v107.0.2

107.0.2 (2026-06-19)

Bug Fixes

• build: set Electron snap base to core22 (snapcraft 9 dropped core20) (#9740) (e8650dc)

What's Changed

• fix(build): set Electron snap base to core22 (snapcraft 9 dropped core20) by @evereq in #9740

Full Changelog: v106.0.11...v107.0.2

v107.0.1

107.0.1 (2026-06-18)

What's Changed

• fix: desktop gauzy server failed build: add build gauzy:server-ui pro… by @syns2191 in #9687
• chore(deps): bump fast-uri from 3.1.0 to 3.1.2 by @dependabot[bot] in #9689
• chore(deps): bump hono from 4.12.14 to 4.12.18 by @dependabot[bot] in #9686
• Fix/about window detail os by @syns2191 in #9691
• feat: desktop timer visible session timer list by @syns2191 in #9697
• fix: logs window add new export log button by @syns2191 in #9699
• chore(k8s): right-size resource requests for all gauzy deployments by @evereq in #9706
• Bump deps by @evereq in #9700
• Stage by @evereq in #9707
• chore(k8s): scale gauzy-prod-api down to 2 replicas (was 4) by @evereq in #9710
• chore(deps): bump @grpc/grpc-js from 1.14.3 to 1.14.4 by @dependabot[bot] in #9711
• chore(deps): consolidate dependency bumps across the monorepo by @evereq in #9714
• chore(deps): migrate TypeORM 0.3 -> 1.0 by @evereq in #9716
• ci: restore build caching via CircleCI Nx cache (fix timeout regression) by @evereq in #9731
• fix(typeorm-v1): convert legacy string[] relations/select at runtime (P0 — app unusable after login) by @evereq in #9734
• fix(docker): move patch-package to dependencies so --production image builds succeed by @evereq in #9735
• Stage by @evereq in #9738
• Stage by @evereq in #9739

Full Changelog: v105.0.1...v107.0.1

v107.0.0

107.0.0 (2026-06-18)

⚠ BREAKING CHANGES

• JWT tokens now include organizationId field. Clients should handle the new token structure.

• fix(ui): restore CHANGE_SELECTED_ORGANIZATION permission check for organization selector

Re-add permission verification that was removed - users without
CHANGE_SELECTED_ORGANIZATION permission should not see the organization
selector in the header.

• fix(migration): remove UNIQUE constraint on userId in SQLite UP migration

Remove CONSTRAINT REL_f4b0d329c4a3cf79ffe9d56504 UNIQUE (userId) from all
CREATE TABLE temporary_employee statements in sqliteUpQueryRunner to allow
many-to-one relationship (multiple employees can reference the same user).

The DOWN migration retains the UNIQUE constraint to restore the original
one-to-one relationship when reverting.

• fix(context): merge duplicate currentOrganizationId methods with proper fallback

Consolidate two currentOrganizationId() methods into one with priority:

1. JWT token organizationId (most secure)
2. User's employee organizationId (fallback for old tokens)
3. Request header organization-id (legacy backward compatibility)

This ensures existing functionality continues to work while preferring
the secure JWT-based organization context when available.

• fix(auth): inject organizationId from JWT into user with fallback

Make organizationId follow the same pattern as employeeId:

• jwt.strategy.ts: inject organizationId from JWT into user.lastOrganizationId
• request-context.ts: currentOrganizationId() reads from user.lastOrganizationId
  with fallback to user.employee.organizationId and header for backward compatibility

This ensures consistency across all context methods while maintaining
backward compatibility with old tokens.

• fix(auth): validate organization access in JWT strategy

• Add UserOrganizationService to validate user has access to organization
• Remove unvalidated header fallback from currentOrganizationId()
• organizationId is now only accepted from validated JWT tokens

• fix(employee): catch specific NotFoundException and validate input

• Catch only NotFoundException instead of all errors
• Add validation for input.user.email before accessing it

• fix(ui): add await for async selectOrganization calls

• Make updateOrganization, deleteOrganization, selectOrganizationById async
• Properly await selectOrganization to prevent race conditions

• fix(ui): add @deprecated to initialize() method

• Mark initialize() as deprecated with JSDoc
• Clean up comments in applyOrganizationData()

• docs(auth): clarify refresh token organization behavior

• Add note explaining refresh token is organization-specific
• Document that /auth/switch-organization should be used to change org

• refactor(ui): use inject() function instead of constructor injection

• Replace constructor parameter injection with inject() function
• Follow Angular modern DI pattern

• fix(auth): include organizationId in refresh token

• Pass organizationId to getJwtRefreshToken in login, signinWorkspaceByToken, and switchWorkspace
• Ensures refresh token contains same organization context as access token

• fix(auth): add cross-validation between employeeId and organizationId in JWT

• Validate that employee.organizationId matches the claimed organizationId
• Prevents JWT token manipulation attacks

• fix(employee): use BadRequestException and check for existing employee

• Use BadRequestException instead of generic Error for proper HTTP 400
• Check if employee already exists for user+organization to prevent duplicates

• fix(ui): validate response fields before applying to store

• Check token and user exist before updating store
• Return false and show error if validation fails

• fix(auth): update user.lastOrganizationId in memory after DB update

• Ensures returned user object has fresh lastOrganizationId value

• fix(employee): load role relation when finding existing user

• Use findOneByOptions with relations: { role: true }
• Fixes 'Cannot read properties of undefined (reading name)' error
• addUserToOrganization requires user.role.name for SUPER_ADMIN check

• Stage (#9305) (59a9cc9), closes #9305 #9303 #9272 #8465 #8465 #8465 #8465 #8465 #8465 #8465 #8465

What's Changed

• chore(k8s): scale gauzy-prod-api down to 2 replicas (was 4) by @evereq in #9710
• chore(deps): bump @grpc/grpc-js from 1.14.3 to 1.14.4 by @dependabot[bot] in #9711
• chore(deps): consolidate dependency bumps across the monorepo by @evereq in #9714
• chore(deps): migrate TypeORM 0.3 -> 1.0 by @evereq in #9716
• ci: restore build caching via CircleCI Nx cache (fix timeout regression) by @evereq in #9731
• fix(typeorm-v1): convert legacy string[] relations/select at runtime (P0 — app unusable after login) by @evereq in #9734
• fix(docker): move patch-package to dependencies so --production image builds succeed by @evereq in #9735
• Stage by @evereq in #9738

Full Changelog: v106.0.0...v107.0.0

v106.0.11

106.0.11 (2026-06-18)

Full Changelog: v106.0.10...v106.0.11

v106.0.10

106.0.10 (2026-06-17)

Bug Fixes

• ci: add cache-backed retry to electron package builds (2c4e2f6)
  Full Changelog: v106.0.9...v106.0.10

v106.0.9

106.0.9 (2026-06-17)

Bug Fixes

• ci: cap nx run-many parallelism to 3 for electron package builds (5049d10)
  Full Changelog: v106.0.8...v106.0.9

v106.0.8

106.0.8 (2026-06-17)

Bug Fixes

• build: apply typeorm v1 patch in Docker images + migrate removed join find-option (e7a4a83)
  Full Changelog: v106.0.7...v106.0.8

v106.0.7

106.0.7 (2026-06-17)

Bug Fixes

• docker: move patch-package to dependencies so --production image builds succeed (#9735) (0ace9c9)

What's Changed

• fix(docker): move patch-package to dependencies so --production image builds succeed by @evereq in #9735

Full Changelog: v106.0.6...v106.0.7

v106.0.6

106.0.6 (2026-06-16)

Bug Fixes

• typeorm-v1: convert legacy string[] relations/select at runtime instead of rejecting (P0) (#9734) (0dcd689), closes #9716

What's Changed

• fix(typeorm-v1): convert legacy string[] relations/select at runtime (P0 — app unusable after login) by @evereq in #9734

Full Changelog: v106.0.5...v106.0.6

v106.0.5

106.0.5 (2026-06-16)

Continuous Integration

• restore build caching via CircleCI Nx cache (fix timeout regression) (#9731) (efce82d)

What's Changed

• ci: restore build caching via CircleCI Nx cache (fix timeout regression) by @evereq in #9731

Full Changelog: v106.0.4...v106.0.5