Releases: avo-hq/avo
Releases · avo-hq/avo
Release v3.32.1
Release notes
For more information and the release video check out the full release page
🚨Security
- fix: enforce attach authorization on association create (GHSA-8fq9-273g-6mrg) @Paul-Bob (#4568)
🐛 Bug Fixes
🤖 Maintenance
- 🚨 [security] [js] Update esbuild 0.25.12 → 0.28.1 (major) @depfu (#4567)
- [ruby] Update all Bundler dependencies (2026-06-11) @depfu (#4555)
- 🚨 [security] [ruby] Update puma 6.6.1 → 8.0.2 (major) @depfu (#4541)
- [ruby] Update all Bundler dependencies (2026-06-04) @depfu (#4527)
- [js] Update all Yarn dependencies (2026-06-04) @depfu (#4526)
Contributors
depfu and Paul-Bob
Assets 2
Release v3.32.0
Release notes
For more information and the release video check out the full release page
✨ Enhancements
🐛 Bug Fixes
🤖 Maintenance
- [ruby] Update all Bundler dependencies (2026-05-28) @depfu (#4513)
- [js] Update all Yarn dependencies (2026-05-28) @depfu (#4512)
- 🚨 [security] [js] Update js-cookie 3.0.5 → 3.0.7 (patch) @depfu (#4492)
- [ruby] Update all Bundler dependencies (2026-05-21) @depfu (#4483)
- chore: ensure remaining specs restore resource items on failure @ursm (#4469)
- [ruby] Update all Bundler dependencies (2026-05-14) @depfu (#4468)
- chore: ensure tags spec restores resource items on failure @ursm (#4461)
- chore: remove invalid
style: 'hidden'from filter url_redirect links @ursm (#4456) - chore(deps): bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4 in the npm_and_yarn group across 1 directory @dependabot (#4459)
- 🚨 [security] [ruby] Update view_component 4.0.0 → 4.9.0 (minor) @depfu (#4458)
- 🚨 [security] [ruby] Update devise 5.0.3 → 5.0.4 (patch) @depfu (#4457)
- [ruby] Update all Bundler dependencies (2026-05-07) @depfu (#4455)
- [ruby] Update all Bundler dependencies (2026-04-30) @depfu (#4447)
- 🚨 [security] [js] Update postcss 8.5.8 → 8.5.10 (patch) @depfu (#4443)
Contributors
ursm, Timmitry, and 3 other contributors
Assets 2
Release v4.0.0.beta.26
Bumped avo to 4.0.0.beta.26
Release v4.0.0.beta.25
Release notes
For more information and the release video check out the full release page
Release v3.31.2
Release notes
For more information and the release video check out the full release page
🐛 Bug Fixes
Contributors
Paul-Bob
Assets 2
Release v3.31.1
Release notes
For more information and the release video check out the full release page
🔒 Security
- Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across Resources GHSA-qc5p-3mg5-9fh8
🤖 Maintenance
- 🚨 [security] [ruby] Update yard 0.9.39 → 0.9.42 (minor) @depfu (#4425)
- [ruby] Update all Bundler dependencies (2026-04-16) @depfu (#4415)
- 🚨 [security] [js] Update dompurify 3.3.3 → 3.4.0 (minor) @depfu (#4413)
- chore(deps): bump protocol-buffers-schema from 3.6.0 to 3.6.1 in the npm_and_yarn group across 1 directory @dependabot (#4421)
Contributors
depfu and dependabot
Assets 2
Release v3.31.0
Release notes
For more information and the release video check out the full release page
🐛 Bug Fixes
- Enhance Avo by adding configuration file requirement in lib/avo.rb @Paul-Bob (#4410)
- enhancement: improve CSP @Paul-Bob (#4335)
- 🚨 [security] fix:
return_toparameter @Paul-Bob (#4330) - fix: require @Paul-Bob (#4328 & avo-dashboards #65 & avo-menu #47 & avo-pro #151 & avo-dynamic_filters #111 & avo-advnaced #84)
- fix: nested
has_onewith date fields @Paul-Bob (avo-dynamic_filters #83)
🤖 Maintenance
- [ruby] Update all Bundler dependencies (2026-04-09) @depfu (#4408)
- [ruby] Update all Bundler dependencies (2026-04-04) @depfu (#4398)
- 🚨 [security] [ruby] Update rack 3.2.5 → 3.2.6 (patch) @depfu (#4397)
- 🚨 [security] [js] Update lodash 4.17.23 → 4.18.1 (minor) @depfu (#4394)
- fix: require dependencies @Paul-Bob (#4323)
- 🚨 [security] [js] Update dompurify 3.3.1 → 3.3.2 (patch) @depfu (#4300)
- [js] Update all Yarn dependencies (2026-03-05) @depfu (#4287)
Contributors
depfu and Paul-Bob