v1.4.2

What's Changed

• Bug fix for duplicate document failing on multi-server instances with separate doc workers, by @Spoffy in [PR #1458].(#1458)
• Miscellaneous translations.

Full Changelog: v1.4.1...v1.4.2

Join our Discord Community if you'd like to get into development of Grist.

v1.4.1

What's Changed

• Added GRIST_MAX_NEW_USER_INVITES_PER_ORG env variable, by @hexaltation in PR #1454.
• Miscellaneous bug fixes and translations.

Full Changelog: v1.4.0...v1.4.1

Join our Discord Community if you'd like to get into development of Grist.

v1.4.0

What's Changed

• Externally-stored attachments are now available. With this new feature, attachments can be stored in-database as is the current default, or they can be separately hosted in any MinIO-compatible storage such as S3.
• There is a new interface for managing enterprise subscriptions.
• Regression that removed attachment icons has been fixed by @hexaltation in #1420
• APP_HOME_URL is no longer a required setting in single-server installations.
• In an effort to prevent certain kinds of malicious activity, there is now a limit to the number of invitations pending acceptance that a user may send.
• Miscellaneous bugfixes and translations.

Full Changelog: v1.3.3...v1.4.0

Join our Discord Community if you'd like to get into development of Grist.

v1.3.3

What's Changed

• The document list on the "All documents" and individual workspace pages now lists documents in individual rows, and has navigable tabs for showing recently modified, pinned, and all documents.
• grist-static has been updated to use the latest grist-core.
• A new notification has been added indicating when a large document is being slow to load.
• Updated Grist's list of dependencies.
• Various minor bugfixes and translations.

Enterprise Changes

Changes here have a dependency on grist-ee plugins.

• A new document.modify event now shows in the audit log whenever a user action containing a modification is applied.

New Contributors

• @audez made their first contribution in #1379
• @agilgur5 made their first contribution in #1392
• @Scandiravian made their first contribution in #1402

Full Changelog: v1.3.2...v1.3.3

Join our Discord Community if you'd like to get into development of Grist.

v1.3.2

What's Changed

• Preliminary work for a SCIM API endpoints
• New translations and minor fixes

Security advisory

A set of XSS vulnerabilities were found in Grist by a private bug bounty program funded by DINUM (the Interministerial Digital Directorate of the French government).

• A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the javascript: scheme with custom widget URLs and form redirect URLs.
  • Mitigation: restricted custom widget URLs and form redirect URLs to http(s) schemes.
• A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page.
  • Mitigation: added an appropriate content security policy for attachments.
• A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier (meaning for example Ctrl+click) could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context of their current page.
  • Mitigation: restricted HyperLink cell links to http(s) schemes.

Versions prior to 1.3.2 are known to be vulnerable. Please upgrade.

These advisories are also documented in our security advisory page.

Thanks to @spawnzii for initially reporting these security vulnerabilities.

Full Changelog: v1.3.0...v1.3.2

v1.3.0

What's Changed

• Docker images are now built with Debian bookworm
• New UI for changing documents back and forth from template to tutorial
• Self-hosting Grist Business plan users can now enable audit logging
• New translations and miscellaneous bug fixes

New Contributors

• @manuhabitela made their first contribution in #1296

Full Changelog: v1.2.1...v1.3.0

v1.2.1

What's Changed

• For multi-org setups, there's a new site switcher, with the choice of per-org logos.
• New API endpoints for managing installation and site configuration.
• Docker images are now built with Debian bookworm and Node 22
• The maximum size of a document's history is now configurable via environment variables
• New translations and miscellanous bugfixes

New Contributors

• @rtwfroody made their first contribution in #1208
• @tristanrobert made their first contribution in #1239
• @senk made their first contribution in #1286

Join our Discord Community if you'd like to get into development of Grist.

v1.2.0

What's Changed

• Two-way references are now available, which synchronize reference columns between two tables.
• New cards on the home page link to useful resources like the welcome video, tutorial, webinars, and the Help Center. They are shown by default to new and existing users, and may be hidden via a toggle.
• The default LLM provider is now gpt-4o. For useful results, any alternative LLM should be on par with GPT 3.5 or above.
• Backend changes for improving file handling in Grist Desktop.
• Miscellaneous bug fixes and translations.

Join our Discord Community if you'd like to get into development of Grist.

v1.1.18

What's Changed

• New docker compose examples
• New markdown cell format
• Minor fixes and improvements

See the newsletter at https://support.getgrist.com/newsletters/2024-08/

Join our Discord Community if you'd like to get into development of Grist.

v1.1.17

What's Changed

• There is a new set of formula functions to help with cumulative calculations, PREVIOUS, NEXT, and RANK. Read their documentation in our help center.
• As a result of the above, minimum supported Python 3 version is now 3.11
• Grist Enterprise can now be turned on by a toggle in the admin.
• Additional security options for OIDC authentication were added, improving security and enabling compatibility with new providers that have specific requirements. These are enabled by default, according to best practices.
• Minor fixes and translations.

See the newsletter at https://support.getgrist.com/newsletters/2024-07/

Join our Discord Community if you'd like to get into development of Grist.