 nor v2) channel.

Community size and open source involvement

At least one prior Milk-V product was certified by Canonical, which indicates there is some collaboration in progress. Canonical also lists the Milk-V Titan on its official Ubuntu for RISC-V partner-built hardware page.

Sipeed

The Sipeed K3 announcement is well written (in English) with all the relevant details and links to additional PDF manuals. However, their main page at sipeed.com says nothing about the K3, so one must know the subpage URL to access it. They offer both the K3 CoM260 kit compatible with Jetson Orin Nano carrier boards, and the stand-alone K3 pico-ITX-sized motherboard. The CoM260 kit is only 10 USD cheaper than the full pico-ITX motherboard, so choosing the latter is a no-brainer if starting from scratch. The pico-ITX model with 32 GB DDR5 RAM sells for 639 USD. The product page does not mention anything about hard disk size, so you don’t really know exactly what you will be getting if placing an order. There is no indication about case, Wi-Fi antennas or power supply either, so most likely they are not included.

Their store.sipeed.com website does not work at all, and their Taobao and AliExpress stores are not public and only accessible to registered users. The order page also says nothing about shipping time, delivery time, or taxes. The X account @SipeedIO is active and recently posted pictures of shipments in progress.

Documentation and support

The main documentation wiki does not yet have any K3 content at the time of writing. There is a Discord channel for general RISC-V discussion, and their MaixHub also has a discussion board, but I didn’t find anything K3-specific.

Community size and open source involvement

Sipeed has had at least one of their previous devices certified by Canonical, which indicates they are active in the community.

Note that the other RISC-V company SiFive that also has had hardware certified and officially supported by Canonical is a different company, despite the very similar name.

Banana Pi

Banana Pi announced that they offer both the K3 CoM260 kit and the K3 pico-ITX motherboard version. Their product page for the K3 confusingly shows a MediaTek product in the page banner rather than the SpacemiT K3. Based on the product description and the fact they renamed the product as BPI-SM10, it seems to ship with some carrier board. The product pictures look identical to the SpacemiT documentation and there is no picture of the carrier board, and details are very sparse. The pico-ITX version with 8 GB RAM and 128 GB SSD sells for 293 USD and the CoM260 developer kit with the same specs sells for 287 USD and the 32 GB RAM with 128 GB SSD model sells for 595 USD. The shop page shows only five orders so far and items are currently out of stock. As there was no 32 GB RAM version of the pico-ITX available at all, this isn’t an option for me as I want to run 30B parameter models that need the larger memory version.

Of all of these resellers, the Banana Pi website seems the most outdated. It does not have a search feature, it is not mobile-friendly, pictures can’t be pinched to zoom in and so forth. Product names are also almost all identical, and as the product listings only show the beginning of the product name, figuring out what product is what requires extra effort that just makes the online purchase experience plain bad.

Documentation and support

I was only able to find the documentation page for the CoM260 kit, but none for the pico-ITX version. For support there is a forum, but the category list does not show any section for K3, and the forum search prohibits using the search term “k3” as too short.

Community size and open source involvement

Banana Pi has a long history in the ARM single-board computer market, but their presence in the RISC-V ecosystem is still growing. Their X account @sinovoip has posted only once about the K3 and otherwise promotes their ARM boards. However, their community culture page does express a commitment to open hardware in general, but there is no visible K3-specific community activity.

Firefly

Firefly’s K3 product page is comprehensive. Based on the details, they do not offer the K3 pico-ITX variant at all, but only the K3 CoM260 board inside the AIBOX-K3 Firefly RISC-V Edge Mini PC product. This is a feature-complete offering with a Jetson Orin Nano carrier board and case. The AIBOX-K3 with 32 GB RAM and 128 GB SSD in a case sells for 689 USD in their own Firefly.store. Unfortunately it only has HDMI and there is no USB-C with DisplayPort support, which is a deal-breaker for me personally.

Interestingly, Firefly also offers rack-mounted servers with K3 as the CPU.

Documentation and support

The wiki link on the product page is broken. The Firefly wiki does have a section for the AIBOX-K3, but it too has a broken link. It seems that as of the time of writing, there is no wiki section for this product yet.

For support there is a web forum, which does have at least one K3 thread covering guides such as Hermes Agent installation, though broader K3-specific sections are still sparse.

Community size and open source involvement

Firefly’s X account @TeeFirefly has had no posts since 2024, and their GitLab/T-Firefly shows mostly 2024 activity, with only one repository updated in 2025 and nothing in 2026. Historically they have built a moderate community around their ARM-based Rockchip boards, with active forums and wiki contributions for those product lines. Their RISC-V K3 offerings are newer, and likely need a lot more polish to be attractive products overall.

DeepComputing

Last, but certainly not least, is the laptop manufacturer DeepComputing that offers a Framework laptop compatible motherboard with the SpacemiT K3 chip. They also sell the plain motherboard, or with the Cooler Master case, which allows one to easily connect it to an external monitor and keyboard and use it as a desktop computer. The plain board with 32 GB RAM and no SSD sells for about 882 EUR. Shipping of the first batch is expected to start by end of June 2026. Their X account @DeepComputingio promotes this DC-ROMA RISC-V Mainboard III as their flagship product, so they seem to put a lot of effort into it.

The overall product design and packaging seems good. Of all the K3 resellers and integrators that I was able to find, DeepComputing is the only one that actually designs their own boards with the K3 processor, while all the other vendors above are simply reselling the vanilla K3 boards with or without a case.

After reviewing all these options I decided to buy the DC-ROMA RISC-V Mainboard III for Framework Laptop 13 with 32 GB RAM, 1 TB SSD and the Cooler Master case, totalling about 1100 EUR.

Documentation and support

DeepComputing maintains product information for their RISC-V hardware at github.com/DC-DeepComputing/Framework, with documentation of the newest Mainboard III (FML13V05) still being finalized ahead of the first batch shipment. They provide community support through Discord and web forum, although the latter has very little activity.

Community size and open source involvement

DeepComputing has established itself as a pioneer in RISC-V laptops, beginning with the DC-ROMA. I have seen their stand at FOSDEM, which shows they are genuinely active in the open source community. Canonical lists DeepComputing’s first mainboard / FML13V01 on its official Ubuntu for RISC-V partner-built hardware page, and it seems likely that they will continue to collaborate with Canonical with the new model once it ships. While the underlying Linux enablement depends on SpacemiT’s upstream efforts, DeepComputing’s involvement helps bridge the gap between reference hardware and consumer-ready products.

Conclusion

After weighing all the options, I ended up placing an order with DeepComputing for their custom K3 board with the Cooler Master case. Despite the premium price, the active community support and the properly documented promise of a complete, working system made it easy to place an order with confidence.

The SpacemiT K3 is poised to be one of the most significant RISC-V chips for local AI workloads, thanks to its RVA23 compliance and high tokens per second potential. Yet the buying experience in mid-2026 remains fragmented and incomplete. Hopefully this is just because the product is new, and they will get the purchase experience polished soon.

What struck me most during this process was how poor the customer experience is across nearly all of these vendor websites: broken links, missing search functions, outdated product banners, pages that show the wrong product entirely, and no information about shipping times, stock levels, taxes, and so on. One wonders why these companies don’t fully invest in their web presence.

Personally I would assume they likely have enough customers already, primarily through domestic channels like Taobao and JD.com, that they do not feel any pressure to improve their international-facing sites. However, I did also review what was offered on Taobao, and the product details were very incomplete there too. Taobao, however, has a built-in live chat with almost all sellers, which can be used to ask questions and thus compensate for missing product details.

I don’t fully understand why the sales process seems unpolished. The websites feel almost like an afterthought – a checkbox to claim global reach while the real business apparently happens elsewhere via closed platforms or via inaccessible reseller channels. It is a frustrating reminder that in the RISC-V hardware world, the technology may be open and global, but the purchase experience is less so.

Update to WebView2 version 1.0.3967.48.
Fix #489 : Make FindDialog resizeable & preserve user size.

The Extended Stable channel has been updated to 148.0.7778.254 for Windows and Mac which will roll out over the coming days/weeks.

The Stable channel has been updated to 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

Daniel Yip

Google Chrome