2023.03 (LTS)

2023.3.8 LTS

This has some security fixes for XSS on the admin page.

A new property type modifiable is introduced that components should be using if the have optional edit support for nested dataproviders.

2023.3.7 LTS

This is a extra security fix for the blobloader, before 2023.3.7 the way to create a blob url is:

var tableName = 'pictures';
var columnName = 'picture_media';
var mimeType = 'application/pdf';

var URL = 'media:///servoy_blobloader?servername=example_data'
URL += '&tablename=' + tableName;
URL += '&dataprovider=' + columnName; URL += '&rowid1=' + picture_id;
URL += '&filename=' + file_name

this should now be replaced with:

var tableName = 'pictures';
var columnName = 'picture_media';
var mimeType = 'application/pdf';

var url = application.createUrlBlobloaderBuilder(columnName)

that will return the blobloader url that is also already encrypted (and only valid for that client)

2023.3.6 LTS

This release has a breaking change for people that are using deeplink (m=xxx) in the url of the client that you start.

That function now needs to have in the doc the annotation @deeplink, so the system knows that this function can be called as a deeplink. If a function doesn't have that annotation then it will not be called and Servoy will generate a error: "Trying to call a non deeplink (no @deeplink annotation) method: " The best way is to quickly annotate your deeplinks, but if for the short term that is not feasible you can add this property: "servoy.legacy.deeplinks=true" to the servoy properties file to get the old behavior back.

Also some internal lib for NG1 are upgraded, momentjs and tinymce (bootstrapcomponents and servoy-extra has also release for that).

2023.3.5 LTS

This release has a security fix, its recommended to upgrade to this release as soon as possible. Also upgrade the bootstrap and/or servoy extra package, they have changes that where needed in components for this fix.

for component developers: only function configured in the spec as "internalApi" can be called from the client (on the server)

also 2 cases, 1 backport and 1 jwt plugin improvement see below.

2023.3.4 LTS

This release has a security fix, its recommended to upgrade to this release as soon as possible. upgrades to Java 17.09 and NodeJS 18.19

See also the list of cases below that are all fixed also for this release.

dependency updates

based on Eclipse 2022.12 Titanium NGClient moved to Angular 15.2 (major upgrade from 14, so most package must be updated also to the 2023.03 version) Developers embedded Postgresql is updated to 15.1


Break: from certain elements the "readonly" property is removed (like bootstrap textbox), this was never meant to be a runtime property (only a controller.readonly property mapping), For setting the readonly the "editable" boolean should be used The readonly propery was an internal property that works together with the editable property (and if one of the 2 is set this will result in the component being readonly)

Tenant/table filtering implementation changes. setTenant also filters databroadcast to clients that don't have the same tenant that behavior is now moved to pure tablefilters (what a setTenant already was), but it is also now in the API of the table filters so you can tell it that this is also a databroadcast filter: databaseManager.createTableFilterParam('crm', 'products', 'companyidid', '=', currentcompanyid).dataBroadcast(true) This can only be set for simple filters ("=" or "in")

datasources.get(dataSource) we now have a quick lookup for a JSDataSource object based on purely the datasoure (db and mem datasource, not view datasources because those have a different interface)

databaseManager.alwaysFollowPkSelection: setting this to true means that we always follow the pk selection when we do a requery/refresh the foundset, even if the selection was on the first row. Servoy by default will treath the first row special (because its the default selection) so if we do a requery and the selection was on row 1 we keep it on row 1 even if that could be a different row (pk) now. if this setting is set to true, we don't do that and we try to keep the row/pk that was on row 1 as the selected row (could be for example row 10 now). We also improved a bit the refresh query to try better to keep the current record selected (we query by default now more records if the selected index was 270 we do requery now of 300 to be able to find the current selected pk a bit more likely)

QBSelect api: we now support named conditions on various levels so you can add/remove them based on a name.

Added some more Ecma api that are now supported on String/Object

Http Plugin: the HttpConfig object has 2 more properties to configure the Http Client upfront: forceHttp1: to make sure that the client always used http1 mode even if the server says http/2 is fine. (But the server is not fully complying with the spec) enableRedirects: by default the new http client follows redirects, this can be disabled with this property (setting it to false)

Mail Plugin: multiply replyTo adresses are now supported (the from parameter can have now more then 2 addresses, where everything from position 2 on are set as replyTo)


The palette has now a commonly used category for quick access of the most used X components

I18N property in the properties view, now has direct inline searching of an I18n key (when the value starts with i18n: )

Templates are deprecated, because we now have Variants and also FormComponent that do the same thing (but better)


If you don't export NG1 components anymore, then we now auto redirect right away to the TiNG url, so old bookmark urls keep working.

UI/CSS changes:

AGGrid (nggrid) dropped the theme (bootstrap) completely and is now fully on alpine� (Possible breaking for your NGGrid styling) So we adjusted our stuff to also be on that including our theme, so make sure you update to the 2023.03 theme if you use the Servoy theming.


03.8 (LTS)

03.7 (LTS)

03.6 (LTS)

03.5 (LTS)

03.4 (LTS)


03.3 (LTS)





## Final (03.0)