From 749bf7815c617dd290ba65667e36c19578e78c3f Mon Sep 17 00:00:00 2001 From: Gani Georgiev Date: Thu, 23 Oct 2025 20:28:13 +0300 Subject: [PATCH] updated changelog --- CHANGELOG.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 434be871..0737fd85 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -## v0.31.0 (WIP) +## v0.31.0 - Visualize presentable multiple `relation` fields ([#7260](https://github.com/pocketbase/pocketbase/issues/7260)). @@ -8,8 +8,9 @@ - Added `FileDownloadRequestEvent.ThumbError` field that is populated in case of a thumb generation failure (e.g. unsupported format, timing out, etc.), allowing developers to reject the thumb fallback and/or supply their own custom thumb generation ([#7268](https://github.com/pocketbase/pocketbase/discussions/7268)). -- ⚠️ Disallow client-side filtering and sorting of relations where the collection of the last targeted field has superusers only List/Search API rule to further minimize the risk of eventual side-channel attack. - _Note that if you are really concerned about this, as mentioned in the "Security and performance" section of [#4417](https://github.com/pocketbase/pocketbase/discussions/4417) and [#5863](https://github.com/pocketbase/pocketbase/discussions/5863), the recommended solution to protect security sensitive fields (tokens, passwords, etc.) is to mark them as "Hidden" (aka. make them non-API filterable)._ +- ⚠️ Disallow client-side filtering and sorting of relations where the collection of the last targeted relation field has superusers-only List/Search API rule to further minimize the risk of eventual side-channel attack. + _This should be a non-breaking change for most users, but if you want the old behavior, please open a new Q&A discussion with details about your use case to evaluate making it configurable._ + _Note also that as mentioned in the "Security and performance" section of [#4417](https://github.com/pocketbase/pocketbase/discussions/4417) and [#5863](https://github.com/pocketbase/pocketbase/discussions/5863), the easiest and recommended solution to protect security sensitive fields (tokens, codes, passwords, etc.) is to mark them as "Hidden" (aka. make them non-API filterable)._ - Regenerated JSVM types and updated npm and Go deps.