v1.3.3

What's Changed

• The document list on the "All documents" and individual workspace pages now lists documents in individual rows, and has navigable tabs for showing recently modified, pinned, and all documents.
• grist-static has been updated to use the latest grist-core.
• A new notification has been added indicating when a large document is being slow to load.
• Updated Grist's list of dependencies.
• Various minor bugfixes and translations.

Enterprise Changes

Changes here have a dependency on grist-ee plugins.

• A new document.modify event now shows in the audit log whenever a user action containing a modification is applied.

New Contributors

• @audez made their first contribution in #1379
• @agilgur5 made their first contribution in #1392
• @Scandiravian made their first contribution in #1402

Full Changelog: v1.3.2...v1.3.3

Join our Discord Community if you'd like to get into development of Grist.

v1.3.2

What's Changed

• Preliminary work for a SCIM API endpoints
• New translations and minor fixes

Security advisory

A set of XSS vulnerabilities were found in Grist by a private bug bounty program funded by DINUM (the Interministerial Digital Directorate of the French government).

• A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the javascript: scheme with custom widget URLs and form redirect URLs.
  • Mitigation: restricted custom widget URLs and form redirect URLs to http(s) schemes.
• A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page.
  • Mitigation: added an appropriate content security policy for attachments.
• A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier (meaning for example Ctrl+click) could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context of their current page.
  • Mitigation: restricted HyperLink cell links to http(s) schemes.

Versions prior to 1.3.2 are known to be vulnerable. Please upgrade.

These advisories are also documented in our security advisory page.

Thanks to @spawnzii for initially reporting these security vulnerabilities.

Full Changelog: v1.3.0...v1.3.2

v1.3.0

What's Changed

• Docker images are now built with Debian bookworm
• New UI for changing documents back and forth from template to tutorial
• Self-hosting Grist Business plan users can now enable audit logging
• New translations and miscellaneous bug fixes

New Contributors

• @manuhabitela made their first contribution in #1296

Full Changelog: v1.2.1...v1.3.0

v1.2.1

What's Changed

• For multi-org setups, there's a new site switcher, with the choice of per-org logos.
• New API endpoints for managing installation and site configuration.
• Docker images are now built with Debian bookworm and Node 22
• The maximum size of a document's history is now configurable via environment variables
• New translations and miscellanous bugfixes

New Contributors

• @rtwfroody made their first contribution in #1208
• @tristanrobert made their first contribution in #1239
• @senk made their first contribution in #1286

Join our Discord Community if you'd like to get into development of Grist.

v1.2.0

What's Changed

• Two-way references are now available, which synchronize reference columns between two tables.
• New cards on the home page link to useful resources like the welcome video, tutorial, webinars, and the Help Center. They are shown by default to new and existing users, and may be hidden via a toggle.
• The default LLM provider is now gpt-4o. For useful results, any alternative LLM should be on par with GPT 3.5 or above.
• Backend changes for improving file handling in Grist Desktop.
• Miscellaneous bug fixes and translations.

Join our Discord Community if you'd like to get into development of Grist.

v1.1.18

What's Changed

• New docker compose examples
• New markdown cell format
• Minor fixes and improvements

See the newsletter at https://support.getgrist.com/newsletters/2024-08/

Join our Discord Community if you'd like to get into development of Grist.

v1.1.17

What's Changed

• There is a new set of formula functions to help with cumulative calculations, PREVIOUS, NEXT, and RANK. Read their documentation in our help center.
• As a result of the above, minimum supported Python 3 version is now 3.11
• Grist Enterprise can now be turned on by a toggle in the admin.
• Additional security options for OIDC authentication were added, improving security and enabling compatibility with new providers that have specific requirements. These are enabled by default, according to best practices.
• Minor fixes and translations.

See the newsletter at https://support.getgrist.com/newsletters/2024-07/

Join our Discord Community if you'd like to get into development of Grist.

v1.1.16

Highlights

• There is a new Docker image, grist-oss. The existing grist image contains the extensions from the grist-ee image, but completely inert by default. For details, consult the README.
• Grist Electron has been renamed to Grist Desktop. Other Desktop improvements have happened, check them out!
• Webhooks can send an authorization header.
• The Docker images now use a non-root user to run Grist.
• External contributors can launch temporary Grist preview instances to showcase their changes.
• The Grist database schema has new documentation.
• Minor fixes and translations.

See the newsletter at https://support.getgrist.com/newsletters/2024-06/

Join our Discord Community if you'd like to get into development of Grist.

v1.1.15

Highlights:

• A new environment variable, GRIST_TERMS_OF_SERVICE_URL is available, which can be used to display a link to your organization's terms of service.
• Improvements to the admin panel such as showing authentication method and reconciling functionality with the boot page. The boot page has been removed, as all of its features have been moved into the admin page.
• Pyodide is now another possible sandboxing mechanism available in our Docker images.
• Minor fixes and translations.

See the newsletter at https://support.getgrist.com/newsletters/2024-05/

Join our Discord Community if you'd like to get into development of Grist.

v1.1.14

Highlights:

• A new environment variable APP_HOME_INTERNAL_URL for improving the self-hosted experience related to the URL of home servers behind a reverse proxy.
• Minor documentation improvements.
• Minor bug fixes.

See the newsletter at https://support.getgrist.com/newsletters/2024-04/

Join our Discord Community if you'd like to get into development of Grist.