We're excited to announce the release of Directus 10.6, packed with new features and critical improvements for your project's security. Let's dive into what's new in this version.
Loads Of Documentation Improvements
We've added a set of guides in our docs, taking you step by step through building extensions from scratch. The guide covers everything from initializing boilerplate to loading your new extensions into Directus.
You can now also find a new releases section that includes links to all Directus releases, and most importantly, a complete list of breaking changes in Directus accompanied by migration or mitigation measures.
There's a whole heap more - a new developer blog and guest author program, further enhancements to our API Reference based on your feedback, and new index pages for our guides to help you find what you need.
Flows Security Updates
We've swapped out the unmaintained vm2 with isolated-vm in this release. The previous reliance on vm2 exposed several security issues that could have allowed code to escape the sandbox, making your Directus project vulnerable.
However, please note that __Run Script__ operation should only be used for simple data manipulation, as running arbitrary packages is removed. To perform HTTP requests, use the __Webhook / Request URL__ operation. For using NPM packages in Flows, building a custom operation extension is required - you can rely on our newly released guides to make this as straightforward as possible.
As of Directus 10.6, we also now redact environment variables in logs for Flows. If you try to log any environment variables, this will ensure that these sensitive values are not logged. This simple yet crucial update provides better protection for your sensitive data.
Try It Out
Since Directus 10.5 there have been dozens of small enhancements, bug fixes, and optimizations across the core Directus project, docs, and the SDK. You can now download Directus 10.6 on Docker Hub or via npm, and it'll be available on Directus Cloud next week.